[thomaslkjeldsen]

You claim that somebody thinks it is reasonable policy to ban e2ee. Who is that exactly?

Consider this section from the resolution:

  Striking a right balance
  
  The principle of security through encryption and security despite encryption must be upheld in its entirety. The European Union continues to support strong encryption. Encryption is an anchor of confidence in digitalisation and in protection of fundamental rights and should be promoted and developed.
  
  Protecting the privacy and security of communications through encryption and at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes in fighting serious and/or organized crimes and terrorism, including in the digital world, and upholding the rule of law, are extremely important. Any actions taken have to balance these interests carefully against the principles of necessity, proportionality and subsidiarity.

See https://data.consilium.europa.eu/doc/document/ST-13084-2020-...

[coldtea]

>Who is that exactly?

Whoever wrote: "at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes in fighting serious and/or organized crimes and terrorism, including in the digital world, and upholding the rule of law, are extremely important".

Either said person doesn't understand end-to-end encryption, or they don't want end-to-end encryption but mere encryption, with keys shared here and there...

[shipstain]

Yeah you can encrypt your connection to the server where you store your mail. But don't think about encrypting your mail.

[autoditype]

No the person you're responding to, but the OP article gives the impression.

Either way I don't understand how the text you pasted intends to "strike the balance" when e2ee is present. Either they're talking about backdoors or they're in fantasyland

[simonh]

You're right that they don't want to ban E2E, they want to mandate that they hold the keys to all E2E though.

[thomaslkjeldsen]

This is your conclusion but it is not stated anywhere in the resolution.

[simonh]

They mention access to encrypted data severl times:

>Technical solutions for gaining access to encrypted data must comply with...

They do say:

>there should be no single prescribed technical solution to provide access to encrypted data.

But it's perfectly clear the assumption is that they intend law enforcement to have access to all encrypted data, given the various caveats about doing so legally.

They do mention privacy, but all that means is not making user data public. They make no mention of a right to maintain data private from the government or law enforcement.

[thomaslkjeldsen]

Okay I understand the concern, but claiming that there is intent to hold keys to all e2ee is jumping to conclusions. Imagine if investigators could ask authorities for permission to retrieve screenshots from your mobile device if you are under investigation. There would be no need for access to keys.

I am not arguing that this is desirable, but I do acknowledge that investigators may need help to navigate modern technology.

[extrememota]

From the same document. I do not see how this is technically possible.

> Technical solutions for gaining access to encrypted data must comply withthe principles of legality, transparency, necessity and proportionalityincluding protection of personal data by design and by default.

[thomaslkjeldsen]

If focusing on e2ee I agree, but how about hardware and software supply chains? How much is your e2ee worth if you are up against Apple or Google? Perhaps nation states are simply looking for similar powers?