D-Day for encryption may be here sooner than you think. The EU justice commissioner Vera Jourová said this week that the European Commission will propose in June new measures to enable police to access data from encrypted apps.
Jourová said there will be three or four options proposed including binding legislation and voluntary agreements with companies.
The goal is to enable police to demand access to encrypted data and get a “swift, reliable response”, according to the website euractiv.com.
The announcement follows comments from UK home secretary Amber Rudd at the weekend that law enforcement should be empowered to break encryption on demand.
Speaking on BBC One's Andrew Marr show, Rudd spoke of an era when law enforcement would “steam open envelopes, or just listen in on phones, when they wanted to find out what people were doing”, adding: “We need to make sure that our intelligence services have the ability to get into encrypted situations like WhatsApp.”
Rudd suggested that such encrypted communication apps “give terrorists a place to hide”.
However, the shadow digital economy minister, Louise Haigh MP, speaking in the House of Commons, asked whether the government wasn't breaking a promise it made during the debate on the Investigatory Powers Act last year.
Haigh said: “The Lord Howe said back in October, ‘The assertion that the Government are opposed to encryption or would legislate to undermine it is fanciful.'”
Commenting afterwards, Haigh told SC Media UK: “This represents a step change from the settlement agreed just four months ago in the Investigatory Powers Act and it raises serious questions about privacy and user security. Cyber-security is a national priority and our digital sector depends on it being guaranteed. Weakening that would be a mistake and Ministers must urgently clarify their proposals.”
From a European perspective, the objectives, at least, seem very clear.
German interior minister Thomas de Maizière and French minister of the interior Matthias Fekl see nothing special about encrypted communications, telling MEPs that forcing internet service providers to break encryption is no different than laws requiring telecom operators to facilitate wiretapping, subject to the usual safeguards.
Technology firms take this to mean weakening encryption by installing ‘backdoors', but de Maizière rejected suggestions that it would be necessary to install backdoors in the products to achieve this, claiming other solutions may be available.
Proposed changes to the EU ePrivacy law would extend the laws from telecoms services to including internet services and allow national governments to ignore some privacy rules in the interests of national security. However, the changes don't cover encryption and some countries are complaining they have no power to compel internet providers to divulge secure data.
Meanwhile, intelligence agencies and law enforcement appear to be targeting devices as a way to intercept data before it's encrypted, raising the possibility that encryption backdoors will become a moot point.