Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption EU The Courts

Backdoors That Let Cops Decrypt Messages Violate Human Rights, EU Court Says (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: The European Court of Human Rights (ECHR) has ruled that weakening end-to-end encryption disproportionately risks undermining human rights. The international court's decision could potentially disrupt the European Commission's proposed plans to require email and messaging service providers to create backdoors that would allow law enforcement to easily decrypt users' messages. This ruling came after Russia's intelligence agency, the Federal Security Service (FSS), began requiring Telegram to share users' encrypted messages to deter "terrorism-related activities" in 2017, ECHR's ruling said. [...] In the end, the ECHR concluded that the Telegram user's rights had been violated, partly due to privacy advocates and international reports that corroborated Telegram's position that complying with the FSB's disclosure order would force changes impacting all its users.

The "confidentiality of communications is an essential element of the right to respect for private life and correspondence," the ECHR's ruling said. Thus, requiring messages to be decrypted by law enforcement "cannot be regarded as necessary in a democratic society." [...] "Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general, and indiscriminate surveillance of personal electronic communications," the ECHR's ruling said. "Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users' electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field."

Martin Husovec, a law professor who helped to draft EISI's testimony, told Ars that EISI is "obviously pleased that the Court has recognized the value of encryption and agreed with us that state-imposed weakening of encryption is a form of indiscriminate surveillance because it affects everyone's privacy." [...] EISI's Husovec told Ars that ECHR's ruling is "indeed very important," because "it clearly signals to the EU legislature that weakening encryption is a huge problem and that the states must explore alternatives." If the Court of Justice of the European Union endorses this ruling, which Husovec said is likely, the consequences for the EU's legislation proposing scanning messages to stop illegal content like CSAM from spreading "could be significant," Husovec told Ars. During negotiations this spring, lawmakers may have to make "major concessions" to ensure the proposed rule isn't invalidated in light of the ECHR ruling, Husovec told Ars.
Europol and the European Union Agency for Cybersecurity (ENISA) said in a statement: "Solutions that intentionally weaken technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well, which makes an easy solution impossible."
This discussion has been archived. No new comments can be posted.

Backdoors That Let Cops Decrypt Messages Violate Human Rights, EU Court Says

Comments Filter:
  • Know your rights (Score:4, Insightful)

    by garyisabusyguy ( 732330 ) on Wednesday February 14, 2024 @05:09PM (#64240060)

    Number one
    You have the right not to be killed
    Murder is a crime
    Unless it was done
    By a policeman
    Or an aristocrat

    Number two
    You have the right to food money
    Providing of course
    You don't mind a little
    Investigation, humiliation
    And if you cross your fingers
    Rehabilitation

    Number three
    You have the right to free speech
    As long as
    You're not dumb enough to actually try it

    The Clash

  • by BishopBerkeley ( 734647 ) on Wednesday February 14, 2024 @05:11PM (#64240068) Journal
    Shines brightly in the EU. UK is going in the opposite direction. American politicians' comprehension has scarcely gone beyond "the internet is a bunch of tubes".
    • by PPH ( 736903 )

      UK is going in the opposite direction.

      As are her colonies. Welcome to India, Australia, ...

      • Its even worse in Australia but as always, "you can get around it with eyes closed".
        • Its even worse in Australia but as always, "you can get around it with eyes closed".

          In the UK, forgetting your password when the cops want your data is a good way to spend the rest of your life in prison.

    • I agree, it's a shine of light when other bodies go for mass surveillance. And generally makes an actual effort to be pro-people, trying to peotect them without violating their privacy and rights. Its a shame hoaxers/russia try to discredit eu way too often, downplaying it to common folk as "that thing that forces me to not call this cheese however i want"
    • by nickovs ( 115935 ) on Wednesday February 14, 2024 @06:05PM (#64240194)
      It's worth noting that despite leaving the European Union, the UK is still subject to rulings from the European Court of Human Rights, since the UK's obligations to the ECHR stem from a separate act of parliament [wikipedia.org] that was not revoked when leaving the EU. So this ruling could well end up having an impact on the interpretation of the UK's Online Safety Act [wikipedia.org].
      • by AmiMoJo ( 196126 )

        The current government has been making noises about leaving the ECHR for some years now. They are probably just waiting for things like this, and frustrated attempts to send refugees to Rwanda, to give them enough political capital to leave it.

        Fortunately they seem to be in such dire straits at the moment they probably won't be able to do it before the next election.

      • It's also worth noting that the European Court of Human Rights is not an EU institution at all. The UK's ECHR discussion has very little, if anything, to do with Brexit; it's a separate issue.
        • Yeah, Brexit was all about ruining the economy, the ECHR discussion is all about dumping human rights. Completely different kind of jackboots.
      • by gweihir ( 88907 )

        Interesting. I was not aware of that.

    • Re: (Score:2, Informative)

      Well, if it weren't for the fact that the ECHR is not an EU court, but of the Council of Europe which is older and independent from the EU. And often reins in the EU's transgressions.
      • Well, if it weren't for the fact that the ECHR is not an EU court, but of the Council of Europe which is older and independent from the EU. And often reins in the EU's transgressions.

        EU transgressions needing to be reined in? Say it isn't so!

      • by gweihir ( 88907 )

        And often reins in the EU's transgressions.

        Which is unfortunately needed. The totalitarian assholes and surveillance-fascists are present in EU politics to a significant degree.

        • And often reins in the EU's transgressions.

          Which is unfortunately needed. The totalitarian assholes and surveillance-fascists are present in EU politics to a significant degree.

          Which will increase.
          And if the ECHR begins to flex more power to protect people, then the ECHR will also become coopted. And then whatever institution or technology layer is put on top of that.

          Every time you create a system of power, persons and groups whose primary motivation is the desire to exercise power will be the ones willing to make the choices and take the actions day after day which cumulatively capture the power, while the rest of us are trying to balance a number of normal desires and pursuits i

    • Shines brightly in the EU. UK is going in the opposite direction. American politicians' comprehension has scarcely gone beyond "the internet is a bunch of tubes".

      Look, I like this ruling too, but it makes no sense to try claiming the technical literacy high ground when the EU is days away from mandating interoperability between large E2EE messaging platforms. To illustrate why that’s problematic, I’ve included below the technical details they provided for how that task will be accomplished:

      *waves hands*

    • Complete nonsense. The EU has been trying to backdoor for ages now. Just because some random court ruled otherwise doesn't mean it isn't still the cunning plan over there

  • by NotEmmanuelGoldstein ( 6423622 ) on Wednesday February 14, 2024 @06:49PM (#64240278)

    ... clearly signals to the EU legislature ...

    The ECHR signals that politicians can't play god: Politicians can't declare the sacrifice of Your privacy and Your rights (never the government's) will cause good things to happen (AKA "think of the children").

  • Reference to U.S. (Score:5, Informative)

    by pitch2cv ( 1473939 ) on Wednesday February 14, 2024 @07:05PM (#64240304)

    ECHR also explicitly references the U.S. and false claims by senior U.S. security officials:

    The Council of Europe agreed that backdoors could be problematic, finding that backdoors created for law enforcement "could easily be exploited by terrorists and cyberterrorists or other criminals," potentially exposing messaging services users to more harms than benefits from enabling decryption to aid investigations. Especially considering that "independent reviews carried out in the United States" found that "mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials," the Council noted.

    • by gweihir ( 88907 )

      Interesting. Well, at least as a bad example the US is still useful regarding freedom.

  • There's an interesting nuance here (from my read of the summary, because who has time to RTFA). The ECHR seems to think that the violation of human rights comes from the risk that backdoors would lead to the introduction of mass surveillance or be otherwise exploited by bad actors. They aren't suggesting a right to absolute privacy of communication.

    That makes me wonder what they'd say about the use of spyware approved by a search warrant, where only the target's device is compromised rather than the und

  • At least not a "your government only" one. Anything that allows someone to break open encryption is a prime target for malicious actors. And they won't just send a hacker after it, they send the crowbar team [xkcd.com].

    The process is actually fairly simple. They first figure out someone who has access to these keys. Then they send him a message. "Hello. You don't know me, but I'm sure you know the woman and the kids in this picture. You really have a lovely wife and kids. Right now, they enjoy a rather pleasant vacati

    • "Thanks for the keys. BTW: The wife and kids are already dead. What? You thought we were honorable kidnappers? Bitch we're the government. We get what we want. And speaking of that.... you should probably hold still. That helicopter in the distance is aiming at your head so it's nice and quick, but if you move it's gonna be a real pain for the guy that has to hunt you down. We'll have to allow him a little fun afterwards......"
      • How did you get out of North Korea, if you don't mind me asking? :)

        But in all seriousness, this would be a very bad move. It's kinda hard to recruit good and reliable staff in this economy, even without them knowing that a bullet with their name on it is already chambered.

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Working...