EU Proposes Enforcing Data Encryption and Banning Backdoors

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Jun 19, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    The European Parliament's Committee on Civil Liberties, Justice, and Home Affairs has published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data.

    The proposed amendment relates to Article 7 of the EU's Charter of Fundamental Rights, which says that EU citizens have a right to personal privacy, as well as privacy in their family life and at home. By extension, the "confidentiality and safety" of EU citizens' electronic communications needs to be "guaranteed" in the same manner.

    [​IMG]
    The regulation states that the disclosure of contents in electronic communications may reveal highly sensitive information about citizens, from personal experiences and emotions to medical conditions, sexual preferences and political views, which could result in personal and social harm, economic loss or embarrassment.

    In addition, the committee argues that not only the content of communications needs to be protected, but also the metadata associated with it, including numbers called, websites visited, geographical location, and the time, date, and duration of calls, which might otherwise be used to draw conclusions about the private lives of persons involved.

    The regulations would apply to providers of electronic communication services as well as software providers that enable electronic communications and the retrieval of information on the internet. However, the amendment goes further by stating that the use of software backdoors by EU member states should be outlawed.
    The proposals appear to have been tabled in response to comments made by EU member states such as the U.K., which has argued that encrypted online channels such as WhatsApp and Telegram provide a "safe haven" for terrorists because governments and even the companies that host the services cannot read them.

    The U.K. home secretary Amber Rudd recently claimed that it is "completely unacceptable" that authorities cannot gain access to messages stored on mobile applications protected by end-to-end encryption. A leaked draft technical paper prepared by the U.K. government was leaked shortly after Rudd's comments, containing proposals related to the removal of encryption from private communications.

    The EU proposals could also put European security policy at odds with federal legislators in the U.S., who recently called on technology companies to compromise the encryption built into their mobile software. Last year, Apple and the FBI were involved in a public dispute over the latter's demands to provide a backdoor into iPhones, following the December 2015 shooter incidents in San Bernardino.

    Apple said the software the FBI asked for could serve as a "master key" able to be used to get information from any iPhone or iPad - including its most recent devices - while the FBI claimed it only wanted access to a single iPhone.

    The European Union proposals have to be approved by MEPs and reviewed by the EU council before the amendments can pass. It remains unclear how the laws would apply in the U.K. after Brexit, initial negotiations for which begin on Monday. 

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: EU Proposes Enforcing Data Encryption and Banning Backdoors
     
  2. drumcat macrumors 6502

    drumcat

    Joined:
    Feb 28, 2008
    Location:
    Otautahi, Aotearoa
  3. JPLC macrumors 6502

    Joined:
    Dec 20, 2011
    Location:
    Netherlands
    #3
    "draft proposals" sounds like something that will take ten years to realize but hey, its a start!
     
  4. sudo1996 Suspended

    sudo1996

    Joined:
    Aug 21, 2015
    Location:
    Berkeley, CA, USA
    #4
    What does "reverse engineering" mean in this context? They don't intend to make unofficial third-party chat clients illegal, do they?

    They weren't asking for a backdoor. They were asking for an exploit tool. Those are entirely different things with different implications. Backdoors are built in ahead of time and pave the way for exploit tools.
     
  5. Dagless macrumors Core

    Dagless

    Joined:
    Jan 18, 2005
    Location:
    Fighting to stay in the EU
    #5
    Once again, I love how human-facing the EU and their policies are. Be a shame to leave the UK.
     
  6. mixel macrumors 65816

    mixel

    Joined:
    Jan 12, 2006
    Location:
    Leeds, UK
    #6
    Oh man.. I respect what they're trying to do here. This makes our plans in the UK seem even more insanely inept.
     
  7. adamneer macrumors 6502

    Joined:
    Apr 18, 2013
    Location:
    Chicago, IL
    #7
    So isn't this like the exact opposite of legislation they were previously proposing? Or was that just the Brexit crowd?
     
  8. Garrod macrumors regular

    Garrod

    Joined:
    Nov 13, 2008
    Location:
    UK
    #8
    I'm just hoping the whole Brexit thing collapses in some way. I very much doubt it though sadly.
     
  9. FactVsOpinion macrumors 6502

    Joined:
    Jul 27, 2012
  10. AlexisV macrumors 68000

    AlexisV

    Joined:
    Mar 12, 2007
    Location:
    Manchester, UK
    #10
    All you need to know is that the opposite should happen of anything the horrible horrible Amber Rudd says.
     
  11. harrisondavies macrumors 6502

    harrisondavies

    Joined:
    Nov 21, 2010
    Location:
    Newcastle upon Tyne
    #11
    With our current dictator in power (Theresa May) I doubt we’d see these measures, since she wants to lock down the UKs internet and open encryption North Korea style.
     
  12. Bonte macrumors 6502a

    Bonte

    Joined:
    Jul 1, 2002
    Location:
    Bruges, Belgium
    #12
    Brexit can be bad or good, depending on those who are voted into office. I do see it collapsing and then England could just quit the UK and leave the EU that way, that would also follow the voting results for a Brexit.
     
  13. Macneck macrumors regular

    Macneck

    Joined:
    Oct 17, 2012
    #13
    A draft proposal... Sounds great, but I wouldn't put the cart before the horse nor underestimate the power of the dark side.
     
  14. mejsric macrumors 6502a

    mejsric

    Joined:
    Mar 28, 2013
    #14
    I think terrorist is smart enough to create thier own encryption.
     
  15. Scepticalscribe, Jun 19, 2017
    Last edited: Jun 19, 2017

    Scepticalscribe Contributor

    Scepticalscribe

    Joined:
    Jul 29, 2008
    Location:
    The Far Horizon
    #15
    I wouldn't underestimate the EU.

    It may take them time - often, quite some time - to bring such policy initiatives into force, but, when they are finally enacted and enforced, their effects are felt world wide.

    This very week, the EU has addressed (at last) the issue of data roaming charges.

    And, remember, 12 years ago, the EU banned the export of of products used for execution to countries such as the US - leading to a shortage of such pharmaceutical products in the US.
     
  16. djcerla macrumors 65816

    djcerla

    Joined:
    Apr 23, 2015
    Location:
    Italy
    #16
    Great news.

    And basically, the only possible way. Everything else would lead, with absolute certainity, to a digital apocalypse. Imagine a law-mandated backdoor on every single cell phone exploited at scale by a bad actor.
     
  17. mrxak macrumors 68000

    Joined:
    Apr 16, 2004
    Location:
    Drifting through space in a broken escape pod
    #17
    While this is a nice idea, the fact is any sort of government regulation of the internet, created by people who frankly don't know anything about it at a technical level, is only going to cause more harm than good, by forcing standards that in many ways may be less secure, or less useful to the user. While this may, in theory, force international companies to encrypt more stuff (which is a good thing), I'd prefer the free market, and academics who are far smarter than any politician, figure out how to make the internet more secure for everyone.

    A better piece of legislation, if I was writing it, would simply force greater transparency from companies on how they secure user data, what encryption schemes they use to do it, and then let the market figure out what's actually best. Non-profits like the EFF and academia will figure out how to translate this information for public consumption.
     
  18. unlinked macrumors 6502a

    Joined:
    Jul 12, 2010
    Location:
    Ireland
    #18
    Macron was fairly anti encryption during his campaign. Wonder if he will follow up on it now that he is in power.
     
  19. meaning-matters macrumors 6502

    meaning-matters

    Joined:
    Dec 13, 2013
    #19
    I don't trust the EU with its unelected elites deciding on our lives.
    It's the same EU that wastes billions, lets in (or even (let) picks up at the other side of the Mediterranean Sea) illegal immigrants by the thousands, ...
     
  20. Toutou macrumors 6502

    Toutou

    Joined:
    Jan 6, 2015
    Location:
    Prague, Czech Republic
    #20
    Sounds fishy. This goes pretty much against the current course of tight control, regulation and omnipresent surveillance. I'm definitely not believing there isn't some hidden agenda behind this, to the tune of "only one method of encryption allowed, everything else banned, new Encryption Enforcement Bureau created, unfortunately the operation costs €332 000 000 000 000 daily, internet service providers, web hostings, developers, infrastructure owners bullied to adopt appropriate new technologies and forced to deploy expensive hardware"
     
  21. Porco, Jun 19, 2017
    Last edited: Jun 19, 2017

    Porco macrumors 68020

    Porco

    Joined:
    Mar 28, 2005
    #21
    The debate has erroneously centred (at least outside of tech-literate circles) on the 'balance' or 'compromise' between e-to-e encryption and people being kept safe, as if the two things were in conflict.

    On the face of it I think that this EU draft sounds good, but just as important (because it's a global matter) is to impress again and again that encryption is not in opposition to our safety, rather that it is vital in order to secure it.

    The number of terrorist incidents is too high. Obviously. Even one is one too many. But the spectacular and sensationalised nature of such attacks (which is half the point) against relatively tiny numbers of people should not let us disproportionately damage aspects of digital infrastructure that keep us all safe every day in countless ways.

    To be clear, any kind of backdoors or compromises in encryption only do real, lasting harm to we, the law-abiding and innocent. Whilst some 'low-hanging fruit' criminals and potential terrorists could be disrupted or caught by monitoring communications that has had its encryption broken, any vaguely competent bad guys will avoid detection altogether by other means. Meanwhile internet commerce, important (and in some cases vital) physical infrastructure would be put at risk, eveyone's privacy would compromised, and authoritarian states around the world would continue to be enboldened to crush dissent and political opponents by the poor example set by the supposedly enlightened free democracies.

    Also, intelligence agencies already have a wide array of capabilities to monitor communications and metadata. I'm sure this gives them lots of leads and evidence, which is good (and I'm not sure whether the EU proposals go too far in this respect). But they only get that because bad guys think the content itself can't be decrypted. If encryption was gone, what would they do? Continue to send stuff and just hope no-one reads it? Come on, it doesn't pass the 'smell test', does it?

    Except for those small fraction of people involved in perpetrating it, we all want terrorism and criminality to stop. But removing everyone else's protection whilst causing minor inconvenience to the bad guys wouldn't achieve that.

    I hope the EU enacts something like this proposal, and that others follow.
     
  22. entropys macrumors 6502

    entropys

    Joined:
    Jan 5, 2007
    Location:
    Brisbane, Australia
    #22
    smells fishy to me. if there is one thing eurocrats like it is pressing the thumb on the little people.
     
  23. Toutou macrumors 6502

    Toutou

    Joined:
    Jan 6, 2015
    Location:
    Prague, Czech Republic
    #23
    And I was ****ing right!

    Amendment (37):
    Service providers who offer electronic communications services should process electronic communications data in such a way as to prevent unauthorised access, disclosure or alteration, ensure that such unauthorised access, disclosure or alteration is capable of being ascertained, and also ensure that such electronic communications data are protected by using specific types of software and encryption technologies. The requirement to inform end-users of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge.

    Translated:
    Do **** for us, pay for it yourself, be responsible for any **** up in the security area OR ELSE….!!!!!!!!
     
  24. smallcoffee macrumors 6502a

    Joined:
    Oct 15, 2014
    Location:
    North America
    #24
    He probably thinks the same thing that Obama thought, or Nancy Pelosi.
     
  25. nwcs macrumors 65816

    nwcs

    Joined:
    Sep 21, 2009
    Location:
    Tennessee
    #25
    As much as I like the idea of this proposed rule the reality is that it is not in the best interest of governments. Whether benevolent or not, governments want to keep tabs on people and will abuse such power. It's human nature. In the end it will be watered down to the point that it doesn't mean as much as people think.
     

Share This Page