Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

ENISA and Europol not on the same page concerning encryption

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 24, 2016

While the U.S. Federal Bureau of Investigations continues its current campaign in trying to convince the IT industry that math isn't that big a thing and therefore backdoors are feasible, the European Union Agency for Network and Information Security (ENISA) and Europol have been dancing a bit around the issue lately, issuing a joint statement that both opposes and supports breaking encryption at various levels.

Back in February 2016, speaking for itself only, ENISA was clear about the various dangers of undermining encryption.

The organization is trying to explain the obvious stress between privacy, technology, and law enforcement.

Hence, proposals to introduce mandatory backdoors or key escrow to weaken encryption provide access to messages, the statement says, but “it would also increase the attack surface for malicious abuse”.

Stating what's fairly obvious to everybody except the FBI's lobbyist-in-chief, the statement emphasises that “criminals can easily circumvent such weakened mechanisms and make better use of the existing knowledge on cryptography to develop or buy their own solutions without backdoors or key escrow”.

“In terms of practical breaks, cryptographers are currently miles ahead, which is good news for all the legitimate users who can benefit from the improving protection of their data,” ENISA added.

The statement does offer a concession to law enforcement. Noting that investigations do, after all, go better with access to suspects' communications, ENISA and Europol agree that “For the investigation and disruption of crimes, it is important to use all possible and lawfully permitted means to get access to any relevant information, even if the suspect encrypted it”.

Overall, regulation and bug-sharing seem to be on their mind, although the statement tiptoes around the latter-- “It would be worthwhile to collect and share best practices to circumvent encryption already in use in some jurisdictions.”

“Investigators would benefit from more explicit and ideally aligned regulation of the lawful online use of privacy-invasive investigative tools and the conditions under which they can be applied,” it added.

In line with existing EU positions on spying on citizens, the statement also notes that governments and the judiciary need to set down “clear policy guidance on the proportionality of the online utilization of such privacy-invasive investigative tools”.

All of this would seem to be evidence that Europe is moving further away from America in the encryption debate, except that the ENISA/Europol statement indulges in law enforcement bet-hedging right at the end.

Here's the critical information that readers need to be aware of-- “When circumvention isn't possible yet access to encrypted information is imperative for security and justice, then feasible solutions to decryption without weakening the protective mechanisms must be offered, both in legislation and through continuous technical evolution”.

“For the latter, the fostering of close cooperation with industry partners, as well as the research community with expertise in various crypto analyses for the breaking of encryption where lawfully indicated, is strongly advised.”

There is, the statement says a “workable balance” available with enough R&D and collaboration between EU agencies. We'll keep you posted on these and other developments.

Source: ENISA and Europol.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer