Europol Becomes Latest Law Enforcement Group To Plead With Big Tech To Ditch E2E...
source link: https://it.slashdot.org/story/24/04/22/1714217/europol-becomes-latest-law-enforcement-group-to-plead-with-big-tech-to-ditch-e2ee
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Europol Becomes Latest Law Enforcement Group To Plead With Big Tech To Ditch E2EE
Become a fan of Slashdot on Facebook
binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror
Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 20 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
"Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish," the declaration said. "They should not now." The joint statement, which was agreed to in cooperation with the UK's National Crime Agency, isn't exactly making a novel claim. It's nearly the same line of reasoning that the Virtual Global Taskforce, an international law enforcement group founded in 2003 to combat CSAM online, made last year when Meta first first started talking about implementing E2EE on Messenger and Instagram.
-
›
Let's see the people who want to see an end to End to End Encryption give it up first.-
Oh dear lord, the hyperbole. We allow law enforcement access to all other forms of communication with a lawful warrant. So should this particular technology be exempt from that?
-
The hyperbole is that traditional communication mechanisms are intercepted a lot more selective. Once a backdoor into E2E is created for one purpose, it can be considered broken for everyone. Or to put it a different way: guess where a lot of industrial espionage starts? At the "lawful" interception mechanisms.
-
You've got it backwards. We should be stopping them from accessing other forms of communication, not destroying everybody's security with backdoors in encryption.
-
-
-
-
I it's as easy as reading the decrypted message at either end, you should have no problem with giving them the ability to read it (with a warrant).
-
-
by MpVpRb ( 1423381 ) on Monday April 22, 2024 @02:11PM (#64414858)
You can either have strong security or no security
All of online commerce and banking requires strong security
Some believe the fantasy that it's possible to restrict security so that only the good guys can have itThis is absurd for several reasons
First, it's difficult to define who the good guys are or to ensure that they will remain good
Second, the bad guys are often smart and well practiced at finding workarounds
The only ones who will suffer are inept criminals and honest citizens who are victimized by smart scammers-
I worked with cops a lot for a while. I like to think the ones I worked with were good, or at least not bad. I still read about them from time to time in the news, and not in a good way.
A cop is a tool, you trust them when you have to, but always keep in mind they are people and not machines. They have their own motivations that may not align with your best interests or even the law, and sometimes those motivations overrule what they should do.
If you trust cops with a backdoor, it is only a matter of tim
-
Very true about cops but we have to remember that even though these are people these are people the rest of us trust with authority and abilities the rest of us cede to them so a higher standard of conduct is warranted, expected and necessary. The big issues with law enforcement, like this very story, are systemic.
There are probably quite a few cops who understand the importance of something like E2EE but the question is why are they not the voices that are setting the rules?
-
Cops are trained to an us vs them mindset and continually retrained that they always have to assume the public is out to kill them.
The mindset sticks, I picked up a bit of it by osmosis and it took a couple of years to decompress and become objective again. Luckily, I have no ethical concerns about any of the coding and systems support I did for them - I was never responsible for anything that would be used to erode rights, and I worked an awful lot on stuff that was meant for police oversight.
-
-
They aren't asking for a backdoor, the clipper fever dream is dead.
They "just" want AI mass surveillance for CSAM only, pinky promise, and lawful intercept. The keys wouldn't be escrowed with independent access by law enforcement through a backdoor, but entirely under the control of the private companies.
-
"I like to think the ones I worked with were good"
If you have 1 bad cop and 10 more that let them get away with it, what you've got is 11 bad cops.
-
-
The prevailing orwellian theme now is, nobody is "honest" who needs to conceal their identity. Being anonymous these days and not proving your identity to communicate or transact, means you're either a Russian, an AI bot, a Russian AI bot, or some sort of potential or actual terrorist.
Identity security is exactly that - and you can expect more and more websites will provide ephemeral access against some sort of identity provider to validate/identify all transactions and communications.
If you don't think t
-
Most Apple users don't use Advanced Data Protection, but I'd say the cloud storage is still relatively secure.
-
But why would you say that? Have you reviewed the sources? If not, you're just making things up to believe. Your religious beliefs about Apple are not relevant.
-
-
It wasn't long ago where the direct messages were via snail mail. It was difficult to find things back then. Even with email, leaving a USB drive makes transmitting information to others easy and difficult for LEOs to find.
-
Indeed. I mean, even the NSA has had attack code stolen now and that did quite a bit of damage. There are no harmless or "safe" backdoors and not fixing vulnerabilities is always bad for everyone. No idea why this needs to be re-stated time and again.
-
-
Police forces are supposed to protect citizens. Dropping E2EE would open the doors to all sorts of crime.
Unbelievable.
-
Naa, police forces are there to keep the rich safe against the unwashed masses. All that "serve & protect" stuff is just the marketing narrative.
-
-
How in the world did cops ever catch bad guys before the advent of the mobile phone?
-
To be fair, in the olden days, the police would grab someone, say "You are guilty of xyz" take you in front of a judge, say "He's guilty of xyz" the judge would go "Yep!" and you'd be in prison.
Nowadays they have to come up with actual evidence, which is just exhausting. Phones have made it somewhat easier, as they can just subpoena the GPS info for anyone who was near a crime and you have an instant suspect. You don't even have to leave your desk, shoot off some emails and you get a suspect.
-
I guess it didn't scale
-
Before widely available, end to end encrypted communications? They didn't need to access that stuff because it didn't exist.
-
the criminals didn't communicate over phones before the phones where invented either, still police where able to do their jobs. Heck most sane criminals don't communicate electronically at all, e.g Hells Angels sends messages via people on bikes and have a strict no cell phone policy at all their meetings.
-
-
Going back and watching some of "The Wire" again it's interesting to see just due to when it was filmed that the show takes place at a time when things like "texting" and "burner phones" were like the cutting edge and some of the plots involved the cops having to stay one step ahead with new technology. Show absolutely holds up but even then it touches on the themes of all the new tech combined with the drug war mania ruining the skill of policework.
-
If I'm not mistaken national statistics have shown, at least here locally, that the crime solving rate took a dive after police where given the right to perform cell tower dumps and once explanation was that if they couldn't immediately find the perpetrators data in the dump then they gave up instead of doing the old school police work.
-
-
You have to elect better legislators. Doesn't matter if you're in Europe or the US. The police will always do what they we let them get away with. It's all pretty straight forward. We are the power
-
Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.
The most heinous of all crimes is dictatorship, based on number of deaths, rapes, child trafficking, and so on.
Dictatorship is maintained with terror and murder and growing technological panopticons.
E2EE is just what the doctor ordered to thwart this, the most heinous of crimes. It's tough enough as it is. We, the free west, should lead the way, not offer ready-made tools with ready-made patter for dictators to spout.
-
-
well to be fair, it is ofc in their interest as a law enforcement agency to get to sift through peoples data, it would significantly simply and help their work. It's a whole different question if we society should give them what they want, trouble ofc is that politicians (and some people) tend to think that if the police wants it then it must be good.
-
-
They have proven time and again that their goal is power, not justice and not the law.
-
I see absolutely nothing wrong or unusual about this, as long as it's strongly protected against warrantless access and officers can't just access it using their own devices. Police absolutely do need to be able to access communications if we want them to effectively police terrorism and sex trafficking and other crimes.
-
You're trolling? Please say you're trolling?
Look, if the police can get a warrant, they can get a warrant to spy on one of the endpoints. Encryption becomes irrelevant.
Compromising encryption for everyone goes far, far beyond that. It endanger s everyone, and enables whole new levels of criminality.
-
In theory they can get a warrant on the end points, in practice that's a significant technological undertaking which if implemented would have been public knowledge by now.
I'm actually surprised law enforcement don't just force Apple/Google to pown phones through auto-update. Maybe they think as long as they don't, it makes it easier to push for mass surveillance instead?
-
They can get a warrant on the endpoint. But that doesn't let them see messages. They then have to physically confiscate the end point which they can (and have) done. But it's not analogous to any of the other intercept warrants that are available and it notifies the suspects.
-
The message I replied to talked about "spy on one of the endpoints", confiscation isn't really that.
To spy on the endpoint they need to remotely pown the phone, NSO Pegasus type software but developed and pushed on the phone by Apple&Google. Plus a little help from the mobile operators, so the increased data traffic isn't a dead give away.
-
It's even harder when all evidence of the message being sent or received is immediately destroyed, like with many of those apps. So even if you log in successfully and open the app, there's nothing there, on either end.
So the only solution is to eliminate E2EE altogether, I think. WiFi makes this much harder since the traffic doesn't go through a single point. Maybe could keep E2EE by telling the device to start saving all decrypted messages once a lawful warrant is receivedit's a technical challenge.
-
-
-
How exactly do they get a warrant to look at an endpoint when they don't have the ability to decrypt (or get through the layers protecting the key to do so)?
-
-
No, they don't. They can police all of those things by doing the work. However, they're all lazy and tasked to do things police shouldn't ever be near to begin with.
-
What is "doing the work?" Waving a wand?
-
-
-
When so many spooks come out against it, that's how you know you're doing the right thing. Let's unpack their statements a bit.
... Europol said it needs lawful access to private messages, and said tech companies need to be able to scan them (ostensibly impossible with E2EE implemented) to protect users. Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.
You're not realistically going to magically prevent any of those things with more spying. At best, you might catch the occasional low-hanging fruit, and even then, only if you do incredibly invasive levels of widespread spying on everyone. The right way to prevent those things is by infiltrating the relevant community. People who say otherwise are kidding themselves.
"Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish," the declaration said. "They should not now." The joint statement, which was agreed to in cooperation with the UK's National Crime Agency, isn't exactly making a novel claim. It's nearly the same line of reasoning that the Virtual Global Taskforce, an international law enforcement group founded in 2003 to combat CSAM online, made last year when Meta first first started talking about implementing E2EE on Messenger and Instagram.
First, their claim isn't even true at a superficial level. Since at least 1961, we have been compelled by law to recognize diplomatic couriers and the contents of their bags as beyond the reach of law enforcement.
Second, our societies have always tolerated spaces that are at least by default beyond the reach of law enforcement, which allow law enforcement to peer into those spaces only after establishing probable cause.
Recent behavior by law enforcement agencies has thrown out the entire notion of probable cause, creating mass spying programs that sniff all the traffic going into and out of various organizations en masse. That, combined with parallel construction and courts being lax at enforcing the fruit of the poisonous tree doctrine, has resulted in substantial violations of the public's right to privacy.
End-to-end encryption is necessary entirely because law enforcement has repeatedly shown an unwillingness to respect the bounds of privacy that a free society requires. And the fact that law enforcement's irrational "slurp everything up and sort through it later" approach has resulted in everyone encrypting everything is not the fault of the "everyone encrypting everything". It is the fault of law enforcement being utterly egregious and unscrupulous in their behavior.
There are consequences for actions, and when governments show that they are untrustworthy on an ongoing basis, people stop trusting them. Welcome to the real world, kids.
-
So much this. The Intel lobby practically just burnt down congress, (it sure as-f**k looks like they blackmailed the speaker of the House) to defeat having to even get a warrant for spying from their special FISA court, when the 'F' (foreign) part is deeply in question.
That does suggest to me its time to 'trust them' more and just hand over the keys to all communications privacy. They basically finished throwing a tantrum and screaming about how they can't do their jobs AND respect the Constitutional right
-
-
Where did they get the idea that "Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely"? One-time pads have been completely secure since they were invented in 1882. And, of course, people have always been able to go somewhere isolated and talk with each other face-to-face without any police around. The idea that police have a right to monitor all communications between anyone anywhere isn't reality-based. Are they going to re
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK