The European Court of Human Rights yesterday banned a general weakening
of secure end-to-end encryption. The judgement argues that encryption
helps citizens and companies to protect themselves against hacking,
theft of identity and personal data, fraud and the unauthorised
disclosure of confidential information. Backdoors could also be
exploited by criminal networks and would seriously jeopardise the
security of all users’ electronic communications. There are other
solutions for monitoring encrypted communications without generally
weakening the protection of all users, the Court held.[1] The judgement
cites using vulnerabilities in the target’s software or sending an
implant to targeted devices as examples.
Member of the European Parliament and digital freedom fighter Patrick
Breyer (Pirate Party) comments:
“With this outstanding landmark judgement, the ‘client-side scanning’
surveillance on all smartphones proposed by the EU Commission in its
chat control bill is clearly illegal. It would destroy the protection of
everyone instead of investigating suspects. EU governments will now have
no choice but to remove the destruction of secure encryption from their
position on this proposal – as well as the indiscriminate surveillance
of private communications of the entire population!
Secure encryption saves lives. Without encryption, we can never be sure
whether our messages or photos are being disclosed to people we don’t
know and can’t trust. So-called ‘client-side scanning’ would either make
our communications fundamentally insecure, or European citizens would no
longer be able to use Whatsapp or Signal at all, because the providers
have already contemplated that they would discontinue their services in
Europe. It is a scandal that the EU Council’s latest draft position
still envisages the destruction of secure encryption. We Pirates will
now fight even harder for our digital privacy of correspondence!”
Background: The EU Commission and an industrial network of surveillance
authorities are calling for generally searching private communications
using error-prone technology, including on end-to-end encrypted
messengers, for indications of illegal content. This could only be
implemented by undermining secure end-to-end encryption. The majority of
EU governments support the initiative, but a blocking minority is
preventing a decision. The EU interior ministers want to discuss the
bill again at the beginning of March. Under massive pressure from
Pirates and civil society, the EU Parliament has rejected the
destruction of secure encryption and indiscriminate chat control.
However, this is only the starting position for possible negotiations
with the EU Council, once it agrees on a position. Meta has announced
that it will start encrypting direct messages via Facebook and Instagram
in the course of this year and discontinue its current voluntary chat
control surveillance on these messages. Nevertheless, the EU is in the
process of extending the authorisation for voluntary chat control.
Breyer’s information page on chat control: chatcontrol.eu
[1] https://hudoc.echr.coe.int/eng/?i=001-230854 (para. 76 ff.)