Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Government

Leaked Government Document Shows Spain Wants To Ban End-to-End Encryption (wired.com) 76

Posted by BeauHD from the extreme-positions dept.
An anonymous reader quotes a report from Wired: Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content. The document, a European Council survey of member countries' views on encryption regulation, offered officials' behind-the-scenes opinions on how to craft a highly controversial law to stop the spread of child sexual abuse material (CSAM) in Europe. The proposed law would require tech companies to scan their platforms, including users' private messages, to find illegal material. However, the proposal from Ylva Johansson, the EU commissioner in charge of home affairs, has drawn ire from cryptographers, technologists, and privacy advocates for its potential impact on end-to-end encryption.

For years, EU states have debated whether end-to-end encrypted communication platforms, such as WhatsApp and Signal, should be protected as a way for Europeans to exercise a fundamental right to privacy -- or weakened to keep criminals from being able to communicate outside the reach of law enforcement. Experts who reviewed the document at WIRED's request say it provides important insight into which EU countries plan to support a proposal that threatens to reshape encryption and the future of online privacy. Of the 20 EU countries represented in the document leaked to WIRED, the majority said they are in favor of some form of scanning of encrypted messages, with Spain's position emerging as the most extreme. "Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption," Spanish representatives said in the document. The source of the document declined to comment and requested anonymity because they were not authorized to share it.

In its response, Spain said it is "imperative that we have access to the data" and suggests that it should be possible for encrypted communications to be decrypted. Spain's interior minister, Fernando Grande-Marlaska, has been outspoken about what he considers the threat posted by encryption. When reached for comment about the leaked document, Daniel Campos de Diego, a spokesperson for Spain's Ministry of Interior, says the country's position on this matter is widely known and has been publicly disseminated on several occasions. Edging close to Spain, Poland advocated in the leaked document for mechanisms through which encryption could be lifted by court order and for parents to have the power to decrypt children's communications. Several other countries say they would give law enforcement access to people's encrypted messages and communications. "Cyprus, Hungary, and Spain very clearly see this law as their opportunity to get inside encryption to undermine encrypted communications, and that to me is huge," says Ella Jakubowska, a senior policy advisor at European Digital Rights (EDRI) who reviewed the document. "They are seeing this law is going far beyond what DG home is claiming that it's there for."
This discussion has been archived. No new comments can be posted.

Leaked Government Document Shows Spain Wants To Ban End-to-End Encryption More

Leaked Government Document Shows Spain Wants To Ban End-to-End Encryption

Comments Filter:

  • It doesn't work (Score:5, Insightful)

    by Baron_Yam ( 643147 ) on Monday May 22, 2023 @05:23PM (#63543575)

    > Spain said it is "imperative that we have access to the data" and suggests that it should be possible for encrypted communications to be decrypted.

    They can be - by the intended recipient. The moment you install a backdoor for an 'official' interception, in reality you've just made encryption worse than useless... since it provides no security and adds overhead to the messaging process.

    Either encryption is legal or it isn't. Technologically, there is no viable middle ground. Once a backdoor exists, access will eventually be available to all.

    • Re:It doesn't work (Score:4, Interesting)

      by dstwins ( 167742 ) on Monday May 22, 2023 @06:06PM (#63543653) Homepage
      And that is exactly what they want... Governments HATE true/real end-to-end encryption because it makes their intelligence work (and lets be honest on citizens, any reason reaching/talking to one of their citizens, or someone that sat near their citizen in the last 50 years, but sure, lets go with criminals....) more difficult.

      The reality is crooks don't NEED end-to-end encryption just like the police don't NEED to break it.. but everyone wants the job (cops and robbers alike) to be "easy".. no code words, no crafty phrased expressions, no winks and nods, the crooks just want to speak plain (ie: Jimmy, Kill Bill on the 14th of October) and the bad guys (aka: the police) just want to push a button to find said "crook" so they can arrest/convict (see sentence above) and not "Jimmy, Bill seems hungry, order him a large Pizza next month" (which is what they have been doing for I don't know.. EVER.. (face to face, on the phone, in dark allies, via post cards, via letters, hell via pigeon)). But what governments want an "early warning" when their citizens are growing discontent and a way to crack down without seeming like they are targeting people (to the outside).. ie: Oh, I have not heard from Mary in a long time.. yeah.. because she got a job "out of country". Its the modern gestapo but easier because it doesn't require men in jack boots, just requires a little keyword search, and a quiet disappearance before "Mary" becomes a person of interest to others.

    • Re:It doesn't work (Score:5, Insightful)

      by pete6677 ( 681676 ) on Monday May 22, 2023 @08:45PM (#63543873)

      Give these dumbfucks exactly what they're asking for. No more online banking. No more online shopping. No more SSL/SSH. No more online security period. This is what it will take to finally get old fossils out of the business of regulating things they have absolutely zero understanding of.

      • This is what it will take to finally get old fossils out of the business of regulating things they have absolutely zero understanding of.

        No it won't. These old fossils are democratically elected by people on the premise that they are solving specific problems. You get rid of them, another will take their place... saner at first only to eventually water down to the same political pandering to their base as all those who come before them, at the mercy of voters who don't have the nuance to understand that you can't have secure banking if you outlaw security.

        The population is too dumb, and ultimately they bring politicians down to their level.

        • Re: (Score:1)

          by sabri ( 584428 )

          These old fossils are democratically elected by people on the premise that they are solving specific problems.

          They were not democratically elected.

          A number of countries voted against the European Constitution during the referenda. France voted against with a 10% margin, and The Netherlands voted against with a 23% margin (reference [wikipedia.org]).

          However, a few months later, it was nevertheless adopted [europa.eu].

          The EUSSR is a bunch of undemocratic dictators. Even funnier is that privacy is oh-so-important when it comes to extracting a billion dollars from American companies, but a danger to everyone when it comes to encryption. Rig

    • That and people for something like a backdoor always use child porn to try to sell it. How did all of the busts in the past happen without them? Because they don't need them.

    • Re: (Score:3)

      by gweihir ( 88907 )

      Indeed. But surveillance-fascists do not care about that. They think they are the ones to finally lead the human race into light where everybody will be forced in line by as much violence as needed. Individual freedoms just get in the way of general forced enlightenment.

      Of course, from every indication from history, smart human beings do not really work well under those conditions and they are critically needed for society to flourish.

    • Re: (Score:3)

      by AmiMoJo ( 196126 )

      There is a viable backdoor. GCHQ suggested it years ago. The app is modified to allow a law enforcement operative to join an encrypted chat, but not notify members of that chat that there is a new party listening in. Access would only be for accounts with a valid certificate, to prevent hackers using the same mechanism.

      The main risk is that one of the certificates leaks, although it could be revoked. After that, potential bugs in the app that cause non-law enforcement users not to be listed as members of th

      • There are too many apps and software and platforms which support end to end encryption. And some of them are open source, like Signal.

        You going to ban a big chunk of the internet if they refuse to implement backdoors? I will not miss Facebook (they do have messenger which is used for communication, not to mention instagram, whatsapp, etc) but I think there may be some people who will notice if Meta's or Google's or Microsoft's and so many other's services are suddenly missing.

        If the companies refuse to impl

        • Re: (Score:2)

          by AmiMoJo ( 196126 )

          China does ban large parts of the internet, including Signal. It's clearly possible.

          • Yeah but the people in China didn't really have access to FB and all the other sites / apps / services in the first place, so many may not be aware that such things exist, or may have heard that they exist but never had a chance to access them, and those that use VPNs and such, they are very much aware that such access can be removed anytime.

            If you try that with a population which already had access to particular services/apps/websites for many years, the population knows exactly what they are missing and w

            • Re: (Score:2)

              by AmiMoJo ( 196126 )

              It will be interesting to see what happens with the TikTok ban. Will people accept it, or will they find ways around it?

              Blockading The Pirate Bay wasn't very effective.

    • The other issue is who is the target of the encryption.

      If we're talking people worthy of such risk that they're willing to get rid of privacy, then this law is not going to do it as those types can and probably will make their own private app. Heck, I think the EU made this easier forcing Apple to allow side-loading. Criminal organization, terrorist groups, child porn rings... should all have the resources. It's not really complex to get a very basic E2E encrypted system going.

      So by in large, adding back-do

      • as those types can and probably will make their own private app.

        If you can't roll your own from scratch, you could use a scripting language and the OpenSSL library to roll your own. I would recommend C rather than a scripting language, but C is a step too far for most.

  • ObMP (Score:5, Funny)

    by rossdee ( 243626 ) on Monday May 22, 2023 @05:25PM (#63543577)

    Nobody expects the Spanish Inquisition

  • In reality would it really matter?

  • I have a better proposal (Score:4, Insightful)

    by franzrogar ( 3986783 ) on Monday May 22, 2023 @05:32PM (#63543591)

    Send all politicians to jail right now, let the police storm into all their possessions and check each and every bank account they (and any person related to them, be them family, friends, etc.) might have any connection.

    If any illegality is found (black money, stolen goods, undeclared jewels/works of art/etc.), remove their nationality and send them to GULAG.

    If they are "honest", then, we can talk about any law removing privacy. Just talk, not passing it.

    • If this were done by lottery to 5% of sitting politicians during any given term of office... wow, that'd be a hell of a thing to see.

      I'm entirely in favour of extreme mandatory transparency by the people holding the levers of power. If you can't handle it, you're not fit for office and almost certainly working more to line your own pockets than to serve the best interests of the population.

    • But MY tribal leader (politician) is better than their tribal leader!!! Crimes are okay because the other side are worse and we must stop them!

    • Holy shit, Stalin is that you? I thought you were dead.

      No thanks. I don't want to live in a world what that is done to anyone, let alone democratically elected representatives.

      • Nope, I'm not Stalin. I'm DEMOcracy, you know, like the DEMO (population), cracy (power) that the population of Iceland, you know, they did what I wrote (with the exception of GULAG, which they have their own version).

        So, nope, not Stalin. Maybe you're a neo-anarchist? One of those that "everything is allowed even shitting in the populace"?

  • If the government and all politicians are able to go without encryption for five years, then maybe it could be considered... otherwise I would say that's a hard no.

    I would be very sad to see the people of Spain accept this.

    • Re: (Score:2)

      by narcc ( 412956 )

      It doesn't make any difference if government and politicians don't use it for some period. Encryption has obvious value. WTF is wrong with you?

      otherwise I would say that's a hard no.

      Your clearly uninformed opinion doesn't matter.

  • Criminals will just use less obvious methods of hiding their communications. Meanwhile weakening or destroying the protections of encryptions across the board will just hurt everyone who isn't a criminal.

    Things like this always strike me as an attempted power-grab by politicians. No doubt at least some of them would misuse laws like this to keep tabs on their opposition among other abuses of power.

    In short: no good will come of something like this. Also, it flies in the face of all the privacy protect

  • When encryption is illegal, only criminals will have encryption.

  • Even if they banned E2E, the fact is that with modern computers stegographic images are trivial to create and trivial to decode. Pointless and insulting.

  • I'm pretty sure every government wants to be able to see everything, not just Spain.

  • ...especially for their non-work email accounts that they use for work.

    If they're really interested in successfully prosecuting criminal organisations, including child abuse rings, it would appear that law enforcement crack a lot of cases through penetrating criminals' encrypted communications in one way or another. Why would they want to give up those opportunities by outright banning E2EE or telling criminals that they're being monitored?

  • Sorry, while I think the banner of ending child pornography, exploitation, and pedophilia is noble. Attempting to eliminate it by destroying cryptography is a red herring. Governments have other tools at their disposal to fight crime, they should exhaust all of those including more severe penalties for those who abuse children; that also means teens under the age of consent.

    The sad thing is we have governments who want to break encryption b/c "think of the children," also let traffikers and their ilk off th [go.com]

  • Leaked document? (Score:5, Funny)

    by PPH ( 736903 ) on Monday May 22, 2023 @07:39PM (#63543799)

    Why didn't they encrypt it?

  • More illegal material and substances go through the USPS than any other venue in the entire world. You want any type of drug, porn, etc, it comes hand delivered by your friendly postal delivery person.

  • Title 1, Article 18, Section 3:

    "Se garantiza el secreto de las comunicaciones y, en especial, de las postales, telegrÃficas y telefÃnicas, salvo resoluciÃn judicial."

    Roughly translated to:

    "the communication secrecy must be guaranteed, specially on letters, telegrams and phone calls unless there is judical resolution"

    Source: https://www.senado.es/web/cono... [senado.es]

    Regardless, Spain is not the only country considering measures like that. Just read the linked document: https://www.senado.es/web/cono... [senado.es]

  • That's funny, because Government-friendly media such as El País indicate that it's "the EU" [elpais.com] (not Spain) who wants to ban end-to-end encryption. The "EU" is always "someone else", and they omit that it's Spain who is currently advocating for this law within the EU, because it is clearly very dangerous. Oh, and "Think of the children!"

  • Please don't give Trudeau any ideas. I'm sure he'd be all over this if he knew what encryption was.

  • It should work is plain wrong. Some tech companies have gone to pains to make this impossible. Signal is a good example, zero trust and different algorithms everywhere. Nor will I have a bar of any cloud services. And Barristers have a special duty to protect their clients and data. Journalists need to keep their sources private.Lastly, things will different with AI and Deepfakes.

  • The proposed legislation probably isn't a sign of a fascist shift in Spain, although it might be [ccbcnes.org]. And if passed, it could help pave the way for closet fascists to restore the "glory days" of Franco.

    The legislation is dangerous by definition, because it limits citizens' freedom to communicate without government spying. It also sets a dangerous precedent. I really hope Spanish citizens reject it loudly and forcefully.

    • most likely a parliament member in Spain that have zero idea on what he is commenting on and is just upset when being told told criminals and pedophiles can "hide from police by using end to end encryption" and no one have yet asked him how he thinks that e.g online banking or commerce is supposed to work if that is forbidden.

  • good Luck getting the world to comply with your dumb idea, Spain

Slashdot Top Deals

You know that feeling when you're leaning back on a stool and it starts to tip over? Well, that's how I feel all the time. -- Steven Wright

Close