Last week, the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal that would require the use of end-to-end encryption. It would also strike legal attempts to force backdoors in encryption software or weaken the security of services given by communications providers.
Service providers who offer electronic communications services should process electronic communications data in such a way as to prevent unauthorised access, disclosure or alteration, ensure that such unauthorised access, disclosure or alteration is capable of being ascertained, and also ensure that such electronic communications data are protected by using specific types of software and encryption technologies.
The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
Many of the proposals, but expressly the above two, run counter to certain governments’ recent actions that would cripple encryption and other security measures for all in the name of fighting terrorism and other crimes.
It is a welcome breath of sanity for a world that increasingly appears to be regressing back to an imagined time of stability.
Does This Mean the Bad Guys Are Protected?
Of course, there will be those that, in typical knee-jerk fashion, will cry that we’re giving the bad guys an upper hand. Nothing could be further from the truth.
Laws protecting privacy always make an exception for illegal activities, and the EU provides exceptions for those who seek to abuse the system. For example, while Amendment 116 would make it impossible to decrypt any text messages that are stored in a smartphone (the smartphone itself is not protected, it seems, since the law specifically mentions “electronic communications data” – that is, information that is exchanged between two or more people), an exception would kick in if the messages were part of an investigation.
What the new amendments will do is further cement the protections long afforded to law abiding citizens, and prevent those who would slowly decimate the same under one pretext or another.
Read the Fine Print, Though
Some media outlets covering the amendment mention that this means the EU is recommending (some even go as far as saying banning) backdoors. This claim needs a little clarification, it seems, since it seems overly broad.
In each instance of the amendments that were referenced, the term “electronic communications data” and “electronic communications provider” is included. Thus, it would appear that while backdoors are being given a red light, it is limited to encryption for data-in-motion. There is nothing here to suggest that the same is being extended to data-at-rest encryption, the type of cryptography that is generally used for securing all the contents of a laptop, for example.
Related Articles and Sites: