cross-posted from: https://links.hackliberty.org/post/2121207
EU’s law enforcement agency Europol is another major entity that is setting its sights on breaking encryption.
This time, it’s about home routing and mobile encryption, and the justification is a well-known one: encryption supposedly stands in the way of the ability of law enforcement to investigate.
The overall rationale is that police and other agencies face serious challenges in doing their job (an argument repeatedly proven as false) and that destroying the internet’s currently best available security feature for all users – encryption – is the way to solve the problem.
Europol’s recent paper treats home routing not as a useful security feature, but, as “a serious challenge for lawful interception.” Home routing works by encrypting data from a phone through the home network while roaming.
We obtained a copy of the paper for you here.
Europol appears to want to operate on trust: the agency “swears” it needs access to this protected traffic simply to catch criminals. And if the feature was gone, then ISPs and Europol could have smooth access to traffic.
But if the past decade or so has taught law-abiding citizens anything, it is how, given the right tools, massive government and transnational organizations “seamlessly” slip from lawful to unlawful conduct, and secretive mass surveillance.
Not to mention that tampering with encryption – in this instance available in home routing as a part of the privacy-enhancing technologies (PET) – in security and privacy terms, means opening a can of worms.
It turns out, as ever, that agencies like Europol actually do have other mechanisms to go after criminals, some more controversial than others: one is “voluntary cooperation” by providers outside the EU (in which case Europol has to disclose information about “persons of interest” using foreign phone cards with other countries) as well as issuing an EIO – European Investigation Order.
But that barely compares to breaking encryption, in terms of setting up the infrastructure for effective mass surveillance. Europol’s complaint about the available procedures naturally doesn’t mention any of that – instead, they talk about “slow EIO replies” that hinder “urgent investigations.”
Europol presents two solutions to the home routing encryption “problem”: One, disable PET in home routing. The second is a cross-border mechanism inside the EU where “interception requests are quickly processed by service providers.”
Fuck you, no thanks.