.png)
4 hours ago
1
tl;dr: The European Commission is honestly asking for experts to advise them on ways to institute “effective and lawful access to data for law enforcement”. If you are an expert, I urge you to apply to join this group. You have until September 1st. Do read on for more details!
The never-ending battle where police and intelligence services demand more/total access to communications shows no sign of stopping, even in the face of mathematical and practical impossibilities.
Meanwhile, more so than civil liberties defenders may realize, society is also not ready for “online” to be a police-free environment. Ask a victim of a crime how much they would appreciate it if there is no digital evidence, since big tech succeeded in locking out governments.
These two paragraphs should have upset both sides of the discussion. I previously presented on this subject over at the European Parliament, where this tension was also tangible. This link is incidentally a reasonable introduction to the encryption challenge (has video & text).
On the 24th of June, the European Commission announced a big effort to shake things up, the Roadmap for effective and lawful access to data for law enforcement.
I’ve looked this over, and the proposal appears to be very surveillance happy, but also has soothing sentences on not backdooring all our communications (something various multi-national courts have declared illegal already).
This initiative is spearheaded by DG HOME (law enforcement) and DG CNECT (“Communications Networks, Content and Technology”). This is already bad news, since DG JUST (“Justice, fundamental rights, rule of law”) is apparently not in the lead, which is weird to say the least. I hear they will participate though.
The European Commission has put out a call for experts to advise them on this new roadmap.
I have been told by reliable sources that this is a genuine call. Law enforcement and prosecutors will be sure to send their people to join this expert group.
But technologists and civil society people also need to show up, and I relay the request for those people to please apply. From the announcement:
“The selection shall prioritise experts with technical profiles, coming from either public or private sector, whilst aiming to ensure proportional representation across the following fields of expertise”
So to be clear, they want people that are good at some of these points. You explicitly don’t need to be good at all this:
- Home affairs, ideally with an experience in fighting high-tech crime, and/or a background in the area of decryption and artifact extraction, computer forensics, network forensics, smartphone forensics, cloud forensics, IoT forensics, memory forensics and/or lawful interception;
- Cybersecurity. with diverse backgrounds including but not limited to vulnerability management, evaluation of cybersecurity risks and certification and encryption (including quantum and post-quantum cryptography);
- Telecommunication, including with experience in computer networks/Internet, 5G/6G, IoT, VoIP, Satellite, Quantum communication and/or encrypted communication applications;
- Big data analysis, including with expertise in AI technologies;
- Standardisation, notably in relation with cybersecurity and/or telecommunication technologies, including protocol networks, exchanges of digital data, and lawful interception;
- Justice and fundamental rights, including experience in data protection and privacy, as well as experience in criminal justice, such as cyber-enabled and/or cyber-dependent crimes
Now, I do know quite a few people that could usefully contribute, and help balance out the expert group. The “Terms of Reference” offer a lot of details, including for now that you will not get paid (although they will reimburse travel costs). This is quite ridiculous and stacks the deck in favor of government & law enforcement affiliated experts, since these already get paid to be there. I’ve complained about this, and who knows, it might change.
Applications can be submitted until September 1st, and once installed, the expert group will remain active for a year.
Despite some misgivings above, people I trust tell me participating could make a difference. We absolutely need people there that can explain the mathematical limits on what encryption can do, and also how hard it is in practice to execute complicated key sharing setups while not eventually leaking all those keys somehow.
After some consideration, I personally will not apply, since I am very vocal and like to publish noisy blog posts and do activism in the media. That is probably not compatible with being part of an expert group.
However, since (without bragging) I am objectively an expert in all this, I am very available to explain things to everyone who asks. If you want to join this group, I’m ready to help.
I’d like to reiterate, I do believe the European Commission when they tell me they are looking for actual expertise for this group.
If you are not sure if you should/could join this expert group, feel free to email me over at [email protected] and we can talk.
Good luck!
