It makes sense
The real reason why Theresa May is going to enact Brexit. #snooperscharter
Europe's privacy body has reiterated its pro-privacy, anti-backdoor stance. The European Data Protection Supervisor (EDPS) Giovanni Buttarelli has long expressed the view that “privacy versus security” is a false dichotomy. In 2015, he told a conference in Brussels that “the objective of cyber-security may be misused to …
Let's keep the fingers crossed that this makes it into the laws.
So should we expect separate software releases for the EU market anytime soon? Just as in the times of the Cryptowars (90s), only this time around the EU gets the real encryption and the Anglo-Saxons get the back-doored version. Surely the EU market is large enough to justify a separate version of MS Windows and Android and those companies wouldn't want to be seen violating the laws of the land.
Truly interesting times coming up!
Diversity is a Good Thing.
That includes the sort of diversity that comes from having one jurisdiction where backdoors are specifically prohibited and others where backdoors are either tolerated or required.
That will force software 'engineers' (I'll remove the quotes when the software industry is held to the same standards as civil engineering or another real engineering discipline) to understand crypto and privacy in a way that is currently not necessary. Better understanding can only lead to better implementations.
"When someone builds a bridge, he uses engineers who have been certified as knowing what they are doing. Yet when someone builds you a software program, he has no similar certification, even though your safety may be just as dependent upon that software working as it is upon the bridge supporting your weight.";
and
"There are no standards for computer programmers and no group to certify them."--David L. Parnas
Preliminary opinion on the review of the ePrivacy Directive.. soon to be followed by
First draft on the final opinion review of the ePrivacy directive
Final draft on the review of the ePrivacy directive
Recommendations on the review of the ePrivacy directive
Committee guidelines on the review of the ePrivacy directive..
Long live the EU....
not good news for the UK where the right to a private chat is being eroded
Ah, but here is the fun bit: it means secret surveillance will become problematic if you play your cards right. Post Brexit, all you have to do to protect yourself from wanton mass surveillance (other than volunteering it all to Facebook, Google, Twitter et al, that is) is to ensure your provider is non-UK.
You're still exposed to someone knocking on your door with a warrant (that will be the case in any country), but covert surveillance that is sufficiently legal to stand up in court will be hard to come by without the paper trail left by an extrajudicial request for assistance.
Some predictions before the end of 2016.
- 2016 will see a new cryptographic solution - a truly next-generation system.
- Expect a new simple and information theoretic security "super-cypher" to be introduced to the market, with a solid and simple mathematical proof. The cipher was designed to be compliant with a new "super-security" standard - QC1/AI1 - which assumes that any mathematically complexity-based cipher can be broken within 1 second, and all possible viable residual possible results can be reduce in 1 second using an AI. No amount of computing power can break the cipher.
- Expect mathematical proofs of various exceptions to a number of Shannon's cryptographic rules, or "assumptions". - 1. Perfect secrecy CAN be exceeded using a finite length key, 2. The entropy of a cryptosystem is NOT limited to the key, 3. The strength of the cryptosystem is NOT dependent on an initial key, 4. A one-time pad can be fixed so that it can be used practically.
- Expect shares in security companies to plummet, since they cannot compete with the new solution on cryptographic capability. The age of the "art of cryptography" is over - welcome to the age of the "science of cryptography". There is no point in further development of mathematical complexity based security solutions and quantum encryption, since they cannot compete on costs and cryptographic capability. Indeed, they cannot be guaranteed either.
- Expect a solution to the "user privacy"/"law enforcement" dichotomy. It is possible to have both, where citizens have "unbreakable encryption", and law enforcement has the capability to "police" their internal networks using proper judicial process and oversight.
- Expect government control of networks, with oversight by civil liberty interest groups.
- Expect that there will no longer be a need for "backdoors", since they will not be required.
- Expect an end to current "hacker" related activities - hacking will be a thing of the past.
- Expect an end to email scams, and users to be graded on their behaviour - an internet credit score.
- Expect a revamp of the entire communication network using a solid QC/AI security protocol as a base, with single sign-on, mutually authenticated communication, distributed user control and the interception of encrypted communications being pointless.
- Expect user data to be considered a valuable commodity, such that users will have absolute control over their personal data, demand being paid to watch adverts, and will determine pricing.
- Expect the end of block ciphers and PKI as we currently know it. They were always guaranteed to be broken upon a brute force attack.
- Expect the advent of a world wide voting group, where citizens can vote on issues, whether they be national or international.
- The "internet" is about to be massively disrupted, and most of what we now consider to be "cryptography" is about to be thrown in the bin, since it cannot be trusted, has no absolute proofs behind it, and is not guaranteed by anyone.
- We are returning to "pure cryptography", also known as scientific cryptography. It's inevitable.