Archive | February, 2015

European Parliament still standing up to PNR

Thursday and Friday this week there will be another EU summit, where national leaders will adress security issues. A European Passenger Name Registration (PNR) system will to be among the top subjects on the agenda — as this also is to be a priority topic at the Global Security Summit in the US next week.

But the European Parliament will not back down. The majority position seems to be that you should not retain personal data about all air passengers in the EU — only when it comes to “a smaller target list of suspects”.

Liberal MEP Sophie in’t Veld declares that “fundamental issues of trust surrounding data sharing needed to be addressed before provisions for collecting data are centralised”.

Read more: Parliament resists pressure on passenger data ahead of EU summit »

/ HAX

1

In two weeks time, world leaders may decide to undermine encryption

There are telltale signs that the US administration will move against encryption. The latest comes from Bob Litt, the General Counsel for the Office of the US Director of National Intelligence (ODNI).

In a speech this week he echoed the demand that government should be allowed access to all our information. Among other things, he touched on the idea of a magical golden key.

I’m not a cryptographer, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.

Even if this is not a ban on encryption, it is very serious. Mike Masnick at  Techdirt explains…

I’m not sure how many times in how many different ways this needs to be explained, but what they’re asking for is a fantasy. You cannot put a backdoor in encryption and create a magic rule that says “only the government can use this in lawful situations.” That’s just not how it works. At all. The very idea of decryption by a third party “compromises the integrity of the encryption technology,” almost by definition.

But I’m not sure this will be considered as a valid argument by our ignorant politicians.

It would make little sense for the US to go for a “magical golden key” on its own. Likely other members of the NSA Five Eyes group (UK, Canada, Australia and New Zeeland) will do the same.

And the EU? Europe normally follows the US in these matters. There will be an Global Security Summit in Washington later this month. And there are reasons to believe that also politicians in most EU member states would like to give their authorities the ability to circumvent encryption.

As EU member state ministers for justice and home affairs made their last meeting (in Riga) an informal one, this topic might very well have been up for discussion. (But the public is not allowed to know exactly what went on.) This is exactly what you might expect — and exactly the kind of thing the Council would keep under wraps, to avoid debate and protests until it’s too late. And the timing is just right.

The way the world is right now (Ukraine, IS and potential monetary crises) it should be no problem for world leaders to package the whole thing as “emergency legislation”.

The European Parliament will object, no doubt. But it will be sidestepped. All EU member states have to do is to agree to make this national legislation in all (or most) member states.

As a matter of fact, the EU has no formal competence when it comes to national security matters. So it will have to be a multilateral arrangement.

All the European Parliament can do is to try to protect human and civil rights in a wider sense. But that will probably not go beyond a sharply formulated resolution.

The matter can be sent to the European Court of Justice (for breach of the EU Charter of Fundamental Rights) or the European Court of Human Rights (upholding the European Convention on Human Rights). But in both cases a court process may drag out for years.

In this matter, politicians can do almost as they want. And they will not fail to make use of current world events as an excuse. (Never waste a good crisis.) The only thing that might stop them is general outcry — on a massive scale.

Soon we will know. All eyes on the Global Security Summit in the US on February 18.

/ HAX

Techdirt: Intelligence Community’s Top Lawyer Endorses Desire For Unicorns, Leprechauns & Golden Keys That Don’t Undermine Encryption »

2

Obama to make policy decision on encryption

The New York Times reports…

“Decisions remain to be made, for example, on whether the government will accede to the review group’s insistence that the intelligence agencies support stronger encryption of data to protect against hacking — at a moment when the F.B.I. and many intelligence officials are protesting that new encryption technologies used by Apple for its iPhones and other firms are making it all but impossible to decode the communications of suspected criminals or terrorists. Mr. Obama is expected to make decisions on those issues in the coming weeks.”

Read more: President Tweaks the Rules on Data Collection »

2