World Encryption Day: Lawmakers warn against EU attack on secure encryption and confidential digital correspondence

In the run-up to tomorrow’s Global Encryption Day, Members of the European Parliament from almost all political groups have sent a cross-party letter to the European Commission. The draft legislation to be presented on December 1 (dubbed „messaging and chat control“) threatens secure encryption and IT security in general, they warn.

Similar to Apple’s highly controversial “SpyPhone” plans, the EU Commission plans to “protect children” by requiring providers of digital communication services to bulk intercept, monitor and scan the content of all citizens’ communications – even where they are so far securely end-to-end encrypted. “The safety of individuals (e.g. witnesses, officials) depends on secure encryption protecting their confidential communications,” appeal the MEPs to the responsible EU Commissioners Margrethe Vestager, Margaritis Schinas, Věra Jourová, Thierry Breton, Didier Reynders and Ylva Johansson. “Backdoors can and will be abused by criminals, foreign intelligence services and forces that seek to destabilise our society.” The mass surveillance of private correspondence “would cause widespread uncertainty, distrust and unrest among citizens and businesses for years before most likely being annulled by the CJEU in light of its case-law.”

The lawmakers cite an analysis by the services of the German Bundestag, which states that “The permanent latent risk that a crime (even of a serious nature) may be committed should not suffice to justify continuous and comprehensive automated analysis.” The project would also have serious implications on the fundamental rights of citizens, digital technology and infrastructure, and the economy. In an expert opinion published in March a former ECJ judge had already pointed out that the warrantless interception of private communications violates the case law of the European Court of Justice. The MEPs also cite the results of the public consultation by the EU Commission, according to which 80% of participants oppose the blanket monitoring of encrypted messages.

Member of the European Parliament and civil liberties activist Patrick Breyer (Pirate Party) comments:

The unprecedented plan to indiscriminately search all of our private communications using error-prone denunciation machines is doomed and stands no chance in court. Random searches are the wrong approach to protecting children and even endangers them by exposing their intimate self-taken photos and criminalising them in many cases.

With its plans to break secure encryption, the EU Commission is putting the general security of our private communications and public networks, business secrets and state secrets at risk for short-term surveillance reasons. Opening the doors to foreign intelligence services and hackers is irresponsible.

Background:

Apple’s plans, announced in August, to search personal photos for suspicious content prompted a public outcry. More than 90 organizations called on the company to scrap the plans. Apple eventually put its plans on hold.

MEPs warn that the Commission’s plans would trigger a similar storm of protest. Providers would need to implement a backdoor in their software (“client-side scanning”) to enable such monitoring. Implementing a routine for automatically reporting suspected communications content in case of a match would break safe end-to-end encryption altogether and eliminate the security and trust that comes with it. Individuals, businesses and government rely on end-to-end encryption to safeguard their personal, commercial and state secrets. Recently, leading international IT security experts warned against the EU’s plans: “The proposal to preemptively scan all user devices for targeted content is far more insidious than earlier proposals for key escrow and exceptional access. Instead of having targeted capabilities such as to wiretap communications with a warrant and to perform forensics on seized devices, the agencies’ direction of travel is the bulk scanning of everyone’s private data, all the time, without warrant or suspicion.”

More information on chat control: www.chatcontrol.eu