As UK govt calls for encryption backdoors, EU lawmakers propose a ban on them

As the UK gets hit by terror attacks one after the other, the government’s cry for making sure terrorists and criminals can’t find “safe spaces” online has become a constant.

Some European legislators, on the other hand, are asking for European citizens’ right to end-to-end encryption in all forms of digital communications – current and future – to be enshrined in law.

Respect for private life

The proposal comes from the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs, in the form of a draft proposal for a regulation concerning the respect for private life and the protection of personal data in electronic communications.

“Article 7 of the Charter of Fundamental Rights of the European Union protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. Respect for the privacy of one’s communications is an essential dimension of this right,” the proposal reads.

“The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.”

To that end, “any interference, with electronic communications at rest or in transit, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications, by persons other than the users, shall be prohibited, except when permitted by this Regulation.”

The lawmakers also want to protect service providers against requests such as the implementation of encryption backdoors.

“Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services,” the proposal says.

But, they will be required to “ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.”

Whether this proposed regulation and the amendments to existing ones will ultimately become law is to be seen, as both the European Parliament and the European Council have to sign off on them.

But it’s good to note that both the European Data Protection Supervisor (EDPS) Giovanni Buttarelli and the European Network and Information Security Agency (ENISA) believe that government-mandated encryption backdoors are a bad idea and would be pointless.

UK government’s call for encryption backdoors

The UK government’s call for encryption backdoors, as that of US officials before it, made digital rights and freedom activists, as well as information security professionals and academics, repeatedly present their arguments against such requirements.

“Theresa May’s response is predictable but disappointing,” noted Dr. Paul Bernal, a lecturer in Information Technology, Intellectual Property and Media Law at the University of East Anglia, UK. “If you stop ‘safe places’ for terrorists, you stop safe places for everyone, and we rely on those safe places for a great deal of our lives.”

Dr Steven Murdoch, a cyber-security researcher in the department of computer science at University College London, says that the suggestions being considered by the UK government would be worse for computer security, because so much of people’s lives are now carried out online.

He also pointed out that most of the latest attacks were perpetrated by attackers that were already known to UK security services, and that they weren’t stopped because “there were either insufficient resources or the resources were not sufficiently prioritised.” In any case, it was not because information was lacking.

Finally, terrorists and criminals can simply shift to using alternative encryption methods.