I find the german answers [1] surprisingly reasonable.
High Five for the final answer:
> 11. Are there other issues that you would like to raise in relation to encryption and the possible approach to these issues? Please share any relevant national experience or considerations arising from your practice that need to be taken into account.
> Yes. A regulation to prohibit or to weaken encryption for telecommunication and digital services has to be ruled out, in order to protect privacy and business secrets.
I come from Germany. The situation is complicated. The responsible politicians tend to make statements that are contradicting or don't make any sense. There have been multiple statements that at least could be interpreted as supportive of encryption regulation. In one occasion there was a joint statement by the french and german ministers of interior - with the slight problem that the french and german versions of the statement were different.
Recently they created a new institution supposed to help decrypting messages. They never explained what that actually means. (I mean you simply can't decrypt properly designed crypto systems.)
Germany isn't the privacy paradise that some people in the international debates sometimes like to see in it.
On the other hand, it has a larger constituency in government who oppose undermining encryption than most other western nations and a good negative example in the recent past (the Stasi). Just look at the recent legislation passed in the UK, and the statements of Theresa May on encryption or the recent lawsuits by the FBI against Apple. It may be our best hope in stopping legislation mandating backdoors to encryption, which would damage everyone.
The most important difference is the parliamentary sovereignty of the UK. The biggest protector of privacy here in Germany is the constitution, and the Constitutional court rules fairly assertively on issues of privacy and civil rights, so what PM's do or don't do is not that important.
The UK has no such safeguard due to governmental structure.
BSI's job generally is ensuring IT security, not breaking it.
Even the weirder jobs they're tasked with, such as certifying backdoor software for LEAs, it's not about ensuring its operation as a backdoor, but that it only does the designated job (and in particular doesn't bring additional capabilities that are outside their charter)
I sometimes wish BSI had more teeth (e.g. when it comes to stuff like reviewing official backdoor trojans, it's annoying that we need private initiatives and the constitutional court every single time, although that keeps the topic hot), on the other hand it also has a strong whiff of incompetence and bureaucracy that I don't want to see with actual power.
> BSI's job generally is ensuring IT security, not breaking it.
Unfortunately that's also not true. The role of the BSI is very mixed and they have a role as both being offensive and defensive. Which is one of the problems. They're not trustworthy.
The BND/BSI split as implemented in Germany is relatively unique precisely to separate offensive and defensive concerns. The biggest issue IMHO is that they both report to the same federal office.
I worked on SINA components in the past, so I know first hand what they're capable of and what some parts of the German tech media claimed they're used for. (tl;dr: there's very little overlap between some of the more popular claims and reality)
I suspect something similar happened here: BKA and some contractors build the trojan software. BVerfG requires that these tools are limited in their impact, and lawyers would also have a field day in court with any case where the software was used, if it can be shown to create security issues and so the BKA requests a security audit from the BSI (that's part of their charter) and gets it. That might have meant some code (in form of patches) flows back, but given that it's the BSI we're talking about, I doubt it.
Unfortunately the BSI is chartered to do security reviews for federal software, so they can't simply refuse. Meanwhile BSI officials are paranoid because they know (from the SINA/ISP surveillance FUD) what public reception of such a job looks like and tries to do PR management (and fails, which surprises probably no-one).
Surprisingly interesting content for the clickbaity headline: Some excerpts from a questionnaire about how law enforcement deals with encryption answered by various EU governments, with esp. Poland calling for backdoors or weakened encryption.
Poland...calling for weakened encryption and backdoors. Students are going to be so confused when they see that 4 chapters after WWII in their history books.
Smart criminals will use strong encryption anyway and won't give the passwords to law enforcement both for data at rest and sent over the Internet.
I'm encrypting my disk now, but I'll give the password to police if they have a search warrant. I'm encrypting so if somebody steals my computer they won't read my data. I think that almost everybody is like me.
Weakening that encryption doesn't help me and doesn't help investigators. Sure, seeing strong encryption over the wire will ring alarms and identify sender and recipient. That works if they actually decrypt all the data sent over the Internet. The workaround for the tenaciuos criminals will be steganography. Narrower band but good enough in most cases. All that effort and damage to honest citizens for nothing.
This. In the U.S. at least, the 5th amendment gives you the right not to incriminate yourself. A search warrant doesn't change that.
Not all authentication methods are equal it appears. Fingerprint, facial recognition, other bio-metrics aren't considered the same as if you need to "speak" your password to someone. In other words, they can make you scan your finger or look into a camera, but they can't force you to tell them your password.
In the US, you are required to assist in the execution of a warrant (though naturally officers prefer executing it without your participation if possible).
You must unlock your door, and you must unlock your safe, if it is within the scope of the warrant.
How about forcing you to type the password, behind a Mantle of Power if need be, such that they can decrypt the disk, without ever knowing the password?
The way the law works here in the USA is that anything that requires you to disclose the contents of your mind (a passphrase, an explanation of where you were, your name) cannot be compelled because the fifth amendment precludes the use of that information to convict you.
Things that you ARE (such as fingerprints, DNA, hair color, photo, sample) can be compelled by a court order (e.g. a warrant) because they aren't the contents of your mind but physical aspects of your existence.
That's why the use of a strong passphrase that isn't tied to a biometric is important if you're worried about this sort of thing.
Can't the police/a warrant compel you to open a combination safe? That would be a case of you disclosing a passphrase/something in your mind, but contrary to your assertion.
They can certainly open the safe. They just can't compel you to TESTIFY to something.
The contents of your mind are sacrosanct. If they can compel you to divulge a combination, then they can also discern that you had access to that safe by virtue of possession of the combination. Not allowed by our laws.
As I understand it, in the US at least this is indeed the line. Same goes for combination vs keyed locks: you can't be forced to self-incriminate by sharing information, but you can be held in contempt for withholding evidence.
I imagine it gets murky around things like SSH keys, which are technically a kind of password, but too big for a human to remember - and therefore must be "instantiated" in a physical device somewhere.
> I imagine it gets murky around things like SSH keys, which are technically a kind of password, but too big for a human to remember - and therefore must be "instantiated" in a physical device somewhere.
A likely interpretation might be: an SSH key without a keyphrase is like a physical key, and you must hand it over, while a key with a keyphrase is like a combination lock, where you must hand it over but you are not required to state the keyphrase.
On the other hand, not giving your password right away may be interpreted as an indication that you have something to hide (which you inevitably do), and they may tag you for even further scrutiny.
Also, UK: don't give your password, go to prison. Indefinitely.
What about plausible deniability keys? 1 password hides the real stuff, and the second one that you give to the police just gives them access to your porn collection (which someone very well might want to hide!).
Well, they don't matter wrt. the law. Either the prosecution is convinced you gave up all the keys (you win), or they believe you gave them a key that was just a distraction and they throw you in jail unless you give them the other key (you lose).
How do you prove yourself innocent then? You did give them the keys.
The point is that you look exactly the same as an innocent person.
You are taking the only possible pathway to being proved innocent.
It'd be like if I were to say "It doesn't matter what you do. The police are corrupt anyway, and will take you out back and shoot you no matter what. Guilty or innocent, if you get accused of a crime, you are dead."
And if they are going to lock you up no matter what, then you may as well use multiple plausible deniability keys. As you said, it doesn't matter what you do, the outcome stays the same.
> How do you prove yourself innocent then? You did give them the keys.
Well, prosecution needs to have a legally convincing argument that indicates it is likely you have another encrypted partition you're not giving up keys to.
In fact, the situation is no different from this: say you're a murder suspect and a neighbour saw you carrying several large heavy sacks into your car and you drove away. Say what really happened is that you went and buried some bags of toxic waste in some location, and then went and buried a dead body in another location. When asked by prosecution, you confess to burying toxic waste and tell them where. The rest of the outcome of the trial depends entirely on whether you've successfully convinced them that you just buried the toxic waste.
That's fine, but your argument is effectively that you are screwed no matter what.
If you are truly innocent, the prosecution might claim "oh they have extra keys that they haven't given up", and there is nothing you can do to prove them wrong.
Like jbg said in another comment here, the legal system doesn't work that way, where the prosecution can claim you did stuff and you have to disprove the claim. The burden of proof is on the prosecution.
So you are agreeing with me that this tactic of plausible deniability with multiple encryption keys works then?
Which is it? Does encryption allow you to hide from the law, or can innocent people just be proclaimed that they are hiding something and that they have to give up keys that don't exist?
It is one or the other, because encryption plus multiple keys makes you 'indistinguishable' from an innocent person who truly cannot give you a key that doesn't exist.
The tactic might work, but how well it would work would depend on what other evidence was presented that you do have another encrypted area. For example, if they analyse the partition you gave them the key to and show that it hasn't been booted in 18 months; they cross-reference the cached DHCP leases with the times you were known to have been online using that machine and find discrepancies; they might even have secretly imaged your disk a month earlier and show that a large amount of supposedly free space has changed content in the meantime.
(Maybe they even have you recorded telling someone that you have a second encrypted area on the machine.)
If there's no such evidence, then it ought to be pretty hard to convict you.
In most jurisdictions, the prosecution being _convinced_ that you are guilty isn't enough to throw you in jail -- there's still the small issue of proving their case in front of a judge.
Which is terrifying, as the whole point of plausibly deniable passwords is that attitude will end up with innocent people in jail for data that doesn't exist have.
Until it's tested in court on a gray area case, it's hard to know for sure, but I'm pretty confident that UK courts would apply the "reasonable doubt" criterion to the fact that the defendant indeed posesses an encrypted volume they have not provided the keys to.
I.e. if the defendant can reasonably claim that there are no further encrypted volumes on their device, I don't believe they would be imprisoned under this rule.
This is one of the major issues with laws requiring password disclosure.
First of all, a truly careful criminal can use this method to comply with the law while still hiding what they are really after -- negating the usefulness to some extent.
Secondly, once law enforcement catches on to this, they can then claim that someone that does disclose a password actually gave them a plausible deniability or duress key, and they haven't actually given up the real key, and thus the innocent person could potentially be convicted for not giving up a password that doesn't even exist.
Indefinitely? So if the police digs up an old encrypted disc from your attic, and you legitimately forgot the password, you can be put away for the rest of your life?
Please stop spreading FUD about RIPA, there is no "indefinitely" involved, the maximum sentence is two years, unless it relates to child indecency, in which case the maximum sentence is increased to five years. [1]
Do you have a written citation for that, something from Out-Law.com (or equivalent), or from a qualified solicitor or barrister, which backs up the "I've heard..." up a little?
Not trying to be a hard ass, but I don't think HN benefits from people spreading "legal facts" (c.f. indefinite imprisonment) with an authoritative written tone but without citing legal precedent, or a detailed analysis of the statute in question.
I'm not a lawyer but I imagine if you were taken in front of the same Magistrate's Court or Crown Court, refused to decrypt the _same_ data a second time, were convicted under RIPA, sentenced, you'd have a damn good argument at appeal and it would very likely be quashed. IANAL.
To put more substance behind this opinion, we can look at the Sentencing Council, which when drawing up sentencing guidance, frequently uses the term "fair and proportionate" [1] which is something of a cornerstone remark about how the judiciary should go about dealing with infractions of the law. Reasonable humans would say going to prison twice for the same thing is neither fair, nor proportionate.
Dumb people believe this is about whether encrypted data from criminals can be decrypted or not. It's not about that. It's about being able of charging a criminal with something just for using encryption. That way it won't matter if he refuses to give up the key.
Thats why you use something like TrueCrypt to provide plausible deniability.
You have 1 partition/password with the stuff you actually want to hide, and you have a second password/partition that just contains your porn collection.
"Yes officer, I just use encryption to hide this stuff. Nothing illegal here. It is just embarrassing. Thats why I hide it."
Or "This 500gb file is just a garbage file of random numbers I keep because I heard harddrives last longer if they aren't empty".
In any reasonable legislation there shouldn't be a difference between not providing a password and not admitting you have anything encrypted at all (because no one can prove the difference anyway).
An important thing that is often forgotten is that most many aren't challenged for encrypted contents in criminal cases but civil lawsuits where the burden of proof is (also) on the defendant because there is no "beyond reasonable doubt" . In that situation, the mere existence of e.g. a file transfer log with the movie file name + an encrypted disk is enough to end up with massive damages. In that situation you would be very interested to show your unencrypted data if you don't have the file in question.
>but I'll give the password to police if they have a search warrant
What if the police are wrong? Or like in Canada the police were trying to find the sources of journalists who wrote about corrupt police. And maybe in the US Trump's hate of journalists could mean something similar.
My desire for personal privacy doesn't mean I am hiding anything. Maybe I don't want anyone to read my poetry or see family pictures nothing illegal but certainly private.
Almost nobody is entirely innocent under the law when sufficient scrutiny is applied, so giving LEO access to your computer invites a fishing expedition. IMO.
Yep. I had that happen. Someone tipped the police that me and some friends were hacking computers and stealing credit cards. We were raided, gave access to the police to our computers, they found nothing related to cc fraud (of course) but then prosecuted us for some pirated games they found.
"Give me six terabytes of data from the most honest of men and I will find something in them which will hang him. Probably before I make it past the boot sector." - Cardinal Richelieu
> I'm encrypting my disk now, but I'll give the password to police if they have a search warrant. I'm encrypting so if somebody steals my computer they won't read my data. I think that almost everybody is like me.
I may be taking the word "everyone" too literally, but I think that part of the problem is that most people don't think like you and don't really understand the benefits of encryption and why it's a practical tool for absolutely everyone, not just terrorists, pedophiles, and drug dealers. There's a very big educational gap when it comes to encryption, and I don't think that most people can even cover the basics of it very well, which makes it extremely difficult at times to tell if law enforcement and politicians even understand the implications of what they propose beyond the immediate benefit to their operations.
However, I do think that your position is probably the best that can help people to begin to understand why encryption is important; there still is a disconnect where most people don't understand that encryption is an all or nothing ordeal, or if they do, they accept the rationalization that the weakening of encryption is important for the security of the nation, whichever nation that may be.
But in general, encryption is a problem because it operates in a blackbox for the majority of people, and it's incredibly easy for talking heads to say just about whatever they want on it without being challenged. It feels to me like strong encryption is one of those lessons that people are going to have to learn the hard way, much like how a lot of people learn about backing up data only after having a hard-drive go with important data on it. Though it would likely be difficult to prove, I think it's going to require that a government exploit or something intentionally weakened by a governmental actor be utilized by criminals to harm the public at large before people really get the idea on what government-approved encryption really means.
The state has little incentive to care about such issues. Look at the success and continued use of BS forensic science... False positives aren't a problem.
Backdoors and weakened encryption means that there is no encryption going on at all. If any government official can get any information that means anyone can get that information as many of the people who break this stuff don't work for governments and governments are least technically capable actors. So it means there is effectively no encryption all if encryption is weakened or backdoored.
There is a difference between weakened and backdoored. Weakened is along the lines what you're saying - that likely others than just the governments can easily access, whereas backdoored (if done properly) means only the govt. Of course, this assumes a perfect world and that there is a proper way to backdoor - in the real world, adversaries simply attack the governments backdoors/keys.
Nonetheless, given your context of "there is no encryption going on at all" I argue does not necessarily hold for a backdoor - or at least not at the outset and if done properly. If the govt backdoor is a key for which huge amount of care is taken to protect and take the extreme example of the govt encrypting the only copy of the key and firing it off in one direction into space - there is a backdoor but this is not necessarily equivalent to "no encryption at all".
If the only thing sitting between you and life in prison is murder evidence on your drive, vs. a few years for obstruction of justice for not handing over a password, you'd take the "life in prison" door? I don't think most defendants or lawyers behave as nobly as that.
Killer use of Caps Lock and broken English. Proud of my country.
On a serious note, I really do hope that we won't follow USA steps this time. But I'm afraid that the average person doesn't really care for or understand cryptography. Maybe a dickpic approach à la John Oliver could be useful as a way to raise awareness on the matter.
Is it? NIST has been putting backdoors in recommended encryption standards. USA State Department also classifies strong cryptography as a munition. As far as I know we don't do similar things in Europe (yet?), but I could be wrong.
They're as meaningless as the American versions, only randomly ensnaring companies that sell to a doubleplus ungood entity. They don't do anything to stem the flow of crypto information or open source software to all parts of the globe.
And that NIST thing happened possibly once. It's not a common ongoing occurrence.
You quote that like Wassenaar is somehow a different thing to the US restrictions, but the US is a member of Wassenaar and ITAR is the USs implementation of it.
(So yes, to the broader point that all the Wassenaar countries implement very similar restrictions).
I was responding to the poster who wasn't sure if Europe had similar restrictions. Each country implements those agreements in unique ways, so my point was that everyone's implementation was basically pointless.
And, of course, the US's treatment of cryptography as munitions predates Wassenaar (the PGP case was previous to it, for instance), not sure about how everyone in Europe handled it prior to the agreement.
DES is also believed to contain a backdoor. And even if it only happened once, I still don't see how "Europe is farther down this path than the US is currently".
Thanks for the pointers. I knew about the UK but I believe it is an exception in Europe rather than the rule, as of now. Of course I agree with you that probably most countries will try to get there, unfortunately. Then again, I can only read stuff written in my own language or English so I don't have the full view.
DES isn't widely believed to contain a backdoor. There were (a long time ago) questions about the changes the NSA made to the S-boxes, but it has since become apparent that these changes actually strengthened the cipher against differential cryptanalysis.
DES was weakened in a much more prosaic manner: the effective key size was reduced to 56 bits.
Well I'm sure some people lost the respect for the guy after he jumped on the "vote for Hillary" bandwagon. But yeah, things like the Snowden interview, Net Neutrality and some other episodes are simply brilliant.
Exactly, time to move on now that fake choice #2 won the election.
Almost comical how easily and predictably we stay on track in terms of bread and circuses politics/media - almost comical - if it weren't all real and there wouldn't be far reaching and dire consequences.
I realise Hillary might not be a pillar of excellence in her personal electrical security, but at least she isn't trying to disband Net Neutrality like Trump currently seems to be. He's changing policies that will affect things for years to come.
Regulation of cryptography can help investigations but regulation is still a bad idea. A good explanation is something that my ethics professor said. It was something along the lines of "If a pen was used to write orders for the army to start WW2, should pens be banned?". The war would probably happened anyway even if pens were banned/regulated and it is certainly not the cause of the war. Cryptography is very similar: even if it would have been regulated, criminality will not just vanish.
You don't need to take on cryptography to fight cybercrime. Cybercrime usually leaves huge trail of evidence. Usually in form of lost money (transactions) and bricked devices.
Fighting cybercrime has different obstacles: it's usually cross-border, and its victims are usually common people. Nobody cares terribly much when a commoner loses $100. Even when there's a thousand of them.
What you need to take on cryptography, is "to snoop".
Why would you need that, huh?
> Usually in form of lost money (transactions) and bricked devices.
This is precisely why law enforcement doesn't need to weaken encryption nor weaken the rights of suspects and defendants. If there is a material crime, that crime has left a trail of evidence in the real world, especially a money trail.
And if you think Leviathan needs unbounded powers or you'll be left as a tasty morsel in the state of nature, physics has always bounded state power, and injustices happen when state power is pushed beyond natural bounds.
Can anybody point to organized lobbying efforts we can support to maintain all of this as far away as possible from Europe ? My country has refused to give the answers citing security reasons (according to the article).
In the Netherlands we have Bits of Freedom, they are mentioned in the article:
> Thanks to Bits of Freedom, those answers are now public. That's called transparency.
Another Dutch one I know is Privacy First. When elections come up we always have a vote advice website which is quite popular. You enter your opinion on some current topics (old example: joint strike fighter funding: continue or not?) and it computes which party's goals align the most. Privacy First had an interesting take on this: they looked at what parties pushed for in the past and matched that with what you would have wanted (focusing on privacy-related topics of course). Not looking at promises but at track record. Privacy First probably does other stuff as well, just like BoF, but I don't keep up.
What is freedom of information if countries can decide on their own whether they will release their answers on not ? It is disappointing that rebuttals to information requests do not have to go through any judicial system.
I think this shows the state of our intel community. They've been focused on wide-net operations. If a target is high enough of an asset, why not go the easiest route of installing booby-trapped login screens, hardware keyloggers and what not? It's the easiest and most effective way to spy on someone (I'm sure they already do this.) This is all a ploy to spy on citizens. Period.
You can probably read into this that their political masters are asking questions like "why can't you tell us who these 'lone-wolves' are before they attack?".
That's a good point, but I don't think the tools used to aggregate and analyze all this data is sharp enough to find the needle of a lone wolf in such a large haystack that's the internet. The signal-to-noise on the internet is ridiculously low. Then again, I may be wrong.
I've collated the answers to some of the questions:
* How often do you encounter encryption? The most common answer is 'often'. Germany does not collect this statistic. Czech Republic and Hungary: 'rarely', Latvia has both 'often' and 'almost always' in bold, UK 'almost always'.
* Online encryption: most common one is e-comms (everywhere but Italy), followed by TOR (everywhere but Hungary and Poland). Denmark, Finland, Germany and the UK reported encountering all types of encryption on the form.
* Offline encryption: it's not very clear what is an encrypted device (it includes computers) and what is an encrypting application (they give disk encryption tools as examples), but all countries except Poland selected devices and all countries except Italy selected applications
* It sounds like the accused can only be compelled to disclose passwords or keys in the UK, but Italian LE would also like that very much, despite having reported that 'the current national law allows sufficiently effective securing of e-evidence when encrypted'.
* In Croatia, Latvia and Poland they consider that the current national laws don't allow effective securing of encrypted evidence. The answer to this question is not available for Czech Republic and the UK.
A few other interesting things I've noticed:
Croatia: 'There is no practical experience' regarding 'intercepting/monitoring encrypted data flow'; 'Tools for decryption are used in less complex case [...]. Foreign companies’ services were not used so far.'
Czech Republic: 'Additional intentional encryption is quite rare in most cases although encrypted mobile phones are more and more popular among members of certain organized crime groups.'
Denmark: 'The main issue with trying to decrypt encrypted data is of a technical nature. Furthermore the equipment needed to break encryption is costly and the process itself takes a lot of time.'; 'In general terms, we can inform you that commercial software is among the tools used to decrypt data'; 'Decryption typically requires large hardware resources (processing power) as the encryption offered by service providers is very strong.'
Estonia: 'The main problem is that communication or data are encrypted and if key is not available, it is not possible to decrypt them.'
Finland: 'In case of full-disk encryption, which is rare, we have to either use brute force attacks, or try to obtain the credentials some other way'; 'We do not usually use private sector companies for decryption purposes, but of course a large part of the software/hardware used are commercial products'; 'Wireless criminal intelligence gathering can be challenging, because the LE sector has limited legal rights to gather for example WIFI data'; 'Sometimes insufficient computational capacity of our password-breaking platforms make the decrypting process too lengthy'; In general they talk about C&C servers for botnets quite a lot.
Germany: Regarding intercepted encrypted comms: 'In many cases, analysis of actual communication content is not feasible.', 'A regulation to prohibit or to weaken encryption for telecommunication and digital services has to be ruled out, in order to protect privacy and business secrets.'
Hungary: it sounds like they gave the form to the wrong dept? 'Our unit is not dealing with decryption, therefore we do not have any practical experience in this field.', 'Our unit is not dealing with such techniques.'
Italy: covered in the OP
Latvia: 'LV sees as clear added value of EC3’s encryption/decryption platform; LV also highly values the availability of the Europol Platform for Experts.';
Poland: mostly covered in the OP, I'll add 'The specialised computers (GPU clasters[sic]) which can decrypt encrypted e-evidences are very expensive.'
UK: It reads like a polished PR piece, at least relative to the others. Provides non-answers. It's probably worth taking a closer look. For example to 'Under your national law, is it possible to intercept/monitor encrypted data flow to obtain decrypted data for the purposes of criminal proceeding?' they responded with 'Section 17 of the Regulation of Investigatory Powers Act 2000 prevents intercepted material from being used as evidence in legal proceedings.', which doesn't actually answer the question.
"wants to regulate cryptography"??? - I suggest it's already in place. For example, if you wish to create crypto software or hardware (or in some cases even simply importing a crypto library) - for 2 sides to communicate requires sharing either the source, software binaries, or hardware itself - and if 1 of those is outside of the country then obviously export and/or import of the source/sw/hw occurs and therefore crypto controls come into effect.
High Five for the final answer:
> 11. Are there other issues that you would like to raise in relation to encryption and the possible approach to these issues? Please share any relevant national experience or considerations arising from your practice that need to be taken into account.
> Yes. A regulation to prohibit or to weaken encryption for telecommunication and digital services has to be ruled out, in order to protect privacy and business secrets.
Go Germany!
[1] https://www.asktheeu.org/en/request/3347/response/11727/atta...