The EU Rolls the Dice and Sides with No Decryption, No Reverse Engineering of Communications, Period
The European Parliament's Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal for a new Regulation on Privacy and Electronic Communications. The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens' fundamental privacy rights. The committee also noted that decryption shall be prohibited. This is contrary to what the UK is considering to enforce.
The Conclusion of the EU Report
The rapporteur supports the objective of this proposal of establishing a modern comprehensive and technologically neutral framework for electronic communications in the Union, which ensures a high level of protection of individuals with regard to their fundamental rights of private life and data protection. Yet she considers that some aspects must be strengthened in order to guarantee a high level of protection as afforded by Regulation (EU) 2016/679, the Charter of Fundamental Rights and the European Court of Human Rights (ECHR). The achievement of a Digital Single Market builds on a reliable legal framework for electronic communications that will increase trust of individuals on digital economy and will also allow businesses to pursue their activities in full respect of fundamental rights.
In the preparation of this report, your rapporteur has conducted extensive and thorough discussions with the following stakeholders representing various interests.
The rapporteur expects her proposals to form a good basis for swift agreement in the European Parliament and negotiations with the Council in order to ensure that the legal framework is in place by 25 May 2018.
Specific Amendments Mentioning Encryption
Two specific EU Parliament amendments touch on encryption as follows:
Amendment #36: "Service providers who offer electronic communications services should process electronic communications data in such a way as to prevent unauthorized access, disclosure or alteration, ensure that such unauthorized access, disclosure or alteration is capable of being ascertained, and also ensure that such electronic communications data are protected by using specific types of software and encryption technologies."
Amendment #116: "The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.
Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services."
The proposals, from the members on the European Parliament's Civil Liberties, Justice and Home Affairs Committee, have been tabled as amendments to draft EU privacy legislation.
The phrase that many online reports have used such as "the committee also recommended a ban on backdoors," is nowhere to be found in the document but is inferred by claiming there shall be no decryption allowed as highlighted above.
The UK's Position Materially Differs
Technology companies defend encryption on the grounds that it helps guarantee privacy and security, and warn that "backdoors" applied by governments could be exploited by criminals and rogue states to spy on citizens.
Yet UK MPs have said the technology gives terrorists a safe place to plot attacks without the threat of police scuppering their plans.
While the EU's report supports end-to-end encryption, the UK is taking a different stance at the moment and more so because of the recent terrorist attacks including the attack outside the Ariana Grande concert. It was reported in May that one of the attacks was set-off by a communication delivered on Whatsapp as noted in the video above.
On June 6, Patently Apple posted a report titled "Apple's CEO admits to Assisting the UK Government with Recent Terrorist Investigations." Just how Apple was able to assist the government is confidential.
This particular debate over encryption/decryption is bound to continue for some time, at least in both the U.K. and U.S. On May 03 Patently Apple posted a report titled "FBI Director backs new Senator Feinstein Push for Decryption Bill."
The U.S. Still debating Device Back Doors and Compliance with Court Orders
In that report we noted Comey stating that 'We've had very good open and productive conversations with the private sector over the last 18 months about this issue, because everybody realizes we care about the same things. We all love privacy, we all care about public safety and none of us want backdoors — we don't want access to devices built in some way. What we want to work with the manufacturers on is to figure out how can we accommodate both interests in a sensible way,' said Comey in response to a question from senator Hatch about the security risks of backdoors being built in to enable access to encrypted data.
'How can we optimize the privacy, security features of their devices and allow court orders to be complied with. We're having some good conversations — I don't know where they're going to end up, frankly. I could imagine a world that ends up with legislation saying that if you're going to make devices in the US you figure out how to comply with court orders. Or maybe we don't go there. But we are having productive conversations right now I think."
To review the EU Parliament's full and final draft on Civil Liberties, Justice and Home Affairs click here.
About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Those using abusive language or negative behavior will result in being blacklisted on Disqus.