Jakubowska, who reviewed the document, says several countries seem to say they would give police access to people’s encrypted messages and communications. The comments from Cyprus, for example, say that it is “necessary” for law enforcement authorities to have the ability to access encrypted communications to investigate online sexual abuse crimes and that the “impact of this regulation is significant because it will set a precedent for other sectors in the future.” Similarly, officials in Hungary say “new methods of data access and interception are needed” to help law enforcement.
“Cyprus, Hungary and Spain very clearly see this law as their opportunity to get into encryption to undermine encrypted communications, and that to me is huge,” says Jakubowska. “They are seeing that this law goes much further than what DG Home claims is there.”
Belgian officials said in the document that they believe in the motto “security through encryption and despite encryption.” When contacted by WIRED, a spokesperson for the Belgian Ministry of Foreign Affairs initially shared a statement from the country’s federal police saying that its position has evolved since it submitted comments for the document and that Belgium is taking a position, along with others.” like-minded states, “who want encryption to be weakened.” However, half an hour later, the spokesperson tried to retract the statement, saying the country refused to comment.
Security experts have long said that any potential backdoor into encrypted communications or ways to crack services would undermine the overall security of encryption. If law enforcement officials have a way to decrypt messages, criminal hackers or those working on behalf of governments could exploit the same capabilities.
Despite the possible attack on encryption by some countries, many nations also appeared to strongly support end-to-end encryption and the protections it provides. Italy described the proposal for a new system as disproportionate. “It would represent widespread control over all encrypted correspondence sent over the web,” the country’s representatives said. Estonia warned that if the EU mandates scanning of end-to-end encrypted messages, companies are likely to redesign their systems so they can decrypt data or shut down in the EU. Triin Oppi, spokesman for the Estonian Ministry of Foreign Affairs, says the country’s position has not changed.
Finland urged the EU Commission to provide more information on technologies that can combat child sexual abuse without jeopardizing online safety, warning that the proposal could conflict with the Finnish constitution.
Representatives for Germany, a country that has strongly opposed the proposal, said the bill must explicitly state that technologies that disrupt, circumvent or modify encryption will not be used. “This means that the draft text must be reviewed before Germany can accept it,” the country said. Member states must agree on the text of the bill before negotiations can move forward.
“Responses from countries such as Finland, Estonia, and Germany demonstrate a fuller understanding of what is at stake in discussions about CSA regulation,” says Stanford’s Pfefferkorn. “The regulation will not only affect criminal investigations for a specific set of crimes; affects the data security of governments, national security and the privacy and data protection rights of their citizens, as well as innovation and economic development.
Disclaimer: All the content or information on this article is given for only educational purposes.