European authorities are preparing legislation that would give them access to encrypted data on consumer devices and services, Politico reports. But to implement this initiative, they will have to confront numerous human rights organizations defending the right of citizens to privacy.
Image source: Antoine Schibler / unsplash.com
For months now, youth gangs with a history of serious crime have been wreaking havoc in Sweden and Denmark. But the chaos is not just coming from criminal groups, but also from smartphones, says Danish Justice Minister Peter Hummelgaard. Digital technologies with encryption capabilities “have made it much easier for criminals to reach a wider audience and coordinate their actions in real time,” the official says. Law enforcement agencies in Europe are increasingly viewing end-to-end encryption, the foundation of private and secure communications, as the enemy. “Without legal access to encrypted communications, law enforcement is fighting crime blind,” complained Europol spokesman Jan Op Gen Oorth.
Several countries have already drafted national laws to combat encryption technologies. In France, there is a draft law to combat drug trafficking; in Northern Europe, authorities are pressuring tech companies; the Spanish government is openly stating its intention to ban encryption; the UK government is fighting Apple in court over the right to access user data stored in the cloud. In the EU, a draft regional law on child abuse material is being discussed, which would require content on devices to be checked locally before being sent to encrypted systems.
But the EU authorities do not intend to stop there. Earlier this month, the European Commission adopted a new internal security strategy, which outlines plans to create a “legal and effective” mechanism for accessing data for law enforcement agencies, as well as to find technological solutions for accessing encrypted information. The agency announced its intention to begin work on a new data retention law, which would define the types of data that messaging services like WhatsApp must store and for how long. The previous data retention law was overturned by the EU’s top court in 2014, when it concluded that the document violated citizens’ rights to privacy.
By starting to work on encryption, European authorities are heading for a major standoff with a powerful political coalition of privacy activists, cybersecurity experts, intelligence agencies and governments that put citizens’ privacy above the needs of law enforcement.
The administration of the Signal messenger, which is considered the industry standard for encrypted instant messaging, has already expressed categorical disagreement with the initiative of European officials. Signal President Meredith Whittaker has repeatedly warned that the messenger would rather leave any country that demands weakening the messenger’s security than agree to comply with such demands. It is a “fundamental mathematical reality that encryption either works for everyone or it is broken for everyone,” Ms. Whittaker explained her position. The head of the Danish Ministry of Justice allows for such a scenario and does not see a problem in it. “I am beginning to doubt whether we really cannot live without these technologies and platforms,” said Mr. Hummelgaard.
And in the absence of standard legal mechanisms, the authorities work with the means at their disposal. They successfully eliminate encrypted messaging systems created by criminals and intercept metadata. Supporters of expanding the powers of law enforcement agencies point out that there are ways in which messenger administrations can open access to encrypted messages of criminals without weakening the security of correspondence of law-abiding citizens. But, as technical experts point out, this is a double-edged sword: if there is a backdoor, then sooner or later, hackers, criminals and spies will get to it along with law enforcement agencies.