[Owasp-cape-town] French initiative on decryption

Hans Eggers eggers at physics.sun.ac.za
Wed Sep 7 16:30:07 UTC 2016


Hi,

sorry for being slow.

For me, the main message in the press release was that even the former 
bastions of free speech and privacy are now vulnerable. And where 
there is a political will there is a technical way. For example, 
requiring registration for any particular service and then 
criminalising nonregistration.

The second message was the fact of a press release itself: A French 
minister feels it is necessary to tell the world what they intend to 
do, in the presence of the German minister. In other words, he must 
either be under pressure from the French electorate, or he is sending 
a message to the Germans to quit being complicated about surveillance 
and just do it.

Regards,

Hans


On Mon, 29 Aug 2016, Christo wrote:

> Hi
>
>
> From the article what one can gather is the same kind of issues
> Blackberry faced in UAE and Dubai. Basically anyone providing a
> encrypted service would have to hand over their private keys to allow
> French security services to decrypt all traffic. Its similar to this
> kind of play:
> https://www.techdirt.com/articles/20160708/07535134919/putin-says-all-encryption-must-be-backdoored-two-weeks.shtml
>
>
> They won't be able to target everything. The easiest targets are
> companies as proved through Google, Microsoft, etc. giving in to demands
> by the 3 letter agencies in the US. Some companies like BlueCoat provide
> man-in-the-middle type services where they are able to
> (https://www.bluecoat.com/products-and-solutions/ssl-visibility-appliance),
> but with services like TOR or OTR its not really possible. Surveillance
> is a numbers game, breaking encryption without design flaws takes time
> and computing power. Services like TOR & OTR change keys often thus
> making it nearly impossible to break into. Telegram on the other hand is
> an open-source app connecting to a closed source service.
>
>
> Also consider the wording around: "operators offering products or
> telecommunications or Internet services in the European Union". As long
> as a company does not have sales offices in the EU I think they would be
> exempt.
>
>
> Thanks
>
> Christo Goosen
>
>
> On 25/08/16 14:50, Daniel Walden wrote:
>> Thanks for sharing, Hans.
>>
>> Technically, how is this even possible, since encryption happens at the servers hosting the websites?
>>
>> And regarding networks like TOR... don't these run over ISP networks? If so, how can ISPs decrypt data that is routed using protocols like TOR?
>>
>> Thanks,
>> Daniel
>>
>> -----Original Message-----
>> From: owasp-cape-town-bounces at lists.owasp.org [mailto:owasp-cape-town-bounces at lists.owasp.org] On Behalf Of Hans Eggers
>> Sent: Thursday, August 25, 2016 11:11 AM
>> To: OWASP Cape Town <owasp-cape-town at lists.owasp.org>
>> Subject: [Owasp-cape-town] French initiative on decryption
>>
>>
>> Here is the google translate version of an announcement by the "Franco-German initiative on internal security in Europe".
>>
>> https://translate.google.co.za/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.interieur.gouv.fr%2FActualites%2FL-actu-du-Ministere%2FInitiative-franco-allemande-sur-la-securite-interieure-en-Europe&edit-text=
>>
>> The crux is the second-last paragraph starting with "They propose" and specifically
>>
>>     At European level, it would tax the uncooperative operators to
>>     remove illegal content or decrypt messages as part of
>>     investigations.
>>
>> or in normal English, the French are proposing that the EU Commission require telecom operators to have a key to decrypt messages and hand over that key on demand.
>>
>> Hans
>>
>> The integrity and confidentiality of this email is governed by these terms / Hierdie terme bepaal die integriteit en vertroulikheid van hierdie epos. http://www.sun.ac.za/emaildisclaimer
>> _______________________________________________
>> Owasp-cape-town mailing list
>> Owasp-cape-town at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-cape-town
>> ________________________________
>>
>> All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
>>
>> _______________________________________________
>> Owasp-cape-town mailing list
>> Owasp-cape-town at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-cape-town
>
> -- 
>
>
> owasp-cpt-logo
>
>
> Christo Goosen
> OWASP Cape Town Chapter Leader
> OWASP Foundation
> https://www.owasp.org
>
>
The integrity and confidentiality of this email is governed by these terms / Hierdie terme bepaal die integriteit en vertroulikheid van hierdie epos. http://www.sun.ac.za/emaildisclaimer


More information about the Owasp-cape-town mailing list