European Union (EU) citizens can now get an idea of what their governments want – and are doing about – cryptography regulation.
The news is bleak: the responses to a survey sent to EU governments indicate widespread support for restricting citizens' access to encrypted communications.
As the freedom of information (FOI) cover letter from the Council of the EU's transparency unit explains, the survey was sent to members in September, following a discussion about crime. So far, 25 countries have completed the questionnaire, and 11 provided their responses for publication.
Of those published in the FOI so far, what's particularly revealing to The Register is the disparity between different law enforcement agencies' views on encryption.
It's quite accurate, for example, for the Italian response to note that it's seeing HTTPS all over the place, given the concerted push by 'net luminaries to persuade site operators to employ it and therefore offer better protection to sensitive data.
However, even other countries that say their law enforcement often encounters encryption didn't nominate HTTPS as something they encountered in the course of their investigations (Finland and Poland, for example). It's feasible, even likely, that such countries didn't tick the “HTTPS” box because peoples' day-to-day banking isn't the topic of investigation – rather, it's the communications over Tor, or in comms apps like Skype and WhatsApp, that they want to crack.
However, as Olejnik notes, there's pretty broad support for backdoors or pushing the tech sector to weaken their crypto algorithms.
Poland, for example, said it uses Hashcat, brute force, and dictionary attacks to try and get at encrypted data, but apparently these aren't working as well as it would like. So it wants to “encourage software/hardware manufactures to put some kind 'backdoors' for LEA or to use only relatively weak cryptographic algorithms”.
Italy's response says it uses some kind of wiretap compromise where it can - and that means it dislikes the iPhone. We'll spare you quotes from that document, which was authored with the CAPS-LOCK ON.
There is, as Olejnik notes, a common complaint among EU countries that they don't have the money, technology, or skills to fight cybercrime (reading the responses we have to agree there's a lack of skills).
Which is probably why if Sweden wants to decrypt a device, its approach is to question the user [Hopefully not using rubber-hose decryption - Ed]. ®