Zum Inhalt springen.
Sympa Menü

int-koordination - Re: [Int-koordination] Răsp.: Urgent! Input on digital signatures and encryption needed for Athens Conference this week-end

int-koordination AT lists.piratenpartei.de

Betreff: Internationale Koordination

Listenarchiv

Re: [Int-koordination] Răsp.: Urgent! Input on digital signatures and encryption needed for Athens Conference this week-end


Chronologisch Thread 
  • From: Martina Pöser <martina.poeser AT bremen.piratenpartei.de>
  • To: ANDERSDOTTER Amelia <amelia.andersdotter AT europarl.europa.eu>, BJARNEMALM Mattias <mattias.bjarnemalm AT europarl.europa.eu>
  • Cc: PP-EU Programme development <pp-eu.programme AT lists.pp-international.net>, "anton.nordenfur AT piratpartiet.se" <anton.nordenfur AT piratpartiet.se>, Internationale Koordination <int-koordination AT lists.piratenpartei.de>
  • Subject: Re: [Int-koordination] Răsp.: Urgent! Input on digital signatures and encryption needed for Athens Conference this week-end
  • Date: Sat, 02 Nov 2013 12:19:07 +0100
  • List-archive: <https://service.piratenpartei.de/pipermail/int-koordination>
  • List-id: Internationale Koordination <int-koordination.lists.piratenpartei.de>

Dear Aelia,

thanks for your quick reply. This seems to me to be a very complicated topic (as I'm not very techi-savvy). If in doubt, I'd rather leave it out of the Common Programme altogether, then put something stupid in it.

But I will send your message on (I hope that's fine with you) to the other parties, so that it may be discussed with your information in mind.

Best regards,

Martina


Am 02.11.2013 11:37, schrieb ANDERSDOTTER Amelia:
Dear Martina,
Dear all,

Electronic signatures is a very tricky subject. My recommendation is that you
simply call for much better transparency in security issues, rather than
promising secure, free certificates to everyone. Transparency, disclosure,
liability. See below.

Your basic problem is that Germany, France and some other member states maintain
"qualified signature providers" that already fulfill your requirements.
Public authorities are mandated by law to use them. They are accessible to citizens and
in fact mandatory for German eID through the smartcard system. I have written more on
this in Swedish here:
https://ameliaandersdotter.eu/2013/10/18/franska-notarier-ar-ocksa-en-intressegrupp

Our biggest problem with these certificates are that it's expensive and
difficult to be secure. Compare with the DigiNotar crisis in the Netherlands
in 2010, for instance. Transparency, disclosure requirements, et c. All of
these things are good and they help push an incentive to take the cost, when
that is necessary. State of the art research in the Netherlands even suggests
that cheap or free, but crappy, certificates may be perfectly viable in a
market situation because normally your https-blog doesn't need top notch
security, while your bank maybe does.

We need better liaibility provisions: certificate authorities have to be liable when
they do wrong. Right now you can fuck up your routines and your security without
carrying any liability for this. When I have asked industry why they feel this is a
good idea they say it's "too expensive for them to be responsible if they get
pwned". This is obviously ridiculous. But the failings in these systems are
well-documented. You can consult writings by Ross Anderson at Cambridge University or
Axel Arnbak at Amsterdam university to find out more.

It seems to me that you are also mixing up electronic signatures with radio
equipment. You should simultaneously place a demand that no radio equipment
(hardware) should be constructed with built in wiretapping features. That
would be extremely useful.

I recommend reading Burdens of Proof by Jean-Francois Blanchette at UCLA.
It's a very good book on how political and technical naivite conspire in
these matters to make things awfully bad.

best regards,

Amelia
________________________________________
De la: BJARNEMALM Mattias
Trimis: 2 noiembrie 2013 11:14
Către: ANDERSDOTTER Amelia
Subiect: FW: Urgent! Input on digital signatures and encryption needed for
Athens Conference this week-end

From: Martina Pöser [mailto:martina.poeser AT bremen.piratenpartei.de]
Sent: 01 November 2013 20:50
To: teirdes AT gmail.com
Cc: BJARNEMALM Mattias; anton.nordenfur AT piratpartiet.se; Internationale
Koordination; PP-EU Programme development
Subject: Urgent! Input on digital signatures and encryption needed for Athens
Conference this week-end

Dear Amelia,

I have a question for you concerning the Common European Election Programme
and the Conference in Athens this week-end.

Mab told me that you are currently working at the EU level on legislation
concerning free, legally-binding digital signatures and email encryption for
everyone:


1.7.4 Free, Legally-Binding Digital Signatures and E-Mail Encryption for
Everyone
Needs to be rephrased if we want to keep it. I would suggest that you get in
touch with our MEP Amelia who is currently working on the EU legislation on
this.

Could you help us with a rephrasing of the German proposal on this topic that
fits with what's currently going on at the EU level?

Here is our text:

Free, Legally-Binding Digital Signatures and E-Mail Encryption for Everyone

We PIRATES are committed to give every person the ability to encrypt
electronic communications for a tap-proof correspondence and to sign
digitally in a legally-binding way. To this end encryption technologies need
to be legalized in the EU and their use is to be taught and promoted.

This is to ensure that unauthorized third parties (e.g. companies and public
authorities) are not able to decrypt the encrypted content. Encryption alone
may never justify a “reasonable suspicion” for surveillance measures.

I know this is very late (as I forgot about it last night), but we would
really appreciate your input.

Best regards,

Martina (for PP-DE)





Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang