unless you have a non-changing-benevolent-omnipotent-non-human-deity-that-can-not-be-influenced-by-any-other-beings in charge of global-cybersecurity then introducing ANY back-door is an EXTREMELY BAD idea.
that’s me at my most cynical point
unless you have a non-changing-benevolent-omnipotent-non-human-deity-that-can-not-be-influenced-by-any-other-beings in charge of global-cybersecurity then introducing ANY back-door is an EXTREMELY BAD idea.
that’s me at my most cynical point
is it a coincidence that this very authoritarian law comes a few days after you have won against Trump
I wouldn’t make any connection with the US. This is the EU going in a direction that other countries have already gone and other countries still will go in the future, of its own volition, not prompted by the US.
This proposal has not yet reached the status of “law” but authoritarian it is.
At the time of the Apple controversy over the San Bernardino case, a fellow named General Michael Hayden, who ran a little security firm called the CIA, stated that while a backdoor would be helpful, it wasn’t needed. In short order, he was proven correct.
Hayden’s position was that while strong encryption is used by criminals, mandated backdoors would be a bad idea.
Hayden basically refuted the FBI position at the time, saying there were other ways for law enforcement to get what they needed without actually breaking the encryption.
Hard not to connect dots with the U.S. here. Lindsey Graham and Diane Feinstein have been pushing for passage of the EARNIT act for a few years, to get big tech to backdoor their encryption, under the guise of protecting children from sexual predation. It really gained some traction in 2019.
The U.S. and EU have worked together to bag international child abuse rings. Sure seems reasonable to figure like mindedness on encryption growing out of those experiences.
The US is pushing for the US to go in the same direction.
Think of it as convergent evolution for technology (technological convergence). In other words, all governments perceive the same problem (to wit, they do not have total surveillance capability over all people in their country) and design approximately the same solution, because the solution is constrained by the same problem and external factors.
See also: US senate "Lawful Access Bill"
Yes, the EARNIT act is the Lawful Access bill.
The FBI has been spreading the gospel of backdooring encryption for a number of years, in it’s work with EU partners. I rather doubt this is sheer happenstance. Five eyes is more like fourteen, after all.
also look at each country’s military budgets … you’ll see the one that’s most invested in
If the EU does try and ban encryption, nothing has been set in stone yet, then just use services based in non EU countries?
Also this “ban” so far seems specific to whatsapp & a few other apps. I’m sure there are other apps that can be used
If the government can decide if a backdoor is needed, than there is already a design problem with the service.
I found this picture:
picture shows: never have a central service, that can prevent communication or enforce politics between end devices.
Use non EU countries then like Switzerland
also, do we really know that the intel-ME-black-box-CPU in the Purism products is really harmless and can’t backdoor this process already ?
Governments intend to backdoor everything eventually.
Before it’s too late, sign the change.org petition to let the EU know where they can shove their backdoor.
change.org ignores my language setting in the browser and uses geolocation instead. Crappy site.
There is a simple solution to this backdoor, if it ever comes to fruition. Use a VPN or Orbot to select an exit node outside of the EU. Tell your European chat mates to do the same. Then, first of all, you’ll get the unbackdoored version of the app (because presumably “serious” privacy apps will have an EU version and an uncompromised version in different app stores). Secondly, your message traffic won’t be subject to this BS. While it’s true that your VPN connection itself will be backdoored, that’s fine because it will only be used to acquire the unbackdoored chat app and forward your unbackdoored chat traffic.
The EU could, in theory, block VPNs and Orbot, just as the Chinese have. In that case, use Telegram to acquire the unbackdoored app. (This would require manual app installation, emulation, or sandboxing. Also, if the app gets blocked by the ESP server in the diagram above, then you might need to find an awkward way to use the backdoored version of Telegram to forward your unbackdoored messages.) Telegram has a checkered history of security flaws, but blocking it proved so difficult that even the Russians gave up. (Although it’s possible that they found a security flaw that they can exploit in order to break it, so they now regard it as a honeypot ready to be mined, which is why I only list it as a last resort.)
This policy has been conceived by cryptoblivious morons. It will never work, except to increase latency and put the private communication of innocent citizens at risk of mass exploitation by, or by fault of, the same cabal of ignoramuses. Criminals smart enough to be a real threat will learn how to evade it faster than it took me to type this. They would do better to fight crime with public cameras in public places monitored by the public.
Let’s hope this doesn’t become a standard, soon after which, every African dictator and their ilk would be be clamoring for a copy.
The only reassuring conclusion from this farce is the implication that competently designed E2EE really hasn’t been broken by everyone (any maybe not even anyone) in member states’ security apparatus. It would seem that, presently, they’re all counting on doing it the Isreali way: break the phone’s encryption by cracking the absurdly weak passcode or fingerprint ID, which requires little more than defeating the phone’s ability to count unlocking attempts. It’s not fun to enter 40 characters every time you want to unlock your phone, but if you don’t want to do that, then better to have one obvious hole, than countless subtle ones.
There are other ways to evade this shit, but I would urge those of you in the know to spare your arrows until and unless they’re really needed. While I think most Purism hackers are basically responsible people pushing freedom and individual responsibility, who knows what monsters lurk among us.
@Dwaff you can also use Tor. Ctrl+Shift+L a dozen times or so, until you find an exit node that bypasses the typical Cloudflare “ray ID” error. Expect that some of the scripts might not run, leading you to think that no one has yet signed the petition. That’s just Tor’s way of keeping you safe.
The problem with “law enforcement” is “too many laws”. Parliamentarians are correctly called “lawmakers”. What we really need is “law removers” to weed out all unnecessary, needless and outdated laws. Concentrate on enforceable and logical laws, not on complicated, multi-interpretative laws. This saves a lot on enforcement costs and lawyers.
“special keys” to break encryption of “evil messages” is a profound example of bad law:
And above all contra-productive, it’s bad for the economy and stimulates digital crime.
i only like extremely funny w-sites or extremely depressing ones