The European Commission has reiterated its opposition to calls made by member states including the UK to undermine encryption via backdoors, with new proposals designed instead to encourage sharing of decryption expertise across the region.
In an update designed to reassure citizens that the EU executive is taking terrorism seriously, it detailed the following new strategy:
“Support law enforcement and judicial authorities when they encounter encryption in criminal investigations, without weakening encryption at a more general level or affecting a large or indiscriminate number of people: The Commission is today proposing technical support measures, a new toolbox of techniques, and training, and proposes setting up a network of points of expertise.”
Specifically, the initiative will see: more support given to help Europol advance its decryption capability; the creation of a “network of centres of encryption expertise”; extra training for law enforcement; a “toolbox for legal and technical instruments”; an “observatory for legal and technical developments”; and structured dialog with industry and civil society organisations.
It’s an unusual step given that it’s unlikely any police are able to crack the strong encryption present on devices like the iPhone and services including WhatsApp, iMessage and Telegram. It’s even less likely that law enforcers in one country would be prepared to share their encryption-cracking expertise with others.
There’s also no mention here of reports in March that the European Commission was planning to offer comms providers “three or four options” to force them to make available the communications of suspects to police.
One option would be to allow police to hack suspects’ devices directly. Such a plan is apparently being readied by the German government.
This is in stark contrast, of course, to the UK, which has granted its authorities some of the most sweeping surveillance powers in the world. UK police and intelligence services can conduct bulk hacking covering large swathes of the population, even without suspicion of wrongdoing.
Privacy International is currently challenging these “bulk/thematic hacking” powers.
“What we’re doing today is trying to move beyond a sometimes slightly sterile debate of backdoors versus no backdoors, to address some of the concrete practical challenges that law enforcement faces,” EU security commissioner, Julian King claimed in a press conference.
“For example, when they seize a device, how do they get the information and exploit the information that might be encrypted on that device?”