[vincentkriek]

I think this needs a whole lot more nuance. Minister Steur said that the laws are not desirable at this time, after other cabinet members said it will hurt economic relations. This is not a statement saying we don't want this, this is a statement saying we can't do this right now.

Also, the money going to OpenSSL and others is completely unrelated to the current encryption banning talks going on in the Netherlands. This is a great initiative that should be applauded.

I agree with your conclusion though, but I am very weary of the dutch MoD.

[Confiks]

It is indeed a statement that "we can't do this right now". You don't need the implication you're making; it can literally be found in the 'cabinet's standpoint' (see below for a translation). I have the suspicion that it has something to do with the 'utopic' outlooks that other nations and their presidential candidates have come to suggest: "technologists will find a way to have both security and access".

"At this time, there is no outlook on the general possibility to, for example via standards, weaken encryption products without compromising the security of digital systems relying on encryption. By for example introducing a technical point of access into a encryption product which would enable intelligences agencies to view encrypted files, digital systems could be rendered vulnerable to for example criminals, terrorists and foreign intelligence agencies. This would have negative consequences for the security of communicated or saved information, and the integrity of ICT-systems, which are increasingly of importance in the functioning of society." (second paragraph of 'Afweging en conclusie')

(in these debates, there is always an important question: what would Ivo have said? Luckily, somebody has already provided an answer: http://tinyurl.com/whatwouldivohavesaid)

[Freak_NL]

The money going to OpenSSL might be related to the issue the Dutch government ran into in 2011 with the Diginotar (a certificate authority) hack; the TLS certificates for Dutch government websites were compromised at that time. While this hack was not related to weaknesses in OpenSSL (as far as I know), this did put the spotlight on the vulnerability and dependence on of the certificate chain. Supporting the software that provides this crucial layer of security makes a lot of sense for a government that has been bitten once.

[Confiks]

The amendment to provide €500 million to open sources encryption project (initially only OpenSSL), was done by D66's Kees Verhoeven. He has a history of asking question about the Snowden revelations and other issues around computer security. He is also partly responsible for the amendment on net neutrality, and the infamous 'cookie law' (which is actually more of a 'do not 3rd party track before asking consent' law).

For example in June has asked questions [1] about "the news that American intelligence agencies used vulnerabilities in encryption software" (specifically weak DH / Logjam).

If anything, this proposal has more to do with Logjam than with Diginotar. Not all too incidently, improving OpenSSL would do nothing to prevent another Diginotar from happening.

[1] http://www.tweedekamer.nl/downloads/document?id=97a9bc20-eca...

[skion]

You probably mean €500 thousand, not million.

[gpvos]

You probably meant "wary". But weary too.