Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption

Europol Becomes Latest Law Enforcement Group To Plead With Big Tech To Ditch E2EE (theregister.com) 148

Yet another international cop shop has come out swinging against end-to-end encryption - this time it's Europol which is urging an end to implementation of the tech for fear police investigations will be hampered by protected DMs. The Register: In a joint declaration of European police chiefs published over the weekend, Europol said it needs lawful access to private messages, and said tech companies need to be able to scan them (ostensibly impossible with E2EE implemented) to protect users. Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.

"Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish," the declaration said. "They should not now." The joint statement, which was agreed to in cooperation with the UK's National Crime Agency, isn't exactly making a novel claim. It's nearly the same line of reasoning that the Virtual Global Taskforce, an international law enforcement group founded in 2003 to combat CSAM online, made last year when Meta first first started talking about implementing E2EE on Messenger and Instagram.

This discussion has been archived. No new comments can be posted.

Europol Becomes Latest Law Enforcement Group To Plead With Big Tech To Ditch E2EE

Comments Filter:
  • Lead By Example (Score:5, Interesting)

    by Vytalon ( 825024 ) on Monday April 22, 2024 @01:06PM (#64414848) Homepage
    Let's see the people who want to see an end to End to End Encryption give it up first.
  • They are wrong (Score:5, Insightful)

    by MpVpRb ( 1423381 ) on Monday April 22, 2024 @01:11PM (#64414858)

    You can either have strong security or no security
    All of online commerce and banking requires strong security
    Some believe the fantasy that it's possible to restrict security so that only the good guys can have it

    This is absurd for several reasons
    First, it's difficult to define who the good guys are or to ensure that they will remain good
    Second, the bad guys are often smart and well practiced at finding workarounds
    The only ones who will suffer are inept criminals and honest citizens who are victimized by smart scammers

    • Re:They are wrong (Score:4, Insightful)

      by Baron_Yam ( 643147 ) on Monday April 22, 2024 @01:31PM (#64414914)

      I worked with cops a lot for a while. I like to think the ones I worked with were good, or at least not bad. I still read about them from time to time in the news, and not in a good way.

      A cop is a tool, you trust them when you have to, but always keep in mind they are people and not machines. They have their own motivations that may not align with your best interests or even the law, and sometimes those motivations overrule what they should do.

      If you trust cops with a backdoor, it is only a matter of time before that backdoor is compromised.

      • Very true about cops but we have to remember that even though these are people these are people the rest of us trust with authority and abilities the rest of us cede to them so a higher standard of conduct is warranted, expected and necessary. The big issues with law enforcement, like this very story, are systemic.

        There are probably quite a few cops who understand the importance of something like E2EE but the question is why are they not the voices that are setting the rules?

        • Cops are trained to an us vs them mindset and continually retrained that they always have to assume the public is out to kill them.

          The mindset sticks, I picked up a bit of it by osmosis and it took a couple of years to decompress and become objective again. Luckily, I have no ethical concerns about any of the coding and systems support I did for them - I was never responsible for anything that would be used to erode rights, and I worked an awful lot on stuff that was meant for police oversight.

          • Totally understand that and cops are right, a simple traffic stop can turn into a life-or-death situation, hell there was a terrible video last week or so with a traffic stop and another car stops, gets out and guns the cop down.

            But it's harsh but you kinda assume that risk with the job. A roofer risks falling, a fireman risks burning cops risk life or death but they also hold the ability distribute justice and death.

            absolutely more and better training is a top issue for US law enforcement.

      • They aren't asking for a backdoor, the clipper fever dream is dead.

        They "just" want AI mass surveillance for CSAM only, pinky promise, and lawful intercept. The keys wouldn't be escrowed with independent access by law enforcement through a backdoor, but entirely under the control of the private companies.

      • Re: They are wrong (Score:5, Insightful)

        by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday April 22, 2024 @03:09PM (#64415234) Homepage Journal

        "I like to think the ones I worked with were good"

        If you have 1 bad cop and 10 more that let them get away with it, what you've got is 11 bad cops.

      • by gweihir ( 88907 )

        If you trust cops with a backdoor, it is only a matter of time before that backdoor is compromised.

        Indeed. Same with anybody. The NSA, FBI, regular cops, judges, etc. All have examples of corruption and selfish illegal acts. That is why no backdoor will ever be secure.

    • Most Apple users don't use Advanced Data Protection, but I'd say the cloud storage is still relatively secure.

      • But why would you say that? Have you reviewed the sources? If not, you're just making things up to believe. Your religious beliefs about Apple are not relevant.

      • I'd say the cloud storage is still relatively secure.

        In that case, I have a part-used flying pig you might want to buy.

    • by dbialac ( 320955 )
      It wasn't long ago where the direct messages were via snail mail. It was difficult to find things back then. Even with email, leaving a USB drive makes transmitting information to others easy and difficult for LEOs to find.
    • by gweihir ( 88907 )

      Indeed. I mean, even the NSA has had attack code stolen now and that did quite a bit of damage. There are no harmless or "safe" backdoors and not fixing vulnerabilities is always bad for everyone. No idea why this needs to be re-stated time and again.

    • by AmiMoJo ( 196126 )

      To play devil's advocate for a moment, most people don't know how to do more than use WhatsApp or iMessage, so whatever encryption they use is what they get.

      Most criminals don't think about this stuff either. They don't plan their crimes and carefully manage their op-sec. Look at how often they openly discuss stuff on chat apps, or just send some random person a dick pic.

      Which is the biggest argument against limiting E2EE. The data can be read off the sender or recipient's devices. They have other, more tar

  • Seriously? (Score:5, Insightful)

    by bradley13 ( 1118935 ) on Monday April 22, 2024 @01:13PM (#64414872) Homepage

    Police forces are supposed to protect citizens. Dropping E2EE would open the doors to all sorts of crime.

    Unbelievable.

    • by gweihir ( 88907 )

      Naa, police forces are there to keep the rich safe against the unwashed masses. All that "serve & protect" stuff is just the marketing narrative.

  • Police = Lazy (Score:4, Insightful)

    by Cpt_Kirks ( 37296 ) on Monday April 22, 2024 @01:15PM (#64414874)

    How in the world did cops ever catch bad guys before the advent of the mobile phone?

    • To be fair, in the olden days, the police would grab someone, say "You are guilty of xyz" take you in front of a judge, say "He's guilty of xyz" the judge would go "Yep!" and you'd be in prison.

      Nowadays they have to come up with actual evidence, which is just exhausting. Phones have made it somewhat easier, as they can just subpoena the GPS info for anyone who was near a crime and you have an instant suspect. You don't even have to leave your desk, shoot off some emails and you get a suspect.

      • You can find statistics to support the assertion you're more likely to get railroaded now than 50 years ago. I haven't seen any to suggest the opposite.

        Evidence is great, if you can manage to present it. Chances are you won't get a trial.

        Interestingly, that Kohberger serial killer dude, who was studying criminal justice, has now popped out with what his lawyers call an airtight cell phone alibi. I usually don't follow stories like that, but I get the feeling the cops will be studying that one closely for a

    • Going back and watching some of "The Wire" again it's interesting to see just due to when it was filmed that the show takes place at a time when things like "texting" and "burner phones" were like the cutting edge and some of the plots involved the cops having to stay one step ahead with new technology. Show absolutely holds up but even then it touches on the themes of all the new tech combined with the drug war mania ruining the skill of policework.

    • If I'm not mistaken national statistics have shown, at least here locally, that the crime solving rate took a dive after police where given the right to perform cell tower dumps and once explanation was that if they couldn't immediately find the perpetrators data in the dump then they gave up instead of doing the old school police work.
  • by Anonymous Coward

    You have to elect better legislators. Doesn't matter if you're in Europe or the US. The police will always do what they we let them get away with. It's all pretty straight forward. We are the power

  • 3/4 of the world (Score:5, Insightful)

    by Impy the Impiuos Imp ( 442658 ) on Monday April 22, 2024 @01:33PM (#64414920) Journal

    Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.

    The most heinous of all crimes is dictatorship, based on number of deaths, rapes, child trafficking, and so on.

    Dictatorship is maintained with terror and murder and growing technological panopticons.

    E2EE is just what the doctor ordered to thwart this, the most heinous of crimes. It's tough enough as it is. We, the free west, should lead the way, not offer ready-made tools with ready-made patter for dictators to spout.

    • The most heinous of all crimes is dictatorship, based on number of deaths, rapes, child trafficking, and so on.

      Dictatorship is maintained with terror and murder and growing technological panopticons.

      E2EE is just what the doctor ordered to thwart this, the most heinous of crimes. It's tough enough as it is. We, the free west, should lead the way, not offer ready-made tools with ready-made patter for dictators to spout.

      This is probably the most insightful post EVER posted to Slashdot. This is the only +100 Insightful post I have seen on this site.

      The Panopticon is only partially useful in keeping people's behavior within reason. The entire reason for the Panopticon is to control business and social outcomes... or in other words, a Dictatorship.

  • by gweihir ( 88907 ) on Monday April 22, 2024 @01:39PM (#64414934)

    What else is new? These people are a threat, nothing else.

    • well to be fair, it is ofc in their interest as a law enforcement agency to get to sift through peoples data, it would significantly simply and help their work. It's a whole different question if we society should give them what they want, trouble ofc is that politicians (and some people) tend to think that if the police wants it then it must be good.
  • by schwit1 ( 797399 ) on Monday April 22, 2024 @01:44PM (#64414948)

    They have proven time and again that their goal is power, not justice and not the law.

  • by dgatwood ( 11270 ) on Monday April 22, 2024 @02:02PM (#64415002) Homepage Journal

    When so many spooks come out against it, that's how you know you're doing the right thing. Let's unpack their statements a bit.

    ... Europol said it needs lawful access to private messages, and said tech companies need to be able to scan them (ostensibly impossible with E2EE implemented) to protect users. Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.

    You're not realistically going to magically prevent any of those things with more spying. At best, you might catch the occasional low-hanging fruit, and even then, only if you do incredibly invasive levels of widespread spying on everyone. The right way to prevent those things is by infiltrating the relevant community. People who say otherwise are kidding themselves.

    "Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish," the declaration said. "They should not now." The joint statement, which was agreed to in cooperation with the UK's National Crime Agency, isn't exactly making a novel claim. It's nearly the same line of reasoning that the Virtual Global Taskforce, an international law enforcement group founded in 2003 to combat CSAM online, made last year when Meta first first started talking about implementing E2EE on Messenger and Instagram.

    First, their claim isn't even true at a superficial level. Since at least 1961, we have been compelled by law to recognize diplomatic couriers and the contents of their bags as beyond the reach of law enforcement.

    Second, our societies have always tolerated spaces that are at least by default beyond the reach of law enforcement, which allow law enforcement to peer into those spaces only after establishing probable cause.

    Recent behavior by law enforcement agencies has thrown out the entire notion of probable cause, creating mass spying programs that sniff all the traffic going into and out of various organizations en masse. That, combined with parallel construction and courts being lax at enforcing the fruit of the poisonous tree doctrine, has resulted in substantial violations of the public's right to privacy.

    End-to-end encryption is necessary entirely because law enforcement has repeatedly shown an unwillingness to respect the bounds of privacy that a free society requires. And the fact that law enforcement's irrational "slurp everything up and sort through it later" approach has resulted in everyone encrypting everything is not the fault of the "everyone encrypting everything". It is the fault of law enforcement being utterly egregious and unscrupulous in their behavior.

    There are consequences for actions, and when governments show that they are untrustworthy on an ongoing basis, people stop trusting them. Welcome to the real world, kids.

    • by DarkOx ( 621550 )

      So much this. The Intel lobby practically just burnt down congress, (it sure as-f**k looks like they blackmailed the speaker of the House) to defeat having to even get a warrant for spying from their special FISA court, when the 'F' (foreign) part is deeply in question.

      That does suggest to me its time to 'trust them' more and just hand over the keys to all communications privacy. They basically finished throwing a tantrum and screaming about how they can't do their jobs AND respect the Constitutional right

  • by laird ( 2705 ) <lairdp@gm a i l.com> on Monday April 22, 2024 @02:15PM (#64415032) Journal

    Where did they get the idea that "Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely"? One-time pads have been completely secure since they were invented in 1882. And, of course, people have always been able to go somewhere isolated and talk with each other face-to-face without any police around. The idea that police have a right to monitor all communications between anyone anywhere isn't reality-based. Are they going to require criminals to record all private conversations just in case police want to listen in?

    And no matter what the police demand, criminals could just use end-to-end secure communications anyway, because there are many end-to-end encryption systems already, and nothing the police demand will change that, once software exists, it'll continue to exist. Heck, PGP exists, so criminals could just use that, and ignore whatever the police do to destroy global security, and the criminals would still be secure from the police, it'd just screw things up for everyone else using the insecure communications channels the police prefer, so they can destroy secure global commerce, but not impede the criminals at all.

  • then maybe we wouldnt be so keen on not granting them any,
  • by quietwalker ( 969769 ) <pdughi@gmail.com> on Monday April 22, 2024 @04:03PM (#64415478)

    ... or did they not realize that "government agencies" was one of the biggest reasons to have E2EE?

  • by devslash0 ( 4203435 ) on Monday April 22, 2024 @04:41PM (#64415608)

    Encryption is public knowledge these days. Even first-year software engineering students can build their own end-to-end encrypted communicators. If we banned E2EE, we'd only harm regular users since criminal parties would write their own chat apps in a day.

  • ... tech companies need to be able to scan ...

    Everyone missed the real goal of dumbing-down encryption: Not so the police can spy on anyone, anytime, anywhere. It's so Google/Apple/Microsoft/Meta/X can spy on everyone. Europol might think they're clever, sneaking this into a 'think of the children' rant but they, themselves are victims of propaganda. Remember, the USA just passed an amendment (Section 702) where the CIA/NSA/FBI/DHS/ATFE can order any corporation to collect 'evidence' for them.

    With 90% of the UK government run by Microsoft Azure,

  • by Meneth ( 872868 ) on Monday April 22, 2024 @06:44PM (#64415866)

    No law of Congress can place in the hands of officials connected with the Postal Service any authority to invade the secrecy of letters and such sealed packages in the mail; and all regulations adopted as to mail matter of this kind must be in subordination to the great principle embodied in the fourth amendment of the Constitution.

    https://en.wikipedia.org/wiki/Secrecy_of_correspondence [wikipedia.org]

  • Putting a back door into encryption is the same as removing it. Worse actually. A back door implies there is some level of trust with the encryption.

    The problem is that once a back door has been compromised the ones using it are not the trust worthy.

    Back doors are implemented in code. Code that is burned into systems and often never updated. So the belief that it will be patched if the back door is discovered is false. The back door will remain forever. This is increasingly a problem as more and more

  • As far as I know the post office does not allow police to read people's snail mail to be read even though it can be used for illegal purposes. But the issue here is actually different. It is a claim that the post office shouldn't allow mail to be sent in envelopes.

Keep up the good work! But please don't ask me to help.

Working...