UK to Lead
Not long after the IP Bill was brought to life (November 2016), when the providers got the open hands to hold users traffic data for a year, came the “targeted consultation”, which has not been publicised, about the end-to-end encryption weakening.
Probably on Amber Rudd’s initiative, who said it was “completely unacceptable that the government could not read messages protected by end-to-end encryption”, this consultation could potentially be used to compel companies to introduce backdoors to end-to-end encryption, or put in place other security weaknesses.
According to the Technical capability notices (TCNs), the companies could be forced “to ‘modify’ their products in order to comply with Government demands” and this could also limit “the ability to develop stronger security and encryption.”
Australia to Join
Then, two days ago, during the last meeting of the Five-Eyes, the intelligence collective that includes the U.S., Canada, U.K. Australia and New Zealand, Australia too, started to try to persuade the group for the creation of new legal powers that would allow access to encrypted communications.
What the Attorney-General, Senator the Hon George Brandis said during the meeting was
“The use by terrorists of cyberspace is an issue of critical concern to intelligence and law enforcement agencies. Australia will lead the discussion of ways to address this issue; in particular the involvement of industry in thwarting the encryption of terrorist messaging”
However, he has denied that the Australian government wants technology companies to create “backdoors”.
So, it is not clear what other method, except for “backdoors”, would satisfy Australia’s goal.
EU to Oppose
This call to weaken, in any way, encrypted communication was confronted by the draft report from the European Parliament on the proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications).
What’s said in the draft report:
“The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”
This is totally contrary to the UK and Australia’s initiative to weaken encryption.
Dr. Carlo Piltz, Attorney at Reuschlaw, told DataGuidance, “One does not need magic to realize that the Draft Report is specifically aimed at strengthening the position and rights of users.”
The Five-Eyes initiative comes as a result of the fear that terrorists are increasingly using applications that use encryption to mask their communications and also encrypt and lock their devices. This makes it more difficult to collect intelligence on possible attacks.
Tech companies, on the other hand, argue that braking down encryption can’t bring any good in counter fighting terrorism. They claim that encryption protects users’ personal data and companies’ intellectual property from nation-states and data-stealing cybercriminals.
What governments have to think of is how to counter open-source encryption technologies, from Tor, the free software that protects privacy online, to PGP, to the Tails operating system, which are not controlled by corporations.
This worldwide trend of pressing companies to weaken encryption and introduce “backdoors” may collide with this new proposed EU concept and data that is to being exchanged between different regulations may need greater regulation.
On the other hand the EU initiative could also be a wakeup call for the countries where people’s privacy, which is fundamental human right, enshrined in the Universal Declaration of Human Rights, is being broken down with every excuse in law in order to influence opinion and make money.
Author Bio: Ivana Stojanova is the Online Marketing Specialist at Secure Swiss Data, an encrypted email service, hosted in Switzerland. You can connect with her and the Secure Swiss Data Team on Twitter, by Email, or visiting Website.
Contact Ivana via her Linkedin profile: https://www.linkedin.com/in/ivanastojanova/
Ivana Stojanova is a guest blogger, all opinions are her own.
This is a Security Bloggers Network syndicated blog post authored by Guest Author. Read the original post at: CCSI