+eu draft
This commit is contained in:
parent
2a0892e20f
commit
7158467209
1 changed files with 122 additions and 0 deletions
122
content/u/blog/the-dangerous-eu-draft/contents.lr
Normal file
122
content/u/blog/the-dangerous-eu-draft/contents.lr
Normal file
|
@ -0,0 +1,122 @@
|
|||
title: The new EU draft endagers everyone's security
|
||||
---
|
||||
pub_date: 2020-11-09
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
The EU is about to make the life of all citizens more
|
||||
dangerous. Besides the ones it tries to target.
|
||||
---
|
||||
body:
|
||||
|
||||
## TL;DR
|
||||
|
||||
The EU is trying to disable encryption for everyone.
|
||||
However, this approach is fundamentally flawed, as the bad guys don't
|
||||
follow the law.
|
||||
|
||||
## Introduction
|
||||
|
||||
The Council of the European Union [has published a
|
||||
draft](https://www.heise.de/downloads/18/2/9/9/8/5/2/0/eu-council-draft-declaration-against-encryption-12143-20.pdf)
|
||||
which requires everyone who is offering secure communication channels
|
||||
to allow authorities to read the communication.
|
||||
|
||||
The motivation is clear: terrorist attacks and unlawful behaviour
|
||||
should be prevented by wiretapping. Nobody wants crimes, do you?
|
||||
So far, so good. In theory.
|
||||
|
||||
## First problem: reducing security, endagering people
|
||||
|
||||
The first problem is that modern encryption is not easy to break, or
|
||||
let's say it clearly: it's almost impossible to break. Thus passing
|
||||
this law requires decades of work to be undone. To make systems that
|
||||
have been mathematically proven to be secure, more insecure.
|
||||
|
||||
This reduces security for any communication by default. And this does
|
||||
not only affect terrorists, but also government agencies and the
|
||||
general public.
|
||||
|
||||
Thus it also reduces the freedom of speech. There are groups out there
|
||||
(f.i. in the area of climate change) that fear their life, if
|
||||
communication is revealed, because some governments do not allow free
|
||||
speech.
|
||||
|
||||
## Second problem: the bad guys don't comply
|
||||
|
||||
One of the strangest problems with the EU proposal is that the idea is
|
||||
to make it a law that everyone has to follow. Or, more precisely: the
|
||||
idea is that companies like Whatsapp or Signal have to provide keys or
|
||||
backdoors into their systems that authorities can use for wiretapping.
|
||||
|
||||
Now, this is a crucial problem. Because companies like us, ungleich,
|
||||
also provide [secure communication using
|
||||
Matrix](https://ungleich.ch/u/products/hosted-matrix-chat/). And we
|
||||
are not in the EU (for real: Switzerland is not in the EU).
|
||||
|
||||
See the problem? No? Well. Let's say you are the bad guys and you plan
|
||||
to coordinate some attack. What do you do?
|
||||
|
||||
You run your own chat system. It is trivial to do so. It cannot be
|
||||
technically prevented. It might be against the law in the EU to run a
|
||||
chat system that does not allow backdoor access, ok. But then again - you
|
||||
are going to do something that is against the law anyway. So this is
|
||||
the least of your problems.
|
||||
|
||||
So the proposed law is actually doing the opposite of its intention:
|
||||
|
||||
* It reduces security for everyone who is behaving according to law
|
||||
* It does not prevent unlawful acting parties to communicate securely
|
||||
|
||||
## Third problem: criminalizing science
|
||||
|
||||
Apart from the obvious two really strong problems, the law might
|
||||
actually lead to research and science being prohibited. The underlying
|
||||
algorithms are usually based on mathematical hard to solve
|
||||
problems.
|
||||
|
||||
The problems are carefully researched and in the end used to provide
|
||||
security, confidentiality and integrity.
|
||||
|
||||
Researchers might be hindered by legal questions whether or not they
|
||||
are able to solve mathematical problems. Which then again stops
|
||||
progress in other areas of science as well Sounds wrong? It is.
|
||||
|
||||
## Fourth problem: a new attack vector
|
||||
|
||||
For a moment let's assume that none of the above problems is already
|
||||
crucial enough to stop the whole motion. There is one more big and
|
||||
crucial problem: if authorities have a backdoor into your
|
||||
communication, this backdoor needs to be submitted to the
|
||||
authorities. It needs to be securely stored by authorities.
|
||||
|
||||
And this makes authorities very interesting for hacking into. You do
|
||||
not need to attack a technical very secure system. You can just hack
|
||||
the authorities server and you gain access to everyone's
|
||||
communication.
|
||||
|
||||
A much easier access. For terrorists, foreign (enemy) governments and
|
||||
everyone else who is interested in getting access to your
|
||||
communication.
|
||||
|
||||
|
||||
## Summary
|
||||
|
||||
The proposed draft is dangerous, but not for criminals. It is
|
||||
dangerous for everyone else. It is dangerous for civilians,
|
||||
governments, journalists, whistle-blowers and even the medicinal
|
||||
sector.
|
||||
|
||||
The whole approach is fundamentally flawed and if passed as is reduces
|
||||
security for everyone, but the bad guys.
|
||||
|
||||
We urge everyone reading this article to do whatever is in their power
|
||||
to stop this law passing, before it is too late. And too late might
|
||||
unfortunately already be on the 25th of November 2020.
|
Loading…
Reference in a new issue