Encrypted communication: filter, block, build in backdoor

The EU Commission launches a dialog forum on terror on the Net and encrypted communication. Users are not involved.

More and more people are encrypting their communication. Photo: dpa

No, it is not a secret meeting, says the spokeswoman of the EU Commission. It is true that they do not disclose who exactly is present, what will come out at the end of the day, and the public is not allowed either. But it is indeed not secret that politicians and representatives of Europol met with several Internet companies this week and that such meetings should take place more often in the future. To talk. About undesirable content on the net. And about encryption.

These are two topics that have been on the agenda for a long time, but have now, as a result of the attacks in Paris, suddenly moved to the top. Law enforcement, investigative authorities, intelligence agencies have put them on there: a short line to Internet corporations, for example, when it comes to making content that terrorists use to woo supporters disappear from the Net. And access to content, even if it has been stored or transmitted in encrypted form. For example, using backdoors in software that can be used to encrypt data.

"Terrorists abuse the Internet to spread their poisoned propaganda," said EU Commissioner Dimitris Avramopoulos before the meeting, and he also immediately provides the solution: cooperation with Internet corporations. Microsoft, Facebook, Google, Twitter and the Ask.fm portal were present at the first meeting, the Commission reveals as much, and that they are not all. Beyond that, there is not even a statement about the number of participants.

Intransparency is then also the first thing that bothers Maryant Fernandez Perez from the European civil rights group European Digital Rights (EDRi) about the meeting.

The question of definitional sovereignty

The second: the question of definitional sovereignty. That it matters is something even the Commission is aware of. "Tackling the problem of hate speech is difficult because you have to clearly define where freedom of expression ends and hate speech begins," says EU Commissioner Vera Jourova. Civil rights activist Fernandez Perez would not disagree. And she demands: Precisely because this is about demarcations, such a discussion does not belong in a round between politics, business and the European police authority, where the public is excluded. An informal alliance would lead to the removal of legal but undesirable content from the Internet.

This is not the first time that the EU Commission has cooperated with IT companies on these issues. In 2011, the "Clean IT Project" was launched, also in cooperation with companies, with the aim of "reducing the influence of terrorists on the Internet," according to the self-description.

Syriza came to power in Greece at the beginning of the year. Since then, our reporters have accompanied four Athenians. Read what has changed in their lives in taz.am wochenende from December 5/6, 2015. Also: our author visits her old neighborhood, which is now said to be an Islamist stronghold. And: The artist Mia Florentine Weiss on motherhood and war. On the newsstand, eKiosk or right away in a handy weekend subscription.

A secret working paper published by EDRi showed that even then it was apparently not only about terrorist influences. It contained a list of proposals that read like a wish list from surveillance enthusiasts: a ban on pseudonyms in social networks, monitoring of employees by their employers, filter systems with which providers are to block undesirable content. Even though the EU Commission was quick to distance itself and those involved emphasized that it was just a collection of ideas – it shows how deeply entrenched the desire for political control over the web is.

A small step toward blocking content

The example of Great Britain illustrates what blocking content can lead to: There – if the connection owners do not object – filters are active by default that are supposed to filter out pornographic content. It wasn’t just files that happened to contain the string of letters "sex" that got caught. The website of the Chaos Computer Club (CCC) has also been blocked. The step from blocking illegal content to blocking inconvenient content is small.

And then there’s the matter of encryption. "In cooperation with IT companies, the Forum will also explore the concerns of law enforcement agencies in the face of new encryption technologies," says an EU Commission paper.

It would be the dream of law enforcement and intelligence agencies: backdoors, or deliberately built-in loopholes in encryption software that give government agencies access to encrypted communications and content stored in encrypted form. After the Paris attacks, the skeptical view of crypto technologies became popular again: last week, for example, the European Parliament adopted a draft resolution from the European People’s Party, the largest political group, which also questioned encryption technology.

Horror scenario for civil rights activists

For civil rights activists, this is a horror scenario, because once there is a backdoor, both criminals and all other users can be monitored with it. It is also possible that unauthorized persons will find the gap and exploit it themselves. And that encryption is perceived as insecure overall. Who wants to do online banking if it’s not certain whether third parties can read along or fork over some money?

"Encryption is a tool to protect people," says Fernandez Perez. Bank customers as well as opposition members, diplomats as well as whistleblowers. And: There is no evidence that the Paris attackers used encrypted communication to plan the attacks. What is known so far is that they coordinated their actions by text message – which could be read without a backdoor.

Does encryption lead to surveillance?

A Europol report from September also analyzes that more and more users are using encryption, it is spreading with them, and as it spreads, criminals are also encrypting, making it harder for law enforcement to protect users from the criminals. Confusing? Europol doesn’t offer a solution then, but U.S. author James Bamford does: "If you encrypt end-to-end, that forces the government to use specific surveillance, for example by bugging keyboards," he told online portal Heise.de at a recent conference. In other words, less mass surveillance and more targeted observation.

On the other hand, it is unlikely that standard government access to encrypted content that has been sent or stored will actually reveal planned crimes in advance. Above all, it raises the hurdle to countering everyday mass surveillance.

For example, encryption expert Klaus Schmeh describes on Scienceblogs the alternatives that can be found when it really matters: According to the article, two Russian spies living in Germany communicated with a contact person via comments they left under soccer films on the video portal YouTube – quite publicly. What their sentences about Cristiano Ronaldo’s goals really meant is still unknown.

Leave a Reply

Your email address will not be published. Required fields are marked *