Backdoors That Let Cops Decrypt Messages Violate Human Rights, EU Court Says (arstechnica.com) 30
An anonymous reader quotes a report from Ars Technica: The European Court of Human Rights (ECHR) has ruled that weakening end-to-end encryption disproportionately risks undermining human rights. The international court's decision could potentially disrupt the European Commission's proposed plans to require email and messaging service providers to create backdoors that would allow law enforcement to easily decrypt users' messages. This ruling came after Russia's intelligence agency, the Federal Security Service (FSS), began requiring Telegram to share users' encrypted messages to deter "terrorism-related activities" in 2017, ECHR's ruling said. [...] In the end, the ECHR concluded that the Telegram user's rights had been violated, partly due to privacy advocates and international reports that corroborated Telegram's position that complying with the FSB's disclosure order would force changes impacting all its users.
The "confidentiality of communications is an essential element of the right to respect for private life and correspondence," the ECHR's ruling said. Thus, requiring messages to be decrypted by law enforcement "cannot be regarded as necessary in a democratic society." [...] "Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general, and indiscriminate surveillance of personal electronic communications," the ECHR's ruling said. "Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users' electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field."
Martin Husovec, a law professor who helped to draft EISI's testimony, told Ars that EISI is "obviously pleased that the Court has recognized the value of encryption and agreed with us that state-imposed weakening of encryption is a form of indiscriminate surveillance because it affects everyone's privacy." [...] EISI's Husovec told Ars that ECHR's ruling is "indeed very important," because "it clearly signals to the EU legislature that weakening encryption is a huge problem and that the states must explore alternatives." If the Court of Justice of the European Union endorses this ruling, which Husovec said is likely, the consequences for the EU's legislation proposing scanning messages to stop illegal content like CSAM from spreading "could be significant," Husovec told Ars. During negotiations this spring, lawmakers may have to make "major concessions" to ensure the proposed rule isn't invalidated in light of the ECHR ruling, Husovec told Ars. Europol and the European Union Agency for Cybersecurity (ENISA) said in a statement: "Solutions that intentionally weaken technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well, which makes an easy solution impossible."
The "confidentiality of communications is an essential element of the right to respect for private life and correspondence," the ECHR's ruling said. Thus, requiring messages to be decrypted by law enforcement "cannot be regarded as necessary in a democratic society." [...] "Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general, and indiscriminate surveillance of personal electronic communications," the ECHR's ruling said. "Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users' electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field."
Martin Husovec, a law professor who helped to draft EISI's testimony, told Ars that EISI is "obviously pleased that the Court has recognized the value of encryption and agreed with us that state-imposed weakening of encryption is a form of indiscriminate surveillance because it affects everyone's privacy." [...] EISI's Husovec told Ars that ECHR's ruling is "indeed very important," because "it clearly signals to the EU legislature that weakening encryption is a huge problem and that the states must explore alternatives." If the Court of Justice of the European Union endorses this ruling, which Husovec said is likely, the consequences for the EU's legislation proposing scanning messages to stop illegal content like CSAM from spreading "could be significant," Husovec told Ars. During negotiations this spring, lawmakers may have to make "major concessions" to ensure the proposed rule isn't invalidated in light of the ECHR ruling, Husovec told Ars. Europol and the European Union Agency for Cybersecurity (ENISA) said in a statement: "Solutions that intentionally weaken technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well, which makes an easy solution impossible."
Know your rights (Score:4, Insightful)
Number one
You have the right not to be killed
Murder is a crime
Unless it was done
By a policeman
Or an aristocrat
Number two
You have the right to food money
Providing of course
You don't mind a little
Investigation, humiliation
And if you cross your fingers
Rehabilitation
Number three
You have the right to free speech
As long as
You're not dumb enough to actually try it
The Clash
the beacon of freedom (Score:5, Informative)
Re: (Score:2)
UK is going in the opposite direction.
As are her colonies. Welcome to India, Australia, ...
Re: (Score:2)
Re: (Score:2)
Its even worse in Australia but as always, "you can get around it with eyes closed".
In the UK, forgetting your password when the cops want your data is a good way to spend the rest of your life in prison.
Re: the beacon of freedom (Score:3)
Re: (Score:2)
Re: (Score:2)
Shines brightly in the EU. UK is going in the opposite direction. American politicians' comprehension has scarcely gone beyond "the internet is a bunch of tubes".
LOL. All those companies are US-based, the EUcrates wouldn't be able to force anyone to put any backdoors in anything anyway. So, since they're not gonna reach those grapes anyway, they're sure gonna virtue signal about how we're not trying.
And the USA having forced back doors into everything complain about China doing the exact same!
Re:the beacon of freedom (Score:5, Interesting)
Re: (Score:3)
The current government has been making noises about leaving the ECHR for some years now. They are probably just waiting for things like this, and frustrated attempts to send refugees to Rwanda, to give them enough political capital to leave it.
Fortunately they seem to be in such dire straits at the moment they probably won't be able to do it before the next election.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Interesting. I was not aware of that.
Re: (Score:2, Informative)
Re: (Score:1)
Well, if it weren't for the fact that the ECHR is not an EU court, but of the Council of Europe which is older and independent from the EU. And often reins in the EU's transgressions.
EU transgressions needing to be reined in? Say it isn't so!
Re: (Score:2)
And often reins in the EU's transgressions.
Which is unfortunately needed. The totalitarian assholes and surveillance-fascists are present in EU politics to a significant degree.
Re: (Score:1)
And often reins in the EU's transgressions.
Which is unfortunately needed. The totalitarian assholes and surveillance-fascists are present in EU politics to a significant degree.
Which will increase.
And if the ECHR begins to flex more power to protect people, then the ECHR will also become coopted. And then whatever institution or technology layer is put on top of that.
Every time you create a system of power, persons and groups whose primary motivation is the desire to exercise power will be the ones willing to make the choices and take the actions day after day which cumulatively capture the power, while the rest of us are trying to balance a number of normal desires and pursuits i
Re: (Score:2)
Shines brightly in the EU. UK is going in the opposite direction. American politicians' comprehension has scarcely gone beyond "the internet is a bunch of tubes".
Look, I like this ruling too, but it makes no sense to try claiming the technical literacy high ground when the EU is days away from mandating interoperability between large E2EE messaging platforms. To illustrate why that’s problematic, I’ve included below the technical details they provided for how that task will be accomplished:
*waves hands*
Re: (Score:1)
Complete nonsense. The EU has been trying to backdoor for ages now. Just because some random court ruled otherwise doesn't mean it isn't still the cunning plan over there
A first, you can't play god (Score:3)
The ECHR signals that politicians can't play god: Politicians can't declare the sacrifice of Your privacy and Your rights (never the government's) will cause good things to happen (AKA "think of the children").
Reference to U.S. (Score:5, Informative)
ECHR also explicitly references the U.S. and false claims by senior U.S. security officials:
The Council of Europe agreed that backdoors could be problematic, finding that backdoors created for law enforcement "could easily be exploited by terrorists and cyberterrorists or other criminals," potentially exposing messaging services users to more harms than benefits from enabling decryption to aid investigations. Especially considering that "independent reviews carried out in the United States" found that "mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials," the Council noted.
Re: (Score:2)
Interesting. Well, at least as a bad example the US is still useful regarding freedom.
Are search warrants a violation? (Score:2)
There's an interesting nuance here (from my read of the summary, because who has time to RTFA). The ECHR seems to think that the violation of human rights comes from the risk that backdoors would lead to the introduction of mass surveillance or be otherwise exploited by bad actors. They aren't suggesting a right to absolute privacy of communication.
That makes me wonder what they'd say about the use of spyware approved by a search warrant, where only the target's device is compromised rather than the und
There is no "government only" backdoor (Score:2)
At least not a "your government only" one. Anything that allows someone to break open encryption is a prime target for malicious actors. And they won't just send a hacker after it, they send the crowbar team [xkcd.com].
The process is actually fairly simple. They first figure out someone who has access to these keys. Then they send him a message. "Hello. You don't know me, but I'm sure you know the woman and the kids in this picture. You really have a lovely wife and kids. Right now, they enjoy a rather pleasant vacati
Re: (Score:2)
Re: (Score:2)
How did you get out of North Korea, if you don't mind me asking? :)
But in all seriousness, this would be a very bad move. It's kinda hard to recruit good and reliable staff in this economy, even without them knowing that a bullet with their name on it is already chambered.