[Cryptography] Dutch govt says no to encryption backdoors

Tom Mitchell mitch at niftyegg.com
Mon Jan 4 20:57:21 EST 2016 

On Mon, Jan 4, 2016 at 1:45 PM, Henry Baker <hbaker1 at pipeline.com> wrote:

> FYI -- I don't speak Dutch, and I couldn't even open the .docx file posted
> by the Dutch govt.
>
> If someone here speaks Dutch, perhaps they can comment on what it says.
>
> Alternatively, if someone could just post the ascii text, and I'll see
> what Google Translate can do!
>

Here is Google's Translation.

=====
Government position Encryption
We hereby send you the government's position to about encryption. It
responds to the commitments made during the AO Telecom Council of June
10, 2015 (TK 2014-2015, 21501-33, no. 552) and AO JHA Council on
October 7th, 2015.

Introduction
Encryption, also known as encryption, it is easy to obtain, and
increasingly to use, and thus makes more and more a part of the
regular data traffic. By the government, businesses and citizens are
increasingly used encryption to protect the confidentiality and
integrity of their communications and stored data. This is important
for the confidence of people in digital products and services and for
the Dutch economy in light of the rapidly evolving digital society. At
the same encryption is a barrier to obtaining information necessary
for investigation, intelligence and security services when attackers
(including criminals and terrorists) being involved. The recent
attacks in Paris, where possible use is made of encryption of the
communication by the terrorists, leading to the justified question
what is needed for investigation, intelligence and security services
to provide good visibility and allow keep on attack planning.

To the duality described in the previous paragraph was also heard in
the public debate in recent months about the dilemmas € ™ s around the
use of encryption. Also, the House has spoken on this subject. During
the AO Telecom Council was asked what will the government do to
stimulate strong encryption. In addition, from the House of
Representatives asked to come up with a cabinet position around
encryption.

After that discusses the importance of encryption for the system and
information from the government and companies, and for the
constitutional protection of privacy and the confidentiality of
communications. In addition, the importance of detection of serious
crime and protect national security outlined. Finally came after
weighing the interests to a conclusion.

The Dutch situation can hereby not be seen in isolation from the
international context. Strong encryption software is available
worldwide increasingly or already integrated in products or services.
Given the wide availability and use of advanced encryption techniques
and the transnational nature of the data traffic the prospects for
action at national level is limited.

Importance of encryption for the government, businesses and citizens
Cryptography is a key technical security in the digital domain. Many
cyber security measures in organizations rely heavily on the use of
encryption. The secure storage of passwords, to protect against loss
or theft of laptops and secure storage of backups have been difficult
without the use of encryption. The protection of data transmitted over
the internet, internet banking for example, is only possible by using
encryption. Because of the interconnectedness of systems worldwide
ramifications and different routes that can make communication, the
risk of interception, breach, inspection or modification of
information and communication always present.

The government increasingly digitally communicates with citizens and
providing services involving sensitive data, such as the use of DigiD
or doing tax returns. As stated in the coalition agreement must be
able to fully digital control their public affairs from 2017 citizens
and businesses. The government will have a duty to ensure that these
data are protected against perusal by third parties; Encryption
management is vital. The protection of communication within the
government is dependent on encryption as the security of diplomatic
communications and military communications.

For companies, encryption is essential to keep business information
safe and send. The use of encryption strengthens the international
competitiveness of the Netherlands and contributes to an attractive
business and innovation environment to include startups, data centers
and cloud computing. Confidence in secure communication and data
storage is essential for the (future) growth potential of the Dutch
economy, which is mainly in the digital economy.

Encryption supports the respect of privacy and the confidentiality of
communications with citizens because it provides them a means to
protect the confidentiality and integrity of personal data and
communications. This is also important for the exercise of freedom of
expression. Example, it enables citizens but also professionals with
an important democratic function as journalists, be able to
communicate confidentially.

Encryption therefore proposes all concerned to ensure the
confidentiality and integrity of communications and to protect
themselves better against eg espionage and cyber crime. These are
fundamental rights and freedoms, security and economic interests stand
to benefit.

Encryption and opsporingsâ € "intelligence and security
The competences and resources that the services at their disposal,
must be equipped on the current and future digital reality. With
effective, legitimate access to data encourage investigation,
intelligence and security, the security of the digital and the
physical world. Encryption is where it is used by malicious hinder the
investigation, intelligence and security in accessing that data. For
example, they experience these obstacles when doing research on the
distribution and storage of child pornography, in support of military
missions abroad, countering cyber attacks or when they want to gain
visibility and keep on planning of attacks by terrorists. Criminals,
terrorists and opponents in armed conflict are often aware that they
at some point the attention of the authorities to take and now also
have access to sophisticated encryption methods to avoid difficult or
break. The use of such methods requires little technical knowledge, as
encryption is often an integral part of the Internet services of which
they can also make use of. This makes it difficult, slow, or makes it
impossible (in time) to gain insight into the communication for the
purpose of safeguarding national security and the investigation of
criminal offenses. The research may also hearing and the evidence for
a conviction to be impeded.

The right to respect for privacy and the confidentiality of
communications with citizens
Applying encryption to help citizens as noted earlier, in securing the
privacy and confidentiality of their communications. The
above-mentioned legitimate access to data and communications through
investigation, intelligence and security services constitutes an
infringement of the confidential communications of citizens.

Confidentiality of communication affects the constitutionally
regulated respect for privacy and the right to protection of privacy
of correspondence, telephone and telegraph (hereinafter â € ~It
communicatiegeheimâ € ™). These rights are enshrined respectively in
Article 10 and Article 13 of the Constitution. In addition, these
fundamental rights enshrined in Article 8 ECHR and Articles 7 and 8 EU
Charter (as far as EU law is hit).

The protection of fundamental rights is applicable to the digital
world. The aforementioned grondrechtelijke- and provisions of
international law together provide the framework to counter illegal
infringements. The rights are not absolute, which means that
restrictions are permitted provided they meet the requirements of the
Constitution and the ECHR (and as far as EU law is concerned, the EU
Charter) set. An infringement is permissible if it serves a legitimate
purpose, is regulated by law and the limitation is foreseeable and
known. In addition to the restriction must be necessary in a
democratic society. Finally, it should be proportional to the
infringement, ie the government objective must be proportionate in
relation to the infringement of privacy and / or confidentiality of
communications.

These requirements provide the framework within which the decision can
be made between the interests at stake in encryption, such as the
right to privacy and the confidentiality of communications, public and
national security and preventing criminal offenses. Preceding
assessment framework is to the extent that the special powers of the
intelligence and security concerns, moreover, enshrined in the Law on
Intelligence and Security 2002 (Articles 18 and 31 of the Wiv 2002).
The cooperation obligations decryption included in the Wiv (Articles
24, paragraph and 25, the seventh member of the ISS Act 2002) and the
CCP (Article 126m, sixth paragraph, of the CCP) can be invoked if the
associated special powers are exercised after a consideration in the
above sense.

Balancing and Conclusion
Breaking the encryption is present in fewer cases. Additionally, the
ability to recover data in unencrypted form to a service provider,
less often available. Increasingly, in modern applications of
encryption, the data still in an encrypted form only processed by
service providers. Given the importance of the investigation and
prosecution of criminal offenses and the interests involved in
national security, require these developments to look for new
solutions.

At present, there is no insight into ways in general, for example
through standards, weaken encryption products without thereby the
safety of digital systems that use encryption to compromise. For
example, by introducing a technical input into an encryption product
that can be seen for the prosecution authorities would allow encrypted
files in digital systems can be vulnerable to eg criminals, terrorists
and foreign intelligence services. This could have undesirable
consequences for the security of information communicated and stored,
and the integrity of ICT systems, which are increasingly of importance
for the functioning of the society.

In carrying out their statutory duties are the investigation,
intelligence and security services depends in part on collaboration
with suppliers of ICT products and services. Given this dependence,
requires consultation with service providers on effective provision of
data to use their services by malicious, respecting everyone's role
and responsibilities and legal frameworks.

Given the above considerations, we arrive at the following conclusion:

The government's role is to ensure the safety of the Netherlands and
the offenses to detect. The Cabinet stressed the need for legitimate
access to data and communications. In addition, governments,
businesses and citizens benefit from maximum security of the digital
systems. The government recognizes the importance of strong encryption
for Internet security, to support the protection of the privacy of
citizens, for confidential communication of the government and
companies, and for the Dutch economy.

Therefore, the government believes that it is currently not
appropriate to adopt restrictive legal measures against the
development, availability and use of encryption within the
Netherlands. In the international context, the Netherlands will this
conclusion and the considerations upon which propagate based.
Regarding encouraging strong encryption will give the Minister of
Economic Affairs to follow the intent of the amendment (TK 2015-2016,
34 300 XIII, 10) on the budget of the Ministry of Economic Affairs.





Minister of Security and Justice, Minister for the Economy
																						   	Business,




GA Van der Steur HGJ Kamp





>
>
> http://www.theregister.co.uk/2016/01/04/dutch_government_says_no_to_backdoors/



>
>

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160104/e1b411b8/attachment.html>

More information about the cryptography mailing list