EU Council urged: Get internet giants to share encryption keys
EU Council urged: Get internet giants to share encryption keys

In a leaked meeting document which came to light late on Friday, the EU Counter-Terrorism Coordinator, Gilles de Kerchove, detailed Europe's “unprecedented, diverse and serious terrorist threat”, highlighting last month's Charlie Hebdo attacks in Paris as one recent example.

Addressing the Council's Standing Committee on Internal Security (COSI) ahead of the meeting between Justice and Home Affairs ministers in Riga, Latvia on 29 January, the EU CTC detailed everything from the prevention of radicalisation on the internet and the engagement of internet companies, to the removal of illicit content and the need for information sharing between member states. 

It also proposed a new anti-terrorism unit, the European Counter-terrorism Centre, which would potentially be based at Europol, along with the European Cybercrime Centre (EC3).

But it was on encryption where the EU CTC was most controversial, suggesting – as British Prime Minister David Cameron did earlier this year – that law enforcement must find ways around encryption.

“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralised encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible,” the meeting document reads on page 10.

“The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide (keys) under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities, to communications (ie share encryption keys).” This news came only days after it was claimed that GCHQ had obtained private encryption keys after hacking Gemalto's internal networks.

It is perhaps unsurprising then that the EU CTC also calls for a deeper relationship between the EU and internet companies as well as the EU and the US in general. The US – and Silicon Valley – is at the forefront of technology innovation, after all.

“The Commission should deepen the engagement with the internet companies. The Forum, with representatives from the EU institutions, Member States and industry counterparts to discuss terrorism in full compliance with human rights, should be set up quickly. The Forum could also explore joint training and workshops for representatives of the law enforcement authorities, internet industry and civil society.

“A dialogue with the internet companies is necessary at both EU and at international level. In this context, further cooperation with the US could be explored. Working with the main players in the internet industry is the best way to limit the circulation of terrorist material online.”

The report goes onto note that law enforcement - such as Europol – should have a greater role in flagging illegal content, something which has traditionally been left to commercial enterprises such as Twitter and Facebook. CTC suggests Europol's own 'Check the Web' project should be ‘beefed up' for monitoring social media communications.