Many EU countries agree to the idea of analyzing encrypted messages, a leaked document has revealed.
Spain’s vision was seen as more dire, with the country’s leaders apparently viewing access to citizens as “necessary” to allow authorities to catch criminals around the world.
End-to-end encryption (E2E) – the foundation on which security software such as VPN services and secure messaging apps are built – is under attack everywhere, literally. In the EU, an organization called Chat Control wants to force service providers to set up facilities for security agencies to analyze encrypted messages. Cryptographers and privacy advocates strongly oppose this.
Social Security: 15 out of 20 EU countries are in favor
“Breaking end-to-end encryption for everyone would not be unlimited, it would not be effective in achieving the goal of protecting children,” Iverna McGowan, executive director of the European branch of the Center for Democracy and Technology told WIRED later. reviewing the leaked document.
Many experts have argued that weakening encryption would make the Internet more dangerous by opening up opportunities for criminals and reducing privacy rights for all.
McGowan also cited the different responses EU leaders gave to a series of questions on the issue. The results, as of April 12, 2023, account for approximately 15 of the 20 countries that were asked to agree to violate certain measures.
Spain was not a big fan of the bill, and argued that EU service providers should be prevented from using E2E in the first place. The same was true of Poland, meaning that parents should have the power to discourage children’s socializing. Among others that support the Chat Control concept are Cyprus, Hungary, Croatia, Slovenia and Romania.
Unsurprisingly, the news was met with outrage by users who voiced their dissatisfaction online. Below is a discussion on Reddit as an example of the many controversial comments circulating on social media.
Comment from r/privacy
On the narrower view, we’ve got Ireland and Denmark. Although it facilitates the analysis of hidden messages in the investigation of child abuse cases, this also requires the law to include wording so that E2E is not weakened. Similarly, the Netherlands has introduced “device-based” mechanisms instead to detect harmful content before it is modified and sent to other users.
This is something that experts continue to say is technically impossible, however. “Politicians still seem to believe they can have a ‘magic key’ to private communications – ignoring the technology,” Tutanota co-founder Arne Möhle told TechRadar, noting that Chat Control is the EU’s worst legislative move to date.
“As experts in cryptography we have to say this again and again: If the EU prevents cybercrime, it will destroy the online security of all 450 million EU citizens.”
Although only a minority, a few EU countries have expressed their concerns about the potential consequences of undermining privacy.
According to Italy, such a law “would represent an arbitrary control over all encrypted messages sent through the Internet.” The Italian experts have also shown its inadequacy due to the fact that it has to deal with a lot of things that can also produce a lot of false positives.
Also, Estonia said it is not helping to develop “back-to-back solutions.” Finland and Germany have also rejected the possibility of disrupting encryption in any way, urging EU lawmakers to review the bill properly before it passes the next stage.
Another leak from the EU’s internal legal consultancy has already shown lawyers raising serious doubts about the legality of the proposed Chat Control, the Guardian reported.
The global war against encryption
As we have already said, the European Union is not the only one that is ready to provide encrypted messages in the name of a safe internet.
In the UK, the Cyber Security Bill is going through parliament. Many have been vocal in their displeasure so far, with popular messaging apps such as WhatsApp and Signal threatening to quit the UK if the bill becomes law.
The EARN IT Act is an attempt to regulate this in the US, a country already notorious for failing to protect people’s privacy online. “The idea that millions of people will pretend to be child abusers is terrifying,” the Electronic Frontier Foundation (EFF) said in urging people to oppose the law.
The tension between online security and user privacy is widespread in the world’s largest democracy. Earlier this month, India banned 14 secret apps it said were being used by terrorists across the country.
Director of Policy and Compliance at Element – one of the banned services – Denise Almeida told TechRadar: “The fact that this kind of ban is possible even in one of the world’s largest democracies is very concerning and sets a dangerous precedent.”