top | item 39370572

(no title)

Quanttek | 2 years ago

Yes, that is very true. The Court generally does not oppose surveillance measures in general, as long as adequate safeguards are in place. However, I read the relevant paragraphs (paras 76-79) to be quite a strong rejection of any statutory obligation that would effectively require the installation of a backdoor undermining E2EE. The criticism of a lack of adequate safeguards and the risk of abuse is more focused on other aspects of the law.

That also becomes clear in the key paragraph 80: "The Court concludes from the foregoing that the contested legislation providing for the retention of all Internet communications of all users, the security services’ direct access to the data stored _without adequate safeguards against abuse_ and the _requirement to decrypt encrypted communications_, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society"

The Court does not qualify the requirement to decrypt E2EE communications with the same safeguards requirements. That of course does not exclude the possibility of the Court finding that a more narrowly-construed law is not in violation. But the Court clearly signals its skepticism towards any "requirement that providers of such services weaken the encryption mechanism for all users" (para 79).

discuss

bondarchuk|2 years ago

Yes, this was a problem all along with arguments against surveillance (/encryption weakening) based on "it can be abused by bad actors" - it implies that one would be ok with surveillance if it could not be abused by bad actors. While it's tempting to use such arguments (it looks like they had effect in this case at least) it remains necessary to emphasize the true reasons one takes a stand against surveillance e.g. authoritarian overreach or a fundamental right to privacy.

Karellen|2 years ago

Do you think that phone taps and mail-opening warrants, issued by judges, based on evidence submitted to the court that such warrants are appropriately targetted and based on existing evidence and reasonable suspicion, are intrinsically "authoritarian overreach"?