The Dutch government has formally opposed the introduction of backdoors in encryption products.
A government position paper, published by the Ministry of Security and Justice on Monday and signed by the security and business ministers, concludes that "the government believes that it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption within the Netherlands."
The conclusion comes at the end of a five-page run-through of the arguments for greater encryption and the counter-arguments for allowing the authorities access to the information.
The word "currently" worries me, but this is good news.
Post a Comment
Member since:
2005-10-11
Member since:2006-06-12
Member since:2006-07-14
Member since:
2011-08-08
Terrorism can't be stopped by banning encryption. It can't be stopped by banning guns. It can't be stopped by always playing catch-up, being one step behind in an endless game of whack-a-mole. It can't be stopped by creating oppressive laws that are ineffective against those who don't give a shit about them. People are no safer after they've been stripped of their protections and privacy.
Oppression is oppression, even when you try to hide it in `if you have nothing to hide, you have nothing to worry about`. People should always be suspicious of those seeking total authority & control. Human beings by their very nature are not trustworthy. The more power an entity is given, the worse the eventual abuse will be. There's no justification for that.
Member since:2015-03-27
Member since:2009-07-18
How is this drivel in any way relevant?
The government grants subsidies and sponsors charity all the time. They figured encryption is important to today's economy and liberty, and apparently it's underfunded so they wrote a check.
It's just too bad they went for a severely mismanaged project such as OpenSSL.
Member since:2006-07-12
Member since:
2006-07-14
Note: I'm assuming a few things here, so forgive me if I'm off a bit.
So from what I understand the governments (USA, UK, etc) would like encryption like the solution in this stack overflow:
https://stackoverflow.com/questions/597188/encryption-with-multiple-...
So only the intended recipient or the government can decrypt. There isn't that much of a risk of a fourth party encrypting it. Only weakening a cypher or RNG would do that ( which the NSA has done before).
But, anyways strong encryption is out there and available. You can't put it back in the bag and tell everyone to forget they had access to it. I guess the only think they could do would be to force companies to not put the good stuff in by default.
Member since:2011-01-28
Bill Shooter of Bul,
...
So only the intended recipient or the government can decrypt.
Apple imessage does this. One message can be encrypted by many keys, and apple tells imessage which keys to use for encryption. It's actually ideal for wiretapping targets under court order without breaking any crypto, although I have no idea if this has ever happened.
http://www.infoworld.com/article/2612575/instant-messaging/apple-s-...
One can build very secure key escrow, but there is great resistance from people and manufacturers when we know what the NSA are up to. The "clipper chip" and Snowden debacles highlight this resistance.
https://en.wikipedia.org/wiki/Clipper_chip
Without key escrow, the NSA's very existence depends on finding/creating vulnerabilities and exploiting those in secrecy. Ultimately this state of affairs leaves our products and systems open to 3rd party attacks that the NSA knows about. To the NSA, snooping is more important than the security of our protocols, but that's a dangerous game because it means our enemies are able to snoop us too.
Member since:2006-07-14
Without key escrow, the NSA's very existence depends on finding/creating vulnerabilities and exploiting those in secrecy. Ultimately this state of affairs leaves our products and systems open to 3rd party attacks that the NSA knows about. To the NSA, snooping is more important than the security of our protocols, but that's a dangerous game because it means our enemies are able to snoop us too.
Right, this is what confuses me. The situation the Dutch is describing is a world without key escrow. The world we currently live in where our products and systems are open to fourth party attacks. ( I'm assuming sender is first party, recipient is second party, and government is third party, and non governmental attacker is fourth )
I totally understand that the third party government with a key maybe shouldn't be trusted an thus a reason why escrowing is a bad idea. But its not for the reasons that the Dutch government gives.
Member since:2011-01-28
Bill Shooter of Bul,
I'm afraid that I'm quite ignorant when it comes to Dutch politics, but maybe they've listened to their experts who say that regulations would only harm innocent users while doing nothing to stop organized crime users.
The government says this in the article...
...which kind of acknowledges an inherent truth that the Dutch government could not effectively control crypto even if it wanted to. On the other end, the Dutch know that weak crypto leaves everyone vulnerable, so why wouldn't they advocate for stronger crypto to keep out hackers including the NSA. If anything to me it suggests that the Dutch government is representing it's citizens in good faith.
Member since:2009-07-18
Yes, the ministry mentions this in the PDF letter.
First they list all stakeholders and how encryption affects them. They mention how encryption is important to their economy, and to the government & citizens (DigiID stuff). All of which could be abused by criminals, terrorists and spies. Next they state the obvious problems for intelligence services but then they refer to the ECHR and state that individuals have a constitutional right to privacy which can only be violated for a legitimate cause and the violation needs to be proportional to that cause.
Then they mention how it's currently not possible (especially not in an international context) to enforce an encryption system that can be decrypted by the police / intelligence services without compromising the security of communication/storage systems that benefit the Dutch economy and society.
Finally they state that the justice department will have to work with providers of those services anyway to make a legal case and therefore it doesn't really justify to weaken encryption. So given all those trade-offs, they conclude it's currently not desirable to take measures to limit encryption.
I agree with Thom that the 'currently' is a bit worrying, but it's probably used to cover their ass and not give future ammo to the opposition in case things go terribly wrong.
Edited 2016-01-07 09:36 UTC
Member since:
2009-08-20