The failure (our failure) to make the ideals and ideas of freedom in the digital age accessible and present in politics is a disaster. FOSS ideas, open culture ideas. What the world wide web actual is... It's not even that they disagree, they aren't even aware.<p>We spent decades fiddling arguments with one another while events just took their course. Politicians don't understand or care about any of these ideas. The public doesn't either. When "something must be done" about this or that... because digital culture progresses to some point, the deep well of ideas that dominated web culture have zero impact.<p>Ultimately, the encryption argument is being had between spooks and tech monopolies. Politicians are bystanders. There is no "freedom of speech" equivalent, no idea of the current technological age to guide them. No flag for the public to rally to.<p>The right to privacy is great, but we can't just keep arguing by analogy. We need modern age thinking to define this for modern circumstances.
I always say if politicians want to ban encryption being absolute (by making it insecure): you first. Lets see how well it works by implementing encraption in your systems and email and seeing if your backdoor deals and illegal activity winds up in the public eye for all to see.
Put simply, the resolution is no different from the previous proposals which generated a wide backlash from privacy-conscious companies, civil society members, experts, and MEPs. The difference this time is that the Council has taken a more subtle approach and avoided explicitly using words like ‘ban’ or ‘backdoor.’ But make no mistake, this is the intention. It’s important that steps are taken now to prevent these proposals going too far and keep European’s rights to privacy intact.”
Government’s attack on its own citizens are getting to a ridiculous level, this ban against encryption is obviously disliked by 99% of the population and will affect them adversely.<p>Government is showing that they don’t care about well being of their citizens by continuously pursuing these type of proposals.<p>I think people in society should drop the civil contract all together, obviously government has devolved into a tribal state where they do everything in their might to protect a select few, hence people will need to drop their contract with the current one and build a new one.
That this kind of thing is on the table shows how short our memories are. After the Snowden revelations (among others), now governments expect us to believe they have pure intentions when it comes to breaking encryption?
I highly recommend reading the actual resolution at [0]. It is short and clearly written, a pdf of a few pages.<p>As Protonmail admits, "it's not explicitly stated in the resolution" that it "seek[s] to allow law enforcement access to encrypted platforms via backdoors". Protonmail argues, however, that this "is widely understood" to be its aim.<p>I am disappointed that Protonmail provides no evidence that this is really the underlying purpose of the resolution. (They do point out that previous proposals did contain such wording, but this in my view is insufficient - the explicit removal of such words can be called progress, after all!)<p>So what am I missing? Can someone here maybe provide evidence that this is really the actual intent of the resolution?<p>[0] <a href="https://www.consilium.europa.eu/en/press/press-releases/2020/12/14/encryption-council-adopts-resolution-on-security-through-encryption-and-security-despite-encryption/" rel="nofollow">https://www.consilium.europa.eu/en/press/press-releases/2020...</a>
I've been a cypher geek for ages. I've used Signal before it was popular, PGP emails even when they were no longer popular, I've been an early enthusiastic supporter of ProtonMail, I was outraged by many of the decisions taken by the US government to break the right to encryption (and, most of all, harm the security of users through backdoors), and I'm alarmed now that the EU seems willing to follow a similar path.<p>But I also try to walk in politicians' shoes. Security agencies have the right to monitor the traffic linked to activities that pose a threat to public security. And there's no way of saying "open a backdoor only for the bad guys".<p>Just like a knife can be used both to cut an avocado and murder your wife, E2E encryption can be used both to guarantee freedom of speech in authoritarian regimes or protect intellectual property and PIIs, and to guarantee an un-monitored tool for the communications of terrorist organizations.<p>So far the position of the tech community has largely been "our job is just to provide the tools, not to predict nor oversee the perils that they pose". And politicians are rightly frustrated with this approach. And frustration at some point inevitably turns into bad legislation, often done without consulting a tech community that has been deaf to their use-case for decades.<p>Is it possible to build a tool or a technology that guarantees privacy while providing tools for investigators, without opening backdoors and without compromising legitimate use cases?<p>I know, it's a hard question, it's not how E2E encryption was designed, but I have the impression that in all these years we haven't even tried and sit around a whiteboard to brainstorm some ideas, and we are simply shouting "but privacy...!" whenever a politician tries to boldly (and often clumsily) break the wall between them and us and implement legislation to regulate our lack of action.
How would you even do that ? I doubt any criminal organization just trust the platform for encrypting their data, they do it themselves using well known algorithms that have no backdoors.
People who seriously want to encrypt will always be able to do it, you can hide data in pictures, files whatever and have a custom algorithm to reassemble it if you want.
The only one who will lose is the user who do not really care, being now more weak to man in the middle attack. That is the majority with data that cause no threat.
I use ProtonMail as my daily driver for email. I believe that encrypted content with no back door keys, but having who is communicating with who, is a good compromise. I understand why intelligence agencies might need, with court authorization, to know who is communicating with each other. But, content should be absolutely private.
A recent policy memo[1], while variously problematic, did mention end-to-end encryption, as a tool to mitigate risks of US folks using Chinese platforms, in its envisioned environment of an economic-bloc cold war.<p>> Require Chinese companies to adhere to specific technical requirements [...] Technical Restrictions [...] End-to-end encryption: Mandating the use of open source encryption protocols that limits the service provider’s access to user data. This eliminates the ability for the Chinese government to access the encrypted data.<p>Might it now be useful to add this to the political argument for privacy? Opposition to encryption as support for <i>Chinese</i> government intelligence gathering.<p>[1] <a href="https://news.ycombinator.com/item?id=25918462" rel="nofollow">https://news.ycombinator.com/item?id=25918462</a>
Even if you believe it's possible to have secure communications with the government having key escrow (it's not), protection from the government is valid.<p>Yesterday was Holocaust memorial day. It's still well within living memory when a legitimately elected government tried to wipe out vast swathes of their populous because they had the audacity to be born into the wrong religion, sexual orientation, disabilities or political views.<p>People like Willem Arondeus are quite rightly seen as heroes. Can you imagine how much different things would have been if the Nazis were able to get not just everyone's (semi) public facebook posts but all of their private messages as well and use that for targeting of undesirables? As a more recent example, the Rwandan Genocide was massively helped by the fact your national ID card identified your ethnicity.<p>Whilst it's easy to say our current government would never do such a thing, we find ourselves living in a time when the far right is on the rise again and the idea that they would get elected is not beyond imagination.<p>edit: facebook is obviously the wrong example to use here, but there's a difference between someone being able to get a legally issued court order to see stored communications on a platform, or even what data I have on my device and being able to decrypt any communications as it transits over a wire, so I feel the point still stands.
> guaranteeing the powers of law enforcement and the judiciary to operate on the same terms as in the offline world<p>Have there ever been prohibitions about which encryption I can use on paper letters?
So, it is very hard not to react on this.
What does this means for banks? For any hacker worldwide? For any foreign government agency which is not our?
What does it mean for any type of communication that by default has to have secure communication?
What are the exactly "ends"? Encryption between car and key, between airplane and tower?<p>And if this is only between two persons, who will enforce this?
Criminals will continue to use it, so who is the target here exactly?
EU: “big tech is stealing your data. Don’t worry, we’ll fight for your rights and protect you “<p>Also EU: “big tech is encrypting your data, so we cannot look at it when we feel like it. Don’t worry, we’ll make it open, so we can check on you“<p>Out of those two, I’m much more comfortable with big tech having control over my data. Sure, they’ll use it to make more money, but they won’t use it to put me in jail.
Ok, a bit of a hijack here but it's looking like encryption is going to be backdoored! All govs seem to be gunning for it.<p>So, what is the solution? Having my own public/private keys that I sign everything with?
When I see government trying to backdoor or key-escrow encryption, it reminds me that it wasn't so long ago (1800s) that many governments tried to use law to set the value of 𝛑.
They will never stop. It's the EU salami tactics, they proceed "slice by slice" until you realize it and then it's usually too late. I wish they would devote so much time to actual problems and make EU again a big leader (e.g. look at the speed we are getting vaccines now).
This discussion is tiring. That initial resolution was overblown as well.<p>> However, the resolution makes a fundamental misunderstanding: encryption is an absolute. Data is either encrypted or it isn’t; users have privacy, or they don’t.<p>Well, but as always, it isn't. Or are they encrypting all customer data with the same key?<p>Are provisions in the US good enough? But then you have the NSA, etc.<p>Privacy is a right on the legal sense. Should anything be unaccesible to law? (in the legal and in the technological sense, but they're two separate issues). This is more of an ethical question than a legal/technological one.<p>But back to the initial statement: no phone or system is 100% secure.<p>A "backdoor" implies a secret (to both user and provider) extraction of the data. Now, a judicially authorized/vetted extraction of data of a specific customer/timeframe is a different thing (even better, make it forward/backward secret). Sure, it is alarming and certainly ethically debatable. But it is not "a backdoor"
In society there are always competing rights and duties to be balanced. Rights very rarely absolute.<p>In this case the right to privacy has to be balanced with the need in society for the law to be enforced and police investigations to be carried out.<p>There are never been "end-to-end" unbreakable privacy. People have a right to privacy so their private communications are kept private but at the same time the police has always been able to access those communications should it be necessary and according to the law. Claiming that an 'intact' right to privacy means an absolute right to absolute privacy is simply not how it has ever been.<p>Strong end-to-end encryption essentially means that the police cannot access communications ever, even if they get a warrant because they don't have a technical mean to do so. That's quite reasonably something that is deemed a problem. How do we deal with this?