SoylentNews is people
SoylentNews
Submission Preview
European Privacy Body Slams Shut Backdoors Everywhere
Story automatically generated by StoryBot Version 0.1.0a (Development).
Note: This is the complete story and will need further editing. It may also be covered by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.
FeedSource: [TheRegister] collected from rss-bot logs
Time: 2016-07-26 05:05:59 UTC
Original URL: http://www.theregister.co.uk/2016/07/26/edps_wants_to_slam_shut_backdoors_everywhere/ [theregister.co.uk]
Title: European privacy body slams shut backdoors everywhere
Suggested Topics by Probability (Experimental) : 18.3 science 15.0 hardware 15.0 business 13.3 digiliberty 10.0 OS 8.3 mobile 5.0 security 5.0 code 3.3 techonomics 1.7 technomics 1.7 careersedu 1.7 careers 1.7 breaking
--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---
European privacy body slams shut backdoors everywhere
Arthur T Knackerbracket has found the following story [theregister.co.uk]:
Europe's privacy body has reiterated its pro-privacy, anti-backdoor stance.
The European Data Protection Supervisor (EDPS) Giovanni Buttarelli has long expressed the view that “privacy versus security” is a false dichotomy. In 2015, he told a conference [theregister.co.uk] in Brussels that “the objective of cyber-security may be misused to justify measures which weaken protection of [data protection] rights”.
He's now issued a much longer dissertation on the topic, the Preliminary EDPS Opinion on the review of the ePrivacy Directive, here (PDF) [europa.eu].
The ePrivacy framework needs to be extended, the opinion states, it needs to be clarified, and it needs better enforcement.
The document also says the emergence of new services since the directive was first issued means it needs a thorough update. For example, Buttarelli's document states that there's a danger that new services erode privacy protections even though they're “functionally equivalent” to existing services.
For example, he writes, VoIP services should afford users the same privacy protection as traditional phone services, as should mobile messaging apps.
Likewise, he highlights the risk that the Internet of Things erodes privacy because the directive doesn't pay enough attention to machine-to-machine communications.
On encryption, Buttarelli is unequivocal:
The prohibition on backdoors would be universal, the EDPS writes: encryption providers, communication service providers, and “all other organisations (at all levels of the supply chain)” should be prohibited from “allowing or facilitating” backdoors.
On the matter of protecting citizens' communications security, the EDPS's utterances might give pause to the tech industry, since they suggest better regulation of the security of everything from networks to endpoints to operating systems.
Carriers might fail at network security, but there's at least a consensus in the telco sector that networks should be secure.
Modem vendors, on the other hand, repeatedly exhibit a lax attitude to security, so they might be chilled at the thought that the EDPS is considering extending “security requirements to reinforce coverage of software used in combination with the provision of a communication service, such as the operating systems embedded in terminal equipment”.
Ditto IoT vendors, who aren't merely lax about privacy, they're hostile to it, since gathering user data is fundamental to the business model: wearable computing, home automation, and vehicles should also be covered, Buttarelli writes.
Other high points of the document include:
- Cookies – While a first-party analytics cookie is one thing, the EDPS is against the practice of forcing users to consent to third-party trackers to access content: "the EDPS recommends that legislators consider a complete or at least a partial ban on the so-called 'cookie walls'."
- Consent – Citizens deserve better and simpler consent mechanisms, particularly given the opportunities new technologies like smartphones and IoT devices offer for tracking.
