End-to-end encryption plan puts Europe on collision course with UK

Legislation by European Parliament's Committee on Civil Liberties, Justice, and Home Affairs potentially puts EU at loggerheads with the UK over the encryption debate.
Written by Danny Palmer, Senior Writer

European Parliament MPs have suggested there's a fundemental right to use encrypted communications.

Image: iStock

All European Citizens should have the right to use end-to-end encryption in all forms of digital communications, in order to ensure online privacy and protection against unauthorised government surveillance, according to draft European Union legislation.

The proposals, which could enforce the use of end-to-end encryption as an extension of individual privacy, look to enshrine "a high level of protection of individuals with regard to their fundamental rights of private life and data protection" into European law. As such, Theresa May's government, which has expressed concerns about the use of encryption, may find itself on a collision course with European legislators over internet privacy rights.

"The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, email, internet phone calls and personal messaging provided through social media," said the draft proposal by the European Parliament's Committee on Civil Liberties, Justice, and Home Affairs.

Furthermore, it looks to enshrine for end-to-end encryption to guarantee absolute privacy for the users.

"The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data".

The recommendation by European Parliament MEPs comes as the UK government - in addition to beginning Brexit negotiations - has called for more power over the internet, including the possibilities of weakening encryption and being able to place backdoors into devices.

But the European draft warns: "Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services," the EU legislation proposes.

It's suggested the new ePrivacy proposals fall under Article 8 of the European Convention of Human rights, that everyone "has the right to respect for his or her private and family life, home and communications" including "the right to the protection of personal data concerning him or her".

The draft legislation looks to ensure that all electronic communications are confidential. "Any interference, with electronic communications at rest or in transit, such as by listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or any processing of electronic communications, by persons other than the users, shall be prohibited".

Messaging tools such as WhatsApp and Telegram use end-to-end encryption to ensure the privacy of messages, while many of the services fundamental to the inner workings of the internet also require the use of the technology.

Experts have warned that any attempt to alter or tamper with encryption will have negative consequences for the average user, and won't do much to prevent crime or terrorism as criminal users will simply find more discreet ways to communicate.

The legislation also warns that enabling governments and security services to have backdoors isn't compatible with a number of the European Union's fundamental freedoms.

"The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information".

The proposed amendments on regulations around privacy and electronic communications will require approval from the European Parliament and the European Council before it can become official European Union law, which legal frameworks expected to be in place by May 2018.


Editorial standards