A leaked draft resolution from the Council of the European Union highlights that the government is planning to crack down on the end-to-end (e2e) encryption used by messaging apps such as Signal and WhatsApp.
What the EU is calling for is a “balance” between regular encryption use and lawful access to encrypted data. The EU seeks to work with tech companies and academics to find out a way to lawfully access encrypted data aka have an encryption backdoor:
“Protecting the privacy and security of communications through encryption and at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes in fighting serious and/or organized crimes and terrorism, including in the digital world, are extremely important.”
EU seeks to secure lawful access to end-to-end encrypted data
The document waxes philosophical about the importance of encryption for governments and civilians alike; however, the EU has now shown that it plans to “leverage its tools and regulatory powers to help shape global rules and standards” with a specific goal that can technically only mean one thing:
“to ensure access to data for judicial and law enforcement processes.”
Even though the EU is taking steps to word their demands carefully, what they’re asking for is still an encryption backdoor. To be clear, when properly end-to-end encrypted data is concerned, there’s no way to “ensure access to data” for any processes without the use of an encryption backdoor. Politicians with insufficient understanding of encryption are continually being hoodwinked by the calling cards of “protect the children” and “stop the terrorists” to launch attacks on end-to-end encryption that at the end of the day will neither protect the children nor stop the terrorists.
An encryption backdoor by any other name is still a backdoor
Lawmakers around the world seem to be getting wise to the idea that the average citizen knows that backdoors aren’t secure or a good idea. That’s why the word “backdoor” no longer appears in these government documents. Instead, they are choosing other weasel words that technically describe backdoors – like lawful access, exceptional access, and proactive detection – but might slip by less scrupulous eyes. The European Union has been planning this attack on end-to-end encryption for years now, and the current draft of the resolution document will be officially considered on November 19th, 2020.
In the United States, The EARN-IT Act and the Lawful Access to Encrypted Data Act are also institutional attacks on e2e encryption, and common sense. Encryption only works if it is implemented correctly and securely – if lawful or exceptional access is built in, it is no longer secure. In a world where governments try to legislate against the laws of mathematics, only regular users of weakened encrypted services lose out. The criminals that are supposed to be stymied by these repressive anti-privacy laws will still have access to and use proper encryption. Any attempt from any government to regulate end-to-end encryption, no matter how pure the justifications are, is a power grab that comes at the cost of our inalienable human right to privacy.