Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Government Privacy Security

Dutch Government Backs Strong Encryption, Condemns Backdoors 128

blottsie writes: The Netherlands government issued a strong statement on Monday against weakening encryption for the purposes of law enforcement and intelligence agencies. The move comes as governments in the United Kingdom and China act to legally require companies to give them access to wide swaths of encrypted Internet traffic. U.S. lawmakers are also considering introducing similar legislation.
This discussion has been archived. No new comments can be posted.

Dutch Government Backs Strong Encryption, Condemns Backdoors

Comments Filter:
  • by Anonymous Coward on Monday January 04, 2016 @03:29PM (#51237127)

    It's nice to see a modern, developed nation that actually believes in freedom.

    • by Anonymous Coward

      Exactly what they want you to think, as they install their backdoors

    • It's nice to see a modern, developed nation that actually believes in freedom.

      I sincerely wished that were true. This is the very same government, hell, even the same minister, that gave the police the right to hack into any computer they are interested in. They probably know enough ways to break into their subjects' systems that they are not harmed by encryption anyway.

  • What authority? (Score:3, Informative)

    by sanf780 ( 4055211 ) on Monday January 04, 2016 @03:32PM (#51237155)
    Dutch legislation is not really relevant, I would say. If most software is coming from the US, including OS from Microsoft, Apple and Google, how are you supposed to enforce adequate encription if the US mandates weaker versions? Is it going to be the GNU/Linux on the Dutch Desktop during 2016?
    • by maligor ( 100107 )

      Dutch legislation is not really relevant, I would say. If most software is coming from the US, including OS from Microsoft, Apple and Google, how are you supposed to enforce adequate encription if the US mandates weaker versions? Is it going to be the GNU/Linux on the Dutch Desktop during 2016?

      Netherlands has a population of 17M, so assuming you sell a copy to a quarter the popluation, it's 4M copies. Quite frankly out of their population they'll have enough software engineers to make their own security if necessary.

    • Re:What authority? (Score:4, Informative)

      by bytesex ( 112972 ) on Monday January 04, 2016 @04:08PM (#51237411) Homepage

      AES and SHA-3 were (partly) conceived in Belgium. Legislation is one thing - inventing the technology is something else.

      Yeah I know Belgium and the Netherlands are not the same country. I live in one of them. I was trying to make a point.

    • by Anonymous Coward

      or corporations in a last ditch effort to retain some semblance of customer credibility will relocate to the Netherlands to avoid us regulations... much like the rich do to avoid taxes...

      what is the US going to do, put the Netherlands under economic sanctions?

      on top of that, its not like any company will be held liable to any state under the current round of trade agreements (where corporations can sue governments for loss of profits) so in effect while you may be correct in the irrelevance of the dutch leg

    • by Anonymous Coward

      First of all, deciding not to murder people is good even if someone else decides to murder people. Maybe this harsh analogy teaches you not to dismiss so easily when people do the right thing. Secondly, the Netherlands host a big Internet exchange, AMS-IX, in Amsterdam. An official decision by the Netherlands in favor of strong encryption thus affects one of the big Internet hubs in Europe. Encryption can be weakened not just by design but also by implementation, so this is good. This decision also makes th

    • In this day and age? It's trivial to move your company to Atlantis if you find it. If the Netherlands offer the best conditions and the least legal bullshit, you'd be surprised how quickly companies move away from Ireland...

      • by Altrag ( 195300 )

        That's not terribly relevant since the laws would apply individually in the countries you're selling the product, not the country your head office is in: If they sell it in the US, it has to follow US law (at least the US version does.. its very common for items sold in different countries to not be completely identical. A very visible example is packaging of basically anything in Canada where you're required by law to have everything printed in both English and French.. and of course Americans would thro

    • by Teun ( 17872 )
      Dutch legislation is ruling inside The Netherlands, a small country but an important international junction with a respectable tradition re. international law.

      The Netherlands hosts one of the largest internet exchanges and as such it's laws have an international aspect.

      Now the next thing I would like our government to do is to start an investigation into the spyware introduced (and back ported from) Windows 10.
  • Are you accepting new residents?
    • Re:Well then (Score:5, Interesting)

      by vikingpower ( 768921 ) on Monday January 04, 2016 @03:43PM (#51237223) Homepage Journal

      We are. For an American or European, there is no problem at all in coming to the Netherlands and living there. What with you being a techie, you'll have a job in twice no time. Nearly the entire population, nowadays, speaks Dutch. Disclaimer: I am of Dutch nationality, although I live in Austria, another EU state (one that does not even make strong encryption a subject of public discussion, but simply and tacitly assumes that strong encryption should be had by all who wish to use it, period).

      • I think you meant to say "Nearly the entire population, nowadays, speaks English"
      • by PopeRatzo ( 965947 ) on Monday January 04, 2016 @04:20PM (#51237483) Journal

        For an American or European, there is no problem at all in coming to the Netherlands and living there.

        That's for sure. Last time I was in Amsterdam, I met a really nice girl who taught me what backdoors were for. She was just standing in a doorway and was just super friendly. It would have been one of the greatest nights of my life, but I must have lost my wallet somewhere. I remember thinking that she had really strong hands for a girl.

      • by Teun ( 17872 )
        In Austria they are so worried about every one's privacy that the use of a dash cam can cost you a fine of around €8,500.

        Although the Austrians lifted the ban on Google Street view Google has lost the appetite to enable it. (As in Germany)
      • As an American who lived in the Netherlands for 7 years (first Maastricht and then Amsterdam) I can tell you it's not that easy to find a job. Dutch immigration laws are a pain, and thanks to the PVV and Gert Wilders they're basically trying to prevent more migrants coming and kick the ones already there out. (My source? My visa was revoked and I was politely asked to leave the country after my visa was revoked for being laid off).

        What this ends up meaning is if you're EU you'll have no problems (because

  • by Anonymous Coward

    Probably because they have a voted in a more representative government instead of the USA/UK version of democracy where you get presented with a list of rich people you can choose from.

  • by Futurepower(R) ( 558542 ) on Monday January 04, 2016 @03:37PM (#51237193) Homepage
    Most government leaders are EXTREMELY ignorant about technology, but they know technology is important, so they pretend they know things.

    If encryption is outlawed, it will just be hidden. There will be large images with messages in the grey areas, for example.
    • by coofercat ( 719737 ) on Monday January 04, 2016 @04:22PM (#51237511) Homepage Journal

      I complained to my MP (in the UK, where our PM has publicly stated he'd like back doors all over the place) and got a response which essentially said "we invest in strong encryption, we don't advocate weakening encryption at all. However, we do want tech companies to give us access to data when we ask for it".

      In other words - it's all about double-speak. To turn this into slashdot friendly words: "we come in peace. shoot to kill".

      Strong statements are all well and good, but until they also legislate to say (to tech companies) "it's okay to store data in encrypted form that you don't have the keys for", they're not really any different from the other countries of the western world that are keen to snoop on our every move. They're less in-bed with the Americans than we Brits are, so hopefully not quite as pervasive as we are, but apart from scale and efficiency, not that far different.

      • by Kjella ( 173770 )

        This is one of those case where you're almost obligated to lie as a politician, or at least use weasel words. If you strongly support unbreakable backdoors, you get the police, intelligence services and such saying you're crippling their work against terrorism and crime, that you're naive and irresponsible. If you strongly support backdoors, you get all kinds of civil rights groups and others saying you're an authoritrian, totalitarian creep that is making the terrorists win by taking our freedoms away. And

        • by KGIII ( 973947 )

          This is one of those case where you're almost obligated to lie as a politician, or at least use weasel words.

          In 2016 (this year, actually - wow), I'll be running for the Senate in the State of Maine. Maine's a pretty small place with very little power and, if elected, I'll be a Senator from a district that is pretty well off the beaten path - even by Maine's standards. In other words, I'll be completely powerless.

          Which means I get to say that I am 100% against back doors in encryption, software of any kind (without owner's consent), and don't actually care that it makes the police have to work more diligently. The

      • I complained to my MP (in the UK, where our PM has publicly stated he'd like back doors all over the place) and got a response which essentially said "we invest in strong encryption, we don't advocate weakening encryption at all. However, we do want tech companies to give us access to data when we ask for it".

        In other words - it's all about double-speak

        I'm not sure. Were I running a tech company I would interpret the above as meaning that we should turn over the data. The encrypted data.

    • They don't want to outlaw encryption, they just want to render it so weak that your average 15 year old script kiddie can break into the so-called 'backdoor' they want written into it, so for all intents and purposes it'll be rendered useless. It'll end up the equivalent of having a $5 padlock on an exposed $2 mild-steel hasp securing the front door to your house: It'll keep out the lazy burglars (or the ones too weak to just kick the door in), but any burglar with any skill at all will go right around it l
  • This "letter from the government" comes only weeks after they passed a law legalizing hacking by the police. It means nothing.

    Also, this letter is available only in MS Word format and LibreOffice refuses to open it. The Dutch government is a bunch of clueless computer illiterate idiots.

    • "... letter is available only in MS Word format and LibreOffice refuses to open it."

      The .DocX letter opens in Wordpad, with a message saying some of the information may not be viewable. See the text below.

      "The Dutch government is a bunch of clueless computer illiterate idiots."

      Probably Microsoft made another new file format so that new documents cannot be opened by old versions of Microsoft software, or other software. Microsoft is then able to sell everyone new versions. Not everyone can know all
      • Because for most readers that's in the wrong language and far too long, a summary:

        Encryption nowadays is everywhere and getting more easy to obtain/use. It's important for businesses, and for people who want to keep their private life private. It is getting more and more impossible to break encryption. This is a problem for national security and intellegence services. However, there's no foreseeable way of putting in backdoors without compromising security. Cooperation with industry partners is required for intelligence/security tasks. The cabinet (meaning the ministers) sees the importance of encryption for security/safety onn the internet, for privacy of civilians and confidential communication for the government and businesses. Therefore it considers it undesirable to take limiting measures regarding the development, availability and use of encryption within the Netherlands. Internationally, The Netherlands will promote these views and conclusions.

        Then there's mention of a budget amendment that recently has been accepted. It means the state will donate 500.000 euro to open encryption projects, like openssl, libressl, etc. They say they're actually going to do that.

      • by Anonymous Coward

        summary: We don't have a clue how to weaken encryption and therefore decided to make not weakening encryption our goal, so we we could pad each other on the back for reaching this wonderful goal without actually doing shit.

    • by Teun ( 17872 )
      Yes it is a strange format they used, certainly not the .odl they are supposed to use.
      I opened it in TextMaker from freeoffice(.com)

      B.t.w, I do not see any conflict between legalising police hacking and encouraging strong encryption.
  • Then they will be tracking everything trying to root them out.
  • Every day I read about another reason on why I'm proud to be Dutch....
    • by Anonymous Coward

      Yeah, whatever. Count your blessings again, with NL state being one of the most prolific eavesdroppers and phone tappers (pro rata ofcourse) in the world.
      For an intelligence agency meta data is way more interesting than the actual email blob.
      So your encrypted IPhone, or your https sessions, no one cares. By the time they've zoomed in on you, they don't need your iphone anymore. They got everything they need through other means (safe harbour anyone?).

      I'm proud, but not for being Dutch :-p

  • by little1973 ( 467075 ) on Monday January 04, 2016 @04:12PM (#51237431)

    Just create a software version of Enigma (https://en.wikipedia.org/wiki/Enigma_machine) with eg. 20 wheels. Also, create a matrix which contains how the wheels should turn. You can create thousands of wheel turning patters. Voila, unbreakable encryption without using a sufficiently long one time pad.

    Of course, the initial configuration has to be sent somehow (eg. via courier or other conventional ways which 3-letter agencies seem to forget) and the encoding/decoding machine should never be connected to the internet.

    • by Anonymous Coward

      Both RFC 2549 and RFC 1149 describe a relatively good way to distribute either one time pads, enigma matrices or wheel configurations. If you prefer delivery of your one time pad data over IPv6 securely, you can also use RFC 6214. With modern SD cards you can post one time pads worth exchange of up to 32GB of secure communications per carrier. Additional advantage of RFC 2549, 1149 and 6214 in case latency doesn't matter is that they are also fit for relatively transportation of the actual message too. But

      • I think we can simplify things a little bit here and just use RFC 1149.

        RFC 2549 and RFC 6214 do not add anything new to the technology and just add to the complexity.

    • First thousands of keys (if you are being literal) is quite small for a computer so a brute force attack would succeed really quickly.
      Apart from that, is how do you transfer your encryption key so it can't be intercepted?

      The reason a 1 time pad is considered perfect encryption is
      1. you are guaranteed by some magical process that no one gets your key.
      2. without knowing the key all messages of the same length are equally likely.

      Here it says it already been cracked, and even if it wasn't it would take only 3 w

      • Obviously, you do not understand how enigma works. With 20 wheels you have an 26^20 initial configuration and defining thousands of wheel turning patters makes the attacker's work much-much harder.

        And actually, cracking the original enigma should takes just a few seconds on today's desktop computers.

        Enigma basically replaces each letter with a different one according to the wheel settings. With 20 wheels the initial configuration contains 20 characters plus the number of the wheel turning pattern. This is f

      • how do you transfer your encryption key so it can't be intercepted?

        Post office

    • by amorsen ( 7485 )

      Why would you use a fairly lousy symmetric encryption algorithm when AES is freely available? The rest of your post works just as well with AES as it does with Enigma, and AES not have Enigmas flaws.

  • I approve of the Netherlands government. Whatever happened to the United States? Where did we go wrong? Why do European countries get better, and we get closer to North Korea?
    • Where did we go wrong? I'll give you two words: Baby Boomers. Being JUST younger than they are I've watched with horror all the things that they've done all my life.
  • As a dutch native, I can say that the wording was typically weasel wording. Especially the part where the minister, who only a few months ago was openly complaining about encryption, now says in the conclusion part of the official document: > Derhalve is het kabinet van mening dat het op dit moment niet wenselijk is om beperkende wettelijke maatregelen te nemen ten aanzien van de ontwikkeling, de beschikbaarheid en het gebruik van encryptie binnen Nederland. Translation: Therefore, the gover
    • by Teun ( 17872 )
      Currently is correct in about every sense, even those 4000 y/o piramids in Egypt are just current until ISIS declares them symbols of idolatry.
      Besides, once your stuff is properly encrypted no change in (the wording of) law is going to magically unencrypt it.
  • by PPH ( 736903 ) on Monday January 04, 2016 @08:53PM (#51239223)

    ... they are still OK with half back doors.

  • Bravo to The Netherlands for taking this stand. I mean that sincerely. They will face an uphill battle however.
  • After somebody pointed out the problems with rot13 encryption, the Dutch settled for double rot13 (rot26) encryption.

    • by jiriw ( 444695 )

      Then another someone pointed out even rot26 was now considered too easy to crack because of the increased processing power of commonly available computing technology. So they modernized the rot encryption algorithm. The new shiny they jokingly named 'Rotn encryption', because hackers would have a rotten time hacking this one:

      rot(n), n = 26*iv + salt

      with iv being prime for added security. The salt was considered optional and only used when using the algorithm for hashing super secret passwords.

      A later govern

  • I read through the actual document, and there are a few interesting points not mentioned in the article.

    Firstly, the minister perpetuates the rumor of encryption being relevant in the paris attacks: "De recente aanslagen in Parijs, waarbij mogelijk gebruik is gemaakt van versleuteling van de communicatie door de terroristen" which translates to: "the recent attacks in Paris, where encryption was possibly used in the terrorists communications".

    Secondly, the minister hints at following the recent America

    • Well several weeks before (maybe a month or two) previous to the Paris attacks one of the big wigs from the CIA, or FBI said it would take a large attack where encryption was used in the planning to basically get the ball rolling on stopping people from having strong encryption. Then the Paris attacks happen and the big point that gets pushed in the media is the line about encryption so that wasn't a big surprise.
  • I knew there was another reason I moved the Netherlands other than all the other reasons, they still understand the concept of privacy & more practically they will not be in power forever and exempt from the tyranny of the government overreach er I mean "freedom"....

You know you've landed gear-up when it takes full power to taxi.

Working...