Papers leaked and reported by Austria’s German-language press, posted about by John Scott-Railton of University of Toronto’s Citizen Lab suggests that EU’s Council of Ministers is close to formalizing its “war on encryption.”
Namely, the executive body of the EU seems to be nearing a resolution that would result in the banning of end-to-end encryption in apps like WhatsApp (owned by Facebook) and Signal.
Keep in mind, some have been calling for an end to private conversations, just so Big Tech can step in and correct “misinformation” in everyone’s private chats.
The document is dated back to November 6 and looks like a draft for a resolution that the EU would adopt in the near future. And while it declaratively speaks about the EU’s commitment to strong encryption, in reality the draft wants to move away from it to allow police and other law enforcement agencies an easier way to access and control communication taking place online.
End-to-end encryption allows only senders and recipients of messages and other content access to them, leaving out all third parties, including government snoops and the apps itself.
Somehow, the 27-nation bloc seems to be attempting to find the right wording that would present a picture of being capable to what’s irreconcilable: allow citizens all the online protections made possible by end-to-end encryption, but at the same time undermine and break it, allegedly as the only way to deal with criminals using the same tech.
The EU’s attempts to insert itself in this space and undermine encryption is nothing new, going back to at least 2016, with the goal of allowing law enforcement access to all data.
As for ways this may be done, it will of course require cooperation from the tech industry, especially Big Tech, who would have to comply and remove encryption protection from their products.
The draft resolution is expected to be made public on November 18, and according to reports, we shouldn’t have to wait too long for the EU Council to adopt at least some part of it.
Other than undermining people’s right to privacy in the digital sphere, another circle the EU would have to somehow square here is preventing bad cyber actors from using the very weaknesses left by a lack of encryption from achieving their goals – just as law enforcement would achieve theirs.