cross-posted from: https://feddit.de/post/12846267

After Sunday‘s European elections, the EU is planning to reintroduce indiscriminate communications data retention without suspicion and force manufacturers to allow law enforcement access to digital devices such as smartphones and cars.

Specifically, according to the 42-point surveillance plan, manufacturers are to be legally obliged to make digital devices such as smartphones, smart homes, IoT devices, and cars monitorable at all times (“access by design”). Messenger services that were previously securely encrypted are to be forced to allow for interception.

The secure encryption of metadata and subscriber data is to be prohibited. Where requested by the police, GPS location tracking should be activated by service providers (“tracking switch”).

The EU Commission has already contributed specific proposals to the surveillance plan, according to two presentations obtained by the Pirates.

Make sure to vote in the upcoming elections!

  • @[email protected]
    link
    fedilink
    English
    77 months ago

    The relevant points outlined in “Recommendations from the High-Level Group on Access to Data for Effective Law Enforcement”:

    1. Implementing lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security. To that end, experts recommend developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure.
    2. Ensuring that possible new obligations, a new legal instrument and/or standards do not lead, directly or indirectly, to obligations for the providers to weaken the security of communications by generally undermining or weakening E2EE. Therefore, potential new rules on access to data in clear would need to undergo a cautious assessment based on stateof-the-art technological solutions (which should in turn consider the challenges of encryption). When ensuring the possibility of lawful access by design as provided by law, manufacturers or service providers should do so in a way that it has no negative impact on the security posture of their hardware or software architectures.
    3. Enhancing EU coordination and support to address situations where technical solutions exist to enable lawful interception but are not implemented by providers of Electronic Communications Services. In such cases, for example when home-routing agreements or when specific implementation of Rich Communication System (RCS) do not allow lawful interception capabilities, clear guidance and a dialogue facilitated at EU level would improve the cooperation with Electronic Communications Services.
    4. Conducting a comprehensive mapping of the current legislation in Member States to detail the legal responsibilities of digital hardware and software manufacturers to comply with data requests from law enforcement. It would also take into account specific scenarios and requirements that compel companies to access devices, in compliance also with CJEU caselaw and case law of the European Court of Human Rights. The goal should be to develop an EU-level handbook on that basis, and depending on the aforementioned mapping, to promote the approximation of legislation within this area, and to develop binding industry standards for devices brought to market in the EU, to integrate lawful access.
    5. Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users as well as without weakening or undermining the security of communications.
    • @[email protected]
      link
      fedilink
      English
      37 months ago

      So… Everything, everywhere, all at once? Establish an expert group to figure out how immovable objects are to be met with unstoppable forces. And mandate the findings.

      JFC