EU proposes mandatory end-to-end encryption for all citizens

Graphic showing a digital padlock overlaid above information that has been encrypted

A European Parliament committee wants end-to-end encryption to be compulsory for all forms of digital communication, in a bid to improve the safeguards around online privacy for citizens within the EU.

A draft legislation submitted by the Committee on Civil Liberties, Justice and Home Affairs, attempts to harmonise online privacy rules by ensuring the same level of protection regardless of the service used.

The proposal would force all "providers of electronic communications services", such as apps like WhatsApp or mobile network operators, to place end-to-end encryption on all communicated data, to ensure that the "confidentiality and safety of the transmission are guaranteed".

With end-to-end encryption, service providers would not have access to the decryption key needed to "listen" in on the data being shared, with the sender and recipient the only parties able to see the communications.

The proposal seeks to repeal the current ePrivacy Directive launched in 2002 in an effort to "modernise" data protection frameworks alongside the implementation of GDPR next year. This will therefore need to be approved by the European Parliament and the European Council before it can be made law.

However, the committee argues that the older directive does not take into account new means of communications, such as the rise of IoT networks, which present "new challenges and risks concerning the privacy and protection of personal data of individuals".

This directly counters the narrative coming from the UK government over the monitoring of communications, which has said that tech firms should be providing authorities with a means to bypassing end-to-end encryption.

Following the Westminster terrorist attack in March, Home Secretary Amber Rudd described WhatsApp's use of encryption as "completely unacceptable", arguing that it provides "a secret place for terrorists to communicate".

While many mocked her views, some expressed genuine concern that the government was using the recent atrocity as a means to push though a ban on encrypted communications and limit the privacy of UK citizens.

The EU committee argued that universal encryption is an essential step towards the completion of the Digital Single Market, "as it would increase trust and security of digital services" and would "recognise a longstanding and fundamental right of individuals, enshrined in the ECHR and the EU charter".

Its legislation would need to be approved by the European Parliament and then reviewed by the EU Council.

Picture: Bigstock

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.