Lawmakers in the European Union may push for access to end-to-end encrypted chats in popular apps such as Signal and WhatsApp, according to a draft proposal circulated by the German government—currently president of the EU—over the weekend.
Austrian public broadcaster FM4 was first to report the news, and the Associated Press today obtained a full copy of the confidential draft proposal. According to the AP, the proposal aims to find a “better balance” between law enforcement and privacy.
“Competent authorities must be able to access data in a lawful and targeted manner, in full respect of fundamental rights and the data protection regime, while upholding cybersecurity,” it states, per the AP. “Technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity, and proportionality.”
Privacy advocates and defenders of end-to-end encryption decried the news, suggesting that the European Union is using recent terror attacks—including a shooting in Vienna last week that left four dead and 23 injured—as an opportunity to clamp down on individual freedoms.
Don’t you dare do any illegal math. https://t.co/iPUwticjjO
— Sarah Jamie Lewis (@SarahJamieLewis) November 8, 2020
“Anyone who finds an open back door into my house can enter it. The same is true for back doors in software,” said German Left party lawmaker Anke Domscheit-Berg. “The proposed EU regulation is an attack on the integrity of digital infrastructure and therefore very dangerous.”
“Don’t you dare do any illegal math,” tweeted Open Privacy Executive Director Sarah Jamie Lewis, criticizing the draft proposal’s focus on encryption. Electronic Frontier Foundation Director of Cybersecurity Eva Galperin had similar thoughts, tweeting, “Stop. Trying. To. Outlaw. Math.”
Stop. Trying. To. Outlaw. Math. https://t.co/GHLzprpddM
— Eva (@evacide) November 8, 2020
TechCrunch examined the proposed legislation and interviewed experts who suggest that the draft proposal—which can still be amended ahead of its presentation to the Council of the European Union on November 19—does not appear to call for a “master key” or broad back door access to end-to-end encrypted services, and isn’t necessarily a new push either.
“First, there is no talk of back doors. The message sets things clearly with respect to encryption being important for cybersecurity and privacy,” cybersecurity researcher Dr. Lukasz Olejnik told TechCrunch. “As for the topic of this document, it is a long-term process in the exploratory phase now. Problems and ideas are identified. Nothing will happen immediately.”
“It’s not getting even near to banning E2EE,” Olejnik added. “It appears they do not know what to do exactly.”
Use of encrypted chat platforms exploded in 2020. In June, Signal reported a surge in app downloads following civil unrest in Hong Kong, as well as Black Lives Matter protests in the United States. Earlier in the year, in February, the EU itself pushed Signal to its employees “as the recommended application for public instant messaging.”