Nearly 450 million EU citizens are counting on the Council of the European Union to make decisions that protect their safety. The Council has a duty make these decisions based on reliable information.
In the next week, the Council of the European Union is expected to consider a resolution that argues that law enforcement “must be able to access data in a lawful and targeted manner.” This resolution is the first step of a wider push by the European Union to demand law enforcement access to encrypted data.
But are they relying on accurate information to make their decisions?
A report leaked from the European Commission in September, Technical solutions to detect child sexual abuse in end-to-end encrypted communications, tries to analyze different ways to spot illegal content in private communications that use end-to-end encryption. This leaked report could influence their decison-making on encryption policy in the EU.
The EU Commission’s report alludes to the idea that some access methods may be less risky than others. However, the bottom line is that each method presents serious security and privacy risks for billions of users worldwide.
Don’t take just my word for it. According to the Internet Society and the Center for Democracy and Technology’s joint evaluation, Breaking Encryption Myths: What the European Commission’s Leaked Report Got Wrong about Online Security, the report fails to adequately identify or evaluate the risks presented by these proposed methods of access. Breaking Encryption Myths, signed by over 30 cybersecurity experts, highlights critical omissions that undermine the utility of the leaked report. The report also fails to explore the security impact of these access methods on users, leaving dangerous vulnerabilities unmentioned.
The consensus among cybersecurity experts is clear:
There’s no way to break encryption without making everyone – including the children we are trying to protect – more vulnerable.
By forcing service providers to undermine the security of their end-to-end encrypted services, these methods jeopardize the safety of the countless people who rely on them each day. Breaking end-to-end encryption to curb objectionable content online is like trying to solve one problem…by creating 1,000 more.
Over 30 leading global cybersecurity experts from academia, civil society, and the private sector have said that the conclusions drawn by the EU Commission’s leaked report are untenable. As the Council of the European Union considers their resolution on law enforcement access to encrypted data, they must base their decisions on technical reality.
No matter the method, when you force companies to provide law enforcement with access to end-to-end encrypted communications, it weakens security for all. That is a fact.
Image by Vlad Zaytsev via Unsplash