WhatsApp and Messenger are very popular messaging apps.
Justin Sullivan | Getty Images
The EU appears to be laying the groundwork for a move against data that has been encrypted from end to end after a spate of terrorist attacks in Paris, Vienna and Nice.
In a joint statement released earlier this month, interior ministers of EU member states called on heads of state to “examine the issue of data encryption so that digital evidence can be lawfully collected and used by the relevant authorities”.
The explanation comes after several internal EU documents on encryption were leaked. One, originally published by Politico, formulated measures against end-to-end encryption as a means of combating child abuse and suggested that “the fight against this type of illegal content has been the least controversial”.
End-to-end encryption is a security tool used by some apps and services – including WhatsApp, Signal, and Facebook Messenger – to provide a higher level of privacy.
Messages sent using this tool are encrypted before they leave the sender’s phone or computer. At both ends of an exchange, a key is unique to the devices. Even if intercepted by a hacker or government agency while in transit, the messages are illegible because the only devices that can decrypt them are those of the sender and the intended recipient.
This secrecy poses a problem for state actors trying to oversee criminal communications: the ability to intercept illegal messages is only useful if you can actually read them.
EU lawmakers have long sought a fairer balance between data protection and the ability of law enforcement agencies to do their jobs, an EU spokesman told CNBC.
Member States have on several occasions called for “solutions that enable law enforcement and other competent authorities to have legitimate access to digital evidence without prohibiting or weakening encryption”.
As outlined in the July Security Union Strategy, the bloc advocates an approach that “both maintains the effectiveness of encryption in protecting privacy and the security of communications, and provides an effective response to serious crime and terrorism”.
EU Counter Terrorism Coordinator Gilles de Kerchove has tried to do this by avoiding a “back door” approach in favor of what he sees as “doorstep” partners, where a third party is more likely to be with rather than without Consent works by the encryption provider.
Ray Walsh, privacy education researcher and ProPrivacy review site, says this approach is impossible. “Regardless of whether you call a purpose-built secondary access point a ‘front door’ or a ‘back door’, it tends to eliminate data ownership and access control, which inevitably leads to a fundamental security flaw,” he told CNBC.
“Ministers want to have their cake and eat it, and they don’t seem to understand or recognize that it is impossible and that it would lead to a vulnerable intent,” he added.
“If this kind of legislation came into existence, it would be extremely harmful to the general public.”
Alex Clarkson, lecturer in German, European and international studies at King’s College London, points out that measures like the ones being discussed “have been an integral part of the agenda for governments for some time”.
Both he and Walsh emphasize that at this stage they will remain just discussions.
Clarkson characterizes the proposals simply as “what bureaucracies do”, part of a political “wish list” made up of a number of options. “Some parts of these systems will have an impulse to do these things and another part of the system will test against it and counterbalance it,” he said.
“That doesn’t necessarily mean they choose those options.”
Even so, Walsh is concerned that the “back door” approach is up for debate. “This can create national security and privacy issues without reducing the likelihood that criminals will find covert communication routes, either through the dark internet or through other encrypted means.”
“To be able to communicate freely and privately is a basic human right in any free and open society,” he says. “If citizens are no longer able to exchange information unnoticed, it will lead to increased self-censorship and the inability of people to exercise their freedom of expression.”