- November 23, 2020
- Posted by: Stratford Team
- Category: Tech
The EU appears to be laying the groundwork for a move against data that has received end-to-end encryption after a spate of terrorist attacks in Paris, Vienna and Nice.
In a joint statement released earlier this month, home affairs ministers from EU member states called on heads of state to “consider the matter of data encryption so that digital evidence can be lawfully collected and used by the competent authorities.”
The statement comes after several EU internal documents on encryption were leaked. One, originally published by Politico, framed measures against end-to-end encryption as a way to fight child abuse, suggesting “the fight against this type of illegal content has been the least controversial.”
End-to-end encryption is a security tool used by some apps and services — including WhatsApp, Signal and Facebook Messenger — to provide a greater level of privacy.
Messages sent using this tool are encrypted before they leave the sender’s phone or computer, with a key unique to the devices at either end of an exchange. Even if they are intercepted during transmission by a hacker or a government agency, the messages are unreadable, since the only devices able to decode them are those belonging to the sender and the intended recipient.
This secrecy poses a problem for state actors trying to monitor criminal communication: The ability to intercept illicit messages is only useful if you can actually read them.
EU lawmakers have long searched for a fairer balance between privacy and the ability of police agencies to do their jobs, an EU spokesperson told CNBC.
Member states have, on multiple occasions, “called for solutions that allow law enforcement and other competent authorities to gain lawful access to digital evidence, without prohibiting or weakening encryption.”
As set out in July’s Security Union Strategy, the bloc is in favor of an approach which “both maintains the effectiveness of encryption in protecting privacy and security of communications, while also providing an effective response to serious crime and terrorism.”
EU Counter-Terrorism Coordinator Gilles de Kerchove has sought to do this by eschewing a “back-door” approach in favor of what he sees as its “front-door” counterpart, whereby a third party works with, rather than without, the consent of the encryption provider.
Ray Walsh, researcher for privacy education and review site ProPrivacy, says this approach is impossible. “No matter whether you choose to call a purposefully developed secondary access point a ‘front-door’ or a backdoor, the result is the elimination of data ownership and access control which inevitably results in a fundamental vulnerability,” he told CNBC.
“Ministers want to have their cake and eat it, and they don’t seem to understand, or want to acknowledge, that this is impossible and would result in vulnerability by design,” he added.
“If this kind of legislation came to pass it would be hugely detrimental to the general public.”
Alex Clarkson, a lecturer in German and European & international studies at King’s College London, points out that measures like those being discussed have “been an ongoing part of the agenda for governments for a while.”
Both he and Walsh emphasize that they remain mere discussions at this stage.
Clarkson characterizes the proposals as simply “what bureaucracies do,” part of a political “wish list” made up of a whole range of options. “Some parts of these systems will have an impulse towards these things, and another part of the system will check against it, and balance against it,” he said.
“That doesn’t necessarily mean that they choose those options.”
Still, Walsh is wary that the “back-door” approach is up for debate. “This stands to create problems for national security, and for data privacy, without actually reducing the likelihood that criminals will find covert ways to communicate, either through the dark web or via other encrypted means.”
“Being able to communicate freely and privately is a fundamental human right in any free and open society,” he says. “Removing the ability for citizens to share information without being observed will lead to greater levels of self-censorship and the inability for people to exercise freedom of expression.”