Digital supervision

Digital Aufsicht

As everyone probably knows, the European Union is considering a directive that would force chat and social media operators to ban the sharing of photos and other pedophile material.

The problem with this policy is that it is completely useless, since in no case can it bring useful results, but on the contrary it strengthens the power of ISPs to spy on users in a legitimate and lawful way.

The first thing to know about this deception is that criminals who share photos of pedophiles do not use channels beyond their control. In the few cases where they B. If you use Telegram, use it to tune in. The material is then traded in terms of renegade, e.g. B. through the dark web. In this regard, large internet service providers such as Whatsapp or TikTok or social networks can do little to intercept the material. At best, they can intercept the jargon that criminals use to do business. There is little they can do about it without knowing in advance that the people involved are criminals.

To understand the technical problem, to date no Internet service provider, social network or messaging service can read the encrypted traffic. This is because the encryption algorithms are very robust and do not allow it.

In order to intercept everything, you have to insert a backdoor, a kind of weaker algorithm that still allows someone to see what is being transmitted. Once the backdoor is added to this algorithm, it would be possible to decrypt the dialogue.

So the problem with this law is that it releases a new algorithm that can read everything and that the old algorithm should be replaced by the new one in all online systems.

The dangerous thought, however, is that if ISPs are required to do so by law, they will have to implement methods to crack the encryption and allow someone to spy on encrypted material. And this is precisely the catastrophe of this new legislation.

The first of the technical problems that make such technology impossible is that it only works in partnership with criminals.

Let me explain:

Suppose there is a "good" encryption (which can be read as "child protection") and a "bad" one, which is the current one.

Because setting up a server in a cloud costs only a few dollars and hours, if not minutes, criminals build an end-to-end encrypted chat system using an algorithm of their choice.

In these conditions it is not enough to develop a "good" algorithm, it is also necessary to convince criminals to use it. And since the "bad" algorithms are open source, criminals will always be able to use them unless they decide… to cooperate!

We know very well that no criminal will ever install crime-fighting algorithms on their servers.

But now we have a second problem. We said that the new "good" algorithm has a backdoor. Now the question arises: who can use this backdoor?

Their naive response will be that only governments and service providers can use them. And now the second question: Yes, governments. But WHICH governments?

Will they give the Russians the opportunity to read all the news in the West or "only in Europe"?

Certainly not. But how would you stop the Russians, Chinese and others from getting their hands on that backdoor? I don't want to remind you that Edward Snowden lives in Russia.

But it is simply impossible to keep an algorithm secret that everyone should use for their chat system.

After all, in Russia there are not only children, but also pedophiles: if the Russian government replies that it wants to use the backdoor to save HIS children, what could be answered? "No, why are Russian children worth less"?

The problem with this backdoor is that if it got into the hands of governments like Russia and China, no communication in the West would be safe.

Many attack this law on the level of rights. But just look at the practical profile to see that it is inapplicable. As soon as a service like Whatsapp decided to install this backdoor, the US government would stop them: they know very well that the Russians or the Chinese will spy on virtually anyone if the backdoor gets their hands on them.

Consequently, for obvious practical reasons, this new law will not be implemented by any country, because if individual governments recognize the risk, no one will adopt it.

And all the credibility that the EU has gained with the General Data Protection Regulation will disappear very quickly because an entire planet is giving Europe the middle finger and not complying.

So this law also poses a danger to everyone in practice and there is a risk that the credibility that the EU has built over the years in the field of IT regulations will be destroyed.