The EU is attacking encryption again, this time in a report put together by several agencies, including EU law enforcement Europol, and the European Council’s Counter-Terrorism Coordinator.
This EU’s site says that this “first report on encryption” – by what the bloc calls its Innovation Hub for Internal Security, is looking for ways to “uphold citizens’ privacy while enabling criminal investigation and prosecution.”
“The main challenge is to design solutions that would allow at the same time a lawful and targeted access to communications and that guarantees that a high level of cybersecurity, data protection and privacy,” says the report.
The objective answer to the supposed conundrum of how to achieve both goals is always the same: you can’t.
Yet the EU, various governments, and international organizations continue to push to undermine online encryption and keep framing their initiatives the same way – as both their supposed care for privacy (and importantly, security), and making law enforcement’s job much easier (saying that the goal is to “enable” that, suggests there’s no other way to investigate, which is not true.)
And, how on Earth the EU intends to “safeguard fundamental rights” (of citizens) while at the same time proposing what it does in this document, is anybody’s guess. But EU bureaucrats are “safe” from being asked these questions – at least not by legacy, corporate media.
The report’s proposals include a number of ways to break encryption, mention encryption backdoors (the sneaky euphemism is, “lawful access” to communications and data), as well as password cracking and cryptocurrency and other forms of surveillance.
The not-so-subtle abuse of language and tone continues while discrediting encryption, as services like Meta’s Messenger, Apple Private Relay, and Rich Communication Systems (RCS) protocol are dubbed, “warrant-proof encryption technologies.”
One idea regards extracting encryption keys via “quantum side-channel attacks” (that exploit information leaked from quantum computers). “Grover’s algorithm could be used in this case to identify relevant data extracted during a side-channel attack in order to deduct the cryptographic key,” reads the report.
And if DNS encryption is implemented, then the EU thinks it will be “crucial” to let “law enforcement access and process suspects’ DNS traffic.”
The EU pins hopes for its encryption-breaking future powers on AI development, but also, in the present, on the Cybercrime Judicial Monitor (CJM) report stating that some of the bloc’s members at the national level have recently been changing legislation in a way that “might offer additional opportunities to capture and use (encrypted) data.”
In fact, the CJM annual report leads the EU to conclude that “the majority of EU member states have direct or indirect capabilities for targeted lawful access to suspect’s device.”
Once again, “the issue” of intercepting voice calls made using foreign SIM cards is brought up in the “Lawful interception in 5G networks” section” – similar to Europol’s recent exploration of breaking mobile roaming encryption.
