
European Parliament Draft to Enforce End-To-End Encryption for Citizens' Privacy - dpflan
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2F%2FEP%2F%2FNONSGML%2BCOMPARL%2BPE-606.011%2B01%2BDOC%2BPDF%2BV0%2F%2FEN
======
SimonPStevens
Contrast this to the 'soon to be former member of the EU' UK where Theresa May
is trying to force companies to add backdoors and ban end to end encryption.

:-(

~~~
Xoros
Hand in hand with new French president.

:-(

[https://www.buzzfeed.com/amphtml/patricksmith/france-and-
the...](https://www.buzzfeed.com/amphtml/patricksmith/france-and-the-uk-are-
calling-for-tougher-action-against)

~~~
fauigerzigerk
The article doesn't say that.

~~~
Silhouette
That particular article might not, but the joint press conference after those
talks made it about as clear as politicians ever are that they agree on this
point.

------
skrebbel
Any tldr? I have a very hard time getting through this, but as the founder of
a Europe-based messaging company ([https://talkjs.com](https://talkjs.com)), I
wonder whether this is trouble.

En-to-end encryption is great but it also kills quite a number of use cases.
For example, our group conversations couldn't be e2e encrypted because then
users can't see the message history from before they joined it. In whatsapp
this is indeed the case, but for our platform it is a core feature. Same for
Slack, I suppose. Similarly, Slack search would be totally out of the door.
(unless, again, you make it only search the stuff sent to you)

~~~
c22
Couldn't group chats be encrypted with a shared key that is provided to the
new user by whoever invites them to the chat? The messages would still be
encrypted and decrypted only at the ends.

~~~
skrebbel
In all honesty if you keep the key on a server you might as well not encrypt
the messages to begin with (except in transmission ofc, but hey, https).

Storing the key right next to the encrypted messages makes it no more secure
than ROT13'ing the messages.

~~~
c22
The key doesn't have to be shared with the server.

~~~
skrebbel
Ahyes, good point.

------
onestone
Apparently the EU Parliament is trolling Theresa May.

~~~
toyg
Not just EP, but the Council and Commission as well, since they initiated the
legislative process. That means the 27 governments are also behind it, at the
moment. This is very surprising to me - no government is free of authoritarian
elements, especially in centralistic States like France, Hungary, Italy or
Spain. Their unilateral disarmament would be peculiar.

I don't see this proposal going all the way, to be honest, it seems too
idealistic. I expect it will be perverted into its opposite, e.g.
justification for "review methods" that states could apply to "check if your
encryption is secure", which would result in compromising that very security.
Remember that EU law is adapted at individual state level; for generic stuff
like this, there is plenty of space for _interpretation_ by national
legislators.

As a supporter of the EU concept, I think this is dangerous territory for the
Union, at a time when its popularity is pretty low. I hope I'll be proven
wrong.

~~~
TomMarius
"27 governments" aren't behind this. Members of the EP from 27 states are
behind this, but in many cases, they have nothing in common with the actual
government of the country. So little voters care about and participate in the
election (often less than 25%) it's easy to win - and the parties that
participate in the government don't care at all, thus making EP election the
ideal target for otherwise irrelevant parties.

~~~
fauigerzigerk
The turnout in the most recent European elections was 43%. The makeup of the
EP doesn't support your claim either. It is dominated by essentially the same
parties that rule on a national level.

~~~
TomMarius
That's true for the western part of the union, but it's very different in the
eastern part. In the Czech Republic, it's been 31%, 28% and 28% (since 2004),
and our voters are participating the most compared to other eastern states.

~~~
fauigerzigerk
43% is the average across the EU. It's not surprising that it takes a while
for new members to fully participate.

You are mistaken about Czech turnout though. It's the second lowest of all
members:
[http://www.europarl.europa.eu/elections2014-results/en/turno...](http://www.europarl.europa.eu/elections2014-results/en/turnout.html)

[Edit] For comparison: Turnout in the 2014 US mid-term elections was 36%. In
the most recent presidential elections it was 55%.

------
mbroncano
It certainly seems the EU is becoming an actual land of the free

~~~
wbillingsley
Well, apart from the protection racket aspects of it that are going on at the
moment.

Ah, this is a nice country. It would be a shame if something were to happen to
it. I'm so sorry you were thinking of leaving, and stopping paying us billions
per year. We really must ask you to hand over a hundred billion before we'll
talk about any kind of trading relationship with you -- it would be such a
shame if we happened to design the barriers in such a way that would
accidentally maximise harm to your economy. But you know you're always welcome
to stay and keep paying us just a few billion each year.

~~~
HatchedLake721
Racket? Sorry, but this is nonsense that Daily Mail spreads. The £100bn is not
a Brexit divorce bill, it's UK's financial commitments as a member state.

Just because you leave to live in another country, doesn't mean you can stop
your mortgage payments and still expect to have a relationship with the
lender.

Leave if you wish, but honour your financial commitments you agreed and signed
by either paying the whole mortgage upfront or agree to pay over the X period
(which is what will most likely happen during negotiations).

~~~
Silhouette
I don't want to get bogged down in Brexit politics, but someone should point
out that the £100B figure is not something to take seriously.

Firstly, it's not an official figure but rather an estimate by outside
observers of the maximum bill the UK could be landed with given the worst (for
the UK) interpretation of a wide range of plausible criteria about what might
or might not be included in any settlement. You have to make some quite one-
sided assumptions to get to a figure this high, and typically the reports
where these kinds of figures come from do show this, though of course headline
writers don't tend to incorporate such nuance.

Secondly, even if it were some sort of official figure, it would be
politically untenable for the UK to accept it. The UK's net contribution to
the EU _as a member enjoying full membership benefits_ is about an order of
magnitude smaller. The EU plans budgets on a 7-year cycle (the current one is
2013-2020) but the actual budgets are made annually. Those budgets normally do
commit to future spending with quite a long tail, but the curve is very front-
loaded and most money committed in any given year's budget is usually to be
spent within 2-3 years.

So a figure in the region of £100B would be like asking the UK to pay for
around another decade of full membership after it's left, a period far beyond
most current spending commitments the EU is making. Moreover, the current EU
position is that this needs to be negotiated independently, before any deal on
any benefits the UK might retain in some form as a result of any future
agreement or payments, so there would be little if any guarantee about the UK
getting anything in return for that extra financial support to the EU.

Personally I'm still hoping for the professionals to take over from the
politicians and come to a reasonable agreement. I don't think they have much
chance of doing that in less than 2 years, but with an extra 2-3 years of some
sort of transitional arrangement, it doesn't seem impossible. They could deal
with the budgeting issues and current financial commitments at that notice,
allowing a more graceful withdrawal by the UK without either anyone feeling
they'd had funding cut off abruptly on the EU side or the UK putting up either
a huge lump sum or any sort of ongoing financial support to the EU without
getting something worthwhile in return.

------
glasz
don't let yourselves be fooled, fools. if this takes any real form, it'll be
gutted and ripped apart until there's nothing of essence left because it would
mean the following ingenius legislation be repealed.

and. that. will. never. happen.

[https://en.m.wikipedia.org/wiki/Telecommunications_data_rete...](https://en.m.wikipedia.org/wiki/Telecommunications_data_retention#European_Union)

[https://en.m.wikipedia.org/wiki/Passenger_name_record](https://en.m.wikipedia.org/wiki/Passenger_name_record)

~~~
yorwba
Page 30:

> _When the processing of electronic communications data by providers of
> electronic communications services falls within its scope, this Regulation
> is without prejudice to the possibility for the Union or Member States under
> specific conditions to restrict by law certain obligations and rights set
> out in this Regulation when such a restriction is targeted at persons
> suspected of having committed a criminal offence and constitutes a necessary
> and proportionate measure in a democratic society to safeguard specific
> public interests, including national security, defence, public security and
> the prevention, investigation, detection or prosecution of criminal offences
> or the execution of criminal penalties, including the safeguarding against
> and the prevention of threats to public security. Therefore, this Regulation
> should not affect the ability of Member States to carry out lawful
> interception of electronic communications or take other measures, if
> necessary and proportionate to safeguard the public interests mentioned
> above, in accordance with the Charter of Fundamental Rights of the European
> Union and the European Convention for the Protection of Human Rights and
> Fundamental Freedoms, as interpreted by the Court of Justice of the European
> Union and of the European Court of Human Rights._

This is not about preventing state surveillance, this is about regulating
_non-state_ actors' ability e.g. to track users without their consent.

Edit: However, on page 74

 _> The providers of electronic communications services shall ensure that
there is sufficient protection in place against unauthorised access or
alterations to the electronic communications data, and that the
confidentiality and safety of the transmission are also guaranteed by the
nature of the means of transmission used or by state-of-the-art end-to-end
encryption of the electronic communications data. Furthermore, when encryption
of electronic communications data is used, decryption, reverse engineering or
monitoring of such communications shall be prohibited. Member States shall not
impose any obligations on electronic communications service providers that
would result in the weakening of the security and encryption of their networks
and services._

It seems to me that this requires end-to-end encryption, but the regulation is
scoped in such a way that the requirement may be lifted when it inconveniences
law enforcement.

~~~
HappyTypist
The key is the OR:

* "sufficient protection in place against unauthorised access or alterations"

* "guaranteed by the nature of the means of transmission used "

* "OR"

* "state-of-the-art end-to-end encryption of the electronic communications data"

aka:

\- HTTPS, non-ETE: fine

\- HTTP, non-ETE: not fine

\- HTTP, ETE: fine

------
caiob
Trying to make sense of these drafts still being written in English, given
that with Brexit, none of the countries in EU zone have English as their first
language (with exception of Ireland). Convention?

~~~
visarga
We still need English to talk amongst ourselves. Thanks UK for leaving this
parting gift.

~~~
_ph_
Actually, this is a huge opportunity. The EU really needs an official
language. So far, politics have prevented selecting the language of one large
member state to the point where there were proposals to select latin. This
document shows that English is the de-facto most common language in the EU.
After Brexit, there would be less political opposition to make English
official, after all only Ireland uses it as its official language so far.

As a German, I would be equally happy if it were French, as long as we finally
get an "official" language throughout the EU, but English is much more a
likely candidate now, so we should seize the opportunity.

~~~
blibble
> after all only Ireland uses it as its official language so far

don't forget Malta!

~~~
Someone
Cyprus, de facto, also is English-spoken.

English also is a recognized regional language in two of the three Caribbean
parts of the Netherlands (Saba and Sint Eustatius), which means it can be used
in communication with the government
([https://en.wikipedia.org/wiki/List_of_territorial_entities_w...](https://en.wikipedia.org/wiki/List_of_territorial_entities_where_English_is_an_official_language#Country_subdivisions))

(As another indication of the weird status of these regions, they also have
the US dollar as the official currency.)

------
infodroid
Please append [pdf] to the title.

------
newzzy
tldr?

~~~
dpflan
Perhaps this article?

[http://www.tomshardware.com/news/european-parliament-end-
to-...](http://www.tomshardware.com/news/european-parliament-end-to-end-
encryption-communications,34809.html)

