Skip to main content

Who to blame? Scapegoating Encryption

Blaming everything on encryption is a recurring event. Whenever something bad happens that the intelligence services have no control over, it's because the encryption is at fault.
The latest outcry against it was UK Home Secretary Amber Rudd's take on What's Ups end-to-end encryption arguing that Britain’s intelligence services must have:

the ability to get into situations like encrypted WhatsApp

adding to the voices supporting the weakening of encryption or the planting of backdoors to popular consumer-level applications.

In stark contradiction to the Home Secretary's fruitless political talk, consider the position of ENISA, the European Union Agency for Network and Information Security, and the centre of network and information security expertise for the member states, the private sector and Europe’s citizens. This was outlined in its December 2016 essay on its recommendations on cryptography in the context of proposals to reduce its strength in order to facilitate interception and decryption of communications by the Security Services and strongly advices against any such weakening.
Its key findings are a mix of legal and technical aspects:
  • The use of backdoors in cryptography is not a solution. Existing legitimate users are put at risk by the very existence of backdoors. The wrong people are punished.
  • Backdoors do not address the challenge of accessing of decrypting material because criminals can already develop and use their own cryptographic tools.
  • Judicial oversight may not be a perfect solution as different interpretations of the legislation may occur.
  • Law Enforcement solutions need to be identified without the use of backdoors and key escrow. It is very difficult to restrict technical innovation using legislation.
  • History has shown that technology beats legislation and criminals are best placed to capitalise on this opportunity.
  • The perception that backdoors and key escrow exist can potentially affect and undermine the aspirations for a full embraced Digital Society in Europe.
  • History has shown that Legal Controls are not always successful and may harm and inhibit innovation.
  • The experience in the US that limiting the strength of encryption tools inhibited innovation and left the competitive advantage in this area with other jurisdictions.
full article on i-programmer.info


Comments

Popular posts from this blog

Serverless JavaScript

We recently joined in an interesting two-hour long conversation about Serverless JavaScript led by Steve Faulkner of Bustle who answered questions on Bustle, the Shep framework, the mindset behind the AWS Lambda infrastructure, and related topics.

The discussion took place on the Sideway conversation-sharing platform on January 6th. Here we present the best takeaways from the session which really should be taken notice of by anyone working on AWS.

Steve Faulkner:
At Bustle we serve over 50 million unique readers per month through a "serverless" architecture based on AWS Lambda and Node.js.  Of course there are still servers but we don't manage them. This shift has allowed us to develop products faster and decreased the cost of our infrastructure. I'll answer any questions about how we made this transition and how it has worked out. I'll also discuss some of the tools and best practises including our open source framework shep

Eran Hammer:
When would you…

Insider's Guide To Udacity Android Developer Nanodegree Part 3 - Making the Baking App

Continuing to chart my experience of Udacity's Android Developer Nanodegree we step up in level, embarking on the advanced part of the super-course.
Completing project "Popular Movies" (see Part 2 of this series) signaled the end of "Android Developer". Now we are ready to tackle the second element of the program "Advanced Android Developer", a new class with a new syllabus and project. Continuing to chart my experience of Udacity's Android Developer Nanodegree we step up in level, embarking on the advanced part of the super-course.

Completing project "Popular Movies" (see Part 2 of this series) signaled the end of "Android Developer". Now we are ready to tackle the second element of the program "Advanced Android Developer", a new class with a new syllabus and project.

"Advanced Android Developer" is a mixed bag of self contained material and of coding seven different sample apps to learn about the…

Export your Wunderlist tasks with XPath

As brought up in this ProductHunt thread, the news is that Wunderlist is going to be deprecated in favor of the new Microsoft To-Do note taking platform.

This is what Wunderlist support had to say in response to my inquiry on Wunderlist's future:

"Now that the next evolution of Wunderlist is here, in the form of Microsoft To-Do Preview (https://www.wunderlist.com/blog/...), Wunderlist will no longer receive any updates or bug fixes and will eventually be retired. It won’t happen in the next few months and we’ll be sure to give our users plenty of notice beforehand. In the meantime, you can continue to use Wunderlist normally. Of course, we’d also love for you to try To-Do and let us know how you like it – and how we can improve it. While Wunderlist will continue to exist alongside To-Do for the time being, support for Wunderlist will eventually be removed. Not to worry, though! We will inform all Wunderlist users prior to shutting down service. You'll have ample opport…