diff --git a/content/u/blog/the-dangerous-eu-draft/contents.lr b/content/u/blog/the-dangerous-eu-draft/contents.lr index 36c4386..9d20766 100644 --- a/content/u/blog/the-dangerous-eu-draft/contents.lr +++ b/content/u/blog/the-dangerous-eu-draft/contents.lr @@ -1,4 +1,4 @@ -title: The new EU draft endagers everyone's security +title: The new EU draft endangers everyone's security --- pub_date: 2020-11-09 --- @@ -30,13 +30,13 @@ which requires everyone who is offering secure communication channels to allow authorities to read the communication. The motivation is clear: terrorist attacks and unlawful behaviour -should be prevented by wiretapping. Nobody wants crimes, do you? +should be prevented by wiretapping. No crime is better for everyone. So far, so good. In theory. -## First problem: reducing security, endagering people +## First problem: reducing security affects everybody The first problem is that modern encryption is not easy to break, or -let's say it clearly: it's almost impossible to break. Thus passing +let's put it clearly: it is almost impossible to break. Thus passing this law requires decades of work to be undone. To make systems that have been mathematically proven to be secure, more insecure. @@ -44,27 +44,27 @@ This reduces security for any communication by default. And this does not only affect terrorists, but also government agencies and the general public. -Thus it also reduces the freedom of speech. There are groups out there -(f.i. in the area of climate change) that fear their life, if +Thus it also reduces the freedom of speech. There are activists out there +(f.i. in the area of climate change) that fear their life, if their communication is revealed, because some governments do not allow free speech. ## Second problem: the bad guys don't comply One of the strangest problems with the EU proposal is that the idea is -to make it a law that everyone has to follow. Or, more precisely: the +to make this into a law that everyone has to follow. Or, more precisely: the idea is that companies like Whatsapp or Signal have to provide keys or backdoors into their systems that authorities can use for wiretapping. Now, this is a crucial problem. Because companies like us, ungleich, also provide [secure communication using Matrix](https://ungleich.ch/u/products/hosted-matrix-chat/). And we -are not in the EU (for real: Switzerland is not in the EU). +are not in the EU (fact check: Switzerland is not in the EU). -See the problem? No? Well. Let's say you are the bad guys and you plan +See the problem? No? Well, let's say you are the bad guys and you plan to coordinate some attack. What do you do? -You run your own chat system. It is trivial to do so. It cannot be +You run your own chat system. It is very easy to do. It cannot be technically prevented. It might be against the law in the EU to run a chat system that does not allow backdoor access, ok. But then again - you are going to do something that is against the law anyway. So this is @@ -73,46 +73,44 @@ the least of your problems. So the proposed law is actually doing the opposite of its intention: * It reduces security for everyone who is behaving according to law -* It does not prevent unlawful acting parties to communicate securely +* It does not prevent unlawful parties from communicating securely ## Third problem: criminalizing science Apart from the obvious two really strong problems, the law might actually lead to research and science being prohibited. The underlying -algorithms are usually based on mathematical hard to solve +algorithms are usually based on mathematically hard-to-solve problems. The problems are carefully researched and in the end used to provide security, confidentiality and integrity. -Researchers might be hindered by legal questions whether or not they -are able to solve mathematical problems. Which then again stops -progress in other areas of science as well Sounds wrong? It is. +Researchers can be hindered by legal questions whether or not they +are able to solve mathematical problems. Which then again can and will stop the progress in other areas of science as well. This all sounds terribly wrong, doesn't it? ## Fourth problem: a new attack vector -For a moment let's assume that none of the above problems is already +Let's assume for a moment that none of the above problems is already crucial enough to stop the whole motion. There is one more big and crucial problem: if authorities have a backdoor into your communication, this backdoor needs to be submitted to the authorities. It needs to be securely stored by authorities. -And this makes authorities very interesting for hacking into. You do -not need to attack a technical very secure system. You can just hack +It means that this law will make authorities a very interesting target for hacking into. You do +not need to attack a technically very secure system. You can just hack the authorities server and you gain access to everyone's communication. -A much easier access. For terrorists, foreign (enemy) governments and +This enables much easier access for terrorists, foreign (enemy) governments and everyone else who is interested in getting access to your communication. ## Summary -The proposed draft is dangerous, but not for criminals. It is -dangerous for everyone else. It is dangerous for civilians, -governments, journalists, whistle-blowers and even the medicinal -sector. +The proposed draft is dangerous for everyone except the criminals. It is dangerous for civilians, +governments, journalists, whistle-blowers and even the science and medical +sectors. The whole approach is fundamentally flawed and if passed as is reduces security for everyone, but the bad guys.