EU: These are scary times – let's backdoor encryption! The EU has shared its plans to ostensibly keep the continent's denizens secure – and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner. While the superstate has made noises about backdooring encryption before, the ProtectEU plan [ …
Just some quotes from a Very Important European:
"We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back."
“Of course there will be transfers of sovereignty. But would I be intelligent to draw the attention of public opinion to this fact?,”
"I'm ready to be insulted as being insufficiently democratic, but I want to be serious ... I am for secret, dark debates"
On French referendum over EU constitution
“If it's a Yes, we will say 'on we go', and if it's a No we will say 'we continue’,”
Brexit may have happened for all the wrong reasons, but it's probably still better it happened.
And, as here, the quote is normally used wrongly. Topsy's "I just growed" was her explanation of where she came from and not how she reached her current size. To grow like Topsy is therefore to come into existence, not to get bigger.
Moral: Before using literary references, find out what they mean.
> When it was the EEC it was fit for purpose.
Those of us old enough to remember wine lakes and cheese mountains might disagree.
However the focus on being a trade [1] organisation rather than a super-state was rather more palatable to the UK right-wing.
[1] Trade meaning intra-EEC trade first and foremost, and international trade a distant second; with the result that Africa - which in the early days of the EEC was largely unindustrialised and so only had food to trade - was locked out and their living standards held back for the best part of half a century, something the EEC should have been ashamed of. [2]
[2] In a parallel universe, there's a version of the EEC that embraced Africa and Eastern-Europe and evolved into a pan-European, pan-African free trade organisation with the strength to not have to care about Trump. Note to politicians: you could have had this but you were too short-sighted. [3]
[3] France once approached the UK with a request to join the British Commonwealth. With hindsight it looks like accepting would have been a very good idea! :-)
Salary of European Commissioner is in €25,910.19 per month area.
That might be a lot from a perspective of working class person, but in the grand scheme of things this is chicken feed.
Your month's salary wouldn't cover luxury family holiday, let alone rent, food, cars and other basics.
It is actually more dangerous, because they can see the rich, they can almost taste it, but lifestyle is still out of reach. This makes it even more tempting to get bent a little.
As I said, it might seem like a lot to 99% of population, but it is nothing. This is not serious money in the grand scheme of things and it won't offer a lifestyle rich people enjoy.
In Belgium, 300k after taxes becomes 128k. You will spend half of that just for rent.
If you enter that role in your late 40s or early 50s for 5 years, assuming you can save 20% or so over time, that's like 150k.
You might get a nice car for that and that's it or a nice house like in Bulgaria.
But most likely you'd put it on savings (or stocks and shares) account and use as a pension top up.
First of all you seem to be talking about the Commission whose closest equivalent is the civil service, so not really politicians (perhaps you can define the top position as political as she's appointed and can be removed by the parliament...)
Then, in terms of salary you seem to be applying Belgian taxes but people working in the Commission don't pay that level of taxation.
Finally, I'm not sure where you think such people live but you can rent a very nice flat for a lot less than 5K a month in Brussels and much less again if you live outside of Brussels.
"Salary of European Commissioner is in €25,910.19 per month area."
But salary of european public servants tops at around half, 12 months/year, and only for those that were lucky to be hired before 2004's reform. In Luxembourg it is below average for jobs requiring the same level of qualifications and experience.
The idjits that make these decisions aren't public servants - they are political nominees. Public servants in the EU have to pass an extensive selection process, designed to filter out this kind of would be criminals, but unfortunately they are being placed "from the top", without any selection other than belonging to the PPE/EPP or further to the neo-liberal right.
Most encryption is primed to be backdoor'ed [https://xkcd.com/538/] by the user when placed in a not-so-fine situation.
2 people downvoted a fact?
Come on people, you can look this up yourselves. Or, ask your tech savvie nephew or niece to do it for you
APPENDIX D:SMOKING POLICY FOR HOUSE OF LORDS STAFF
(Paragraph 8.15)
Basic principle
1. Staff are entitled to work in a smoke-free atmosphere. Staff who smoke at work may only do so in the areas of the parliamentary estate which have been officially designated as smoking areas. Smoking is prohibited in all other areas.
Permitted smoking areas
2. Smoking will only be permitted on the House of Lords estate in specified areas, which will be clearly marked, in the following locations:
Black Rod's Garden
State Officers' Court
3. The House has agreed that, subject to review, smoking should be permitted in an area at the end of the Lords Terrace abutting the Commons Terrace. This area is subject to the normal staff access rules governing the Terrace.
4. Smoking is permitted on the House of Commons estate only in specified areas, which will be clearly marked. House of Lords staff may smoke in these specified areas if they would normally be allowed access to them.
Breaches of policy
5. Any breach of this policy on any part of the parliamentary estate will constitute a disciplinary offence, which will be dealt with in accordance with the normal procedures described in the Staff Handbook.
If "Police can't access data in 85% of cases" that means almost all crime is financial / corporate / etc relying on encrypted data.
That means there is almost no murder, rape, assualt, robbery etc committed in the EU. Ordinary crimes that don't involve encryption must now be varnishingly rare.
Police shouldn't have access to any of the digital data, same as it is for the 'analog' data.
They can access mandatory financial docs that companies must keep and 'data' that alleged criminals left accessible.
It's the same in digital and 'analog' world. They cannot access paper documents that have been burnt or hidden in the same way they cannot access encrypted data.
Sure, all that sweet data is a juicy target, but it's not their data whether it's useful to them or not.
On the other end we, citizens and salary payers for those unelected bureaucrats, should have much greater visibility on their data since it seems that once they are elected they tend to forget who are they working for...
>Police shouldn't have access to any of the digital data
Unless its evidence in a case and they have a warrant.
So if 85% of their investigations need access to encrypted data, presumably to investigate things like LIBOR or insider trading, it means all non-data related crime is only 15%
That means there is almost no crime committed against normal people.
“Police shouldn't have access to any of the digital data, same as it is for the 'analog' data.”
Police have the right to access your data if they have a search warrant. You have no obligation to help them. Apple for example may have an obligation to help them _if they can_. Since it costs time and money Apple prefers to be able to say “sorry, can’t read the data”.
The UK demanded that for end-to-end encrypted data Apple _must_ be able to deliver it and not tell the customer. Apples reaction was to disable end-to-end encryption instead of lying to their customers. The EU could demand the same and hopefully have the same result.
they can get a warrant and, exactly, i do not have to help them.
If I have encrypted my data they will have to find something else, same story if an 'analog citizen' shredded the papers with all his travel expenses. I am against criminals as much as I am pro privacy and, sadly, seems that the meaning of criminal is expanding while the privacy is shrinking.
Are they going to also ban cursive because it might be too hard to read?
Except that these days evidence of crime can be found on phones a lot - text messages, photos, documents, chats, deleted files etc. Evidence of almost any sort of crime, because people are stupid and lazy and make mistakes, so if they commit a crime they will likely have evidence of it on their phones.
Two things that would happen if the inept make encryption laws
Secure encryption is made illegal, enabling criminals access to pretty much anything.
Possession of any securely encrypted data becomes a serious offence. Files suspected of being encrypted - even if just broken files are used against you.
Suddenly political opposition will be found with encrypted files that nobody can open, and forever be silenced.
Three: all internet commerce becomes unsafe. The politicians, realising this, introduce an exemption for commercial sites. Everyone starts using commercial sites to send their secret messages.the politicians amend the exemption to apply only to "major" commercial sites. All others are forced to use (say) Amazon Marketplace. Everyone now notices that, by EU law, most EU commerce is now paying a percentage to a US company.
I expect I cluld go on with this insanity but ... the only winning move is not to play.
Relax, the courts will nix anything legislation if it were passed. Any such legislation would invalid a great deal of existing cybersecurity legislation and, in countries like Germany, constitutional protection.
But "won't somebody think of the children" is a perennial crowd-pleaser and vote-winner so we can expect to hear the same arguments brought forward every few years. And another option seems to be to get US politicians involved as they will quite happily hand out any secrets.
In the meantime, encryption schemes will improve, including better encryption at rest.
PS note to Iain: the EU is not a superstate and the EC is just another civil service.
Quite: the EC /proposes/ laws. It's the EP which ultimately decides to vote them or not. So let's not get ahead of ourselves, it'll be interesting to see the actual proposal and whether it gets through. And also of course, if it does, whether it survives the EUCJ.
I bet on quantum computing being mainstream before such a thing gets turned into law in my country.
Actually, member states in the form of the Council of Ministers (aka the Council of Europe, which is very confusing) have the greatest say on new legislation. The EC may propose it, but its main job is enforcement. The European Parliament must now also agree to any legislation but is not able to introduce any.
The EU has two legislative houses.
1. The "Council of Ministers" means the Council of the European Union. It's the key legislative body of the European Union. It's where the national diplomats of the member countries meet. According to John McCormick's textbook, "Understanding the European Union", "the powerful Committee of Permanent Representatives is often overlooked". The Council of the European Union is where the national government ministers vote.
2. The directly elected European Parliament.
For most EU legislation, both Houses can amend proposals and both Houses have to agree.
Most of the time, the Council of the European Union uses qualified majority voting. Quoting now from the EU's own page: To pass a QMV vote there has to be 55% of member countries in favour - "in practice this means 15 out of 27". AND the proposal has to be supported by member countries representing at least 65% of the total EU population. This is called the double majority.
The "Council of Europe" is not an EU body at all. It has 47 member countries including the UK and it goes back to 1949.
" The Council of the European Union is where the national government ministers vote."
I.e. bunch of non-elected bribe collectors ... and it shows every time EC suggests something. Bunch of thieves, if you want to put it bluntly.
National ministers are nominated by their parties, they are not (necessarily) elected to anything, even nationally and even less at EU level.
Rubbish, everything the EU does has to have a "legal base", to use the wonderful Brussels jargon.
Everything has to be allowed by the treaties approved by all the national parliaments. If a proposal goes beyond what's allowed by the treaties, then national parliaments can stop it. It's called the yellow and orange card procedure.
Alright then, who is the French health minister? It's Geneviève DARRIEUSSECQ. Quote from Canalcham.fr:
"Career path:
Doctor specializing in allergy for twenty-five years.
- Regional Councilor for Aquitaine region (2004-2015).
- Mayor of the city of Mont-de-Marsan (Landes) (since 2008).
- Councilor for the French regional department of Landes (since 2015).
- Elected Member of Parliament for the Landes constituency (2017).
- Secretary of State, attached to the Minister for the Armed Forces (2017-2020).
- Minister of State, attached to the Minister for the Armed Forces, in charge of Remembrance and Veterans (2020-2022).
- Minister of State, attached to the Minister of solidarities, independence and for persons with disabilities, in charge of the Disabled (July 2022-July 2023).
- Minister of Health and Access to Care (since September 2024)".
No, the Council of Europe is a non-EU thing, it's the one with 47 members that was set up in 1949.
You know, Wetherspoon pubs' Tim Martin complained in his "Wetherspoon News" magazine that the European Parliament can't introduce legislation. But I think Tim Martin never understood that it's set up that way on purpose for a good reason. The European Commission is asked to do a job. It has to work independently for all the member countries. Only the Commission has the power to formally start the process of EU legislation. That's a good thing. It avoids selfish national interests. It avoids narrow political interests within the groups in the European Parliament.
The European Parliament *can* invite the Commission to start a proposal. The Commission can say no, but it has to give a reason. The Commission can be sacked by a two-thirds majority of the European Parliament.
This is only the formal process. There's plenty of discussion first.
The back-and-forth amendments are the entire point of representative democracy.
A lot are quietly dropped, and every single EU regulation that's passed was massively amended - often the only thing that survives is some paragraph titles.
Most people don't notice, because it's not headline material.
One I know of because I was involved on the periphery are the luminaire efficacy regulations (part of a much larger document). The regulations that actually passed bore no resemblance to the original EC proposal. UK, German and French representatives made changes.
I'm no longer able to get involved because Brexit, so now I just have to implement whatever comes.
Right, so your claim is roughly: “These bits of legislation that appear to have passed into law despite being rejected by Parliament, are subtly modified on a technical level to meet Parliament’s concerns”
But you do admit, *as a europhile involved in the process*, that there have been *zero* examples of when Parliament successfully rejected legislation against the direct will of the Commission. Thank you. At last. The vast majority of europhiles have no contact or knowledge of how the business is actually done. They do not know this, and refuse to believe it when told. Thank you.
Onto your point: I used to work for Beelzebub on the other side of the fence as a, shall we say technical/management corporate guy regularly lobbying Commission. All I can say, having been involved in multiple re-drafts, is that at no point did either we or the Commissioners discuss the views of Parliament. We didn’t talk to MEPs, we didn’t read debate transcripts, we didn’t look at voting records or try to understand “changes needed for acceptance”. Nothing.
Nor did Commission represent to us that they were acting to address Parliament concerns. In their view, they were updating policy in line with whatever was internal or situational change had occurred. There was *certainly* no view that in any sense Commission had “got it wrong”’ or were being corrected. In all my dozens, probably hundreds of meetings, and hours prep-work with legal and management teams, re-drafts were simply another opportunity for us to re-angle and update our interests into the legislation.
And finally these “UK representatives” (by which I assume you mean UK govt). We talked to them. But you know, we’re in charge. We tell them what industry wants. We’re a major transnational for both UK, France and Germany. All the “national” representatives are basically reading from the same script we gave them, apart from where there are national site tensions internal to the company, and those definitely exist. I had louder “assertive exchange of views” with my opposite number in $Corporate Germany, than ever with the Commission.
I hope the view from Beelzebub clarifies matters on How Things Are Done.
Also, for clarity for the Wikipedia warriors: sigh, yes, nominally the back-and-forth includes so-called trilogue, which is Commission, Council of European Union, Parliament. This re-discusses and agrees amendments, in a series of meetings, and its majority vote among the three.
However, the actual meeting is this: the Commissioner is there with a large retinue of flunkies. The Council of Europe…*is allowed to be* a minister of a national govt, but I don’t think has ever been that, even once. In fact, it’s a representative of the *Presidency* of the Council of Ministers. Remember that, *Presidency*. The *Presidency* office is really a floating civil service all of itself; it is headed by a rotating head-of-state (every six months); but the people who actually staff it are (of course) full-time employees who are appointed by, and receive their salary cheques from, the Commission. Yes, the Polish PM can tell them overall priorities, but he isn’t really their boss, and anyway if the Commission doesn’t like them, it just waits until the next six-month Presidency for all-change. So, it’s majority voting where the Commission controls two out of three votes.
But….none of that matters anyway. Because the output of this big trilogue is….a set of minutes. The only requirement on Commission is that it produce an updated “file” (including proposed legislation). There’s no requirement that Commission modify the proposed legislation in the agreed direction. And it *does not*.
As I said, as somebody who has been part of the lobbying and decision process on significant parts of technical legislation, over many many years: neither I, nor anybody in the lobbying team has in fact ever *read* the trilogue minutes. Nor has Commission ever raised them with us. At all. They are simply ignored. The file gets re-submitted, with the mods *we* want, and goes round for a few goes, and gets mostly passed by Parliament, and if not, it comes back for another round of lobbying. The *trilogue* might as well go to the pub, for all the effect it has.
"The back-and-forth amendments are the entire point of representative democracy."
No, that's the literal opposite of that. Bureucrats forcing legislation *despite* Parliament saying no is the opposite of democracy. And they have decades to try again and again.
Too complicated for you?
"Can you list *actual examples* of EU legislation, where the Parliament rejected the Commission proposal, and it didn’t just get passed back one or more times until they agreed?"
I've a counterexample of forcing legislation without EP having a say:
Commission said they'll make copyright directive as they wanted (i.e. were paid for) and *announced* that they'll wipe their assess with Parliament if it doesn't agree. Years ago but it wasn't first or the only time.
Then the wussies in Parliament agreed and it passed *without any changes*.
Now tell us Commission *has to have* agreement from Parliament when they obviously don't. According to Commission, anyway and the rest are more or less irrelevant.
Yes, I expect so. The European Parliament is a modern working legislative chamber with powers to amend. Which committee would you like?
Economic and Monetary Affairs?
Environment?
Civil Liberties, Justice and Home Affairs?
Have a look at the European Parliament's Legislative Train Schedule. It's public and updated all the time.
https://www.europarl.europa.eu/legislative-train/
"Quite: the EC /proposes/ laws."
Technically yes, but EC *can* make directives without EP approval. They have said so and almost did so with one of the copyright directives, years ago. Whole directive was a result of blatant bribery and even EC wasn't allowed to discuss about it or change *anything*. EP even less.
Lo and behold: It was forced through by EC by extorsion, without a letter being changed from what the record company lawyers had written. And we still have to live with that piece of crap.
Please do not fool yourself believing EP has power over everything.
What, you mean this one?
Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (Text with EEA relevance.)
It says,
-------------
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 53(1) and Articles 62 and 114 thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Having regard to the opinion of the Committee of the Regions (2),
Acting in accordance with the ordinary legislative procedure (3)...
------------------
What's that? The "proposal" from the European Commission. Did the Commission get this into EU law on its own?
> Relax, the courts will nix anything legislation if it were passed. Any such legislation would invalid a great deal of existing cybersecurity legislation and, in countries like Germany, constitutional protection.
You know what happens when you let the politicians grandstand with obnoxious authoritarian stupidity and suffer no political consequences, and then rely on the courts to rein them in?
It works until they capture the courts or start ignoring them.
Then you get what's happening in the US right now.
There are three parts to the EU's court.
There's a lower court and an upper court.
There's also an EU staff tribunal court.
It's only for the legal questions that come from the Treaties. It doesn't do criminal or family law.
The credibility of the EU's court depends on its independence.
So, your defence of EU legislation, is you think Germany doesn’t have to follow it? It’s funny, the French exceptionalists seem to think exactly the same thing.
And it’s exactly the same reasoning that got Trump elected by government workers too. Because obviously DOGE isn’t going to eliminate *my* position, only the corrupt Dems.
You are embarrassing yourself.
“ Because obviously DOGE isn’t going to eliminate *my* position, only the corrupt Dems.”
Hang on a minute, are you telling me that despite my being a loyal member of the Leopards Eating Faces party, it doesn’t stop the Leopards from eating my face!
Well I’m shocked, that was never explained to me when I joined up!
As such, multitudes of EU legislation are held up by small groups like the Flemish farmers in Belgium.
The trilogue meetings, defined as 'informal tripartite meetings on legislative proposals between representatives of the Parliament, the Council and the Commission', are where business gets done.
Then the decisions in trilogue are ratified by the parliament, the council and the commission.
So representation is maintained in all three bodies, the people directly elect the parliament, the council are made up of the elected representatives of each member state, and the commission is appointed by the other two.
I admit the EU has exceeded its original mandate, but as one the largest free trade blocks in the world with low to no tarrif agreements with most of the planet, a respect for privacy and human rights, and institutions defined to defend them, it is far greater than the federal united states at both getting things done, and doing so effectivley.
We have a load of stuff that is stored encrypted already with tools that don't have back-doors.
We already have the tools that will encrypt without back doors.
How are "they" going to make us give up on the old tools? Will we have to decrypt and re-encrypt everything - if we even can (eg shaddow credential stores...)
Even if "they" say that all of the communications products have to have back doors (and that they won't talk to "old" versions that don't), then if I can send a file, I can send a file encrypted with the old tools that the authorities won't be able to read.
Even PGP for email has been around since 1991
A mate at my Uni had a floppy disk with his coursework on but sensible bloke had a backup on his computer and another floppy. The University had a complaint that he had plagiarised another student’s work on as yet unhanded in assignments and asked to see the contents of his floppy disks. He said fine take a look, so when his lecturer opened the disk he was asked about one of the files on it. This was a text .txt file with what appeared to be a lot of encrypted text in it. Asked to explain what it is he tells them it’s a linked JPEG picture (there wasn’t a viewable version) he downloaded from the internet. Only it was corrupted and he was trying to fix it without much luck. He’d saved it as a text file to see if there was anythIng obvious. He was then asked if it was an encrypted form of another student’s work, something else encrypted or was it a mucky picture and he said no it was a graph. It took him a couple of minutes to find and download the linked jpg file again from the geocities website he’d found it on initially. It was still corrupted and opening the file as a text file gave the same result when opened. They looked at the other files on there and found nothing matching the other students work. Much apologies all round.
"How can they wind back history? "
Easily, *they* don't : You do. If you have *anything* encrypted, you're a criminal and it's jail time until you tell the decryption key.
That is *already* the law in UK and obviously EC Nazis are trying the same trick in EU. Again.
Only Nazis want to see *everything* you or everybody else do online. That's the term, use it.
Couple of observations:
- Signal is (very likely) secure WHILE IN TRANSIT.
- But the end users need decryption to understand the message
- So......a compromised end point (see NSO/Pegasus) means that the message is available to someone other than the end user!!
MY SOLUTION
(1) You (and your buddies) develop a private encryption protocol
(2) You (and your buddies) always do encryption/decryption using OFF-LINE processing
(3) You (and your buddies) send encrypted messages using any transport available (including Signal!!)
(4) .....so the snoops (EU and elsewhere) using NSO/Pegasus or similar......will only ever see encryption (either the Signal version....or the private version)
NOTE
(5) PGP uses published static keys (so disclosure is actually possible)
(6) Diffie/Helman schemes use different random keys for EVERY MESSAGE (so disclosure is technically impossible)
(7) ,,,,and of course you and your buddies use multiple pass encryption with different random keys, just to make it interesting for EU and NSA and GCHQ snoops
ASIDE
......but in any case this EU news is just the usual misdirection......"We in Brussels ARE DOING SOMETHING!!"
Exactly....
Exchange (offline, ideally in person) random one-time pads with your contacts, and encrypt/decrypt with pencil & paper. Destroy the pad as it's used.
15th (or 16th, depending on who we credit) century and 19th century cryptography combined remain unbreakable*.
*Well... it could be decrypted, but the true plaintext message would be indistinguishable from every other sentence with the same length generated in the process.
Embed your message in a picture using some steganography. It doesn't need to be clever because you choose a picture that is likely to be reposted on social media without attribution and by a foreigner. Wait for that to happen. Then "innocently" tell your intended correspondent about the amusing post you saw yesterday. You can do that in cleartext. They can tell (from a particular phrase, or time of sending, or your choice of account, or ...) that it is worth pointing their tools at the picture.
They then have your message, which you did not send to them and which they did not receive from you.
What did you think all those cat videos were for?
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, is a politician, that has never worked in any technical job and has zero technical education whatsoever. In fact, she's got a degree in arts and another in phylosophy and her whole career consist in hoping between political responsabilites with no connection to technology. Why the fsck do we have such a person in charge? A monkey with guns would do better.
The same could be said of many European Commissioners and government ministers in most countries. Regarding ministers – that's how democracy is supposed to work – regarding the European Commission, I'd personally welcome a return to the form under Delors, et al. when the Commissioners were generally senior civil servants and not politicians. Expanding the Commission so that every member gets a Commissioner was a dumb sop to member states keen to pursue symbolic national agendas over regulatory competence.
..... into which you can place documents.
Each of these documents appears to be 'garbage' when you open them. But if you XOR two or more documents together you then get the unencrypted document, or even an encrypted document that you then decrypt with an agreed key. The key thing is that you need to know which documents to XOR to get to the document that you want.
When you are going to publish a document you select other document(s) that are already in the store to XOR with before publishing, then just publish away.
The great thing is that people will come along later and use your document as one of the ones they choose to XOR their document, so eventually the documents in the store will have been used multiple times to make up many documents.
It would be pretty trivial to exhaustively XOR each newly uploaded document with all existing ones to see which it was meant to be paired with. Would only need to do the first few hundred bytes (or a few hundred bytes starting at a random offset) to see if something recognisable came out.
This is just the latest round of government dumbfuquery. They don't understand something so they make grandiose statements on how to fix it (despite advice to the contrary) until eventually someone either explains it to them using words of less than one syllable, or else they get fired/voted out. As for the anti-EU comments above, you should be proud that a Brit thought of this stupidity first!
Politicians are scum. They keep making noises about not wanting to backdoor E2EE and at the very last moment pass a law that mandates exactly that.
I still remember clearly Labor wanting to introduce RIPA Part 3 in the UK and the Tories blocked it calling it "Orwellian." And what did the Tories do when they came to power? The first thing they did was to pass RIPA Part 3.
I would therefore not surprise me that despite all the supporting noises for E2EE they will enact something like RIPA in the EU. Many countries have been quietly been lobbying for this. Publicly they're against backdooring but when the EU enacts legislation they'll tell their constituents they "had no choice."
"In a democracy, politicians are as bad as we let them"
That was a joke, wasn't it?
No-one has *actual* democracy, so your point is moot. EU is pure oligarchy were oligarchs (EC) are nominated by national other oligarchs, nominated by the party. Parties do get votes, but the actual managment (EC) is two levels above *any kind* of voting.
Not only that: In EU you may choose from candidates nominated by parties and that's that. When *all* of them are scumbags, there's literally not a thing you can do.
Naturally, you may not vote about anything at all directly, *that* would be democracy.
In computer era that would be trivial, but no-one on top wants it: How do you collect bribes if people can outvote you?
I think it's worse than that.
If a criminal were to send me a message which is just garbage, gobbledegook, how would law-enforcement know that it wasn't encrypted by some dastardly process thus hiding a heinous plot? I couldn't supply the key, so I am then implicated in Mr. Big's enterprise.
Because I can't decrypt the 'message', I must be guilty.
That's what happened in the UK when the law was imposed, a lot of groups emailed blocks of random numbers to the home secretary who would have to reveal their meaning to the Police.
But the government explained that the law only applied to people they wanted it to apply to.
"But the government explained that the law only applied to people they wanted it to apply to."
And that, my friends, is pure and concentrated fascism. What a surprise. By definition UK is now a fascist state.
Nazis everywhere and *always* want legislation which applies to Them, but not Us.
“If the government has the key, then criminals do too”
In the UK vs apple case, the government would never have had my key. For my data, only me and Apple would have the key, and the government could ask Apple for my unencrypted data.
So my data would have not been as insecure as the government muppets having my keys, but as insecure as Apple having my keys, which I think is a lot more secure.
>and the government could ask Apple for my unencrypted data.
Or the government could just request an API to dencrypted access any of your 'encrypted' data whenever it wanted.
The encrypted data stays on Apple's servers and they don't hand over the keys
That way the Police save the hosting costs
“ Or the government could just request an API to dencrypted access any of your 'encrypted' data whenever it wanted.”
There are no laws in place that could require any storage provider to provide an API like that. Or even to _have_ an API like that. They need a search warrant, and any search warrant is based on some specific event. Just like police cannot get a warrant to search a suspected drug dealers home at any time. They need a cause why they should get a search warrant, get the warrant, do a search, and next time they need a new warrant.
Sounds like they want to force Apple to disable Advanced Data Protection EU wide.
If you become affected/afflicted with this down the road, just remember: you don't HAVE to use iCloud for backups. You can backup to a PC or Mac, and security wise that's basically equivalent to ADP.
It's simply another round of "law enforcement wants an easy life and doesn't understand mathematics".
They will continue to demand the impossible until the top echelons of law enforcement understand mathematics, or a sufficiently large and public scandal occurs that can't be buried under a multi-decade series of inquiries.
I wouldn't bet on either of those occurring in my lifetime, so here we are.
"It's simply another round of "law enforcement wants an easy life and doesn't understand mathematics"."
Not *only* that: Law enforcement is full of actual fascists. Half are Nazis and the other half believe Stasi was the best invention ever and the rest want to copy Chinese surveillance, just because they can.
The UK case is a literal proof of that: "This law applies to you but not to us" ... that's a (or one) definition of fascist regime.
Many of us will recall the fuss over the Clipper Chip from the 1990s. For those unfamiliar with it its worth looking up the Wikipedia article on it. It was a physical piece of hardware that managed message sender and recipient verification and the generation and exchange of a symmetric message key. It was actually a very well thought out system with even the chip itself being tamper proof and using it would have solved a number of problems that plague us even today with security but it did have a couple of issues. One was that each chip was uniquely identified, the other being that the 'government' kept all the master keys 'in escrow' ready to hand over to any organization that was legally empowered to use them.
In essence we're already there with the special security chip, only we call it "TPM 2,0" which is being de-facto mandated (if you want to use business software post 2025 you'll need this part). We're missing the government escrow bit but its being demanded by a couple of European governments. I know that a key escrow setup is inherently unsafe (and we're all well past the point of assuming that governments will always do the right thing by us) but the bureaucratic mindset has caught a glimpse of its Nirvana and its disinclined to let it go. This is going to be interesting to watch --- from a safe distance.
How many times do cryptographers, coders, etc. Have to explain to ‘Law Enforcement’ and clueless politicians that encryption either is secure or it isn’t? If an encryption system has a ‘back door’ it is not secure. Period. Putting a back door in an encryption system for use by ‘Law Enforcement Only’ is about as clever as putting a drain hole in the bottom of a boat, painting ‘No Entry’ on the outside of the hull next to the hole and expecting the water to stay out.
I’d ask ‘Law Enforcement’ and their pet pollies the same questions that were asked when the Clipper chip was put forward; What villain is going to be stupid enough to use an encryption system that is secure against everyone *except* the cops? Do they think a criminal is going to balk at using an ‘illegal’ encryption system that doesn’t have a back door built in?
Funny how the direct download link included in the article now leads to a "Page Not Found" page. As if they pulled back the document so that the public can't review it.
But don't worry, it's already been saved by the Internet Archive and can be found , read and downloaded at the following URL:
https://web.archive.org/web/20250401170351/https://home-affairs.ec.europa.eu/document/download/48218e1a-9e03-4be1-b19c-d04c323c1117_en?filename=ProtectEU-European-Internal-Security-Strategy_en.pdf
"As if they pulled back the document so that the public can't review it"
'As if'? You can bet any amount that that was literally what they did. EC specifially *do not want* any kind of actual discussion about *anything* they 'propose'.
EU bureucrats, like Virkkunen here, are absolutely incompetent to say anything, so they'll parrot the opinions of the best briber.
Here's a novel idea!
Arrested for X. Request from legal authority TO OWNER for keys/passcodes. Refusal is dealt with by prosecution for the original offence under the assumption that the refusal was because the evidence was there. Maximum assumption (by default) of evidence. The naughty person will be letting the authorities in so as to mitigate and get the charge down!
Currently, I understand the UK has a law whereby refusal to provide a passcode upon lawful demand results in a law being broken should it be withheld. As it stands, it could be 15 years inside Vs 100 weeks of unpaid community service. I'll take the Community Service, thank you!
Get pulled for suspected DUI and refuse to be tested = prosecution as if you were tested positive. Result is the same: ban, increased insurance etc. Basically, you are not going to escape justice by merely refusing to take part in the process.
Imagine the same for access to devices. And the effect upon the rest of us who know that Mr Scummy Bum Spy Person has no authority to demand the pass key? A Big Fat No. No backdoor. No weakening of the model.
Yes, it is probably a bad idea. Or is it?
No, do get I get what you are saying. But, if you are arrested and your device taken (legally) from you and they can't access it then armed with a Court order they can compell you to open it for them, refusal to do so is Contempt of Court and is punishable.
But the fact that you have been arrested and have vanished might well tip off your accomplices, so what the authorities really want is the ability to read your messages, data etc, without tipping you or your accomplices off. The oft quoted XKCD cartoon involving a wrench is fine, but just isn't the point. The only, only way to do this is to break encryption for everyone, the authorities can realistically read everyone’s messages, yes, in theory they need a warrant, but I suspect any legislation will include terms to allow for this to be bypassed ‘if necessary, or urgent’ for; whatever definition of necessary or urgency they apply at the time.
A golden rule here is ‘if any Law, however well intentioned, can be abused, then it absolutely WILL be abused’! ‘Patriot Act in the US’, ‘RIPA in the UK’, etc?
Look, it is so obvious to, I’m sure, all of us here, but I think it does bear repeating, ‘encryption is absolutely secure against everyone, or it isn't secure at all, and eventually everyone will have access’.
“No, do get I get what you are saying. But, if you are arrested and your device taken (legally) from you and they can't access it then armed with a Court order they can compell you to open it for them, refusal to do so is Contempt of Court and is punishable.”
Actually, they can ask you to decrypt specific messages. They have no right to force you to open your phone or hand them your passcode. Same as if the police knew that there is evidence against you in your safe. They can get a search warrant for the safe and possibly the safe keys. They are allowed to break the safe open. If they can’t they can force you to open the safe, but no right to your code to the safe.
" refusal to do so is Contempt of Court and is punishable."
And that's a problem right there, you get jail time if you can't open it and it's absolutely irrelevant if you are guilty of something criminal or not.
15 years in jail for forgetting your passcode, literally. *assuming* it's your stuff in the first place. Guilty by one way *or* another way: There's *no way* to be innocent and that's pure fascism.
And anyone who is OK with that is a fascist.
...whilst at the same time maintaining effective security—the modern version of the Medieval attempt to transmute base metals into gold.
It's the same mentality, except that at least the alchemists had the excuse of being ignorant of the futility of their efforts, while the modern seekers have the impossibility of their supposed aims not just staring them in the face, but being shouted at them. For that they deserve all the shame and mockery that is rightfully theirs.
But of course, actually, they just can't stand not being able to 'steam open the envelope' whenever they feel like it. Some things never change.
“ ...whilst at the same time maintaining effective security—the modern version of the Medieval attempt to transmute base metals into gold.”
You may have noticed that the boss of the NSA has just been fired. There is a strange thing about former NSA and FBI bosses: As the boss they want to be able to bypass all encryption because it makes their life easier. Soon after leaving their job they figure out that breaching the security of ordinary people (especially those in military, CEOs, politicians etc.) causes more damage than being unable to read some drug dealer’s email. Privacy, on the other hand, they don’t care about that.
EU wants lawful and effective access to data for law enforcement ... we have that, it's called a court order and not some blanket privacy invasion by unelected and unaccountable dictatorship, did they not take note of UK attempts and how Apple just stuck up 2 fingers and crippled security slightly for UK owners !
It's not 2016 anymore. Those old slanders of the EU don't work these days.
The EU is run at the top level by elected national leaders. The things that are covered by the EU are set down in the treaties that have been signed by national leaders and approved by their national parliaments. If a proposal goes beyond what's allowed in the treaties then national parliaments can stop it.
The Commission is not and should not be elected because it has to be independent. It can't be if it is beholden to a particular voting group.
The directly elected European Parliament checks people for conflict of interest before they can get Commission jobs. The public confirmation hearings of the European Parliament are online.
The key decision making body of the EU has appointed diplomats, like diplomats everywhere, and voting government ministers of democratic countries.
The EU's two main courts have appointed judges from the member countries. Like judges everywhere they're not and should not be elected. The Commission is asked to make some decisions but they're not final - they can be tested in the EU's lower court and in the upper court. That means the Commission is accountable to the EU's courts, to the Council of the EU, to national leaders, to national parliaments, to the European Parliament, and to the European Court of Auditors.
The EU is run democratically. Want a recent example? Here's one!
The European Commission fined seven investment banks – UBS, Natixis, UniCredit, Nomura, Bank of America, Portigon (formerly WestLB) and NatWest (formerly Royal Bank of Scotland) –
for illegal collusion breaking EU competition rules. On the 26th of March 2025 the EU's General Court upheld the Commission's decision but "reduced the amount of the fines imposed on UniCredit and Nomur".
How dictatorial! How undemocratic! An organised body run by and for its member countries according to a rule of law with panels of judges who give reasons for their decisions!
"The EU is run at the top level by elected national leaders"
No it's not. EC members are *nominated* and definitely not elected *anywhere*.
Not only that, they are nominated by national ministers who are also *nominated* by national parties.
Parties doing the nominating are *elected*.
Why don't you know even the basics of EU management?
Parliament is elected, but it's an irrelevant rubber stamp which has no actual power and *can't* introduce legislation at all: EC does *all* of it. Or doesn't if the bribers don't like it.
"The European Commission fined seven investment banks "
Yea. Almost 1% of the profits they had collected and *allowed* the same practises to continue. That's actually a good example how bribed to the hilt the EC is.
No jail time for anyone and barely noticable 'fine'.
"An organised body run by and for its member countries "
For *money* to themselves. EC has *never* been for "member countries*. Just a bribe collecting agency to benefit bribers. No more, no less.
See: "Junk" car directive written and paid by metal recyclers, light bulb directive written and paid by Philips or copyright directive written and paid by copyright Mafia.
Directives benefitting member countries or people in them are an accident, clerical error if they happen: EC is *not* for those.
Since when was the bureaucracy known as the EU a Superstate? It is NOT a State or even a Nation, it is just a loosely cobbled together organisation of civil servants trying to dictate to individual nations. It is certainly not the United States of Europe, as they don't know what United means!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
