Translated Article: EU Decryption Plans apparently “Done Deal”
Even without an official mandate from the Council for such a regulation, the Commission has already started to anchor a decryption requirement in other regulation projects. Chronicle of the second Cyberwars from 2014 to today, Part II. You can find part one here.
The controversial resolution of the Council of Ministers against secure encryption was anchored in the new draft guidelines for “high-class cyber security” of December 16. Since resolutions are not binding per se, this indicates a “Fait Accompli”, an informally already decided matter. From data retention (until 2006) to the currently adopted regulation against online terrorist propaganda (start in 2016) , all major EU surveillance projects have started in this way.
So much more than the public information available so far should have already been agreed behind the scenes. Such references to the demands of the Council for a decryption obligation are to be expected in all future regulatory projects that also affect information technology and security. These are the usual preliminary stages of every regulation. This documentation from ORF.at shows how the EU project came about.
2017 The course is set
The list of the relevant processes for 2017 is quite short, but in fact, important groundwork has been set this year. At first glance, it was not about cracking encryption, but rather about the all-round necessary procedures, such as the legal basis, the technical interfaces for transporting monitored communication from the cloud and for international data exchange between police authorities. In addition to identifying unwanted content, the now firmly planned upload filter obligations also had a further function that bypassed the public.
2017 01 02 New ETSI standard for monitoring social networks. The online search warrant is already ready, the interface for transferring chats, group communication, etc. to the law enforcement officers will be a complex matter.
2017 03 19 Monitoring of social networks in the EU Council of Ministers. Europol’s demands were adopted as the official Council position. WhatsApp, Facebook and Co are to be put on an equal footing with European telecommunications in terms of surveillance.
2017 10 03 EU Commission now fully relies on upload filters for social networks: The current position paper of the Commission is based on the premise that “illegal content” can be automatically filtered out in social networks. This meant killing two birds with one stone, because a filter requirement naturally has consequences with regard to E2E encryption.
2017 12 17 EU guideline on Facebook monitoring starts in January: The Austrian Council Presidency had already made monitoring of Facebook and other social networks a priority from July 2018. A large majority welcomed the Commission’s proposals, and France also gave up its already hopeless resistance to strong encryption and also agreed to collect the data from the Internet companies behind the encryption instead. The standards and protocols required for this were already being worked on at ETSI.
2017 12 22 How Facebook surveillance will work across the EU: In principle, there was a choice between a new EU-wide central office from which surveillance data would be distributed to the authorities, or a direct implementation on the basis of the existing monitoring interfaces for Internet data at the telecoms, which was more likely. The national secret services, however, still had the strongest argument for national interfaces up their sleeves.
2017 12 27 Cross-border surveillance of telecommunications networks in the EU from 2018: In addition to the planned access options for European police authorities to data in social networks, cross-border electronic investigations by law enforcement officers are also on the EU agenda for 2018. This is also planned with the USA.
2018 Culmination of the monitoring processes
This year, what was prepared in 2017 was delivered. The two most important events took place at the end of the year.
2018 02 04 Austria’s EU Council Presidency: Facebook monitoring has priority. In addition to monitoring social networks, the EU Council Presidency must press ahead with the muddled Coypright amendment and the equally controversial e-privacy regulation.
2018 03 18 Resistance to EU-US agreement on cloud surveillance. The necessary legislative proposal has already started in the USA, and a first draft is expected in Europe at the beginning of April. Here as there, there is criticism of the planned remote access to telecommunications data and Internet traffic.
2018 04 04 USA took the EU by surprise in cloud surveillance: With the decision to advance unilaterally, even though negotiations on a coordinated approach with the Europeans were in progress, the USA risked a shot in the knee.
2018 04 22 New EU regulation on borderless surveillance: Direct orders from national law enforcement officers to track user data by telephony and internet providers in other EU countries are to be made possible across the EU.
2018 06 24 How the BND monitors communication in Austria: The data streams from Austria are completely copied to the BND lines at the most important connection to the DE-CIX node in Frankfurt. Selected results of the evaluation are sent back by the BND to the Army Intelligence Office in Vienna.
2018 08 21 FBI model trial against Facebook has started: The prosecutors are demanding access to encrypted phone calls and video calls of the messenger service. FBI and Co are striving to set a precedent, the odds are good. When these Facebook services were launched in 2015, the SDES protocol was implemented; each of these keys, which are individually negotiated for each application for voice telephony, is also sent in plain text to a Facebook server.
2018 09 18 EU summit discusses anti-terror filters on Wednesday. Official extinguishing orders must be implemented by providers within an hour. Among the “proactive measures”, “instruments for automatic detection” come first.
2018 12 09 New EU regulations for borderless surveillance for 2019: With the upcoming regulations against the “dissemination of terrorist content” and for the “securing of electronic evidence” on the internet, police authorities and secret services from EU countries will for the first time be granted cross-border direct access to content on the internet.
2018 12 12 Campaign of the spy alliance “Five Eyes” against WhatsApp and Co.The GCHQ proposal – called “exceptional access” – boils down to the provider smuggling a master key into the E2E encryption process. This means that the requirements of the police authorities for decryption can be met. In countries with a corresponding legal basis for the services for tapping the data streams at the Internet nodes, the services can require derivatives of this master key. Just a few days after the GCHQ’s proposals, such a law got through the Australian parliament in a cloak-and-dagger operation by the two major parties. On the same day the GCHQ’s proposals were published, US Attorney General Rod Rosenstein appeared before the press complaining about increasingly encrypted communications. That would make the work of the police authorities increasingly impossible. Similar comments came from Canada and New Zealand, so that all Five Eyes were present.
2019 Know-how of the services for the police
The proportion of securely encrypted traffic in the network is already 90 percent, and mail servers are also included. Unsurprisingly, 2019 had to offer upload filters, mutual surveillance agreements and a new ETSI uncertainty protocol called eTLs to thwart the roll-out of TLS 1.3. At the end of the year there was a detailed briefing of the ministers in the council by representatives of the “Berner Club”, the EU secret services of all EU states.
2019 01 16 Dispute over a new “security standard” for the Internet: parallel to the new TLS 1.3 encryption standard of the Internet Engineering Task Force, a compatible version called “eTLS” was created at the European ETSI, but which has been drilled out for monitoring. In this the British military intelligence service GCHQ is playing a leading role.
2019 01 29 Controversial Internet “security standard” eTLS is renamed: The controversial, because drilled out, ETSI encryption standard has been renamed from “eTLS” to “ETS”. The Internet standardizers of the IETF had requested this in order to avoid confusion with their secure standard TLS 1.3. In the ETS specification TS 103 523-3 of the ETSI, this point is called “middle box”.
2019 02 13 Obligation to filter slows down EU regulation against “terrorist content”: As with the copyright directive, the upload filters, which are also included in this regulation, are an obstacle. The procedure is based on the same dishonest pattern: The filtering of all content is camouflaged as a “proactive measure”.
2019 02 13 EU-US mutual surveillance agreement starts: Although the disagreement in the Council of Ministers is blocking the EU regulation on cross-border surveillance, the Commission is in the process of starting negotiations with the US on mutual direct access to data by law enforcement officers.
2019 10 09 New surveillance agreement between Great Britain and the USA: UKUSA II is a bilateral agreement between the USA and the United Kingdom on alternate data access by police authorities, excluding the respective national jurisdiction. [See E-Evidence]
2019 10 20 EU debate on filters against terrorism is back: the final trialogue negotiations on the regulation against terrorism have started. The proposed law compared to the distribution of the video feeds from the terrorist attacks by two neo-Nazis in Christchurch (New Zealand) and Halle (Germany).
2019 11 06 WhatsApp drives up prices for state Trojans: In autumn, the demand for malware for the Android operating system – and especially WhatsApp – overtook that for Apple’s iOS for the first time. The purchase prices for such exploits have now risen dramatically.
2019 12 01 Know-how of the EU secret services for Europol: On the agenda of the EU Council of Ministers from Tuesday there is also a briefing of the ministers by secret service representatives of the so-called “Berner Club”. In addition, representatives of the national military intelligence services are to be called in as advisors.
2020 The stage goal has been reached
2020 02 09 Espionage alliance with a new push against encryption: There is a draft law in the US Senate that de facto puts the use of end-to-end encryption by Facebook, Apple & Co under threat of punishment. Not really surprisingly, the design goes under the false flag of “child pornography”. The threat: freedom from liability will be extinguished.
2020 05 17 EU Council of Ministers is again discussing backdoors in encryption: Gilles de Kerchove, EU anti-terror coordinator, again speaks against secure encryption per se. Since these new demands from the prosecutors to the EU Council of Ministers are nowhere accessible, this confidential Council document is published in full by FM4. De Kerchove uses the term “front doors” in the tried and tested Newspeak manner.
2020 06 28 US draft law against secure encryption of chats: A new US law on “Access by law enforcement officers to encrypted data” is intended to force chat providers such as Signal or WhatsApp to incorporate back doors into their security architectures. What is demanded is exactly what de Kerchove demands.
2020 07 26 EU regulation against secure encryption announced: Because end-to-end encryption cannot be banned, the EU Commission is now trying to use other regulations to force Signal, WhatsApp & Co to turn off the encryption, following the example of the USA .
2020 08 23 New EU directive with measures against encryption: According to Internal Market Commissioner Thierry Breton, the problems for law enforcement officers with secure encryption will be addressed from autumn onwards as part of the new directive for digital services. The rigorous Earn-IT in the USA has already been largely defused. Commissioner Johansson’s hoax over explosive growth in videos of ‘child pornography’ is exposed.
2020 09 27 Change of course for upload filters in Brussels: No pre-filtering requirement for WhatsApp, Signal, etc. say EU Vice President Vera Jourova and Internal Market Commissioner Thierry Breton. This means that the attack on E2E encryption has also been called off for the time being.
2020 11 08 The terrorist attack is followed by an EU ban on encryption: Within five days, a resolution was passed in the EU Council of Ministers that obliges platform operators such as WhatsApp, Signal and Co. to create master keys to monitor E2E-encrypted chats and messages.
2020 11 15 EU Council of Ministers calls for “targeted data retention”: As E2E-encrypted chats are not yet saved by the providers, the authorities need not only re-keys but also a retention of the encrypted chats.
2020 11 29 “Five Eyes” behind the EU Council of Ministers’ decryption plans: A recently leaked Council document documents the deep involvement of the espionage alliance in the process. The method propagated by the British GCHQ of switching off end-to-end encryption using secondary or master keys is apparently also favoured by Europol.