The EU is attacking encryption again, this time in a report put together by several agencies, including EU law enforcement Europol, and the European Councilโs Counter-Terrorism Coordinator.
This EUโs site says that this โfirst report on encryptionโ โ by what the bloc calls its Innovation Hub for Internal Security, is looking for ways to โuphold citizensโ privacy while enabling criminal investigation and prosecution.โ
โThe main challenge is to design solutions that would allow at the same time a lawful and targeted access to communications and that guarantees that a high level of cybersecurity, data protection and privacy,โ says the report.
The objective answer to the supposed conundrum of how to achieve both goals is always the same: you canโt.
Yet the EU, various governments, and international organizations continue to push to undermine online encryption and keep framing their initiatives the same way โ as both their supposed care for privacy (and importantly, security), and making law enforcementโs job much easier (saying that the goal is to โenableโ that, suggests thereโs no other way to investigate, which is not true.)
And, how on Earth the EU intends to โsafeguard fundamental rightsโ (of citizens) while at the same time proposing what it does in this document, is anybodyโs guess. But EU bureaucrats are โsafeโ from being asked these questions โ at least not by legacy, corporate media.
The reportโs proposals include a number of ways to break encryption, mention encryption backdoors (the sneaky euphemism is, โlawful accessโ to communications and data), as well as password cracking and cryptocurrency and other forms of surveillance.
The not-so-subtle abuse of language and tone continues while discrediting encryption, as services like Metaโs Messenger, Apple Private Relay, and Rich Communication Systems (RCS) protocol are dubbed, โwarrant-proof encryption technologies.โ
One idea regards extracting encryption keys via โquantum side-channel attacksโ (that exploit information leaked from quantum computers). โGroverโs algorithm could be used in this case to identify relevant data extracted during a side-channel attack in order to deduct the cryptographic key,โ reads the report.
And if DNS encryption is implemented, then the EU thinks it will be โcrucialโ to let โlaw enforcement access and process suspectsโ DNS traffic.โ
The EU pins hopes for its encryption-breaking future powers on AI development, but also, in the present, on the Cybercrime Judicial Monitor (CJM) report stating that some of the blocโs members at the national level have recently been changing legislation in a way that โmight offer additional opportunities to capture and use (encrypted) data.โ
In fact, the CJM annual report leads the EU to conclude that โthe majority of EU member states have direct or indirect capabilities for targeted lawful access to suspectโs device.โ
Once again, โthe issueโ of intercepting voice calls made using foreign SIM cards is brought up in the โLawful interception in 5G networksโ sectionโ โ similar to Europolโs recent exploration of breaking mobile roaming encryption.