EU Commission mulls police access to encrypted apps
-
EU Commission wants a regulation on encyrption (Photo: Yuri Samoilov)
The European Commission may introduce new EU-rules on end-to-end encryption, possibly allowing police to crack into platforms like WhatsApp or Signal.
"In my view, we need EU regulation in this area but this is why we need to find a right balance before we come with any proposals on that," Ylva Johansson, the EU home affairs commissioner, told reporters on Wednesday (8 December).
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
When pressed, Johansson would not dismiss ideas of allowing police access. She added any discussion on the issue needs to be held "in full transparency."
Her views were echoed by European Commission vice-president Margaritis Schinas.
"I do not see as incompatible the quest for security and our interest to catch the bad guys," he said, noting a balance needs to be struck to ensure rights are respected.
Striking that balance has put civil society on edge.
Inserting backdoors into such platforms, critics say, could make the lives of human right defenders and journalists in authoritarian states much more precarious.
Others say law enforcement can also gain access, by instead demanding courts to release information stored on both servers and end devices.
"Any effort to mandate security flaws in technical systems will empower criminals and malicious state actors," warned NGOs Access Now and the European Digital Rights, in a joint statement.
But EU member states are piling on the pressure anyway.
The council, representing member states, introduced a draft resolution on encryption last month.
It defended the need for strong encryption but also stated that law enforcement "must be able to access data in a lawful and targeted manner."
That has put the commission in a wait-and-see mode.
"Let's wait first for the resolution to be voted and then we will see what is there," said Schinas.
Grim increase in online child sex-abuse
The whole comes amid wider debate on allowing social media platforms like Facebook and Google to track down and remove child sexual abuse content.
New EU wide rules under the so-called ePrivacy Directive, scheduled to take affect on 20 December, will make that task more difficult.
The European Commission has since introduced temporary derogations, currently being debated among the co-legislators, that would allow them to continue tracking and removing the content.
Reports of online child sexual abuse in the EU have increased from 23,000 in 2010 to more than 725,000 in 2019, says the commission.
"If we do not take measures with new temporary legislation, they cannot continue to detect this material, report it and take it down," said Johansson, adding a "more permanent solution" is needed.
Privacy issues are complicating the efforts.
The European Data Protection Supervisor weighed in on the issue last month, noting "confidentiality of communications is a cornerstone of the fundamental rights to respect for private and family life."
They said even voluntary measures by private companies constitute an interference with these rights and warned against the adoption of the commission's derogations on the rules.
Meanwhile, an EU directive introduced in 2011 on combating child abuse, has been fully implemented into national by only two EU states.