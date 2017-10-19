Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


EU Encryption Privacy The Internet Technology

EU: No Encryption Backdoors But, Let's Help Each Other Crack That Crypto (theregister.co.uk) 24

Posted by msmash from the evolving-thoughts dept.
The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. From a report: In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding decryption backdoors in the stuff we all use. Instead, the plans set out in its antiterrorism measures on Wednesday take a more collegiate approach -- by offering member states more support when they actually get their hands on an encrypted device. "The commission's position is very clear -- we are not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon," security commissioner Julian King told a press briefing. "We're trying to move beyond a sometimes sterile debate between backdoors or no backdoors, and address some of the concrete law enforcement challenges. For instance, when [a member state] gets a device, how do they get information that might be encrypted on the device." [...] Share the wealth. "Some member states are more equipped technically to do that [extract information from a seized device] than others," King said. "We want to make sure no member state is at a disadvantage, by sharing the tech expertise among the member states and reinforcing the support that Europol can offer."

EU: No Encryption Backdoors But, Let's Help Each Other Crack That Crypto

  • Ok, that's something we can talk about (Score:3)

    by Opportunist ( 166417 ) on Thursday October 19, 2017 @11:46AM (#55396891)

    So we have a device of someone that we suspect to be a criminal, now aid us to access it.

    That is something we can actually work with. Provided there is oversight and it's not "we probably have (population count) terrorists in our country, let's find out how to up the surveillance so we can track them all!"

  • Do I understand this right that they want brute-force encryption? If so, somebody really should explain complexity analysis to them. These algorithms have been chosen in such a way that brute forcing is computationally hard.

    How exactly... we don't know. Maybe someone has an RSA-cracking supercomputer up their sleeve they're keeping secret. Maybe someone's particularly good with a soldering iron and can read off keys from extracted flash memory chips.

    If any member state has that capability, there is no way

    • Re: (Score:3)

      by Lennie ( 16154 )

      Remember the FBI Apple iPhone debate in the US and a solution was found how to gain access to the data, my guess would be they could be sharing those kinds of solutions. I would be surprised if they had things even more advanced than that.

    • Re: (Score:1)

      by Boutzev ( 325568 )

      Please, don't ! Leave them with their brute forcing. In the meantime we can enjoy secure communication.

      I am not sure if this is just an attempt to please the lobbysts of encryption regulation or ignorance.

      • Re: (Score:2)

        by Megol ( 3135005 )

        It's an example of you not understanding. Brute forcing is (generally) impossible and that's not what this is about.

  • The irony (Score:3)

    by Rick Schumann ( 4662797 ) on Thursday October 19, 2017 @11:47AM (#55396901) Journal
    The irony here is that even if they put a gun to everyones heads and forced them to ruin encryptions' value by compromising it with 'backdoors' (that anyone would eventually be able to discover and leverage) criminals and terrorists would not just use non-compromised encryption (copied from before the ban on 'real' encryption), they'd use codebooks and other types of obfuscation (book ciphers, and so on; the list is endless) that have been used for much longer than we've had computers, and goverments and cops would be back at Square One again: needing to do REAL police work, not just be jackbooted thugs with guns forcing their will on everyone. Are they really so blind to all this, or is it just another power-grab?

    • Exactly.... This is really stupid in that it only helps you catch the stupid ones....

      Anybody who thinks about this, won't have an issue communicating securely regardless of if the encryption backdoor.

    • Consider for a moment that while governments may ultimately be varying degrees of evil, that is an emergent property that isn't necessarily present in the humans who make it up.

      Now imagine you're a cop or a politician, and you have criminals and pressure to stop them from getting organized or simply 'getting away with it', and you KNOW there's evidence you could hang them with if you could get your hands on it.

      Of course they're going to try and get official back doors. Now you say those back doors will onl

  • Every CPU since 2006 has backdoors built in, they don't need to have backdoors in individual protocols. If they have cyber-backdoor agreements with the nation manufacturing the chips they have a backdoor.

  • The more encryption is challenged, the better it is. And with so many people involved, somebody with blabber if it has been hacked and better encryption can be found.

    I think we should tell them that all Linux and other OSS software is involved. Having "free" peer review would be great.

  • Yes please (Score:3)

    by SlashDread ( 38969 ) on Thursday October 19, 2017 @12:16PM (#55397139)

    Do share all your cracking and hacking tricks. Publicly.

    so we can patch the vulns

  • why not publish all those vulnerabilities they're using to decrypt devices (after a suitable period of time given to the manufacturer to fix the defect)? Could it be they don't really care about security in our shared cyberspace? Naw, they could never be so callous.

