Google translate (more info in English -- the note itself -- is linked in the article as [PDF], link at the bottom):
The terrorist attack is followed by an EU ban on encryption
In the EU Council of Ministers, a resolution was made ready within five days, obliging platform operators such as WhatsApp, Signal and Co to create master keys for monitoring E2E-encrypted chats and messages.
Share on Facebook Share on Twitter
From Erich Moechel
The terrorist attack in Vienna is used in the EU Council of Ministers to enforce a ban on secure encryption for services such as WhatsApp, Signal and many others in the rapid-boiling process. This emerges from an internal document dated November 6th from the German Council Presidency to the delegations of the member states in the Council, which ORF.at has received.
This should now be understood under the "further steps against terrorism" that French President Emmanuel Macron wants to discuss with Federal Chancellor Sebastian Kurz (ÖVP) in a video conference at the beginning of the week. The resolution has already been agreed to such an extent that it can be passed in the video conference of the interior and justice ministers at the beginning of December without further discussion.
text
<<picture: screenshot of a note from "presidency" to "delegations". Higlighted portion is "Draft Council Resolution on encryption - Security trough encryption and security despite encryption">>
On the right are the council working groups to which this text was sent, the first revised version of which was apparently ready on Friday. As is customary in the Council of Ministers, the document was classified as a "limit". As for this reason it is nowhere available to the public apart from the Council, it is made available here. [PDF]
The final trialogue negotiations on the regulation against terrorism are currently underway in Brussels. The sticking point here are the planned upload filters for relevant videos .
Analogies to data retention
Macron's visit, originally planned for the beginning of next week, turned into a video conference “to fight Islamist terrorism” due to the pandemic. In addition, the EU Council President Charles Michel is due to visit Vienna on Monday, who will also hold talks with Chancellor Kurz. In addition, European Minister Karoline Edtstadler (ÖVP) welcomes the French Secretary of State for Europe, Clement Beaune, to the Federal Chancellery. Of course, it is not just about expressing condolences.
In the meantime it is becoming increasingly clear that apparently hair-raising investigative errors in the BVT made the attack possible in the first place and not a lack of digital surveillance powers. However, whether there is any such connection to the act is irrelevant. In Brussels, such an occasion has been abused for 25 years with disdainful regularity to implement surveillance projects that have long been planned. In this way, the data retention, which had been controversial in the EU for five years after the train attacks in Madrid (2004) and London by Islamists (2005), was channeled through the Council of Ministers and Parliament.
text
<<picture: screenshot from the note pdf: Protecting the privacy and security of communications through encryption and at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes infighting serious and/or organized crimes and terrorism, including in the digital world, are extremely important. Any actions taken have to balance these interests carefully.>>
The latest changes (bold and underlined) show which formulations were complained about in the text by individual member states. “Terrorism” and an inconspicuous change in the wording were added last. Instead of the usual “law enforcement” in all documents since 1995, the term “competent authorities” is now consistently used. Who is meant by this is below.
Farewell without further discussion
According to the document - any final objections are requested - this resolution of the Council of Ministers is not only almost completely formulated. It has apparently already been voted on in the Council. On November 19, it is to be adopted by the Council Working Group on Cooperation in the National Security Sector (COSI), and on 25th it is planned to be presented to the Council of Permanent Representatives of the EU Member States (COREPER). There, the council resolution already has the status of an I-item, so it can pass without further discussion.
The decision will then be celebrated in a virtual meeting of the Council of Interior and Justice Ministers planned for the beginning of December. What will follow is clear, namely an order from the Council of Ministers to the EU Commission to draw up a draft regulation, which will then go through the usual procedure by Parliament and the Council. In view of the apparent unanimity, however, it would be possible in the Council of Ministers to implement the planned regulation in its core even without the involvement of Parliament. That has already been done in connection with surveillance. For example, the famous decision in the Council's Fisheries Committee of 1995 to monitor the then new GSM networks was carried through as an A-Item (decided matter), of which the EU Parliament only became aware after it came into force in 1996.
text
<<picture, highlighted text it "Enable law enforcement access to content in a readable and usable format where an authorization is lawfully issues>>
This passage looks confusingly similar to the EU Council of Ministers decision, but does not come from Europe. Rather, it can be found in a resolution by the interior and justice ministers from the “Five Eyes” states, dated October 11th. In addition to Europol and various European services, the espionage alliance is one of the driving forces behind the current resolution of the Council of Ministers.
Driving forces in the background
The presentation of the “moderate suggestions” by the GCHQ for duplicate keys at the end of 2018 was still met with heavy criticism
France has been promoting the action against secure encryption on platforms such as WhatsApp, originally initiated by Great Britain, throughout the year at EU level. The ground for this has been prepared since 2015 in a whole series of campaigns that were run alternately by Europol and FBI or the services of the “Five Eyes” espionage alliance and the responsible ministers. It was only at the beginning of October that the interior ministers of these five countries - Great Britain, USA, Australia, New Zealand and Canada - asked the Internet companies again to equip their IT networks with back doors for law enforcement officers.
They were seconded by their counterparts in Japan and India. Why the secret service alliance has so conspicuously worried about the unfortunate prosecutors for years is actually self-explanatory. They are the remaining “Competent Authorities” that will also be granted access.
"Competent Authorities" send their regards
According to further information available from ORF.at, the monitoring method “Exceptional Access” should be selected, which is already indirectly evident from this non-technical resolution text. The one from the British “National Cyber Security Center” (NCSC) was selected from eight possible model proposals, all of which stem from technical scenarios from various secret services. The NCSC is a division of the British military intelligence service GCHQ. Platform operators such as WhatsApp, Signal and Co, who all use E2E encryption, are to be obliged to create and store additional master keys.
Sketches from documents
<<picture: graph showing messages transiting on an "ESP server" before reaching the target device>>
Here a duplicate key for third parties is smuggled into the encryption process of two chat participants, it is the "Exceptional Access" method of the GCHQ. Like all other variants contained in this document, this has nothing to do with secure encryption, it is simply different types of "man-in-the-middle" attacks on secure communication. The study was carried out on behalf of the German Council Presidency and published in August by the specialist magazine Politico .
These are the “competent authorities”: GCHQ, DGSE, BND, etc. whose vacuum cleaner methods on the glass fibers bring in less and less processable data due to increasing transport encryption. In order to avert this threatening data poverty, general keys have now been requested and it looks like this will also be approved in the council. Then the BVT, which does not even manage to eliminate a terrorist who is served twice on a silver platter by two other services, will not be able to investigate in future even in chat histories for weeks.
The terrorist attack is followed by an EU ban on encryption
In the EU Council of Ministers, a resolution was made ready within five days, obliging platform operators such as WhatsApp, Signal and Co to create master keys for monitoring E2E-encrypted chats and messages. Share on Facebook Share on Twitter
From Erich Moechel
The terrorist attack in Vienna is used in the EU Council of Ministers to enforce a ban on secure encryption for services such as WhatsApp, Signal and many others in the rapid-boiling process. This emerges from an internal document dated November 6th from the German Council Presidency to the delegations of the member states in the Council, which ORF.at has received.
This should now be understood under the "further steps against terrorism" that French President Emmanuel Macron wants to discuss with Federal Chancellor Sebastian Kurz (ÖVP) in a video conference at the beginning of the week. The resolution has already been agreed to such an extent that it can be passed in the video conference of the interior and justice ministers at the beginning of December without further discussion. text
<<picture: screenshot of a note from "presidency" to "delegations". Higlighted portion is "Draft Council Resolution on encryption - Security trough encryption and security despite encryption">>
On the right are the council working groups to which this text was sent, the first revised version of which was apparently ready on Friday. As is customary in the Council of Ministers, the document was classified as a "limit". As for this reason it is nowhere available to the public apart from the Council, it is made available here. [PDF]
The final trialogue negotiations on the regulation against terrorism are currently underway in Brussels. The sticking point here are the planned upload filters for relevant videos . Analogies to data retention
Macron's visit, originally planned for the beginning of next week, turned into a video conference “to fight Islamist terrorism” due to the pandemic. In addition, the EU Council President Charles Michel is due to visit Vienna on Monday, who will also hold talks with Chancellor Kurz. In addition, European Minister Karoline Edtstadler (ÖVP) welcomes the French Secretary of State for Europe, Clement Beaune, to the Federal Chancellery. Of course, it is not just about expressing condolences.
In the meantime it is becoming increasingly clear that apparently hair-raising investigative errors in the BVT made the attack possible in the first place and not a lack of digital surveillance powers. However, whether there is any such connection to the act is irrelevant. In Brussels, such an occasion has been abused for 25 years with disdainful regularity to implement surveillance projects that have long been planned. In this way, the data retention, which had been controversial in the EU for five years after the train attacks in Madrid (2004) and London by Islamists (2005), was channeled through the Council of Ministers and Parliament. text
<<picture: screenshot from the note pdf: Protecting the privacy and security of communications through encryption and at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes infighting serious and/or organized crimes and terrorism, including in the digital world, are extremely important. Any actions taken have to balance these interests carefully.>>
The latest changes (bold and underlined) show which formulations were complained about in the text by individual member states. “Terrorism” and an inconspicuous change in the wording were added last. Instead of the usual “law enforcement” in all documents since 1995, the term “competent authorities” is now consistently used. Who is meant by this is below. Farewell without further discussion
According to the document - any final objections are requested - this resolution of the Council of Ministers is not only almost completely formulated. It has apparently already been voted on in the Council. On November 19, it is to be adopted by the Council Working Group on Cooperation in the National Security Sector (COSI), and on 25th it is planned to be presented to the Council of Permanent Representatives of the EU Member States (COREPER). There, the council resolution already has the status of an I-item, so it can pass without further discussion.
The decision will then be celebrated in a virtual meeting of the Council of Interior and Justice Ministers planned for the beginning of December. What will follow is clear, namely an order from the Council of Ministers to the EU Commission to draw up a draft regulation, which will then go through the usual procedure by Parliament and the Council. In view of the apparent unanimity, however, it would be possible in the Council of Ministers to implement the planned regulation in its core even without the involvement of Parliament. That has already been done in connection with surveillance. For example, the famous decision in the Council's Fisheries Committee of 1995 to monitor the then new GSM networks was carried through as an A-Item (decided matter), of which the EU Parliament only became aware after it came into force in 1996. text
<<picture, highlighted text it "Enable law enforcement access to content in a readable and usable format where an authorization is lawfully issues>>
This passage looks confusingly similar to the EU Council of Ministers decision, but does not come from Europe. Rather, it can be found in a resolution by the interior and justice ministers from the “Five Eyes” states, dated October 11th. In addition to Europol and various European services, the espionage alliance is one of the driving forces behind the current resolution of the Council of Ministers. Driving forces in the background
The presentation of the “moderate suggestions” by the GCHQ for duplicate keys at the end of 2018 was still met with heavy criticism
France has been promoting the action against secure encryption on platforms such as WhatsApp, originally initiated by Great Britain, throughout the year at EU level. The ground for this has been prepared since 2015 in a whole series of campaigns that were run alternately by Europol and FBI or the services of the “Five Eyes” espionage alliance and the responsible ministers. It was only at the beginning of October that the interior ministers of these five countries - Great Britain, USA, Australia, New Zealand and Canada - asked the Internet companies again to equip their IT networks with back doors for law enforcement officers.
They were seconded by their counterparts in Japan and India. Why the secret service alliance has so conspicuously worried about the unfortunate prosecutors for years is actually self-explanatory. They are the remaining “Competent Authorities” that will also be granted access. "Competent Authorities" send their regards
According to further information available from ORF.at, the monitoring method “Exceptional Access” should be selected, which is already indirectly evident from this non-technical resolution text. The one from the British “National Cyber Security Center” (NCSC) was selected from eight possible model proposals, all of which stem from technical scenarios from various secret services. The NCSC is a division of the British military intelligence service GCHQ. Platform operators such as WhatsApp, Signal and Co, who all use E2E encryption, are to be obliged to create and store additional master keys. Sketches from documents
<<picture: graph showing messages transiting on an "ESP server" before reaching the target device>>
Here a duplicate key for third parties is smuggled into the encryption process of two chat participants, it is the "Exceptional Access" method of the GCHQ. Like all other variants contained in this document, this has nothing to do with secure encryption, it is simply different types of "man-in-the-middle" attacks on secure communication. The study was carried out on behalf of the German Council Presidency and published in August by the specialist magazine Politico .
These are the “competent authorities”: GCHQ, DGSE, BND, etc. whose vacuum cleaner methods on the glass fibers bring in less and less processable data due to increasing transport encryption. In order to avert this threatening data poverty, general keys have now been requested and it looks like this will also be approved in the council. Then the BVT, which does not even manage to eliminate a terrorist who is served twice on a silver platter by two other services, will not be able to investigate in future even in chat histories for weeks.
Published on 11/08/2020
[PDF]: https://files.orf.at/vietnam2/files/fm4/202045/783284_fh_st1...