European Court of Human Rights Rejects Encryption Backdoors

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights:

Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was “necessary” to combat terrorism in a democratic society. To back up this claim, the government pointed to a 2017 terrorist attack that was “coordinated from abroad through secret chats via Telegram.” The government claimed that a second terrorist attack that year was prevented after the government discovered it was being coordinated through Telegram chats.

However, privacy advocates backed up Telegram’s claims that the messaging services couldn’t technically build a backdoor for governments without impacting all its users. They also argued that the threat of mass surveillance could be enough to infringe on human rights. The European Information Society Institute (EISI) and Privacy International told the ECHR that even if governments never used required disclosures to mass surveil citizens, it could have a chilling effect on users’ speech or prompt service providers to issue radical software updates weakening encryption for all users.

In the end, the ECHR concluded that the Telegram user’s rights had been violated, partly due to privacy advocates and international reports that corroborated Telegram’s position that complying with the FSB’s disclosure order would force changes impacting all its users.

The “confidentiality of communications is an essential element of the right to respect for private life and correspondence,” the ECHR’s ruling said. Thus, requiring messages to be decrypted by law enforcement “cannot be regarded as necessary in a democratic society.”

Tags: , , ,

Posted on February 19, 2024 at 11:15 AM21 Comments

Comments

Clive Robinson February 19, 2024 2:24 PM

@ Bruce, ALL,

The one thing not mentioned is the important fact that all the apps etc are “just channels” and as Shannon pointed out channels have redundancy, that is how they carry information.

And as Gus Simmon’s pointed out any channel with redundancy can carry a covert channel.

So any “backdoored channel” can have a non backdoored covert channel within it by which the first and second parties may communicate securely even with a third party looking in via their back door.

The hard part for the first and second communicating parties is,

1, Get sufficient bandwidth,
2, Whilst remaining hidden from the spying third party.

Interestingly as I’ve shown before you can hide a covert channel that has “Perfect Secrecy” inside a “plaintext channel” that is openly visible to all. With a further property that if the second party betrayes to the third party then the first party still retains full deniability if they so wish (as long as they do not add correlation by other activities).

So the question arises as to,

“who is the backdoor there to catch?”

Not terrorists or criminals who can think, and take appropriate protective measurers, that is for sure.

So we can make a not unreasonable assumption it’s to break ordinary peoples “privacy” for some reason.

As noted before effective society requires privacy to move forward and flourish. Thus the intent of putting backdoors in to peoples private communications can be considered as a backwards step for society.

It is something minority religious / conservative / fascist zealots etc desperate to hold society backwards for their benefit alone do.

Such minorities are the sort that in times past were in favour of witch trials as it gave them power over others through fear. Unfortunately we see such minorities trying to gain power in very similar ways today and it is very unhealthy for society.

Jonathan Wilson February 19, 2024 5:16 PM

Be intersting to see what the UK response to this ruling is in light of the backdoor laws they recently passed.

Clive Robinson February 19, 2024 5:28 PM

@ Jonathan Wilson, ALL,

“Be interesting to see what the UK response to this ruling is…”

Based on the current nut-bars in power responses to the UK’s various treaty obligations… I would say they will ignore it or argue it does not apply for some reason.

And yes in the past the nut-bars have tried to conflate the ECHR with the EU as a deliberate ploy pre Brexit etc.

Cyber Hodza February 19, 2024 7:36 PM

Ah, the games we play- as if legislating this will prevent any government from spying on anyone they desire to.
The panopticon has been built and it is here to stay and we are all it’s slaves including those who think they are in charge

Eriadilos February 20, 2024 3:29 AM

@Cyber Hodza
True it won’t prevent them from “spying on anyone they desire to” but it may prevent them from spying on absolutely everyone.

echo February 20, 2024 3:54 AM

Posted on this days ago…

The European Court of Human Rights quite rightly understood the perils of backdoors (and also understand the much broader jurisprudence issues). “Effective remedy” is a thing which is why organsiations and individuals have to be accountable and transparent. It protects us from them. A backdoor is the bad actor equivalent of putting 5 grams of plastic explosive with a remote trigger at the base of your skull.

The removal of the UK from the European Court of Human Rights (which would also require the UK to leave the Council of Europe) is a much publicised end goal of some very cynical and off their trolley bad actors. The far right Christian nationalists in the US want it. So-called “sovereign individuals” and thick as pig@*&% jobbing MP’s in the UK with second jobs lobbying for big money bad actors want it, and Russia wants it. All good reasons NOT to do it.

A potted history of the past 100 years and context:

The problem with the current Tory government (and GOP et al) is the state of where things are now has a long history. You could begin with early 20th Century fascism in the UK and wider Europe, and barons plotting to seize control of the US state around the same time. They there’s Hayek and full fat neo-liberalism and also the creating of the Institute of Economic Affairs in London. In the US you have the Heritage Foundation and in the UK Tufton Street, and all the dark money supporting them and sometimes the same people. The US had the Koch funded “Tea Party” which morphed into MAGA. The UK has Russian corruption right to the top of the Tory party. In the US you had three key problems: A.) removal of truth in media by Reagan B.) Clinton’s “third way” both siding public policy B.) The so-called Brookes Brothers revolution. Newt Gingrich strategy of polarisation and Mitch McConnell’s turbocharging of the filibuster played into all this. In the UK you had a very dodgy Tory election win which ushered in Cameron who A.) Lied about the cause of the financial crash B.) Austerity. C.) Brexit. To say the Johnson through to Sunak regime (and it is a regime not a government) is corrupt, chaotic, and harmful is putting it mildly.

So here we are…

Kemi Badenoch is getting caught in parliament on the record displaying her trademark arrogance and lying over the the Post Office scandal. Other news just dropped from people working on unrelated matters that Badenoch has been caught lying again as what she says in parliament and what FOI’s reveal don’t match up.

Truss (who appointed Badenoch) is trying it on with her “Pop Con” thing and soaking up that lovely Heritage Foundation money and is a darling of CPAC et al.

The psychologically deranged and walking national security disaster Johnson who kicked off the stupid “war on woke” and who appointed Truss before getting kicked out of parliament is now bigging up Trump.

Sunak? He’s an alumni of the far right Policy Exchange based in Tufton Street, a sociopathic banker, and has family connections and business with Modi and Putin. Sunak has gleefully attended conferences with and praised unashamedly far right bad actors, and been chummy with the far right fraud and extremist agitator Farage.

The UK is not as brash as the US nor as obvious as Eastern bloc but don’t be fooled by the Savile row suits and understated politeness and flummery.

https://www.independent.co.uk/news/uk/home-news/anti-abortion-university-manchester-society-b2498465.html

Female students ‘fear for their safety’ as anti-abortion society set up by three men

Over 15,000 people have signed a petition voicing concerns about the new society, which has been allowed to exist due to freedom of speech laws

Well, no. This is not legally correct at all. It’s a management failure by the university and gaps in their policies. Misogyny and bigotry, sadly, have a presence in some universities management, and the kind of culture which led to the closure of the Unilad magazine after one scandal too many continues to appeal to some.

This wheeze is the end product of mostly US based far right activism inserting itself unto UK politics, and a deliberate misreading of tribunal case law (which is none binding) which has been pushed by the Christian Legal Centre which is unethicalnd vexatious and funded by US based far right “Christian” organsiations. They rarely win anything important. Most of their effort is to push a political argument and marketing to shape the public and politicians perception. It’s an attempt to boundary push, escalate, and normalise a far right agenda in universities. This group is a step forward for the broader far right after running a campaign for a few years behind pop hate groups targeting LGBT while masquerading under the label of women’s rights. (The majority of women’s organisations including the Fawcett society and Women’s Institute and LGBT women do not support them.)

And if you think that’s bad I have news of an academic at one university who is peddling racist theories under the guise of “academic freedom” and another who is a fruitloop working for Policy Exchange on the side. That’s not even counting academic bullying and sex abuse scandals.

https://www.pghlesbian.com/2024/02/grieving-nex-benedict-the-brutal-killing-of-16-year-old-nonbinary-student-in-an-oklahoma-high-school/

Nex Benedict (they/them) was a 16-year-old nonbinary youth living in Oklahoma. They endured a reportedly vicious beating in a high school bathroom of Owasso High School, Nex died the next day in the hospital. They were a sophomore. This was February 7 and 8th. Last week, Nex was in high school. This week, they were buried.

If anyone wonders or cares why I’ve been quiet it’s because of this. A child is dead because of the orange *&^% gibbon, Boris Johnson et al, and Putin and all their fluffers and enablers and billionaire social media platform owners and complacent client media and dark money backers.

The international far right get a bounce of each other. In the US states such as Texas and Florida among others have cited UK politicians and cases as justification to push hardline repressive policies. US evangelicals are behind the rights stripping of LGBT people in Uganda and other African states. Hypocrisy and bigotry by the UK government gives chip on shoulder authoritarians in developing countries an excuse.

Transgender people are being used as a wedge which will expand to attack gays and strip women of their self-autonomy. It is a matter of record that Heritage Foundation/ADF aligned bad actors stated that going after gays was too difficult so they would have to go after trans people to break this down. Once they break down law on self-autonomy and belief this creates a gate they can charge through and attack women’s rights. In the US women lost abortion rights. Now they are going after the pill. In the UK there is a similar agenda. I don’t think they care especially. Their goal is to create Freeports/SEZ which will turn the UK into a company town outside the reach of democracy and law and owned by billionaires. The fact some are 1970’s style misogynists and bigots is by the by.

https://www.ohchr.org/en/press-releases/2024/02/israelopt-un-experts-appalled-reported-human-rights-violations-against

Israel/oPt: UN experts appalled by reported human rights violations against Palestinian women and girls

And this is where you end up when human rights law ceases to apply. Whatever my personal politics and beliefs I cling to it as a guiding star. Partisan politics and all the shiny toys and rote learned security babble run a way down the list to this.

Gert-Jan February 20, 2024 7:26 AM

It is definitely the correct decision, if you ask me.

Advocates for backdoor typically play dumb, by claiming that their hands are tied if they can’t have the backdoor. The reality is, that police and intelligence services have an incredible amount of options at their disposal to get the information they want.

The ruling confirms that by default, citizens have a right to privacy in their communications and that external access to it is the exception. Not the other way around. That citizens have to right to chose how they communicate.

We’ll have enough problems with fake news, AI generated junk and other stuff to also worry about this. This allows vendors to keep improving communication tools (including security fixes), and allows us (citizens) to have some amount of trust in our electronic communication.

I was wondering if the context (Human Rights) was correct. But it is. Because any other ruling would basically mean that it would be forbidden for any individual to communicate with another invidivual if that communication doesn’t support every government snooping.

Clive Robinson February 20, 2024 9:16 AM

@ Gert-Jan, ALL,

“Advocates for backdoor typically play dumb, by claiming that their hands are tied if they can’t have the backdoor”

The advocates are of two groups, though telling them apart can sometimes be hard.

They are broadly the “Authoritarians” who are mostly not that successful right wing politicians trying to appear to be “strong-men”, or worse as we see in the UK women spiting nonsense to be seen as “darlings of the right”.

Unfortunately authoritarians believe incorrectly that they “are the masters” of the “Guard Labour” who are assumed to be “ALL” authoritarian followers…

However there is a sub-set of guard labour that see themselves as the head of the dog and the politicians as very definitely the tail, and often they can make that the way. This group take care to keep a low profile, as their way of operating is via “useful idiots” that end up taking the fall…

For this group it’s all about “control by leverage” if they don’t have something over you then they are not happy and will either dig untill they do, or can bury you out of their way.

But they see universal back doors and collect it all etc as the way to gather dirt for future usage, so they have leverage.

They’ve been around longer than Machiavelli and as was noted back then a blade from groin to the pluck –above the gizzard– and then “drawing out” was considered the best way to deal with them[1]. Apparently though such direct methods are no longer approved of these days…

[1] Let’s just say in times past for about a thousand years in Medieval Europe some people had a lot of spare time to be both nasty and entertaining,

https://history.howstuffworks.com/history-vs-myth/hanging-drawing-and-quartering.htm

echo February 20, 2024 9:40 AM

@Andy

Assuming your question isn’t trolling… There were some ECHR/ECJ (I can’t remember which) rulings which said forced mass vaccination programs where 100% lawful if there was a medical necessity. It meant it could be done not it will be done unless there’s a good reason. It basically stops some clown holding up a mass emergency vaccination if, for arguments sake, Ebola became as contagious as the common cold.

I know the world isn’t perfect and some people have their disagreements and there was some very uneven and unfair outcomes for poorer nations but, personally, I feel the Covid vaccine development and vaccination programme is one of the high spots. I have a lot of admiration for Nicola Sturgeon and Jacinda Ardern. Of course, Fauci in the US too. Then there are all the care workers and shop workers and other often minimum wage essential staff who kept the world turning. There are all the families which sacrificed to keep their old parents with dementia, and vulnerable and immunocompromised people safe. The families who played by the rules and couldn’t attend funerals. The medical staff who bravely walked into “hot zones” without PPE to care for patients who had caught Covid before the vaccines were able to fully roll out. The doctors and nurses who came out of retirement and who worked 12 hours shifts. The railway platform attendant who died because she insisted on turning up to do her job because who else would? Lorry drivers. Bus drivers – many without protection. Most of this has been forgotten. It’s just the kind of thing I remember – the unsung heroes who never think of themselves as heroes and never get a medal.

I’m relatively introverted and get off on stories like this so had a pretty good pandemic. God oh mighty. I was cacking it until I got that first jab. For the record I still mitigate which for a woman of a certain age is business as usual, really. I have FFP3 if I need to use public transport like trains (or planes etcetera) or loiter anywhere there is an enclosed population with a risk profile. No big deal. I’d rather look stupid than be dead.

Oh, well. Just the corporate feudal takeover and collapse of the North Atlantic drift to look forward to. That’s going… to… be… fun…

lastoftheV8's February 20, 2024 12:14 PM

Gidday All First up Im not buying into the ‘insert you’re bogeyman here’ crap from those that would have me believe there’s actually a bogeyman out there! this is classic problem, reaction , solution! stuff! geez! im bloody well tired of it too ! OK ill bite! ill even go out on a limb and say ‘watch for more Incoming rhetoric from legislators we all know the drill ‘keeping me safe or something’ while im here what should keep you up at night is (electronic identification, authentication and trust services (eIDAS) Regulations etc,etc that’s where the constructive process should be concentrated! imo everything else is a distraction.

echo February 20, 2024 12:38 PM

https://www.lbc.co.uk/news/cleaner-on-13-hour-fired-after-taking-sandwich-law-firm/

Cleaner on £13/hour ‘fired after taking sandwich left over from meeting’ at law firm that reported £21 million profit

People may wish to take a gentle trot through youtubes discussing yacht ownership and crew talk, and maybe restaurants.

Depending on the owners policy crew can and have been sacked on the spot for talking to an owner or guest without being spoken to first. With others if there’s scraps even of Michelin standard to be had it’s a case of fill your boots. It’s almost always the owner who sets the policy not any external management company although, yes, they do have standards obviously. Crew discipline and safety is a subject all of its own as is international law with respect to dumping crew. Land is obviously different but the general similarities are close enough.

I don’t know who the directors of the cleaning company are but they don’t seem to have anyone on their staff with much household management experience because if they did they would know this and offer this level of bespoke service by default as well as have staff sign the appropriate documents. It’s also 2024. Not 1924. Or are we still white gloving the imaginary specks of dust on top of the door?

Anyone with half a brain lets staff have their treats. For God’s sake they’re paid nothing and it’s better than going in the bin. For the more cynically minded it’s not as if they will be sticking USB’s or the silver in between the ham and lettuce, and that £3.99 sandwich is a lot cheaper than paying for a superinjunction if they go on a tell all to the tabloids or start blabbing about where your wall safe is.

Cleaners are mums and dads. Somebody’s son or daughter. They’re human too. Some may be better qualified than you and they’re not asking a lot! Just some respect. Punch up not down.

JonKnowsNothing February 20, 2024 3:23 PM

@echo, All

re: Bonded Trust Failures

While it is easy to sympathize with the situation, it does bring up some larger issues of workplace practice and outsourced employees.

It’s not all that clear exactly what happened or why it happened at all.

RL tl;dr

Silicon Valley Startups often feed the crew to keep them at their desks longer.

They know that if the crew goes out to lunch it will be ~2hrs of lost labor. If they go out to dinner, many will go home instead of working an extra 4-6 hours in the office.

The free burritos keep them happy and sitting in front of the monitor. It also makes the crew feel “special” aka We get a Free Lunch! Which is 6-8 hours of free labor for a $2 burrito.

No one bothers if the late workers or night crew(s) take the left over burritos home.

So what was the real problem and if the burritos were that important how come they were not locked up?

In the cleaning services it is highly important that the crew does nothing and touches nothing that might be damaged or lost when they come into a building or home. People have all sorts of stuff laying around and the crew is supposed to Not Look and Don’t Touch. It’s the same with any other service personnel like those that come to fix the copier (again).

There is an old parable about the rich man leaving jewels on a dresser.

  • A rich man left jewels on a dresser. For years the servant never touched them. Then one day, the servant takes one. The wealthy man complains about the dishonesty of the servant. The judge admonishes the wealthy man for tempting the servant saying that the servant was honest all of those years. The wealthy man was at fault for placing the temptation in the path of an honest man.

An old UK movie showed what happens if you don’t keep temptation out of the waste baskets.

  • Ladezudu Ltd (1)

Maybe the lady will go into the sandwich business with a

  • “Clean-Up Tuna Sand on a Legal-Beagle Roll”

===

1)

ht tps://e n.wiki pedia.org/wiki/Ladies_Who_Do

  • Ladies Who Do is a 1963 British comedy film

Mrs. Cragg works as a charwoman for retired Colonel Whitforth and as a cleaner at an office block in London. It is whilst doing her office cleaning that she retrieves a cigar discarded by financier James Ryder as a gift for the Colonel, wrapping it in a scrap of paper.

The Colonel discovers that the scrap of paper is actually a telegram containing details about a City takeover bid that has fallen through.

* He uses this insider information to make £5,000 on the stock exchange, which he offers to share equally with Mrs. Cragg.

Clive Robinson February 20, 2024 7:55 PM

@ JonKnowsNothing,

“It’s not all that clear exactly what happened or why it happened at all.”

It’s been reported in other places,

1, She is taking her employer not the legal firm to court.

2, She was contracted out to the law firm by her employer. At the law firm they held an event that had apparently quite a large quantity of food left over. Rather than have it thrown away a member of the law firm invited all present to help themselves, the cleaner was present and she was included in the group invited to help themselves.

3, Her employer dismissed her for what he claimed at the time was theft.

4, The law firm on hearing about this contacted the employer and said that the employee had not stolen the food and should not be sacked.

5, The employer decided for his own personal reasons that he would not take notice of the law firm.

Now the employer under UK law is on a bit of a sticky wicket because he will have to prove his behaviour was not just lawful –which is doubtful– but further his behaviour was impartial –which it appears is not the case– and there are a number of other hurdles he has to clear.

No doubt he will get another firm of lawyers and will concoct a story to say that he did not sack her for stealing what was essentially a gift, but for something else, such as the time it took her to eat the sandwich or some other arm-wavery. It’s arguable either way, that the gift of the sandwich included the time to eat it, if the law firm says they were happy for her to eat the sandwich on the time they were paying for her services, then her employer is stuffed (London Transport for political reasons sacked a train cleaner who having done what she was there to do discovered she was locked in the train, having no way to raise a call for help she sat down to wait, she was sacked because she sat down… If it sounds like a setup it almost certainly was).

Personally I hope when it gets to be heard the employer gets found guilty and he gets made to pay not just her but her legal expenses as well and has to clear her name officially.

I’ve seen this sort of nonsense before and I would suggest that there is a probability he sacked her because he knew he could easily replace her with someone less expensive.

To say what might happen when the Courts and Tribunal service hear the case is dependent on things we don’t currently know, such as how she came to be in his employment (such as a Transfer of Undertakings, https://www.acas.org.uk/tupe or similar).

[1] You can look up more on today’s Metro Website, the copy in print I have not just names the employer but has a picture of him lying with his legs spread, in an unedifying and not what you would want to see pose taking his pleasure on an inflatable. Where they got it I don’t know but it’s likely he will be the butt of several “Cosmo Small-piece” and “michelin man” and similar derisory jokes.

John Doe March 15, 2024 7:05 AM

I’m curious to know if the ECHR’s decision would’ve been different if it was a more democratic government clamoring for backdoors…

Clive Robinson March 15, 2024 7:46 AM

John Doe,

“I’m curious to know if the ECHR’s decision would’ve been different if it was a more democratic government clamoring for backdoors…”

We won’t know now, but I suspect not.

The case for putting backdoors in E2EE is extremely weak based on available evidence.

Worse it can be proved mathematically beyond all doubt that a user with just pencil and paper can send encrypted messages that are,

1, Not possible for 3rd party to break.
2, Not possible for 3rd party to prove are being sent.

The first is due to Claude Shannon’s “perfect secrecy” from the 1940’s

The second based on Claude Shannon’s proofs on information communication is the generalisation of Gus Simmons’ proof that covert channels to carry information can exist in any existing communications channel and that it would be impossible to distinguish let alone prove they are in use.

So “criminals” could happily communicate via any channel no matter how heavily monitored or backdoored it is by a “man in the middle” 3rd party entity.

Worse as I’ve shown in the past, if the 1st Party takes reasonable care, they can protect themselves from betrayal by the 2nd Party to any 3rd party.

That is even if the 3rd Party records the 1st Party sending a message, and the second party hands over the key, code book and plaintext, the 1st Party still has several layers of deniability.

But… If you flip the coin, what about the recognised harms of “universal surveillance” it’s not just the 1948 fiction of George Orwell firmly based on factual observations during WWII. It’s actual proof of the harms caused to hundreds of millions of people under the CCCP regime before, during and after WWII and is still happening and likely to continue well into the future.

The ECHR judges on simple balance of probability can see that the right to privacy is an absolutely essential foundation for a democratic society to exist.

So they went with that very very rare commodity especially in authoritarian corridors of power “Common Sense”.

But do not think in any way this battle is over, it’s not. Because unlike the ordinary citizen who faces significant sanction and loss if they loose in judicial proceedings, those desiring of such legislation or regulation suffer no loss, in fact they actually are likely to benefit personally quite extensively from the tax payers pocket.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.