French, German ministers demand new encryption backdoor law

But is it just a matter of looking tough with elections around the corner?

A meeting this week between the interior ministers of France and Germany has focused on the issue of encryption and its potential impact on security.

In the lead-up to the meeting and in subsequent public comments from the ministers, they both made repeated mention of the issue of data encryption, even calling out the app Telegram as an example of a problem they wish to find a solution to.

French interior minister Bernard Cazeneuve even went so far as to argue that the European Commission (EC) should draft a new law that would require companies to work with the authorities to decrypt secure communications on demand and help track down terrorist suspects.

This proposed law would "impose obligations on operators who show themselves to be non-cooperative, in particular when it comes to withdrawing illegal content or decrypting messages as part of an investigation," Cazeneuve said to reporters.

Predictably, those remarks have led to concerns that the European Union will pass new legislation that would effectively ban secure end-to-end-encryption, and hence outlaw the use of apps such as Whatsapp and Telegram.

However, while the debate is fresh in Europe, an almost identical path has already been trodden in the United States in the past year.

Politicians make the case, persuasively, that while they approve of greater security in communications to limit things such as fraud, when it comes to issues of national security, they want there to be the ability to investigate what people are saying to one another. It is a long-held compromise that has worked in the best interests of nations for a long time despite periodically swinging too far in favor of the naturally secretive security services.

Magical thinking

The issue with encryption however, as many technologists have repeatedly pointed out, is that it is either secure or it is not. Encryption is mathematics. And so while politicians want it to be the case that a system is secure until they give the order, the reality is that to introduce a backdoor in that process is to undermine the very process.

In the States, the term "magical thinking" has grown up to explain this wish. And after months of debate among politicians, civil servants and the security services, ultimately the FBI's and some Congressmen's pro-backdoor efforts were beaten back by consumer agencies – other Congressmen and the White House deciding that the solution was not to force companies to introduce flaws, but to figure out what to do around an encrypted digital world.

Efforts to pass new laws failed and the two sides have reached an uneasy stalemate, with some – including presidential nominee Hillary Clinton, who u-turned on an earlier call for backdoors – trying to break it by suggesting a new national commission on digital security and encryption be set up to find future solutions.

While Europe and the United States have frequently gone in different directions when it comes to the intersection between security, privacy and technology, typically Europe takes a more pro-privacy stance. The US, on the other hand, has usually taken a more pro-surveillance (and pro-corporate) stance.

In the case of encryption, that equation may be flipped upside down since it is US corporations that have been increasingly supportive of end-to-end encryption, especially after the Snowden revelations put their business models at risk.

Real world

Of course it is also notable that it was the French minister who actively called for new laws. French politicians, unlike their German counterparts, tend to have a more flexible approach between what they say and what they do.

A law that tries to make magical thinking a reality is unlikely to work. And if Europe insisted on it, it would have far-reaching repercussions that may not make the assumed benefits worthwhile.

There will also be some strong opponents to such a plan within the EC. EC VP Andrus Ansip has repeatedly stated that there will be no backdoor legislation, even tweeting his support for strong encryption after a meeting with Apple CEO Tim Cook.

If, however, the German and French interior ministers managed to get across the message that they felt very strongly about gaining access to encrypted communications, well then that might resolve most of the political problems if not the technological ones. Especially with an election for both countries just around the corner. ®

Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading

Biting the hand that feeds IT © 1998–2022