Encryption: the new privacy battle lines are drawn
The fight against serious crime v. the right to privacy
27 April 2017
A recent call threatening an end to full encryption in the EU has come from the interior ministers of France and Germany. At a meeting in Paris on 23 August 2016, Bernard Cazeneuve of France and Thomas de Maizière of Germany urged democracies to "arm" themselves on the issue of encryption, particularly in the context of communications used by terrorists.
The interior ministers pushed for a change in EU law that would impose an obligation on Internet or telecommunication service providers, whether headquartered within the EU or not, to decrypt messages if doing so is required in the context of criminal investigations.
This attack on encryption is part of the wider "crypto wars" that have seen increasing calls from politicians to end (or at least abate) full encryption of communication and data that is becoming ever more commonplace in the tech world. The concern for manufactures of phones and application developers is that calls to build backdoors into the security protocols of their products means making them more open to attack by hackers - they can't just create a key that only the 'good' guys can use.
For example, earlier this year the FBI and the US government took Apple to court to ask them to provide a backdoor into an iPhone seized in the investigation of a terror attack in San Bernardino, California (in the end the FBI got into the phone without Apple's assistance). As a result legislation is now being proposed in California and New York could ban smart phones that are not "decryptable on demand". This would effectively make the full disk encryption being offered by the most popular manufacturers illegal.
In the United Kingdom, the Investigatory Powers Bill (currently being examined in the House of Lords) proposes a legal obligation on communications providers to remove electronic protection if served with a warrant. How this will work in practice is unclear.
This polarity on the issue of encryption arises out of the desire to prevent threats to countries on the one hand (terrorist and human trafficking activities usually take advantage of full end-to-end encryption of communication offered by some messaging apps while at the same time protecting the customers and users of technology on the other.
Recent attacks that have taken place in Europe were found to have made use of fully end-to-end encrypted messaging. Governments argue that this makes intercepting threatening communications very difficult or even impossible, hindering the work of security agencies in protecting the wider population.
e-Privacy Directive – another tug of war
In addition to unsettling tech providers, the speech given by the interior ministers in Paris seems to be at odds with the EU's wider Digital Single Market strategy.
The European Data Protection Supervisor – the EU's data watchdog – stressed the importance of encryption in his official opinion on the revised e-Privacy Directive (the directive that sets out the rules concerning data protection, confidentiality of information and the processing of personal data in the EU). As well as encouraging the use of end-to-end encryption, the opinion states that "Decryption, reserve engineering or monitoring of communications protected by encryption should be prohibited".
This means that battle lines are not only being drawn between governments and tech companies but also between politicians themselves.