Is Europe about to weaken encryption?

February 24, 2017

The French and German Interior Ministers called this week for EU legislation which could undermine the use of encryption in communication in Europe.  Worse still, a European Commission spokesperson appeared to endorse this proposal by stating that “encryption technology should not prevent law enforcement agencies or other competent authorities from intervening in the lawful exercise of their functions.”  This would mark a u-turn from the EU executive’s previous strong opposition to encryption backdoors.  The EU’s own agency for network and information security recently warned against backdoors in cryptography as it puts users at risk.

Last year the French government ruled out any “questioning of the principle of encryption” which “makes it possible to secure communications, including States’. For example, it allows day-to-day protection of financial transactions.”

The new French-German joint letter however calls for EU legislation in October 2017, after the general elections in France and Germany.  This legislation should put “new obligations on electronic communication providers” to better take into account the “widespread encryption of electronic communications” in the context of the “fight against terrorism.”

It remains unclear exactly how online service providers should provide law enforcement authorities with access to end-to-end encrypted user data.  Any backdoors to encrypted data would pose serious risks to the overall security and confidentiality of Europeans’ communications, which seems inconsistent with existing legal protections for personal data.  Weakened security ultimately leaves online systems more vulnerable to all types of attacks from terrorists to hackers.  This should be a time to increase security—not weaken it.

The Computer & Communications Industry Association last year joined an open letter with experts, companies, and organizations in more than 35 countries that asks world leaders to support strong encryption and to reject any law, policy, or mandate that would undermine digital security.

Related Articles