Now Europe is Looking to Undermine Encryption

The European Commission is planning to force technology vendors to undermine end-to-end encryption in products and services to satisfy growing demands from national politicians and headline writers.

EU justice commissioner Vera Jourová said this week that she would give providers “three or four options”, ranging from voluntary measures to legislation.

The outcome will be the same: forcing tech firms to provide a means for law enforcers to access encrypted communications for specific investigations.

However, an issue that surrounds this is whether its possible for a backdoored service to stay secure – and more importantly whether or not the information will find its way into the wrong hands eventually, exposing innocent users and businesses.

“At the moment, prosecutors, judges, also police and law enforcement authorities, are dependent on whether or not providers will voluntarily provide the access and the evidence,” Jourová said, according to Euractiv. “This is not the way we can facilitate and ensure the security of Europeans, being dependent on some voluntary action.”

The decision appears to have been forced by pressure from the likes of the UK, Germany and France. UK home secretary Amber Rudd even went on TV on Sunday arguing the case, despite already having been granted such powers as part of the Snoopers’ Charter.

Attitudes in Europe certainly seem to have hardened, given the reluctance of politicians in France, the Netherlands and elsewhere to force encryption backdoors in the past.

F-Secure security advisor, Andy Patel, claimed encrypted communications have an important role to play in shielding citizens from mass surveillance and protecting activists and journalists from state intrusion.

“If end-to-end encryption were to be banned in one app, people would simply move to another one. Even if it were possible to eradicate all privacy-enabling services, ‘terrorism’ would still exist,” he added.

“Agencies tend to collect too much data and have trouble finding signals amongst all the noise. Even in recent cases, terrorist attacks that could have been tracked and stopped with available data were still missed by authorities. Removing end-to-end encryption would not help solve the noise problem – in fact, it might even make it worse.”

Facebook, Microsoft, Twitter and Google met the home secretary this week to discuss a plan of action to combat terrorism online in the shorter term.

They agreed to “encourage the further development of technical tools to identify and remove terrorist propaganda”, to support information sharing inside the industry and back the efforts of civil society.

However, any mention of encryption was conspicuous by its absence.

“Given that the root causes of ‘terrorism’ are not being addressed (via changes in foreign policy), one has to wonder whether the motives behind banning the use of end-to-end encryption serve a more dystopian agenda,” argued F-Secure’s Patel.

What’s Hot on Infosecurity Magazine?