Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU: No Encryption Backdoors But, Let's Help Each Other Crack That Crypto (theregister.co.uk)

Posted by msmash on from the evolving-thoughts dept.

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. From a report: In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding decryption backdoors in the stuff we all use. Instead, the plans set out in its antiterrorism measures on Wednesday take a more collegiate approach -- by offering member states more support when they actually get their hands on an encrypted device. "The commission's position is very clear -- we are not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon," security commissioner Julian King told a press briefing. "We're trying to move beyond a sometimes sterile debate between backdoors or no backdoors, and address some of the concrete law enforcement challenges. For instance, when [a member state] gets a device, how do they get information that might be encrypted on the device." [...] Share the wealth. "Some member states are more equipped technically to do that [extract information from a seized device] than others," King said. "We want to make sure no member state is at a disadvantage, by sharing the tech expertise among the member states and reinforcing the support that Europol can offer."

11 of 83 comments (clear)

  1. Ok, that's something we can talk about by Opportunist · · Score: 4, Insightful

    So we have a device of someone that we suspect to be a criminal, now aid us to access it.

    That is something we can actually work with. Provided there is oversight and it's not "we probably have (population count) terrorists in our country, let's find out how to up the surveillance so we can track them all!"

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. The irony by Rick+Schumann · · Score: 3, Informative

    The irony here is that even if they put a gun to everyones heads and forced them to ruin encryptions' value by compromising it with 'backdoors' (that anyone would eventually be able to discover and leverage) criminals and terrorists would not just use non-compromised encryption (copied from before the ban on 'real' encryption), they'd use codebooks and other types of obfuscation (book ciphers, and so on; the list is endless) that have been used for much longer than we've had computers, and goverments and cops would be back at Square One again: needing to do REAL police work, not just be jackbooted thugs with guns forcing their will on everyone. Are they really so blind to all this, or is it just another power-grab?

    1. Re:The irony by Rick+Schumann · · Score: 2

      You NEVER trade freedom for security. EVER.
      'Backdooring' encryption RUINS it, plain and simple; there is no compromise that can or should be made there. EVER.

    2. Re:The irony by Baron_Yam · · Score: 2

      >You NEVER trade freedom for security. EVER.

      That's a foolish absolute to stand behind, since you do it all the time in your day to day life.

      >'Backdooring' encryption RUINS it, plain and simple; there is no compromise that can or should be made there. EVER.

      Another silly stance to take. For general encryption, absolutely... but there's nothing wrong with a proprietary system with a back door in it, as long as it's understood to be less than perfectly secured and that it will eventually be cracked (or the back door simply leaked) if there's enough interest in doing so.

  3. That's Honestly Enough by NicknameUnavailable · · Score: 2

    Every CPU since 2006 has backdoors built in, they don't need to have backdoors in individual protocols. If they have cyber-backdoor agreements with the nation manufacturing the chips they have a backdoor.

  4. Re:Uhm by Lennie · · Score: 2

    Remember the FBI Apple iPhone debate in the US and a solution was found how to gain access to the data, my guess would be they could be sharing those kinds of solutions. I would be surprised if they had things even more advanced than that.

    --
    New things are always on the horizon
  5. I have no problems with this by houghi · · Score: 4, Insightful

    The more encryption is challenged, the better it is. And with so many people involved, somebody with blabber if it has been hacked and better encryption can be found.

    I think we should tell them that all Linux and other OSS software is involved. Having "free" peer review would be great.

    --
    Don't fight for your country, if your country does not fight for you.
  6. Yes please by SlashDread · · Score: 4, Interesting

    Do share all your cracking and hacking tricks. Publicly.

    so we can patch the vulns

  7. EU vs Five Eyes by Hal_Porter · · Score: 4, Interesting

    For instance, when [a member state] gets a device, how do they get information that might be encrypted on the device." [...] Share the wealth. "Some member states are more equipped technically to do that [extract information from a seized device] than others," King said. "We want to make sure no member state is at a disadvantage, by sharing the tech expertise among the member states and reinforcing the support that Europol can offer."

    I think they're worried about the Five Eyes countries sharing information with each other, but not with EU countries

    https://en.wikipedia.org/wiki/...

    One of the interesting contradictions of the UK being a member of the EU was that it always had much better intelligence sharing with the Five Eyes countries than it did with any EU country.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  8. So you’re in favour of backdoors then? by Picodon · · Score: 2

    You are accusing the EU of incompetence for stating that they are “not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon”, and at the same time you are praising Brexit, when Theresa May (and Cameron before her) as well as officials from other individual states (including France and Germany) have been advocating the mandatory use of backdoors. So I take it that you are a supporter of weak encryption.

    The obvious problem is that it won’t stop high-calibre criminals (those used by governments to justify the need for backdoors) from using secure encryption, while putting everybody else at risk of exploitation by lower-calibre (but still tech-savvy) criminals. In the words of Matthew Green, cryptography professor at the Johns Hopkins University Information Security Institute): “There’s no chance whatsoever you’re going to stop people who really want to use encryption, like terrorists and serious criminals. That’s just impossible.” (Source: The parallax, “Could strong encryption and backdoors coexist? Nope, experts say”)

  9. Re:Uhm by hoofie · · Score: 2

    They didn't have access to GCHQ pre-Brexit either. The UK is very, very reticent to let any country that isn't part of the Five-Eyes agreement anywhere near any of the special toys, kit and capabilities they have there.