The European Parliament's Committee on Civil Liberties, Justice and Home Affairs has released a draft report on the proposal for enforcement of end-to-end encryption on “electronic communication data”.
The report explains how the committee wishes to better regulate the “respect for private life and the protection of personal data in electronic communications” for EU citizens.
The committee says Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), has not kept up to date with the fast-paced nature of technological evolution which has resulted “in an inconsistent or insufficient effective protection of privacy and confidentiality in relation to electronic communications."
Going forward it wants to legislate so that “future means of communication, including calls, internet access, instant messaging applications, email, internet phone calls and messaging provided through social media,” are all protected from prying eyes.
The committee recognises that electronic communications may “reveal high sensitive information” about the persons involved including highly sensitive topics such as medical conditions, sexual preferences and political views.
It also discusses the amount of data which is “derived from metadata” associated with electronic communications.
It writes: “The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.”
Therefore, “The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.”
The committee added: “Service providers who offer electronic communications services should process electronic communications data in such a way as to prevent unauthorised access, disclosure or alteration, ensure that such unauthorised access, disclosure or alteration is capable of being ascertained, and also ensure that such electronic communications data are protected by using specific types of software and encryption technologies.”
Despite the news, which most in the industry would likely welcome, following the Westminster Attack in London, the UKs Home Secretary Amber Rudd suggested that such encrypted communication apps such as Telegram and Signal “give terrorists a place to hide”.
Back in March, in response to the Westminster attack, major general Jonathan Shaw, the Ministry of Defence's former head of cyber-security, accused the government of trying to "use" the Westminster attack to grab unnecessary and intrusive surveillance powers.
Shaw argued that if the Government does push through laws to listen in to conversations on WhatsApp, terrorists would simply use other encrypted chat apps.