Europe wants to make it easier to crack encryption, but rules out backdoors
Europe wants to make it easier for police to crack encrypted messages, but doesn't want to force tech companies to install back doors into their secure communications services.
Police and intelligence agencies have long warned that the use of end-to-end encryption is making it harder for them to investigate crime because messages sent using it can only be read by the sender and the recipient.
Law enforcement agencies have asked that companies offering such services should be required to add some kind of backdoor that would allow investigators access to communications when necessary, but they have had little success so far. Privacy campaigners argue that uncrackable communications are vital for privacy.
The Europe Commission is trying to steer a middle path, acknowledging the need for police to be able to investigate but also recognising that secure communications are needed.
It has announced a package of measures that it said would support law enforcement and judicial authorities when they encounter encryption in criminal investigations "without weakening encryption at a more general level or affecting a large or indiscriminate number of people".
"Law enforcement and judicial authorities are increasingly facing challenges posed by the use of encryption by criminals in the context of criminal investigations. This is not only limited to serious crimes: in many cases, electronic data may be the only information and evidence available to prosecute and convict criminals. The challenges are not only due to attempts by criminal users to disguise their electronic communication and privately stored data, but also due to the default option of many communication services to apply encryption. The use of encryption by criminals, and therefore its impact on criminal investigations, is expected to continue to grow in the coming years," it said.
The Commission said it wants to help Europol to further develop its decryption capability and to set up a network of centres of encryption expertise, as well as aiding it in creating a 'toolbox' for legal and technical instruments.
It has also said it will provide a, not-exactly-huge, €500,000 for training for law enforcement authorities, and said that early next year it will present proposals to provide for a legal framework to facilitate access to electronic evidence.
Despite loud calls from some politicians, particularly in the UK, to ban the use of end-to-end encryption, any ban is unlikely to succeed without action by the US because that is where most of the big tech companies are based.
But while properly implemented end-to-end encryption is all but impossible to break in a realistic time-frame, the phones and PCs upon which those encrypted apps are running are much easier for police to hack into.
So rather than attacking the encryption police are more likely to look at hacking the devices to gain access to the messages; for example the UK has recently passed legislation to clarify when and how police and other agencies can hack into devices.
Earlier this month, the European Parliament passed a motion calling on member states to promote practical security measures, such as encryption, and warned governments not to "impose any obligation on encryption providers that would result in the weakening or compromising of the security of their networks or services, such as the creation or facilitation of 'back doors'.
READ MORE ON WEB SURVEILLANCE
- Encryption: In the battle between maths and politics there is only one winner
- The new art of war: How trolls, hackers and spies are rewriting the rules of conflict
- Inside the secret digital arms race: Facing the threat of a global cyberwar
- Surveillance laws need rethink, but bulk collection of web data will continue
- The undercover war on your internet secrets: How online surveillance cracked our trust in the web