Dutch Government Backs Strong Encryption, Condemns Backdoors 128
blottsie writes: The Netherlands government issued a strong statement on Monday against weakening encryption for the purposes of law enforcement and intelligence agencies. The move comes as governments in the United Kingdom and China act to legally require companies to give them access to wide swaths of encrypted Internet traffic. U.S. lawmakers are also considering introducing similar legislation.
Non-FVEY status has its benefits (Score:5, Insightful)
It's nice to see a modern, developed nation that actually believes in freedom.
Re: (Score:2)
Your government is bank-rolled by Shell? Lucky bastards. We got [citation] ExxonMobil [wikipedia.org] in Australia, although Shell have been backers in the past. Come to think of it though, our mob would have a tough time the Netherlands, as they completely have it in for windmills [abc.net.au]
Re: (Score:1)
Exactly what they want you to think, as they install their backdoors
Re: (Score:2)
It's nice to see a modern, developed nation that actually believes in freedom.
I sincerely wished that were true. This is the very same government, hell, even the same minister, that gave the police the right to hack into any computer they are interested in. They probably know enough ways to break into their subjects' systems that they are not harmed by encryption anyway.
Re: (Score:1)
What authority? (Score:3, Informative)
Re: (Score:2)
Dutch legislation is not really relevant, I would say. If most software is coming from the US, including OS from Microsoft, Apple and Google, how are you supposed to enforce adequate encription if the US mandates weaker versions? Is it going to be the GNU/Linux on the Dutch Desktop during 2016?
Netherlands has a population of 17M, so assuming you sell a copy to a quarter the popluation, it's 4M copies. Quite frankly out of their population they'll have enough software engineers to make their own security if necessary.
Re:What authority? (Score:4, Funny)
Re: (Score:2)
Most (not all, but most) hookers in the Netherlands are not Dutch. At least, of the samples I've sampled.
... of a soul-less original.
Re: (Score:2)
.. of a soul-less original.
Hey, I am not a ginger!
Re:What authority? (Score:4, Informative)
AES and SHA-3 were (partly) conceived in Belgium. Legislation is one thing - inventing the technology is something else.
Yeah I know Belgium and the Netherlands are not the same country. I live in one of them. I was trying to make a point.
Re: What authority? (Score:2)
Re: What authority? (Score:1)
You don't have to be an idiot just because you live in the US...
Re: (Score:1)
or corporations in a last ditch effort to retain some semblance of customer credibility will relocate to the Netherlands to avoid us regulations... much like the rich do to avoid taxes...
what is the US going to do, put the Netherlands under economic sanctions?
on top of that, its not like any company will be held liable to any state under the current round of trade agreements (where corporations can sue governments for loss of profits) so in effect while you may be correct in the irrelevance of the dutch leg
Re: (Score:1)
First of all, deciding not to murder people is good even if someone else decides to murder people. Maybe this harsh analogy teaches you not to dismiss so easily when people do the right thing. Secondly, the Netherlands host a big Internet exchange, AMS-IX, in Amsterdam. An official decision by the Netherlands in favor of strong encryption thus affects one of the big Internet hubs in Europe. Encryption can be weakened not just by design but also by implementation, so this is good. This decision also makes th
Re: (Score:3)
In this day and age? It's trivial to move your company to Atlantis if you find it. If the Netherlands offer the best conditions and the least legal bullshit, you'd be surprised how quickly companies move away from Ireland...
Re: (Score:2)
That's not terribly relevant since the laws would apply individually in the countries you're selling the product, not the country your head office is in: If they sell it in the US, it has to follow US law (at least the US version does.. its very common for items sold in different countries to not be completely identical. A very visible example is packaging of basically anything in Canada where you're required by law to have everything printed in both English and French.. and of course Americans would thro
Re: (Score:2)
The Netherlands hosts one of the largest internet exchanges and as such it's laws have an international aspect.
Now the next thing I would like our government to do is to start an investigation into the spyware introduced (and back ported from) Windows 10.
Well then (Score:1)
Re:Well then (Score:5, Interesting)
We are. For an American or European, there is no problem at all in coming to the Netherlands and living there. What with you being a techie, you'll have a job in twice no time. Nearly the entire population, nowadays, speaks Dutch. Disclaimer: I am of Dutch nationality, although I live in Austria, another EU state (one that does not even make strong encryption a subject of public discussion, but simply and tacitly assumes that strong encryption should be had by all who wish to use it, period).
Re: (Score:3)
Re: Well then (Score:5, Funny)
Re: (Score:2)
However, the TU (Technical University) Eindhoven is at least as good as Delft. Each one has its specialties, aerospace engineering can only be done in Delft but for nuclear fusion technology Eindhoven is the place to be).
Re:Well then (Score:5, Funny)
That's for sure. Last time I was in Amsterdam, I met a really nice girl who taught me what backdoors were for. She was just standing in a doorway and was just super friendly. It would have been one of the greatest nights of my life, but I must have lost my wallet somewhere. I remember thinking that she had really strong hands for a girl.
Re: Well then (Score:1)
Re: (Score:2)
Is that the girl that told you it's no problem to have a small cock, while you thought that it would still be better if she had none?
Re: (Score:2)
Re: (Score:3)
Although the Austrians lifted the ban on Google Street view Google has lost the appetite to enable it. (As in Germany)
Re: (Score:3)
As an American who lived in the Netherlands for 7 years (first Maastricht and then Amsterdam) I can tell you it's not that easy to find a job. Dutch immigration laws are a pain, and thanks to the PVV and Gert Wilders they're basically trying to prevent more migrants coming and kick the ones already there out. (My source? My visa was revoked and I was politely asked to leave the country after my visa was revoked for being laid off).
What this ends up meaning is if you're EU you'll have no problems (because
Re: (Score:2)
A few things to note:
a) Not an American in Europe: an American in the Netherlands. Visa programs are set by countries themselves so the experience in Ireland won't be the same as an expat in the Netherlands. There are certainly some countries that are more welcoming
In the Netherlands you can't just come over unless you're on an expat visa. And "Integrating" requires five years of continuous employment. The problem being if you get laid off (as I was) and blind sided you basically get shipped home.
And ge
Probably a representative government (Score:1)
Probably because they have a voted in a more representative government instead of the USA/UK version of democracy where you get presented with a list of rich people you can choose from.
Re: (Score:1)
Most government leaders: Ignorant about technology (Score:5, Interesting)
If encryption is outlawed, it will just be hidden. There will be large images with messages in the grey areas, for example.
Re:Most government leaders: Ignorant about technol (Score:4, Interesting)
The USA had a strong crypto export ban in the early 90's. There were no laws against using strong encryption, only about shipping crypto implementations. In practice, it meant that people in Europe had to download Netscape from a site outside the USA.
Re:Most government leaders: Ignorant about technol (Score:5, Interesting)
I complained to my MP (in the UK, where our PM has publicly stated he'd like back doors all over the place) and got a response which essentially said "we invest in strong encryption, we don't advocate weakening encryption at all. However, we do want tech companies to give us access to data when we ask for it".
In other words - it's all about double-speak. To turn this into slashdot friendly words: "we come in peace. shoot to kill".
Strong statements are all well and good, but until they also legislate to say (to tech companies) "it's okay to store data in encrypted form that you don't have the keys for", they're not really any different from the other countries of the western world that are keen to snoop on our every move. They're less in-bed with the Americans than we Brits are, so hopefully not quite as pervasive as we are, but apart from scale and efficiency, not that far different.
Re: (Score:2)
This is one of those case where you're almost obligated to lie as a politician, or at least use weasel words. If you strongly support unbreakable backdoors, you get the police, intelligence services and such saying you're crippling their work against terrorism and crime, that you're naive and irresponsible. If you strongly support backdoors, you get all kinds of civil rights groups and others saying you're an authoritrian, totalitarian creep that is making the terrorists win by taking our freedoms away. And
Re: (Score:1)
This is one of those case where you're almost obligated to lie as a politician, or at least use weasel words.
In 2016 (this year, actually - wow), I'll be running for the Senate in the State of Maine. Maine's a pretty small place with very little power and, if elected, I'll be a Senator from a district that is pretty well off the beaten path - even by Maine's standards. In other words, I'll be completely powerless.
Which means I get to say that I am 100% against back doors in encryption, software of any kind (without owner's consent), and don't actually care that it makes the police have to work more diligently. The
Re: (Score:3)
I complained to my MP (in the UK, where our PM has publicly stated he'd like back doors all over the place) and got a response which essentially said "we invest in strong encryption, we don't advocate weakening encryption at all. However, we do want tech companies to give us access to data when we ask for it".
In other words - it's all about double-speak
I'm not sure. Were I running a tech company I would interpret the above as meaning that we should turn over the data. The encrypted data.
Re: (Score:2)
Netherlands government: Sensible, not corrupt. (Score:5, Insightful)
After encryption is outlawed everywhere else, all of it.
Re: (Score:3, Informative)
Actually quite a lot since it has on of the largest, if not largest, internet exchange points: https://en.wikipedia.org/wiki/List_of_Internet_exchange_points_by_size
Re: (Score:1)
What do you mean, the big ones? You're looking at them: DE-CIX and AMS-IX are the biggest internet exchanges in the world. If you expected US exchanges to be bigger, then take note that the internet is much more hierarchical and oriented towards private peerings and backbone carriers in the USA than towards "public" internet exchanges as it is in Europe. With the half-hearted denials of BND spying for the NSA at DE-CIX, and following this decision to support strong encryption in the Netherlands, expect AMS-
Re: (Score:2)
Why should that be the case? I'd rather think that hackers would go for the low hanging fruit, i.e. for countries that have a lot of data and outlawed strong crypto.
Re: (Score:1)
Almost. You'll be hard pressed to find another government having their limp fist up the US' 'backdoor' as deep as the current government of The Netherlands.
If this luring game works, they get to get to suck dick as well, that's my take on this.
Be sensible: Secure Data and the Cloud are two mutually exclusive concepts.
Re: (Score:3)
You mean like no longer using warrants to tap a phone?
FYI, lawful intercept is when a police officer puts a tap on a phone after getting a warrant for the phone line and person to be captured.
https://en.wikipedia.org/wiki/... [wikipedia.org]
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Set up a relay somewhere that reencrypts everything.
Security? What security?
Too little too late (Score:2)
This "letter from the government" comes only weeks after they passed a law legalizing hacking by the police. It means nothing.
Also, this letter is available only in MS Word format and LibreOffice refuses to open it. The Dutch government is a bunch of clueless computer illiterate idiots.
Re: (Score:3)
The
"The Dutch government is a bunch of clueless computer illiterate idiots."
Probably Microsoft made another new file format so that new documents cannot be opened by old versions of Microsoft software, or other software. Microsoft is then able to sell everyone new versions. Not everyone can know all
Re: (Score:1)
Because for most readers that's in the wrong language and far too long, a summary:
Encryption nowadays is everywhere and getting more easy to obtain/use. It's important for businesses, and for people who want to keep their private life private. It is getting more and more impossible to break encryption. This is a problem for national security and intellegence services. However, there's no foreseeable way of putting in backdoors without compromising security. Cooperation with industry partners is required for intelligence/security tasks. The cabinet (meaning the ministers) sees the importance of encryption for security/safety onn the internet, for privacy of civilians and confidential communication for the government and businesses. Therefore it considers it undesirable to take limiting measures regarding the development, availability and use of encryption within the Netherlands. Internationally, The Netherlands will promote these views and conclusions.
Then there's mention of a budget amendment that recently has been accepted. It means the state will donate 500.000 euro to open encryption projects, like openssl, libressl, etc. They say they're actually going to do that.
summary: (Score:1)
summary: We don't have a clue how to weaken encryption and therefore decided to make not weakening encryption our goal, so we we could pad each other on the back for reaching this wonderful goal without actually doing shit.
Re: (Score:2)
I opened it in TextMaker from freeoffice(.com)
B.t.w, I do not see any conflict between legalising police hacking and encouraging strong encryption.
Will last until ISIS attacks (Score:2)
The Oldest Problem With Government Oversight (Score:1)
Who watches the watchers ?
Re: (Score:2)
I dunno. Coast guard?
#Team_Netherlands (Score:2)
Re: (Score:1)
Yeah, whatever. Count your blessings again, with NL state being one of the most prolific eavesdroppers and phone tappers (pro rata ofcourse) in the world.
For an intelligence agency meta data is way more interesting than the actual email blob.
So your encrypted IPhone, or your https sessions, no one cares. By the time they've zoomed in on you, they don't need your iphone anymore. They got everything they need through other means (safe harbour anyone?).
I'm proud, but not for being Dutch :-p
Re: (Score:2)
A year ago we were all Charlie, why not be Dutch for a change?
Enigma (Score:3)
Just create a software version of Enigma (https://en.wikipedia.org/wiki/Enigma_machine) with eg. 20 wheels. Also, create a matrix which contains how the wheels should turn. You can create thousands of wheel turning patters. Voila, unbreakable encryption without using a sufficiently long one time pad.
Of course, the initial configuration has to be sent somehow (eg. via courier or other conventional ways which 3-letter agencies seem to forget) and the encoding/decoding machine should never be connected to the internet.
Re: (Score:1)
Both RFC 2549 and RFC 1149 describe a relatively good way to distribute either one time pads, enigma matrices or wheel configurations. If you prefer delivery of your one time pad data over IPv6 securely, you can also use RFC 6214. With modern SD cards you can post one time pads worth exchange of up to 32GB of secure communications per carrier. Additional advantage of RFC 2549, 1149 and 6214 in case latency doesn't matter is that they are also fit for relatively transportation of the actual message too. But
Re: (Score:3)
I think we can simplify things a little bit here and just use RFC 1149.
RFC 2549 and RFC 6214 do not add anything new to the technology and just add to the complexity.
Re: (Score:2)
First thousands of keys (if you are being literal) is quite small for a computer so a brute force attack would succeed really quickly.
Apart from that, is how do you transfer your encryption key so it can't be intercepted?
The reason a 1 time pad is considered perfect encryption is
1. you are guaranteed by some magical process that no one gets your key.
2. without knowing the key all messages of the same length are equally likely.
Here it says it already been cracked, and even if it wasn't it would take only 3 w
Re: (Score:2)
Obviously, you do not understand how enigma works. With 20 wheels you have an 26^20 initial configuration and defining thousands of wheel turning patters makes the attacker's work much-much harder.
And actually, cracking the original enigma should takes just a few seconds on today's desktop computers.
Enigma basically replaces each letter with a different one according to the wheel settings. With 20 wheels the initial configuration contains 20 characters plus the number of the wheel turning pattern. This is f
Re: (Score:2)
how do you transfer your encryption key so it can't be intercepted?
Post office
Re: (Score:2)
Why would you use a fairly lousy symmetric encryption algorithm when AES is freely available? The rest of your post works just as well with AES as it does with Enigma, and AES not have Enigmas flaws.
Where did we go wrong? (Score:1)
Re: (Score:1)
translaters broken? (Score:2)
Re: (Score:2)
Besides, once your stuff is properly encrypted no change in (the wording of) law is going to magically unencrypt it.
Re: (Score:2)
This is one reason he wants to limit the influence of EU law ('Brussels') on his islands, EU law is much more privacy minded than his ilk likes.
Most western-style democracies make it impossible to retroactively change law, a change it would only be applicable to new cases (of encryption).
Democracy is only as strong as the legal concepts and traditions it is based upon (Trias Politica) which
But ... (Score:3)
Bravo (Score:2)
Statewide encryption protocol (Score:1)
After somebody pointed out the problems with rot13 encryption, the Dutch settled for double rot13 (rot26) encryption.
Re: (Score:2)
Then another someone pointed out even rot26 was now considered too easy to crack because of the increased processing power of commonly available computing technology. So they modernized the rot encryption algorithm. The new shiny they jokingly named 'Rotn encryption', because hackers would have a rotten time hacking this one:
rot(n), n = 26*iv + salt
with iv being prime for added security. The salt was considered optional and only used when using the algorithm for hashing super secret passwords.
A later govern
Some quick notes (Score:1)
Firstly, the minister perpetuates the rumor of encryption being relevant in the paris attacks: "De recente aanslagen in Parijs, waarbij mogelijk gebruik is gemaakt van versleuteling van de communicatie door de terroristen" which translates to: "the recent attacks in Paris, where encryption was possibly used in the terrorists communications".
Secondly, the minister hints at following the recent America
Re: (Score:2)
Reason #483 (Score:1)