EU recommends outlawing backdoors, while UK pushes for them

A review of European privacy laws said that "the use of end-to-end encryption should also be encouraged."
Written by Zack Whittaker, Contributor
(Image: file photo)

A review of European privacy rules has concluded that any effort to weaken encryption across the bloc of member states "should be prohibited."

A preliminary report by European data protection supervisor Giovanni Buttarelli, the leading figure in ensuring data protection and privacy rules are enforced across the European bloc, said that nation-state governments should not be allowed to monitor, reverse engineer, or decrypt communications that are deliberately scrambled.

It added that encryption providers, internet and phone providers, and "all other organizations" should be prohibited "from allowing or facilitating 'backdoors'."

The report also called on end-to-end encryption to be "encouraged, and when necessary, mandated" in line with the bloc's principles of data protection by design.

That will come as good news to the security and privacy community, which has persistently pushed back on any notion of backdoors in products, services, or cryptography, and has long promoted the use of encryption across products, services, and technologies.

But the report's findings fall in direct conflict with efforts by the UK government to expand its decade-old surveillance laws.

The so-called draft Investigatory Powers Bill has proven controversial among the public and tech companies alike -- not least Apple and other tech companies, and senior members of the United Nations.

One of the key provisions to the bill would allow the government to force UK companies to remove encryption on demand to help authorities intercept data.

The bill would also mandate companies to disclose products and services prior to their launch -- often considered highly sensitive and proprietary information -- to ensure that they can still be wiretapped by the security and intelligence agencies.

Buttarelli said that the rules should be "smarter, clearer [and] stronger" to ensure better clarity as technology evolves.

But, though the UK wasn't called out by name, the data protection czar was clear that "any interference with the right to the confidentiality of communications" is contrary to European law.

That may not be too much of a problem when the UK decides to invoke the mechanism to leave the EU, following a national referendum vote in June.

Editorial standards