IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

EU inches closer to ban on end-to-end encryption

Leaked document suggests EU wants "balance" between robust security and ease of access for law enforcement

The Council of the European Union appears to have a near-completed resolution that would propose a ban on the use of end-to-end encryption on off-the-shelf apps such as WhatsApp and Signal, according to a leaked document.

The memo, dated 6 November and addressed to representatives from EU member states, reveals that strong encryption remains a priority for lawmakers but that the availability of end-to-end encryption has made it overly difficult for law enforcement to conduct investigations.

It adds that a coordinated approach between lawmakers, companies, and academia is required to come up with an alternative that serves all parties – effectively banning the use of any security that fully encrypts data at every stage of its transmission.

The document appears to be a draft resolution from a meeting held on 3 November between members of the Justice and Home Affairs Council, titled ‘Security through encryption and security despite encryption’. Resolutions of this kind are not legally binding, but it may be used in the future to inform new legislation.

Its existence doesn’t come as a complete surprise given that earlier document using the same title, leaked in September and circulated by Statewatch, made it clear that the topic had been discussed in numerous council meetings since 2016.

In the November document, the EU makes it clear that it stands firmly behind the notion of ‘strong encryption’ as a means of protecting the data and rights of individuals, but that end-to-end encryption makes it too easy for criminals to evade justice.

Concerns have also been raised about the increasing number of consumer applications that are using this technology by default, including Facebook, WhatsApp, Singal.

“Encryption is an anchor of confidence in digitalisation and in protection of fundamental rights and should be promoted and developed,” the document states, however, there are “instances where encryption renders analysis of the content of communications in the framework of access to electronic evidence extremely challenging or practically impossible despite the fact that the access to such data would be lawful.”

“Independently of the technological environment of the day, it is therefore essential to preserve the powers of competent authorities in the area of security and criminal justice through lawful access to carry out their tasks, as prescribed and authorised by law.”

It’s argued that, moving forward, the EU hopes to “establish an active discussion” with the tech industry in order to create a “balance” between maintaining the principles of strong encryption and allowing authorities to access data in a lawful manner.

The proposals in the document, alongside any revisions, are expected to be presented for endorsement on 19 November, with further representations on 25 November and adoption by the Council shortly thereafter.

Digital privacy groups have consistently argued that it’s impossible to create a secure corridor that law enforcement agencies can use to access encrypted data without that corridor being inevitably exploited by cyber criminals.

The idea of scrapping end-to-end encryption has long been on the agenda for the EU, although the stance appears to have hardened in recent years. As recently as 2017 the EU was in fact considering forcing all communication providers to use end-to-end encryption, despite the UK at the time showing strong opposition to the technology.

“A European Union move to ban encryption from messaging platforms like WhatsApp and Signal would be a massive threat to data privacy as we know it. It is a disappointing change in approach from the EU which has previously been pro-privacy for European citizens,” said Ray Walsh, digital privacy expert at ProPrivacy.

“Security experts understand that the EU government’s contention that ‘strong encryption technology’ can coexist with purposefully designed backdoors is contrary to the principles of robust cryptography.”

He added that “not only is breaking encryption is a threat to national security, but the ability to communicate privately is a vital part of any free society”.

In October, the Five Eyes intelligence alliance of the US, UK, Australia, New Zealand, and Canada urged technology manufacturers of all stripes to include security backdoors by design in all products.

“While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online,” the alliance said at the time.

The US is also mulling the idea of introducing the EARN IT Act, bi-partisan legislation that some claim has the potential to undermine end-to-end encryption by giving powers to the Attorney General to dictate how internet companies handle encryption across their services.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

2022 IBM's Security X-Force cloud threat landscape report
Whitepaper

2022 IBM's Security X-Force cloud threat landscape report

22 Nov 2022
2022 Magic quadrant for Security Information and Event Management (SIEM)
Whitepaper

2022 Magic quadrant for Security Information and Event Management (SIEM)

22 Nov 2022
Seven realities facing SMBs as they enter a future of increased cyber threats
Whitepaper

Seven realities facing SMBs as they enter a future of increased cyber threats

21 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022