Linked by Thom Holwerda on Tue 20th Jun 2017 10:36 UTC
Privacy, Security, Encryption

The European parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) has put forward a proposal that would amend the EU's charter of fundamental rights to extend privacy rights to the digital realm and prevent governments of EU Member States from backdooring end-to-end encrypted services.

"This Regulation aims at ensuring an effective and equal protection of end-users when using functionally equivalent services, so as to ensure the protection of confidentiality, irrespective of the technological medium chosen," they write in the draft eprivacy proposal. "The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information."

On encryption the committee amends an earlier text, proposed by the EU's executive body, the European Commission, to state: "[W]hen encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services."

It's only a committee proposal for now that will need approval from the European Parliament, but at least it's something. It also happens to fly in the face of European leaders, who are talking of weakening encryption or banning it outright.

This proposal would obviously be the right thing to do, but with so many leaders around the world exploiting the wholly irrational fear of terrorism (you're much more likely to die sitting on the couch than at the hands of terrorists here in Europe) among the media-primed public and people falling for that nonsense hook, line, and sinker (see Brexit, Trump, and extreme right parties in The Netherlands and France), this proposal will most likely not make it.

Permalink for comment 645816
To read all comments associated with this story, please click here.
chrish
Member since:
2005-07-14

There are some public-key cryptosystems that are not vulnerable to known attacks by quantum computers. They're not even new algorithms, just ones that were impractical due to the sizes of keys or the amount of memory/CPU required to run them. One of the ones we've worked on was proposed in the 70s, IIRC.

Note also that symmetric cryptosystems like AES are safe already, if you double the size of the keys you're working with; for example, using AES with 256-bits of security is the equivalent of 128-bits of security against a quantum adversary. That's generally "good enough".

Disclaimer: I work for a startup implementing this sort of thing.

Reply Parent Score: 3