Brexit: Trade agreement contains ‘decades-old’ tech references
Share article:
Share article:

Brexit: Trade agreement contains ‘decades-old’ tech references

© Pxhere

The final agreement that creates the deal that comes into force between the EU and the UK the day after tomorrow took a long time to be negotiated – but not as long as some of the text suggests.

Now it has been revealed, by someone who actually went to the trouble of reading all the way through the 1,200 pages of dense officialese (pdf), that some of the references to technical software give the impression a first draft of the text was written at some point in the early 1990s, more than quarter of a century ago.

The passage in question is tucked away on page 921 of the document, and concerns, of all things, encryption of confidential documents using the open standard s/MIME.

s/MIME functionality is built into the vast majority of modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x and inter-operates among all major email software packages,” the document states.

As the BBC reports, the last major release of Netscape Communicator took place in 1997, and both it and Mozilla Mail are now considered defunct.

The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks, according to those in the know.

It’s clear that something is amiss in the drafting of this treaty, and we’d go so far as to venture the opinion that a tired civil servant simply cut-and-pasted from a late-1990s security document,” according to the tech site Hackaday.

The mistake was outed by Professor Bill Buchanan, an expert in cryptography at Napier University in Edinburgh.

I believe this looks like a standard copy-and-paste of old standards, and with little understanding of the technical details,” he told the BBC. “The text is full of acronyms, and it perhaps needs more of a lay person’s explanation to define the requirements,” he suggested.

Although SHA-1 and 1024-bit RSA “were a good selection a decade or so ago, they are no longer up to modern security standards,” he added.

In the meantime, the text has been approved by the 27 permanent representatives of the member states to the EU, as well as by the British parliament just yesterday, without anyone having spotted anything odd.

The Home Office in London told the BBC the text was more of a legal than an operation or technical document. “We currently use the latest technology to share this data, which is properly protected and in line with the guidance from the National Cyber Security Centre,” a spokesperson said.

So will the lawmakers of Europe now have to dig for ancient software as mandated by treaty?,” wondered Hackaday. “We hope not, as from our reading they are given as examples rather than as directives. We worry however that their agencies might turn out to be as clueless on digital security as evidently the civil servants are, so maybe Verizon Communications, current owners of the Netscape brand, could be in for a few support calls.”

Alan Hope
The Brussels Times

Latest news

Masks reintroduced indoors, teleworking encouraged
Masks will again be mandatory inside shops and other indoor public spaces, Prime Minister Alexander De Croo announced in a press conference on ...
Belgium intends to activate the pandemic law, says Health Minister
"We intend to activate the pandemic law," Public Health Minister Frank Vandenbroucke confirmed on Tuesday in the House committee, ahead of Tuesday's ...
Offers for fake Covid Safe Tickets circulating on social media
As the Covid Safe Ticket (CST) becomes mandatory in many places across Belgium, offers for forgeries are increasingly circulating on social media. ...
EU auditors: More worried about the future budget than about pervasive errors in the 2020 budget
The European Court of Auditors (ECA) have signed off the 2020 EU accounts as giving a true and fair view of the union’s financial position but like ...
Belgium aims to tackle sexual violence with video interrogations
The federal government is looking to tackle sexual violence and increase convictions connected to this crime by relying more heavily on video ...
Duvel celebrates 150th anniversary with special brew in commemorative bottle
Belgium’s Duvel Moortgat Brewery is celebrating its 150th anniversary with the release of a special brew in a commemorative bottle shaped like its ...
Pollution scandal: 3M to show emissions don’t pose risk or halt production
Flanders has ordered American company 3M, involved in a pollution scandal in Antwerp, to prove that emissions linked to its production activities do ...
The Netherlands fears a greater rise in sea levels than forecast
Sea levels could rise by up to two metres by 2100 on the Dutch coastline – far more than previously forecast – according to an announcement from the ...
The Smurfs return to Belgian TV with the first new show since 1989
A new Smurfs show is bringing the characters of Belgium's second-most-famous comic franchise back to the small screen with their first new series, 30 ...
On this day in Brussels: An entrepreneurial journey begins
The Rue Dansaert was just beginning to become trendy when Alain Coumont opened his first bakery here on 26 October 1990. He started by baking big ...
Almost half of Belgian subsidies from EU left unused
Belgium left almost half (49%) of its subsidies allocated by the European Union between 2013 and 2020 unused, the equivalent of around €1.375 ...
Visitors to embark on Orient Express adventure at Brussels exhibition
An exhibition dedicated to the Orient Express – the train that was the scene for many novels, including Agatha Christie's – allows visitors to ...