European Union seeks to ban backdoors for encrypted communications

Posted:
in General Discussion
A European Parliament committee has published a draft report proposing that the ability for citizens to protect their data with encryption should be protected, including banning any possibility of government sanctioned backdoors to encryption protocols that could be used by law enforcement officials.




The draft proposal from the Committee on Civil Liberties, Justice, and Home Affairs seeks to modernize data protection rules introduced in previous years, with privacy protection in the 2002 Regulation on Privacy and Electronic Communications not providing sufficient protections across the board. Under the proposal, the regulation will be amended to even out these protections across the board.

The 2002 regulations also doesn't cover newer services and systems, including apps using end-to-end encryption and the machine-to-machine communication systems used for the "Internet of Things," something the proposal seeks to rectify.

Stressing the confidentiality of personal electronic communications, and the long-standing fundamental right for privacy for individuals, the amendments note that the member states of the European Union are largely prevented from interfering with any encryption-related protections. Any interference "must be limited to what is strictly necessary and proportionate in a democratic society."

The proposed amendments also specifically rule out the possibility of government-mandated insertion of backdoors or weakening of such systems entirely.

"When encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited," reads one amendment. "Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services."




Some governments and their agencies have called for backdoors and weaker encryption for messaging services, including WhatsApp and iMessage, under the belief these systems protect criminal organizations and terrorists. In March, U.K. Home Secretary Amber Rudd called the use of end-to-end encryption by tech companies a "completely unacceptable situation," claiming intelligence services should have access to encrypted services to intercept secretive terrorist communications.

Despite the use of encryption in their products, tech companies have offered their assistance during major events. Earlier this month, Apple CEO Tim Cook confirmed Apple was working with the U.K. government to aid law enforcement investigations into recent terrorist attacks, though didn't go into detail about what was provided.

Due to Apple's extensive use of encryption in its products, the company would not have been able to provide conversations between terrorists or other explicit data, but Cook advised "It doesn't mean no information" is being provided. "Metadata exists and that's very important for building a profile."

Metadata is effectively all the information surrounding data, and is largely viewable regardless of whether the core data itself is encrypted or not. This information can include details about the sender and recipient, timestamps, and other logs, which can be put together to establish the identities of people involved, and possibly the intent of the encrypted message itself.

The report also suggests increased protection of metadata, with the proposed changes expected to keep existing rules in the General Data Protection Regulation (GDPR) the same or improve them. The GDPR itself was adopted by the EU in 2016, as a replacement for existing data protection directives dating back to 1995, and will be in force from May 2018.

"Communications data (both content and metadata) are extremely sensitive as they reveal sensitive aspects of the private life of individuals (sexual orientation, philosophical or political beliefs, freedom of expression and information, financial situation, health condition), therefore they deserve a high level of protection," the report states.

The most well known use of metadata is through PRISM, the US National Security Agency's data mining project that extracted data from documents, media, and other potential sources of logs to track individuals and contacts in real time.

The amendments that relate to the GDPR also cover location tracking of equipment via Bluetooth or Wi-Fi, such as through iBeacons, as well as the privacy settings of devices regarding Do Not Track mechanisms, including web browser tracking and the functionality of cookies.

Due to being a draft proposal, the suggestions provided by the committee will still need to be approved by the European Parliament itself, then put under review by the EU Council, before being used to amend directives. As such, there is a possibility for the proposals to be changed or removed before being accepted.

If the proposals pass through in their current state, it could give tech companies a clear mandate to use end-to-end encryption across the board, even in areas outside of Europe. Companies that encrypt communications would have more of an incentive to keep their apps secure and not weaken encryption in certain markets.

For the UK, such changes would make laws such as the Investigatory Powers Act difficult to enforce, such as the provision that requires communication providers to assist with targeted interception of data, including the requirement for UK firms to strip away any encryption they apply to data by request.

A previous version of the Investigatory Powers Act had elements in place that would force firms to weaken encryption or install backdoors into their products for law enforcement officials to use. This was successfully challenged by privacy advocates and tech companies, including Apple, with these elements removed from the bill before passing the House of Commons.

Once the UK leaves the EU, an event expected to take place in March 2019, the country won't be subject to the EU's rules, and could therefore put in place legislation forcing such backdoors to exist. Even so, it is unlikely for a tech company to make a hampered version of an app specifically for the UK market that would also be able to communicate with users in other markets, due to the need to keep EU traffic encrypted.
Solilostkiwi
«1

Comments

  • Reply 1 of 34
    Prosecutors may not like it, but it is the right thing to do.
    Solidysamoriarandominternetpersonbshankgeorgie01StrangeDayschasmlostkiwibaconstangviclauyyc
  • Reply 2 of 34
    robin huberrobin huber Posts: 3,264member
    I am mildly shocked that they would take this stand in the face of such strong sentiment to give up privacy in favor of security. Especially in Europe. Wonder if our U.S. system will hold the line as well. We may be only one 9/11 away from losing this last bastion of personal privacy, especially under the current administration. 
    randominternetpersonbshanklostkiwibaconstang
  • Reply 3 of 34
    nhtnht Posts: 4,460member
    I agree with the provisions to protect encryption and not install backdoors because these will inevitably get hacked by criminals if they exist but the balance between safety and privacy should allow law enforcement to use the metadata. 

    Trying to keep encryption from terrorists is a hopeless activity since there are already strong encryption techniques in the open source.  They're just a side-loaded android app away from using strong encryption for messaging even if all the official apps were neutered.
    lostkiwibaconstangcornchip
  • Reply 4 of 34
    rob53rob53 Posts: 2,032member
    It's a fallacy that giving up personal security (encryption) in favor of government access to all data leads to a more secure society. It doesn't and it's been proved time and again. Once of these days we'll finally open up the history books and see where government control control of everything takes you.
    spice-boybshanktallest skilchasmmaestro64lostkiwibaconstangmejsric
  • Reply 5 of 34
    smiffy31smiffy31 Posts: 177member
    nht said:
    Trying to keep encryption from terrorists is a hopeless activity since there are already strong encryption techniques in the open source.  They're just a side-loaded android app away from using strong encryption for messaging even if all the official apps were neutered.
    This is what is called NOT closing and bolting the door after the horse has bolted.
  • Reply 6 of 34
    spice-boyspice-boy Posts: 814member
    The threat from terrorists is the most over blown threat to society if you look at actual numbers. Look at how many people die in car accidents each year, how many from private guns, how many are killed by the police, preventable diseases, poverty and famine. Terrorism gets big ratings and is constantly in the news to sell advertisement for the news companies. Don't even consider giving away your privacy when societies real threats will more likely do you in before a member of ISIS moves into your block. 
    Solidysamoriageorgie01StrangeDaysbaconstangrobin huberviclauyycchelin74mejsriccornchip
  • Reply 7 of 34
    maestro64maestro64 Posts: 4,570member
    rob53 said:
    It's a fallacy that giving up personal security (encryption) in favor of government access to all data leads to a more secure society. It doesn't and it's been proved time and again. Once of these days we'll finally open up the history books and see where government control control of everything takes you.


    This is very true, even with computers and machine learning, the systems could never analysis communications in real time and find the one person who is hell bent on destruction and who happen to communicated his planned actions ahead of time via the systems the government happens to be listening to. People have to understand, police and government never prevents a crime, they only clean up the mess. Just look what happen in London, The UK had 23,000 people on their watch list, 3,000 were of high concerns and this guy who drove over people was in the 3,000 and People were calling the authorities on this guy because he was doing things which concern people and the government failed to act. Why, you can not arrest people for what they think, only on their actions. The government is more upset not only can they not dig into your mind and have you tell them what you did and use it against you, they do not like the fact they can not get into your digital communication and use those against you as well.


    You want to see government control just read 1984.

    edited June 2017 fotoformatbaconstangviclauyycsailorpaul
  • Reply 8 of 34
    dysamoriadysamoria Posts: 2,152member
    Good move by the EU. The EU seems to be the only real sane, pro-society-thinking body in civilization these days; not the Americans or the British.
    chasmlostkiwibaconstangviclauyycchelin74spice-boysailorpaul
  • Reply 9 of 34
    razormaidrazormaid Posts: 299member
    What do you know?  They got one right.  Out of all their idiotic and ridiculous rulings if they put this into law they'll at least have gotten one right.  <grin>
    randominternetpersontallest skiljbdragonicoco3viclauyyccornchip
  • Reply 10 of 34
    spice-boy said:
    The threat from terrorists is the most over blown threat to society if you look at actual numbers. Look at how many people die in car accidents each year, how many from private guns, how many are killed by the police, preventable diseases, poverty and famine. Terrorism gets big ratings and is constantly in the news to sell advertisement for the news companies. Don't even consider giving away your privacy when societies real threats will more likely do you in before a member of ISIS moves into your block. 
    What the hell are private guns? Also, I didn't realize an inanimate object could just get up all by itself and kill people. 
  • Reply 11 of 34
    spice-boy said:
    The threat from terrorists is the most over blown threat to society if you look at actual numbers. Look at how many people die in car accidents each year, how many from private guns, how many are killed by the police, preventable diseases, poverty and famine. Terrorism gets big ratings and is constantly in the news to sell advertisement for the news companies. Don't even consider giving away your privacy when societies real threats will more likely do you in before a member of ISIS moves into your block. 
    What the hell are private guns? Also, I didn't realize an inanimate object could just get up all by itself and kill people. 

    You know what he meant.  Guns in the hands of private citizens rather than the police or military.  Personally, I'm strongly pro-gun rights, but let's not beat people up over every little word choice.  Firearms discussions are where the conservatives get as "politically correct" as the left ever does.
    StrangeDayswilliamhlostkiwirobin huberbaconstanggatorguysailorpaul
  • Reply 12 of 34
    rob53rob53 Posts: 2,032member
    maestro64 said:
    You want to see government control just read 1984.
    That, in part, is what I was alluding to but it doesn't take a book of "fiction" to understand we've experienced in the last 100 years. We've already lived parts of 1984.
    tallest skilbaconstang
  • Reply 13 of 34
    razormaid said:
    What do you know?  They got one right.  Out of all their idiotic and ridiculous rulings if they put this into law they'll at least have gotten one right.  <grin>
    I'm not sure if you live in Europe but there tends to be more protection here for consumers, tenants, and employees than in other parts of the world where the laws is on the side of corporations, landlords, and employers. Take a look at GDPR - it's not all that surprising that there's a push in the direction of privacy, despite the cost to the private sector
    StrangeDayslostkiwi
  • Reply 14 of 34
    StrangeDaysStrangeDays Posts: 7,625member
    spice-boy said:
    The threat from terrorists is the most over blown threat to society if you look at actual numbers. Look at how many people die in car accidents each year, how many from private guns, how many are killed by the police, preventable diseases, poverty and famine. Terrorism gets big ratings and is constantly in the news to sell advertisement for the news companies. Don't even consider giving away your privacy when societies real threats will more likely do you in before a member of ISIS moves into your block. 
    Have long agreed with this... Depression kills far more Americans than terrorism ever has, yet no War on Depression. Why not? No security contracts to be gained, or 24-hour news cycles to fill, or grandstanding for local voter bases. In short, no fear, no glory, and no profit.
    edited June 2017 baconstangcornchipsailorpaul
  • Reply 15 of 34
    SpamSandwichSpamSandwich Posts: 31,131member
    How the tide has turned... and it will likely turn again, since that's how these things go. Politicians should never be entrusted completely to protect the rights of those they were "hired" to protect. 
  • Reply 16 of 34
    jbdragonjbdragon Posts: 2,120member
    dysamoria said:
    Good move by the EU. The EU seems to be the only real sane, pro-society-thinking body in civilization these days; not the Americans or the British.
    Ya, because they got one thing right, maybe.  It hasn't passed yet.  I wouldn't count on it passing either without it being butchered.  Considering all the other things the EU gets wrong.  I'm going to say America is far better place.   It was also the Europe that got up into 2 world wars!!  So thanks!

    monstrosity
  • Reply 17 of 34
    williamhwilliamh Posts: 660member
    razormaid said:
    What do you know?  They got one right.  Out of all their idiotic and ridiculous rulings if they put this into law they'll at least have gotten one right.  <grin>
    I'm not sure if you live in Europe but there tends to be more protection here for consumers, tenants, and employees than in other parts of the world where the laws is on the side of corporations, landlords, and employers. Take a look at GDPR - it's not all that surprising that there's a push in the direction of privacy, despite the cost to the private sector
    Seconding what Franklin said.  Europe and the US have very different approaches to privacy. The EU has privacy laws that are intended to protect personally identifiable information everywhere and for all purposes.  The US has privacy laws on a sector by sector basis, i.e. laws governing protection of health information, financial information, students information, etc. A lot of enforcement actions in the US are by the Federal Trade Commission and are actually premised on essentially consumer fraud, companies failing to follow their stated privacy policies.

    Anyhow, I thought Europeans were generally ok with going in the backdoor. :wink: 
  • Reply 18 of 34
    Rayz2016Rayz2016 Posts: 4,604member
    dysamoria said:
    Good move by the EU. The EU seems to be the only real sane, pro-society-thinking body in civilization these days; not the Americans or the British.
    Agreed, and I'm British. :-/
  • Reply 19 of 34
    Rayz2016Rayz2016 Posts: 4,604member

    williamh said:
    razormaid said:
    What do you know?  They got one right.  Out of all their idiotic and ridiculous rulings if they put this into law they'll at least have gotten one right.  <grin>
    I'm not sure if you live in Europe but there tends to be more protection here for consumers, tenants, and employees than in other parts of the world where the laws is on the side of corporations, landlords, and employers. Take a look at GDPR - it's not all that surprising that there's a push in the direction of privacy, despite the cost to the private sector
    Seconding what Franklin said.  Europe and the US have very different approaches to privacy. The EU has privacy laws that are intended to protect personally identifiable information everywhere and for all purposes.  The US has privacy laws on a sector by sector basis, i.e. laws governing protection of health information, financial information, students information, etc. A lot of enforcement actions in the US are by the Federal Trade Commission and are actually premised on essentially consumer fraud, companies failing to follow their stated privacy policies.

    Anyhow, I thought Europeans were generally ok with going in the backdoor. :wink: 
    Fnar Fnar. 
  • Reply 20 of 34
    fallenjtfallenjt Posts: 3,976member
    smaceslin said:
    Prosecutors may not like it, but it is the right thing to do.
    EU always has better policies on Data Privacy than US. I was working with these Pharma companies that had EU operations, many policies in US wouldn't be allowed in EU due to the lack of privacy protections.
    baconstang
Sign In or Register to comment.