Encryption Ban: Eu Is Serious About Crypto Wars | Total Security Software

Is the encryption ban coming now? After the terrorist attack in Vienna, various governments once again took the opportunity to argue against end-to-end encryption: it benefits terrorists but poses unsolvable challenges for prosecutors. Apparently, the EU now wants to get serious with its Crypto Wars: A resolution to decrypt it has already been decided - despite all criticism.

Review encryption ban: plans of governments

In the more recent and more distant past, a ban on encryption has been hotly debated - so hot that the term "Crypto Wars" ("war over encryption") is now an integral part of this discussion: To avoid acts of terrorism and to prevent child abuse is the end-to-end encryption a hindrance when it comes to solving crimes of this kind, say law enforcement agencies. End-to-end encryption is not a perpetrator, but privacy protection - for human rights activists or journalists, for example, oppose encryption advocates. Also, softened encryption is no longer real encryption: If backdoors are created in the encryption, not only prosecutors but also criminals can get on there.

The discussion is loud and public. Sun announced Facebook CEO Mark Zuckerberg in April 2019 "The future is private". The US company Apple has also been asked several times to support investigative authorities with decryption, but Apple defended secure encryption. So the discussion is going on worldwide, not just in Europe. After all, US senators have even tabled a bill to ban encryption, we reported. As we said in October in our article "End-to-end encryption: Forced to decrypt"have outlined, the Federal Government wanted to use its EU Council Presidency until the end of the year to create a declaration in Europe on how to break encrypted communication. What has happened since then?

Crypto Wars goes into the next round after the attack in Vienna

On November 2nd, the unbelievable happened in Vienna: An Austrian shot four people and injured 23 others in a terrorist attack. This incident is very tragic - it cost lives and of course, needs to be clarified. As far as is known, however, this act of terror has no connection whatsoever with the subject of encryption - no encrypted messages played a role in the attack. Rather, one can accuse a failure because a relevant criminal who tried to acquire ammunition in Slovakia in July, was walking around freely and was not monitored. After trying to buy ammunition, the Slovak Ministry of the Interior informed Austrian investigative authorities through Europol. A public prosecutor was not notified, and the convicted man was not arrested.

Nevertheless, politicians use this attack as an argument to promote more surveillance and less encryption. As the Austrian Broadcasting Corporation reported at the time, the EU Council of Ministers prepared a resolution that was ready for resolution within five days, in which it is required that investigative authorities must have access to encrypted communication. The police, but also other "authorized authorities" should have access to encrypted WhatsApp chats or other messenger communications, for example.

The master key is supposed to decipher communication

It goes without saying that the EU ministers also thought about the “how” in the resolution: With the “Exceptional Access” method, messenger operators store a digital “master key”. With its help, encrypted communication can be deciphered. The paper goes on to say that the EU continues to support strong encryption and that fundamental rights should be protected. However, in the fight against child abuse, terrorism, and organized crime, criminal prosecutors rely on “back doors” to encrypted communication. It goes without saying that privacy experts and data protectionists see this differently.

Encryption ban: IT experts see security risks

In a declaration of principle (PDF), the industry association Bitkom speaks out very clearly against this weakening of the encryption. Bitkom boss Bernhard Rohleder: "We have to do everything to make electronic communication as secure as possible, and strong encryption is the method of choice here." “Achieved. “From a technical point of view, encryption is binary - it is safe or not,” they say.

Rohleder recognizes the nonsense of back doors: "Back doors are not permanently controllable and can be exploited by all conceivable actors - from cybercriminals to foreign intelligence services," he points out. Furthermore, it is to be expected for the association that cybercriminals will resort to technologies in whatever form after a ban on encryption, which still allows them to communicate secretly and does not have access to the authorities. However, the general public would be left with insecure systems due to the weakened encryption.

The Global Encryption Coalition (GEC) is saying the same thing: not only technicians but above all ordinary citizens should be aware of the dangers posed by unsecured communication in the network. The GEC consists of more than 75 organizations and nearly 100 members. Together, the aim is to engage in secure communication channels against back and front doors. The GEC particularly emphasizes that in extreme cases the duplicate keys in circulation can cost human lives: In Syria, journalists who have used unencrypted sources have become victims of the Islamic State and the Assad regime.

However, the coalition knows another good reason in favor of encrypted communication: the population would have to refrain from disclosures that bring money laundering, arbitrariness, or state corruption to light. Sources of such disclosures would only come forward if absolute confidentiality can be guaranteed - something that is already difficult today, but is finally over with weakened encryption. What applies to such revelations also applies to trade and business secrets in companies: they too could be at risk.

EU states have passed a resolution on decryption

The sad end of this discussion: on December 14th. the EU Council held a virtual meeting at which the interior ministers of the member states accepted the prepared resolution without further discussion.

According to the official reading, one does not want to create any security deficiencies for users of services or technologies. Critics, however, argue that there is no such thing as “a little bit encrypted” - just as little as “a little bit pregnant”. The EU Council is deaf on this ear and would like the support of service providers such as Facebook, Google, or Apple to decrypt electronic communication.

In the index it says on the one hand: "Encryption is a necessary means to protect the fundamental rights and the digital security of governments, industry, and society". On the other hand, however, the EU must be able to ensure that the “competent authorities in the field of security and criminal justice can exercise [they're] legal powers” ​​and “protect our societies both online and offline”.

This dichotomy - on the one hand, the protection, on the other hand, investigative authorities, whose hands are tied - runs through the entire document and one stumbles over it in the headline: "Security through encryption and security despite encryption". In an “active dialogue with the technology industry”, “research and science should be included”, the statement said. On the one hand, they want to guarantee strong encryption technologies and cybersecurity. On the other hand, however, the law enforcement authorities must be able to “lawfully and specifically access data in full respect of fundamental rights and the relevant data protection laws”. They want to find “technical solutions” that are compatible with fundamental rights. However, a “uniform, prescribed technical solution for access to encrypted data” is not feasible. Their EU Commission has also backed this Council declaration on the “anti-terror agenda”.

Crypto Wars: Ban on encryption is not a viable option

It sounds pretty nice: "Security through encryption and security despite encryption" and the underpinnings in the document about how valuable secure encryption is, sound really great. What is behind this, however, is simply the softening of secure encryption - be it through a master key, back or front doors, upload filter, or other means. It is a pity that politicians do not listen to the criticism of this approach - especially since it does not serve the real thing, the faster placement of criminals: As Bitkom and many other critics have already emphasized several times, criminals then give way to others Channels off. What remains are insecure and incomplete encrypted communications for the general public.

Secure encryption is not enough while we are talking about data security, to provide the best protection try total security software

Prevent Cryptocurrency Attack

A much more democratic, inclusive, and cooperative approach, as described by the industry association Bitkom in its position paper, would be more effective, because nobody doubts that terrorist attacks and child abuse should be stopped. It's about the "how" - softening the secure encryption is certainly the wrong way to go.