Skip to main content

Who to blame? Scapegoating Encryption

Blaming everything on encryption is a recurring event. Whenever something bad happens that the intelligence services have no control over, it's because the encryption is at fault.
The latest outcry against it was UK Home Secretary Amber Rudd's take on What's Ups end-to-end encryption arguing that Britain’s intelligence services must have:

the ability to get into situations like encrypted WhatsApp

adding to the voices supporting the weakening of encryption or the planting of backdoors to popular consumer-level applications.

In stark contradiction to the Home Secretary's fruitless political talk, consider the position of ENISA, the European Union Agency for Network and Information Security, and the centre of network and information security expertise for the member states, the private sector and Europe’s citizens. This was outlined in its December 2016 essay on its recommendations on cryptography in the context of proposals to reduce its strength in order to facilitate interception and decryption of communications by the Security Services and strongly advices against any such weakening.
Its key findings are a mix of legal and technical aspects:
  • The use of backdoors in cryptography is not a solution. Existing legitimate users are put at risk by the very existence of backdoors. The wrong people are punished.
  • Backdoors do not address the challenge of accessing of decrypting material because criminals can already develop and use their own cryptographic tools.
  • Judicial oversight may not be a perfect solution as different interpretations of the legislation may occur.
  • Law Enforcement solutions need to be identified without the use of backdoors and key escrow. It is very difficult to restrict technical innovation using legislation.
  • History has shown that technology beats legislation and criminals are best placed to capitalise on this opportunity.
  • The perception that backdoors and key escrow exist can potentially affect and undermine the aspirations for a full embraced Digital Society in Europe.
  • History has shown that Legal Controls are not always successful and may harm and inhibit innovation.
  • The experience in the US that limiting the strength of encryption tools inhibited innovation and left the competitive advantage in this area with other jurisdictions.
full article on i-programmer.info


Comments

Popular posts from this blog

Book Review : How To Create Pragmatic, Lightweight Languages

At last, a guide that makes creating a language with its associated baggage of lexers, parsers and compilers, accessible to mere mortals, rather to a group of a few hardcore eclectics as it stood until now.

The first thing that catches the eye, is the subtitle:

The unix philosophy applied to language design, for GPLs and DSLs"
What is meant by "unix philosophy" ?. It's taking simple, high quality components and combining them together in smart ways to obtain a complex result; the exact approach the book adopts.
I'm getting ahead here, but a first sample of this philosophy becomes apparent at the beginnings of Chapter 5 where the Parser treats and calls the Lexer like  unix's pipes as in lexer|parser. Until the end of the book, this pipeline is going to become larger, like a chain, due to the amount of components that end up interacting together.

The book opens by putting things into perspective in Chapter 1: Motivation: why do you want to build lan…

Machine Learning Applied to Game of Thrones

No-one wants the beloved series to end. Some, like the geeks at Pachyderm, have gone to great lengths to extend its life span, to the point of employing ML to serve the Iron Throne.  This is a new example of style transfer where ML identifies the essential characteristics of a genre in order to create its own examples, such as we've seen before with art  and even with cooking. But first of all, what is Pachyderm and where does that word come from?
full article on i-programmer

SAP's Creating Trustworthy and Ethical Artificial Intelligence

With the ink hardly dry on the pages of the EU Ethical AI Guidelines manifest, a free online course exploring the issues they raise is already in prospect on the openSAP platform. Run by members of the very same group, the European Union’s High-Level Expert Group on Artificial Intelligence, who wrote the guidelines and in cooperation with SAP's online education platform, a course with the titleCreating Trustworthy and Ethical Artificial Intelligence has been made accessible to anyone with an interest on AI or ML:
full article on i-programmer.info