ProtonMail, Threema, Tresorit and Tutanota warn EU lawmakers over ‘anti-encryption’ push – TechCrunch

Four European apps that protect user data via end-to-end encryption, ProtonMail, Threma, Trisorite and Tutanota, have issued a joint statement warning on recent steps taken by EU institutions to say That lawmakers are setting up a dangerous path for backdooring encryption.

End-to-end encryption refers to a type of encryption where the service provider does not hold the keys to decrypt the data, which increases user privacy – because the loop with the technical capability to access the data in decrypted form Has no third party.

E2e encryption also enhances security by reducing the area of ​​attack surface around people’s data.

However, increasing access to e2e encrypted services has been a concern for law enforcement for some half a decade or more. This is because it makes it harder for agencies to access decrypted data. Service providers providing service with a warrant for E2e encrypted user data will only be able to provide it in an unreadable form.

last month The EU Council has passed a resolution on encryption that suffers from contradictions – calling for “security through encryption and security despite encryption” – which four E2E app makers believe backdoor encryption Is a thin curtain call.

The European Commission has also called for “better access” to encrypted information, writing in a broader counter-terrorism agenda that it published in December that it “will work with member states” Identifying potential legal, operational and technical solutions for legitimate access” [emphasis its].

Simultaneously, the Commission has stated that it will “promote an approach that maintains the effectiveness of encryption in protecting the confidentiality and security of communications while providing an effective response to crime and terrorism”. And has made it clear that there will be no ‘one silver bullet’ in relation to the e2e encryption security ‘challenge’.

But such warnings are doing nothing to ease the concerns of E2N encrypted app makers – which are reassuring proposals from the Council of the European Union, which are involved in the adoption of Block’s laws (although the Commission usually Drafts the law), makes a push towards the backrest. .

“While this is not explicitly stated in resolution, it is widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via the backforce,” the four app creators warn, It was felt that such a move would have to weaken the institutions of security EU. Also want to claim to maintain.

“Resolution creates a basic misunderstanding: encryption is a complete one, data is either encrypted or it isn’t, users have privacy or they don’t,” they go on. “The desire to give law enforcement more tools to fight crime is clearly understandable. But the proposals are the digital equivalent of giving law enforcement the keys to every citizen’s home and can begin a slippery slope to greater violations of personal privacy. “

They point out that any move to break e2e encryption in Europe will increase interest in globally robust encrypted services – pointing to recent times Sign-up increase for applications like Signal As a result of mainstream privacy concerns associated with Facebook-owned WhatsApp.

Europe has also been ahead of the curve globally to protect privacy and security. So it would be quite a U-turn for EU MPs to line up to hole in e2e encryption. (Which are, for example, the EU’s data protection regulator Simultaneous recommendation Used for the legally secure transfer of private data from blocks to third countries where it may be at risk).

To say that the ideological contradictions in the European Union pushed in an anti-encryption direction is a broad understanding. Even the subject is read as the content of the current communisms coming out of Brussels as if they are inherently conflicting – which may indeed be a belief that repaying this circle is a simple policy proposal. Is not.

App makers also like it. “People around the world are withdrawing their privacy, and often it is helping European companies. It seems that policy makers in the European Union will now pursue laws that are exposed to public opinion and weaken the growing European technology sector, ”he writes.

In a personal quote from the joint statement, Andy Yen, CEO and founder of ProtonMail, a Swiss end-to-end encrypted email service, is decently in the face of the latest seeming push for a legal framework to clog encryption Warns against

“This is not the first time we have seen anti-encryption rhetoric from parts of Europe, and I doubt it will be the last. But this does not mean that we should be complacent. Simply put, the proposal is no different from previous proposals, which evoke a wide response from privacy conscious companies, civil society members, experts and MEPs.

“The difference this time is that the council has taken a more nuanced approach and is clearly ‘ban’ or. Words like ‘backdoor’ are avoided. But make no mistake, that is the intention. It is important that these proposals are prevented from going too far and European rights to privacy are upheld.

Martin Blatter, CEO of the end-to-end encrypted instant messaging app Threma, also argues that EU lawmakers homegardens risk thwarting startups if they bypass European vendors or intentionally undermine E2N encryption Let’s try to move forward with the law.

“[It] Not only will the European IT startup destroy the economy, it will also fail to provide an additional security, ”he warned. “Joining the ranks of the most notorious surveillance states in this world, Europe will carelessly abandon its unique competitive advantage and become a privacy wasteland.”

In addition, Istvan Lam, co-founder and CEO of Treasorit, an E2N encrypted file sync and sharing service, has argued that any move to weaken encryption would seriously undermine trust in services – as well As well as being “irrelevant” to the EU’s current stance. data privacy”.

“We find this proposal particularly alarming given the European Union’s first progressive views on data protection. They said the General Data Protection Regulation (GDPR), the EU’s globally recognized model for data protection legislation Is, advocates strong encryption as a fundamental technology to ensure the privacy of citizens, “he said:” The current and proposed approaches are thorough. Interchangeably, because encrypted data is targeted to any type of It is impossible to guarantee the integrity of encryption while providing access. “

While Arne Mohle, co-founder of Tutanotta, the German E2N encrypted email provider, says any push for backdoor encryption would be a disaster for security – which is indeed a risk helping Criminal.

“Every EU citizen needs encryption to secure their data on the web and protect themselves from malicious attackers,” he said. “With the latest attempt at backdoor encryption, politicians want an easy way to prevent crimes such as terrorist crimes, while disregarding a whole range of other crimes that encryption provides us with: end-to-end encryption. Protects our data and communications such as EverWrapper hackers, (foreign) governments, and terrorists. “

“By asking for encryption backdoor, politicians are not asking us to choose between security and privacy. He said that we are asking not to choose any security.

There has been a battle in Europe over what the Council’s contradictory decisions will actually do to ensure “security through encryption and security despite encryption”. But it seems clear that any push towards the backdoor will spark major regional opposition – as well as being an unattractive option for EU policymakers as it faces a legal challenge. Field jurisprudence.

The Commission recognizes this complexity. Its counter-terrorism agenda is also very broad. There is certainly no suggestion that it believes that e2e encryption is the only nut that should be cracked. EU institutions are emphasizing many fronts here, not least because a bunch of red lines fundamental to non-targeted sanctions limit the wiggling room.

This therefore comes out of the council’s resolution so there may be a concerted push to advance police in areas relevant to the investigation (such as digital forensics and metadata analysis). And perhaps build structures for local or state-level forces to reach more powerful security service technical competencies to pursue targeted investigations (such as device hacking). Instead of the EU level order exploding at e2e encryption vendors mandating a universal key escrow ‘solution’ (or similar) – indiscriminately risking the security and privacy of all.

But it is definitely one to watch.