23 Matching Annotations
  1. Feb 2021
  2. Dec 2020
    1. no single prescribed technical solution to provide access to encrypted data

      How can we read this? That they don't expect a single new technology/standard, but rather case-by-case approach in cooperation with the industry, based on regulations and practices?

    2. coordination

      Recent address of Interpol cybercrime director Jones at Kaspersky's webinar stressed the importance of bringing law enforcement authorities from various countries to work together - being even more relevant than the (un)existence of legal ground, whether Budapest Convention or other. This confirms that LEA hasn't explored all the venues of becoming better at collecting evidences - closer cooperation and skills being one bit - and encryption might not be a 'silver bullet', but there are other ways to go still.

    3. Suchtechnical solutionsand standards

      EU mentioning 'technical solutions and standards' to be developed re. encryption vs access to data. No more details, but interesting to follow. ||MariliaM|| ||Jovan|| ||TerezaHorejsova||

    4. national and international communication service providers

      What does this term mean - ISPs/telcoms, or also digital service providers and vendors? To me it sounds more as telcos...

    5. undertheir domestic legislation

      Additional complexity if it won't be a single EU legislation. With Orbans and alike, there is not much trust in national level.

    6. assessed

      Why so, if LEA already has all the rights to access the evidences, as mentioned earlier? Problem is 'how' - operational, not legal. Or, with this, EU want's to strengthen due process and respect for privacy etc, to try to comfort tech community that it will do its best to use it legally? (Which won't comfort them, that we know) ||GingerP|| ||MariliaM|| ||Jovan||

    7. echnical solutions for gaining access to encrypted data

      The idea is to work with industry to provide technical means. Tech community is clear that weakening encryption algorithms or applications (some sort of back doors) will result with greater harm, as such backdoors could be misused by criminals and other parties (states?). One public proposal from GCHQ, known as 'ghost protocol', suggested meddling with exchange of encryption keys rather than encryption algorithm (effectively inserting silently a third party - LEA - to monitor the exchange); tech community was fast to discourage this. Good news is that, from my feeling, both industry and govs (EU at least) are ready to discuss how-to. It won't be easy, but it may be possible. FiveEyes and others may follow this (they also took the stand to work with industry, though they were more strict towards the industry responsibility in this regards, than the EU which calls for partnership) ||GingerP|| ||MariliaM|| ||Jovan||

    8. Independently of the technological environment of the day,

      Easier said than done

    9. help ensure security

      Emphasising that security from cybercrime is also part of (individual) security

    10. subject to the requirement of anessentially equivalent level of protection, which according to the Court of Justice is a legal requirement for data transfers

      Not sure what this means?

    11. in all areas of public and private life

      They miss an important bit: that encryption is one of the key element of secure functioning of the net as well (PKI, DNSSec, etc)

    12. the EU will leverage its tools and regulatory powers to help shape global rules and standards

      EU stepping in as a global leader on this front?

    13. Security through encryption and security despite encryption

      Interesting wording: EU tries to both defend encryption and find ways around it by not weakening it. In practice, it is very difficult, but let's see ||GingerP|| ||MariliaM|| ||Jovan||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  3. Nov 2020
    1. Regarding access to digital evidence, the EU and its Member States first recognize encryption as an important tool for the protection of cybersecurity and fundamental rights, such as privacy, including the confidentiality of communications, and personal data. The EU and its Member States are invited to find solutions that allow law enforcement and other competent authorities to gain lawful access to digital evidence concerning malicious cyber activities, without prohibiting or generally weakening encryption, and in full respect of privacy and fair trial guarantees consistent with applicable law.

      How to achieve this? We should follow more closely this discussion.

      ||VladaR||||AndrijanaG||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. “competent authorities”

      Widening coverage beyond 'law enforcement agencies' by using term 'competent authorities'.

    2. While the German police have such a tool at its disposal

      Do they have possibility to break E2E?

      ||VladaR||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. In December 2018, Australia was the first major democratic country to introduce an encryption-busting law.

      Can we have more info on Australian law and its application - e.g. does it force Facebook to create backdoor for WhatsUP?

      ||Pavlina||||VladaR||||AndrijanaG||

    2. If properly implemented, E2EE lets users have secure conversations — may them be chat, audio, or video — without sharing the encryption key with the tech companies.

      Why end-to-end encryption (E2EE) provides?

      ?AI

    3. The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively.

      Call for weaker encryption is not new. There has been build-up since 2018 and 2019.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  4. Oct 2020
    1. Relevant points in this document

      • 5 eyes (Australia, Canada, USA, UK, New Zealand) are joint by Japan and India
      • against end-to-end encryption for two reasons: a) companies cannot enforce their internal rules on content moderation; b) law enforcement agencies cannot enforce laws.
      • problems should be solved on the way how applications are designed
      • need to solve problem of encryption via standards
      • argue that they can both protect privacy and limit encryption.

      ||VladaR||||AndrijanaG||||Jovan||||MarcoLotti||||AndrijanaG||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. US National Security Agency (NSA) established the Center for Cybersecurity Standards in order to deal with increasing dependence on commercial products to secure National Security Systems.

      The NSA Center for Cybersecurity Standards will focus on:

      • 5G Security
      • Cybersecurity Automation
      • Platform Resilience
      • Cryptographic Algorithms
      • Security Protocols

      Cybersecurity standards will play increasing relevance in digital realm.

      ||VladaR||||AndrijanaG||

      Actors: 3GPP; ATIS; IEEE; IETF; ISO; IEC; OASIS; IETF; TCG; NIST; ANSI

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL