A proposal to require the use of end-to-end encryption on all electronic communication was called for in a new draft report by the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs. End-to-end encryption protects messages so that only the users sending and receiving the communications can access the content of the communications, leaving service providers and others unable to access the cryptographic keys needed to decrypt the communications. The proposed regulation is intended to protect privacy rights and the confidentiality of communications. However, it is not just privacy rights that the committee aims to protect with the proposed regulation, the draft report states that the proposed regulation would also protect other fundamental human rights and freedoms, such as freedom of thought, conscience, and religion, and freedom of expression. These rights are enshrined in the Charter of Fundamental Rights of the European Union, and the proposal seeks to amend Article 7 to specifically include digital privacy. Electronic communications service providers would be required to ensure against unauthorized access or alteration of communications.
The proposed rule would prohibit the interception of communications data while it is being transmitted. It would prohibit the use of IMSI catchers, also known as Stingrays, which intercept cellular phone and internet data. EU member states would be prohibited from using backdoors. “Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services,” the committee’s proposal states. The committee also proposed that metadata such as phone numbers and URLs, in addition to actual content, also be protected. The updated Regulation on Privacy and Electronic Communications would specifically protect current and future forms of communications, including e-mail, instant messages, VOIP calls, and private messages on social media sites.
Last year the European Union adopted a data protection rule to help protect people’s privacy. The committee’s proposal would expand protections of personal data, building on the protections contained in the General Data Protection Regulation. The United Kingdom, which last year voted to begin the process of leaving the European Union with the “Brexit” referendum, is pushing for exactly the opposite of what the European Parliament’s Committee proposed. The British Investigatory Powers Act, also known as the Snoopers Charter, allows the government to require tech companies to disable end-to-end encryption. Meanwhile the UK Conservative Party’s new election manifesto is calling for even more government control of the internet.
“This latest move to ban backdoors in encryption appears to be a calculated slap in the face for Theresa May and her plans for an Orwellian future,” cybersecurity expert Douglas Crawford told CNET. It is not known if the proposed changes would have an effect on the United Kingdom’s new policies to restrict encryption and allow the use of backdoors, as the Brexit process may be completed by then, and the EU law may no longer apply in the UK. The EU is taking a different approach than the UK and the United States to responding to terrorism, and is opting to continue to defend privacy rights, instead of surrendering them in the belief that doing so would be able to provide greater security. The UK and the US have decided to erode privacy protections and embrace mass surveillance of communications.
End-to-end encryption is already implemented by many internet services, such as Signal, WhatsApp, and Telegram, which use end-to-end encryption for all messages. Facebook and Google have also implemented end-to-end encryption for certain communications. The current Regulation on Privacy and Electronic Communications (ePrivacy) was enacted in 2002. The proposal to amend the ePrivacy Directive began late last year. Before the committee’s proposal to amend ePrivacy can be enacted, it must first pass out of the committee and then pass by the European Parliament and the Council of Ministers. The committee’s proposal could become law in the European Union by May of 2018.