In Europe, the concern about the NSA and the “five eyes” countries is becoming more and more serious.
One of the more unusual proposals is to legislate against products that are insecure by design. A group loosely associated with the EU Pirate Parties and the Free Software Foundation proposes:
legislation to upgrade all communication among private citizens to provide necessary technical measures for maintaining an adequate implementation of the Secrecy of Correspondence required by most constitutions and human right charters. The law shall include ways to ensure its correct implementation and a transition path from the existing unencrypted systems
In short, they propose the EU require fairly stringent confidentiality structures from digital communications “appliances”, typically smart phones, but also tablets and computers which have a microphone or earphone included and can install voice-over-IP software.
Looking at the requirements, I know of at least two commercial smart-phones that will pass, plus one open-source one that can meet their standard, which asks that:
All appliances must at the time of acquisition be fully functional and utilize secret communication whenever in exchange with another appliance. This intends
- encrypted end-to-end;
- with perfect forward secrecy;
- with obfuscation of the identity of the involved persons;
- employing uniform sizes of data packets
The appliance must not be able or be enabled to disclose private encryption keys to anyone but its legitimate owner.
and so on, for a set of requirements that provides security over the network between the phones. That significantly limits eavesdropping, and requires court-order surveillance be done at the “end”, on one of the phones, rather than in the middle at a telco or ISP. This is all detailed at http://youbroketheinternet.org/legislation/
The interesting questions this raises aren’t about the technology. Instead, they’re about public policy.
- A dictatorship certainly would not pass such a law. But would a democratic government pass one?
- Indeed, would the EU? It does seem more open to “private members bills” than individual countries.
- How about a democratic government with commitments to the other of the “five eyes” ? Would our duties to our allies constrain us from making confidentiality the law of the land?
- And if passed, would it withstand judicial and constitutional scrutiny?