EU Proposes Enforcing Data Encryption and Banning Backdoors
The European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs has published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data.
The proposed amendment relates to Article 7 of the EU’s Charter of Fundamental Rights, which says that EU citizens have a right to personal privacy, as well as privacy in their family life and at home. By extension, the “confidentiality and safety” of EU citizens’ electronic communications needs to be “guaranteed” in the same manner.
Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication.
The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and messaging provided through social media.
The regulation states that the disclosure of contents in electronic communications may reveal highly sensitive information about citizens, from personal experiences and emotions to medical conditions, sexual preferences and political views, which could result in personal and social harm, economic loss or embarrassment.
In addition, the committee argues that not only the content of communications needs to be protected, but also the metadata associated with it, including numbers called, websites visited, geographical location, and the time, date, and duration of calls, which might otherwise be used to draw conclusions about the private lives of persons involved.
The regulations would apply to providers of electronic communication services as well as software providers that enable electronic communications and the retrieval of information on the internet. However, the amendment goes further by stating that the use of software backdoors by EU member states should be outlawed.
When encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.
Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
The proposals appear to have been tabled in response to comments made by EU member states such as the U.K., which has argued that encrypted online channels such as WhatsApp and Telegram provide a “safe haven” for terrorists because governments governments and even the companies that host the services cannot read them.
The U.K. home secretary Amber Rudd recently claimed that it is “completely unacceptable” that authorities cannot gain access to messages stored on mobile applications protected by end-to-end encryption. A leaked draft technical paper prepared by the U.K. government was leaked shortly after Rudd’s comments, containing proposals related to the removal of encryption from private communications.
The EU proposals could also put European security policy at odds with federal legislators in the U.S., who recently called on technology companies to compromise the encryption built into their mobile software. Last year, Apple and the FBI were involved in a public dispute over the latter’s demands to provide a backdoor into iPhones, following the December 2015 shooter incidents in San Bernardino.
Apple said the software the FBI asked for could serve as a “master key” able to be used to get information from any iPhone or iPad – including its most recent devices – while the FBI claimed it only wanted access to a single iPhone.
The European Union proposals have to be approved by MEPs and reviewed by the EU council before the amendments can pass. It remains unclear how the laws would apply in the U.K. after Brexit, initial negotiations for which begin on Monday.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Tags: security, European Union, United Kingdom, privacy
Discuss this article in our forums