EU Wants Access to Encrypted Messages, Journalists Cry Foul

A European Union scheme to let authorities access to encrypted messages if they're tied to investigations into terrorism and organized crime has journalists worried about protecting sources and digital rights campaigners about surveillance.

First reported by Austrian public broadcaster FM4, the plan would require communications companies such as Signal and WhatsApp – which provide encrypted services to clients such as reporters and privacy advocates – to let law enforcement and intelligence agencies see messages sent and received.

A draft resolution circulated by the German government, which holds the EU’s rotating Presidency, proposes creating a “better balance” between privacy and crime fighting online. Digital privacy groups said it tilts in favor of law enforcement.

The confidential draft, obtained by The Associated Press, states that “competent authorities must be able to access data in a lawful and targeted manner, in full respect of fundamental rights and the data protection regime, while upholding cybersecurity”.

It adds that “technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity and proportionality”, without indicating safeguards for journalists and their sources who rely on encrypted services.

The European Council, which represents the leaders of the 27 member states, forwarded the idea during a resurging COVID-19 pandemic that has privacy groups worried about whether track-and-trace apps could also be used for surveillance.

Digital rights groups European Digital Rights and Access Now said the resolution was drafted without input from privacy experts or journalists.

End-to-end encryption prevents authorities, company employees, and hackers from viewing the content of private digital messages. According to the organizations, the resolution proposes unspecified technical solutions to undermine those protections.

“EU institutions must immediately retract all plans to undermine encryption, which is vital to press freedom and the free flow of information,” Tom Gibson, EU Representative for the Committee to Protect Journalists told the AP.

“Encryption offers essential protection for journalists who routinely communicate and share files electronically. If journalists cannot communicate safely with colleagues and sources, they cannot protect the anonymity of their sources,” he added.

German Left party lawmaker Anke Domscheit-Berg suspected the EU was spooked by recent terror attacks in France and Austria.

“The proposed EU regulation is an attack on the integrity of digital infrastructure and therefore very dangerous,” she said, calling it a back door attack on privacy.

Patrick Breyer, a Member of the European Parliament with Germany’s Pirate Party, said enabling governments to intercept encrypted communications “would be the end of secure encryption altogether and would open back doors also for hackers (and) foreign intelligence,” among others.

Germany’s Interior Ministry said the resolution was an effort to “enter into a dialogue with industry and reach a general consensus about how progress can be made in this area that’s acceptable for both sides,” and it wasn't a “master key.”

But it comes as Germany just said it would expand expand existing surveillance powers reserved for law enforcement agencies to the country’s domestic intelligence agency as a tool as well.

The move, said the site Euractiv, is one of the reasons why so-called “state trojans” are popular with authorities as it would let them read the decrypted messages directly on the end-user devices, rendering encryption useless.