this post was submitted on 15 Jul 2024
44 points (100.0% liked)

Privacy

4211 readers
22 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
 

cross-posted from: https://links.hackliberty.org/post/2121207

EU’s law enforcement agency Europol is another major entity that is setting its sights on breaking encryption.

This time, it’s about home routing and mobile encryption, and the justification is a well-known one: encryption supposedly stands in the way of the ability of law enforcement to investigate.

The overall rationale is that police and other agencies face serious challenges in doing their job (an argument repeatedly proven as false) and that destroying the internet’s currently best available security feature for all users – encryption – is the way to solve the problem.

Europol’s recent paper treats home routing not as a useful security feature, but, as “a serious challenge for lawful interception.” Home routing works by encrypting data from a phone through the home network while roaming.

We obtained a copy of the paper for you here.

Europol appears to want to operate on trust: the agency “swears” it needs access to this protected traffic simply to catch criminals. And if the feature was gone, then ISPs and Europol could have smooth access to traffic.

But if the past decade or so has taught law-abiding citizens anything, it is how, given the right tools, massive government and transnational organizations “seamlessly” slip from lawful to unlawful conduct, and secretive mass surveillance.

Not to mention that tampering with encryption – in this instance available in home routing as a part of the privacy-enhancing technologies (PET) – in security and privacy terms, means opening a can of worms.

It turns out, as ever, that agencies like Europol actually do have other mechanisms to go after criminals, some more controversial than others: one is “voluntary cooperation” by providers outside the EU (in which case Europol has to disclose information about “persons of interest” using foreign phone cards with other countries) as well as issuing an EIO – European Investigation Order.

But that barely compares to breaking encryption, in terms of setting up the infrastructure for effective mass surveillance. Europol’s complaint about the available procedures naturally doesn’t mention any of that – instead, they talk about “slow EIO replies” that hinder “urgent investigations.”

Europol presents two solutions to the home routing encryption “problem”: One, disable PET in home routing. The second is a cross-border mechanism inside the EU where “interception requests are quickly processed by service providers.”

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 4 months ago (1 children)

How are legislators not able to understand yet that

  1. This is technically impossible

And

  1. If it was possible, it would massively disrupt society?

Either some billionaire is convinced there is value in ruining encryption, or a multinational police union back channel is coordinating this messaging (since it's in the EU as well as the USA)

[–] [email protected] 3 points 4 months ago* (last edited 4 months ago)

Look at the way the fcc has banned encryption over ham radio networks in the US. No one cares because it's ham radio and who tf uses that but it is still a working playbook, they just have to make it work on a larger scale. The most viable way is to do something like that. Make it so that only corporations and banks who fork over licensing money are lawfully allowed to have encryption and any average Joe caught using encrypted packets goes to jail.

Never underestimate the burning desire rich people and corrupt politicians have to fuck over everyone else. They always find a way.