The European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs, published a draft proposal forming an amendment to Article 7 of the EU’s Charter of Fundamental rights, which guarantees the individual’s right to privacy:
- Everyone has the right to respect for his private and family life, his home and his correspondence.
- There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
The amendment would see a guarantee for the “confidentiality and safety” of electronic communications, in order to prevent personal sensitive information from falling into the wrong hands. It would also make it difficult for law enforcement to access telecommunications conversations during criminal investigations.
Their stance opposes that of the US and UK governments, who have been pressuring tech companies to install a cryptography backdoor into their software.
The proposed legislation reads:
“Electronic communications may reveal highly sensitive information about the natural persons involved in the communication, from personal experiences and emotions to medical conditions, sexual preferences and political views, the disclosure of which could result in personal and social harm, economic loss or embarrassment.
“Metadata derived from electronic communications may also reveal very sensitive and personal information. These metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the person involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc.
‘The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.”
It also suggests that the amendment should not lower the level of protection enjoyed by EU citizens:
“On the contrary, it aims to provide additional, and complementary, safeguards taking into account the need for additional protection as regards the confidentiality of communications.”
Commenting on the cryptography backdoor proposal, cyber security expert Professor Bill Buchanan, the head of told DIGIT:
“The EU seems to have the right approach. They seem to understand how to strike the right balance between protecting the rights of the citizen to privacy, against the rights of society to protect itself,” he said. “Many terrorist agencies are tech-savvy, and have ways of encrypting data at its source, and thus any weakening of encryption would possibly have little effect, but open-up so many risks. There are no secrets in the cryptography algorithms used, so that cryptography is in the hands of anyone who wants to use it.
“As a cryptography professor, there is no technical way that we can provide a cryptography backdoor, without massively increasing the risks involved. There is just no technically feasible way of providing a backdoor that cannot be compromised in some way. Few technical specialists ever would advocate the introduction of backdoors in cryptography.
“A master key to open-up all the encrypted contents would just not be worth the risk, especially if this master key were to fall into the hands of malicious agents. The key escrow key method could be attempted, and where a copy of the session key is stored in a protected place, but, again, this would be open to insiders leaking the keys for financial or political gain. This method is defined as “exceptional access”, and where the key is only used when required for an investigation.
Top specialists in cryptography, such as Professor Rov Rivest and Bruce Schneier, have even written a paper: Keys Under Doormats, and where they urge government agencies against the implementation of back doors. In their opening statement they say:
“In the wake of the growing economic and social cost of the fundamental in security of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution.”
“As we move into a world which is built on “encryption-by-default”, the tensions around cryptography are only going to increase.”