Internet privacy has been a huge debate this week. In the US, congress basically killed people’s right to online privacy and UK’s Home Secretary Amber Rudd spoke about the necessity for governments to be able to monitor terrorist communications through apps like WhatsApp after the Westminster attack.
These stories dominated the news, which might explain why the European Commission’s announcement about new rules for encrypted communication might have fallen through the cracks.
EU Justice Commissioner Věra Jourová said she will propose three or four options this June to make it easier for law enforcement agencies to access securely encrypted messages.
The details of the proposal are not known, but some of the measures will be provisional non-legislative actions for a quick solution. Legislation will also probably be a part of the proposal, but that will take a few years to pass.
These measures will be proposed after great pressure from interior ministers of EU member countries. There have been calls for EU-wide rules on encryption, mainly to enable governments to circumvent it.
Backdoor, or not a backdoor, that is the question
Jourová says that the current system isn’t reliable as the security of Europeans depends on voluntary actions of tech companies. EU’s concern is certainly understandable, but the question is whether it’s possible to force companies to give up encrypted information without creating exploitable backdoors.
Germany’s Interior Minister, Thomas de Maizière has been one of the advocates for EU-wide rules on encrypted communication. According to Euractiv, De Maizières said that he was against creating backdoors to encryption or built-in access for police as that would weaken security.
His main wish is to base tech legislation on how the tech is used. For example, internet call services like Skype would fall under the same laws as phone calls.
This seems like an innocent enough demand but it’s unlikely that companies will be able to hand over encrypted information without creating backdoors. Companies don’t have any reason not to comply with police requests, if it wouldn’t lead to possible security breaches.
Basically, it seems that proposed measures will involve backdoors to encryption, given that the announced effect will stay the same.
What’s so bad about a little backdoor access?
Ever since the FBI’s crazy expensive attempt to crack the San Bernardino shooter’s phone last year, it’s been hotly debated how far governments should go to combat terrorism. Many have argued that if a backdoor is created, it will be only a matter of time before it falls in the wrong hands.
We at TNW already pointed out the many drawbacks of weakening encryption earlier this week, regarding the UK’s Home Secretary remarks on WhatsApp. Frankly, companies like WhatsApp should leave the UK before compromising their encryption.
Preventing backdoors is not only to protect our personal information, but also to ensure the security of online transactions and that people you’re talking to are actually who they say they are.
It’s absolutely certain that the Commissions proposals in June will not be the last time governments will dabble in encryption backdoors. Politicians feel the need to combat terror, but a better conversation between government and tech is needed to achieve real and lasting results.