The European Parliament is considering a draft proposal that would effectively prohibit the introduction of backdoors in encryption systems and other kinds of interference with confidential information.
The proposal, introduced before the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, comes at a time when legislators in a number of countries are discussing the idea of encryption backdoors. The topic has been in heavy rotation in the U.K. for several months, and even more so in the last few weeks after the most recent string of terrorist attacks there. In a statement earlier this month, U.K. Prime Minister Theresa May called for greater online regulation, which many observers took to mean backdoors in crypto systems.
“We need to work with allied, democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremism and terrorist planning. And we need to do everything we can at home to reduce the risks of extremism online,” May said.
Legislators in the United States, along with law enforcement officials, also have called for some sort of access to encrypted communications and stored data, whether it’s through key escrow or some other similar scheme. But, members of the European Parliament are going in the opposite direction by considering the proposed regulation that would codify the privacy of users’ data.
“When encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.”
“The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data,” the draft proposal says.
“Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”
That last sentence is diametrically opposed to what some lawmakers in both the European Union and the U.S. have been pushing for, which are intentionally weakened crypto systems that give law enforcement agencies access to encrypted data.The EU proposal also prohibits many types of electronic surveillance, with exceptions for specific legal needs.
“Electronic communications shall be confidential. Any interference, with electronic communications at rest or in transit, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications, by persons other than the users, shall be prohibited, except when permitted by this Regulation,” the draft proposal says.
The use of encrypted communications apps and encrypted connections on the web have grown significantly in recent years, as more options have become available. Hardware-based encryption also has proliferated, thanks to the decisions by both Apple and Google to encrypt the iPhone and Android devices by default.
CC By license image from Tawheed Manzoor