Backdoor backlash: European Parliament wants better privacy

Less tracking, more consent, and stronger encryption says privacy committee


A committee of the European Parliament is pushing back against the anti-encryption sentiment infesting governments around the world, with a report saying citizens need more protection, not less.

In a draft report that landed last week, the parliament's Committee on Civil Liberties, Justice and Home Affairs says data protection in the European Union hasn't kept pace with the threats, and needs modernisation.

New technologies have led to inconsistent privacy protection under the 2002 Regulation on Privacy and Electronic Communications, the committee's paper (PDF) explains: for example, new over-the-top (OTT) services offer substitutes for existing services, but aren't subject to the same regulations.

Similarly, the paper says, the current regulations haven't kept pace with how the machine-to-machine traffic in the Internet of Things can expose citizens.

You have to scroll a long way down the paper to get to the committee's attitude about encryption, but it's worth the wait. Here's how Amendment 116 starts:

The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.

Backdoors are dismissed out-of-hand in the proposed amendment: “decryption, reverse engineering or monitoring of such communications shall be prohibited”, it says, and EU member states “shall not” demand backdoors from communications providers.

That's the exact opposite of what Germany's interior minister Thomas de Maizière announced last week when he said the country was working on a law to give itself the right to decrypt messages (joining the UK, USA and Australia in the belief that safe backdoors are feasible and Pi can be legislated to a value of 3.0).

That, of course, is the problem the European Parliament committee faces: trying to get the proposed amendments voted through, when so many individual countries have given themselves the legal if not the technological power to crack cryptography.

The committee also wants to ban the wholesale trade in Web browsing histories, and if someone's snooping on your devices to infer your behaviour, they would need to get users' consent.

Do Not Track is supported throughout the proposal, and the committee says it should reach far beyond the browser. Cars, phones or fitness trackers should also respect no-track requests from customers.

Privacy consultant and stakeholder in the committee's deliberations Lukasz Olejnik has a discussion of the proposed privacy protections here. ®

1


Other stories you might like

  • Germany to host Europe's first exascale supercomputer
    Jupiter added to HPC solar system

    Germany will be the host of the first publicly known European exascale supercomputer, along with four other EU sites getting smaller but still powerful systems, the European High Performance Computing Joint Undertaking (EuroHPC JU) announced this week.

    Germany will be the home of Jupiter, the "Joint Undertaking Pioneer for Innovative and Transformative Exascale Research." It should be switched on next year in a specially designed building on the campus of the Forschungszentrum Jülich research centre and operated by the Jülich Supercomputing Centre (JSC), alongside the existing Juwels and Jureca supercomputers.

    The four mid-range systems are: Daedalus, hosted by the National Infrastructures for Research and Technology in Greece; Levente at the Governmental Agency for IT Development in Hungary; Caspir at the National University of Ireland Galway in Ireland; and EHPCPL at the Academic Computer Centre CYFRONET in Poland.

    Continue reading
  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • Police lab wants your happy childhood pictures to train AI to detect child abuse
    Like the Hotdog, Not Hotdog app but more Kidnapped, Not Kidnapped

    Updated Australia's federal police and Monash University are asking netizens to send in snaps of their younger selves to train a machine-learning algorithm to spot child abuse in photographs.

    Researchers are looking to collect images of people aged 17 and under in safe scenarios; they don't want any nudity, even if it's a relatively innocuous picture like a child taking a bath. The crowdsourcing campaign, dubbed My Pictures Matter, is open to those aged 18 and above, who can consent to having their photographs be used for research purposes.

    All the images will be amassed into a dataset managed by Monash academics in an attempt to train an AI model to tell the difference between a minor in a normal environment and an exploitative, unsafe situation. The software could, in theory, help law enforcement better automatically and rapidly pinpoint child sex abuse material (aka CSAM) in among thousands upon thousands of photographs under investigation, avoiding having human analysts inspect every single snap.

    Continue reading
  • Australian digital driving licenses can be defaced in minutes
    Brute force attack leaves the license wide open for undetectable alteration, but back end data remains unchanged

    An Australian digital driver's license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure.

    New South Wales, Australia's most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of the state's eight million people use the "Service NSW" app that displays the DDL and offers access to many other government services.

    Now, a security researcher at cybersecurity company Dvuln claims he was able to brute force his way into the app with nothing but a Python script and a consumer laptop. Once inside, he found numerous security flaws that made it simple to alter the DDL stored in the app. 

    Continue reading
  • Protecting data now as the quantum era approaches
    Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

    Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.

    It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.

    A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.

    Continue reading
  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • China offering ten nations help to run their cyber-defenses and networks
    Sure, they’re small Pacific nations, but they’re in very strategic locations

    China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities – all with the help of Chinese tech vendors.

    Newswire Reuters broke the news of China’s ambitions after seeing a draft agreement that China’s foreign minister Wang Yi is reportedly tabling on a tour of Pacific nations this week and next.

    The draft agreement proposes assistance with data governance, training local police, and mapping the marine environment. Supply of customs management applications, possible funding of data links to island nations, and cyber-security assistance are also reportedly on the table.

    Continue reading

Biting the hand that feeds IT © 1998–2022