Letter to Coucil and Commission to stop compromising encryption11. November 2020
To Charles Michel, President of the European Council
To Horst Seehofer, German Minister of the Interior, Building and Community
(Presidency of the Council of the EU)
To European Commission
Margrethe Vestager, Executive Vice-President “A Europe Fit for the Digital Age”
Ylva Johansson, Commissioner “Home Affairs”
Thierry Breton, Commissioner “Internal Market”
Encrypted communication has come under attack from both the European Commission as well as most recently the Council. Commissioners Ylva Johansson and Thierry Breton have stated publically that messenger services would be required to allow access to encrypted messages. 1 The Financial Times also reported in September 2020 on an internal note of the Commission detailing such plans.2
Austrian radio station FM4 on 9 November 2020 reported on and published a draft Council resolution that is scheduled to be adopted in December 2020.3 The Council calls for measures that go beyond what the Commission has so far proposed and would foresee access of “competent authorities” to encrypted messages also to fight terrorism and organised crime. We are dismayed that the Council is quietly adopting such a controversial proposal, without any meaningful public debate about the call for European legislation.
The Article 29 Data Protection Working Party and its successor the European Data Protection Board remind us that “[t]he availability of strong and trusted encryption is a necessity in the modern digital world. Such technologies contribute in an irreplaceable way to our privacy and to the secure and safe functioning of our societies”.4
Introducing backdoors and master keys severely compromises the strength and efficiency of encryption. No technical solution can guarantee the same level of security. Backdoors can and will be abused by criminals, external state actors and forces who seek to destabilise our society. Granting law enforcement or “competent authorities” access to encrypted messages therefore severely threatens the security of users. This was also pointed out by German data protection and cybersecurity specialists in an open letter in June 2019.5
The citizens of Europe cannot accept having their cybersecurity compromised, especially at a time when digital tools of communication have become the norm for many in their private and professional lives.
We object in particular to use the recent terrorist attacks as a way to further this agenda. Current regulations give law enforcement access to an already large amount of data and information. We agree with data protection specialists that “access must remain proportionate and targeted” and law enforcement “should focus on improving their capabilities to interpret those data to investigate and prosecute criminals”.4
In conclusion, we call on the European Commission and the Council to stop and retract all plans that involve compromising encryption.
Members of the European Parliament
Sophie in ‚t Veld
Jorge Buxadé Villalba
Margarita de la Pisa Carrión
Ivan Vilibor Sinčić
Kim van Sparrentak