Re: [Int-koordination] Răsp.: Urgent! Input on digital signatures and encryption needed for Athens Conference this week-end

[Martina Pöser <martina.poeser AT bremen.piratenpartei.de>]

Dear Aelia,

thanks for your quick reply. This seems to me to be a very complicated 
topic (as I'm not very techi-savvy). If in doubt, I'd rather leave it 
out of the Common Programme altogether, then put something stupid in it.

But I will send your message on (I hope that's fine with you) to the 
other parties, so that it may be discussed with your information in mind.

Best regards,

Martina


Am 02.11.2013 11:37, schrieb ANDERSDOTTER Amelia:
> Dear Martina,
> Dear all,
>
> Electronic signatures is a very tricky subject. My recommendation is that you 
> simply call for much better transparency in security issues, rather than 
> promising secure, free certificates to everyone. Transparency, disclosure, 
> liability. See below.
>
> Your basic problem is that Germany, France and some other member states maintain 
> "qualified signature providers" that already fulfill your requirements. 
> Public authorities are mandated by law to use them. They are accessible to citizens and 
> in fact mandatory for German eID through the smartcard system. I have written more on 
> this in Swedish here: 
> https://ameliaandersdotter.eu/2013/10/18/franska-notarier-ar-ocksa-en-intressegrupp
>
> Our biggest problem with these certificates are that it's expensive and 
> difficult to be secure. Compare with the DigiNotar crisis in the Netherlands 
> in 2010, for instance. Transparency, disclosure requirements, et c. All of 
> these things are good and they help push an incentive to take the cost, when 
> that is necessary. State of the art research in the Netherlands even suggests 
> that cheap or free, but crappy, certificates may be perfectly viable in a 
> market situation because normally your https-blog doesn't need top notch 
> security, while your bank maybe does.
>
> We need better liaibility provisions: certificate authorities have to be liable when 
> they do wrong. Right now you can fuck up your routines and your security without 
> carrying any liability for this. When I have asked industry why they feel this is a 
> good idea they say it's "too expensive for them to be responsible if they get 
> pwned". This is obviously ridiculous. But the failings in these systems are 
> well-documented. You can consult writings by Ross Anderson at Cambridge University or 
> Axel Arnbak at Amsterdam university to find out more.
>
> It seems to me that you are also mixing up electronic signatures with radio 
> equipment. You should simultaneously place a demand that no radio equipment 
> (hardware) should be constructed with built in wiretapping features. That 
> would be extremely useful.
>
> I recommend reading Burdens of Proof by Jean-Francois Blanchette at UCLA. 
> It's a very good book on how political and technical naivite conspire in 
> these matters to make things awfully bad.
>
> best regards,
>
> Amelia
> ________________________________________
> De la: BJARNEMALM Mattias
> Trimis: 2 noiembrie 2013 11:14
> Către: ANDERSDOTTER Amelia
> Subiect: FW: Urgent! Input on digital signatures and encryption needed for 
> Athens Conference this week-end
>
> From: Martina Pöser [mailto:martina.poeser AT bremen.piratenpartei.de]
> Sent: 01 November 2013 20:50
> To: teirdes AT gmail.com
> Cc: BJARNEMALM Mattias; anton.nordenfur AT piratpartiet.se; Internationale 
> Koordination; PP-EU Programme development
> Subject: Urgent! Input on digital signatures and encryption needed for Athens 
> Conference this week-end
>
> Dear Amelia,
>
> I have a question for you concerning the Common European Election Programme 
> and the Conference in Athens this week-end.
>
> Mab told me that you are currently working at the EU level on legislation 
> concerning free, legally-binding digital signatures and email encryption for 
> everyone:
>
>
> 1.7.4  Free, Legally-Binding Digital Signatures and E-Mail Encryption for 
> Everyone
> Needs to be rephrased if we want to keep it. I would suggest that you get in 
> touch with our MEP Amelia who is currently working on the EU legislation on 
> this.
>
> Could you help us with a rephrasing of the German proposal on this topic that 
> fits with what's currently going on at the EU level?
>
> Here is our text:
>
> Free, Legally-Binding Digital Signatures and E-Mail Encryption for Everyone
>
> We PIRATES are committed to give every person the ability to encrypt 
> electronic communications for a tap-proof correspondence and to sign 
> digitally in a legally-binding way. To this end encryption technologies need 
> to be legalized in the EU and their use is to be taught and promoted.
>
> This is to ensure that unauthorized third parties (e.g. companies and public 
> authorities) are not able to decrypt the encrypted content. Encryption alone 
> may never justify a “reasonable suspicion” for surveillance measures.
>
> I know this is very late (as I forgot about it last night), but we would 
> really appreciate your input.
>
> Best regards,
>
> Martina (for PP-DE)