Europol now latest cops to beg Big Tech to ditch E2EE
- Reference: 1713803406
- News link: https://www.theregister.co.uk/2024/04/22/europol_becomes_latest_cop_shop/
- Source link:
In a joint [1]declaration of European police chiefs published over the weekend, Europol said it needs lawful access to private messages, and said tech companies need to be able to scan them (ostensibly impossible with E2EE implemented) to protect users. Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.
"Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish," the declaration said. "They should not now."
[2]
The joint statement, which was agreed to in [3]cooperation with the UK's National Crime Agency, isn't exactly making a novel claim. It's nearly the same line of reasoning that the Virtual Global Taskforce, an international law enforcement group founded in 2003 to combat CSAM online, [4]made last year when Meta first first started talking about implementing E2EE on Messenger and Instagram.
[5]
[6]
While not named in this latest declaration [7]itself [PDF], Europol said that its opposition to E2EE "comes as end-to-end encryption has started to be rolled out across Meta's messenger platform." The UK NCA made a similar statement in its comments on the Europol missive released over the weekend.
The declaration urges the tech industry not to see user privacy as a binary choice, but rather as something that can be assured without depriving law enforcement of access to private communications.
[8]Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America
[9]Cooler heads needed in heated E2EE debate, says think tank
[10]Privacy and computer security are too important to be left to political meddling
[11]UK Online Safety Bill to become law – and encryption busting clause is still there
"We … call on the technology industry to build in security by design, to ensure they maintain the ability to both identify and report harmful and illegal activities … and to lawfully and exceptionally act on a lawful authority," Europol said.
Thus far, the pleading to Meta hasn't stopped it from beginning the global E2EE rollout that [12]began last year.
[13]
Gail Kent, Meta's global policy director for Messenger, [14]said in December the E2EE debate is far more complicated than the child safety issue that law enforcement makes it out to be, and leaving an encryption back door in products for police to take advantage of would only hamper trust in its messaging products.
Kent said Meta's E2EE implementation prevents client-side scanning of content, which has been one of the biggest complaints from law enforcement. Kent said even that technology would violate user trust, as it serves as a workaround to intrude on user privacy without compromising encryption - an approach Meta is unwilling to take, according to Kent's blog post.
As was pointed out during [15]previous attempts to undermine E2EE, not only would an encryption back door (client-side scanning or otherwise) provide an inroad for criminals to access secured information, it wouldn't stop criminals from finding some other way to send illicit content without the prying eyes of law enforcement able to take a look.
[16]
Meta hasn't responded to requests for comment on this latest E2EE row, but did tell us in 2023 that it doesn't need to leave a crack in its own encryption to detect illicit material.
"We don't think people want us reading their private messages, so have developed safety measures that prevent, detect and allow us to take action against this heinous abuse, while maintaining online privacy and security," a Meta spokesperson told us last year. "It's misleading and inaccurate to say that encryption would have prevented us from identifying and reporting accounts … to the authorities."
In other words, don't expect Meta to cave on this one when it can develop a fancy new detection algorithm instead. ®
Get our [17]Tech Resources
[1] https://www.europol.europa.eu/media-press/newsroom/news/european-police-chiefs-call-for-industry-and-governments-to-take-action-against-end-to-end-encryption-roll-out
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zibd@zWt3L4xvaWttn8NMwAAAEQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.nationalcrimeagency.gov.uk/news/european-police-chiefs-call-for-end-to-end-encryption-roll-out-to-include-public-protection-measures
[4] https://www.theregister.com/2023/04/21/meta_encryption_police/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zibd@zWt3L4xvaWttn8NMwAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zibd@zWt3L4xvaWttn8NMwAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.europol.europa.eu/cms/sites/default/files/documents/EDOC-%231384205-v1-Joint_Declaration_of_the_European_Police_Chiefs.PDF
[8] https://www.theregister.com/2022/09/20/encryption_abortion_data/
[9] https://www.theregister.com/2022/04/05/e2ee_rusi/
[10] https://www.theregister.com/2022/02/17/encryption_debate_against2_thurs/
[11] https://www.theregister.com/2023/09/20/uk_online_safety_bill_passes/
[12] https://www.theregister.com/2023/12/07/messenger_encryption/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zibd@zWt3L4xvaWttn8NMwAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://www.linkedin.com/pulse/launching-messenger-e2ee-gail-kent-ttktc/
[15] https://www.theregister.com/2023/04/18/wrong_time_to_weaken_encryption/
[16] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zibd@zWt3L4xvaWttn8NMwAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[17] https://whitepapers.theregister.com/
Re: they don't need "stalkers"
"The declaration urges the tech industry not to see user privacy as a binary choice, but rather as something that can be assured without depriving law enforcement of access to private communications. "
We're not worried about "stalkers". We KNOW, from historical prescient, that the rozzer is MORE that capable of ignoring due process and legal requirements to illegally access data when it damn well suits them. They'll ignore the requirements of obtaining warrants, seeking them *after* the dirty deed in order to appear pure and innocent, or simply "judge shop" their way into a sympathetic court so as to get a rubber stamp of approval.
We know the game. And we're not stupid enough to continuously fall for it. So the answer is, "No. And you did this to yourselves".
Let the little pigs scream
Let the little pigs scream "Wee! Wee! Wee!" all the way home.
No, we're not surprised by yet another pig pen wanting access to our data. They can leave empty handed just like all the rest. The oinkers have been trying this since the '90s.
Even though I don't use the specific applications they're targeting I take serious umbrage at the default assumption that simply being online means I'm presumed guilty of something.
Perhaps somebody should tell them about https://www.theregister.com/2024/04/22/meta_facing_dutch_government_departure/
No, it's the fact that you exist that makes you guilty. Noone is innocent. Shut up, we are asking the questions, here.
Presumably the same pinpoint following of laws such as, oh I don't know, the Feds use of FISA warrant procedure. Ha ha ha..
"Beyond the Reach of Law Enforcement"
The American West was called "the Wild West" for a reason!
Similarly, I don't think there was much effective law enforcement in Australia during the time the Crown was having certain classes of convicts sentenced "to Transportation".
And Canada, during its Gold Rush days, had a dearth of effective law enforcement.
The Internet is the New (Wild) West, and lots of us are okay with that. "Caveat Emptor", ya know?
Assumptions!! You May Have Heard Of Them
Why does this drumbeat about E2EE always ASSUME that the only encryption which needs a backdoor is supplied by huge wealthy interweb service providers??
ASSUMPTION #1
Do the people wanting backdoors not know that groups of individuals are perfectly capable of implementing private encryption within the group?
....especially if the group has a) money and b) a significant taste for privacy
ASSUMPTION #2
A private encryption scheme can be used in various ways:
(1) Using normal email (you know, gmail, hotmail, yahoo.......)
(2) Using services like SIgnal (so that when the Signal E2EE is broken.....all the snoops will find is......MORE ENCRYPTION!!!)
(3) ....and that's before users deploy anonymising tools to hide both identities and end points.......
So.......more useless noise from lawmakers and police organisations.....because those who CAN protect their privacy will do so......
.....without help from Meta, Signal, Telegraph, Apple or anyone else!!!!!
READING LIST:
(i) Applied Cryptography, Bruce Schneier
(ii) Cryptography Engineering, Ferguson, Schneier, Kohno
(iii) samba20, chacha20, Daniel Bernstein
(iv) Curve25519, Daniel Bernstein
(v) Diffie/Hellman (endless sources on the interweb, used because it ABSOLUTELY eliminates published encryption keys anywhere)
====
> "Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish,"
So private homes weren't a thing before the modern age? WTF? And even in the case where there was reasonable suspicion that something untoward was going on, authorities needed warrants to enter or spy on them.
I get it, modern communications provide a lot more opportunity to reach more people and further. However, I don't know how they are going to outright ban E2E comms. They might make it difficult to use large public services that way, but anyone can set up something private without the convenience of Signal or Whatsapp or the like. The "problem" is not these services, it is the tech, and that is not going away.
"it needs lawful access to private messages"
No problem.
Get a warrant.
You don't have one ? Go fuck yourself.
You do not need backdoored encryption. You need to follow the example of lawful authorities who have managed stellar successes by doing their fucking job .
Every cloud has a silver lining.
With no E2EE, hackers can access politicians e-mails and messages more easily and securely store them. So next time, when a PM has mislaid his phone, deleted his messages or forgotten his password, public-spirited hackers can hand over copies of their stash to the authorities and the media. Good news for forgetful politicians. Crowd sourced archiving promoting transparency in government.
* They could of course have rebuilt Boris's messaging from senders and recipients, but perhaps they were too busy for that. Government is very complicated, after all.
Where child abuse can flourish?
“ Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish ”
Well, there was that time members of the British establishment bussed kids from orphanages all over the kingdom, to be molested at Elm Guest House and Dolphin Square.
With power comes responsibility
Will the same authorities take responsibility when their snooping keys are abused by stalkers within their own agency or used by foreign oppressive governments to undermine national security or target minority groups?
This isn't speculation, it's already happened in other agencies and yet they now want even more powerful toys?
https://www.theregister.com/2020/10/28/nsa_backdoor_wyden/
https://www.reuters.com/article/idUSBRE98Q14H/
Might I modestly propose that all members of any agency proposing ending E2EE be required to use a backdoored system for all of their communications, both operational and personal for a period of at least 5 years to show how complete their faith is in the system and demonstrate that it can be effectively secured against malicious use? If it all works out, then we can consider rolling it out to the general public. Also, any member of the agency, no matter how senior caught using a properly secured communications system during this time would face immediate imprisonment as a presumed criminal.