EU Proposes Enforcing Data Encryption and Banning Backdoors

The European Parliament's Committee on Civil Liberties, Justice, and Home Affairs has published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data.

The proposed amendment relates to Article 7 of the EU's Charter of Fundamental Rights, which says that EU citizens have a right to personal privacy, as well as privacy in their family life and at home. By extension, the "confidentiality and safety" of EU citizens' electronic communications needs to be "guaranteed" in the same manner.

Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication.

The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and messaging provided through social media.
The regulation states that the disclosure of contents in electronic communications may reveal highly sensitive information about citizens, from personal experiences and emotions to medical conditions, sexual preferences and political views, which could result in personal and social harm, economic loss or embarrassment.

In addition, the committee argues that not only the content of communications needs to be protected, but also the metadata associated with it, including numbers called, websites visited, geographical location, and the time, date, and duration of calls, which might otherwise be used to draw conclusions about the private lives of persons involved.

The regulations would apply to providers of electronic communication services as well as software providers that enable electronic communications and the retrieval of information on the internet. However, the amendment goes further by stating that the use of software backdoors by EU member states should be outlawed.
When encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.  

Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
The proposals appear to have been tabled in response to comments made by EU member states such as the U.K., which has argued that encrypted online channels such as WhatsApp and Telegram provide a "safe haven" for terrorists because governments governments and even the companies that host the services cannot read them.

The U.K. home secretary Amber Rudd recently claimed that it is "completely unacceptable" that authorities cannot gain access to messages stored on mobile applications protected by end-to-end encryption. A leaked draft technical paper prepared by the U.K. government was leaked shortly after Rudd's comments, containing proposals related to the removal of encryption from private communications.

The EU proposals could also put European security policy at odds with federal legislators in the U.S., who recently called on technology companies to compromise the encryption built into their mobile software. Last year, Apple and the FBI were involved in a public dispute over the latter's demands to provide a backdoor into iPhones, following the December 2015 shooter incidents in San Bernardino.

Apple said the software the FBI asked for could serve as a "master key" able to be used to get information from any iPhone or iPad - including its most recent devices - while the FBI claimed it only wanted access to a single iPhone.

The European Union proposals have to be approved by MEPs and reviewed by the EU council before the amendments can pass. It remains unclear how the laws would apply in the U.K. after Brexit, initial negotiations for which begin on Monday. 

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Mobile Roaming Charges Abolished in the EU

A new European Union law came into effect on Thursday that abolishes roaming charges for people using mobile phones abroad. The new rules mean that European citizens traveling within the EU that call, text, and browse the internet on their mobile devices will be charged the same price they pay in their home country.


Previously, roaming charges were added to the cost of calls, SMS messages, and web browsing whenever mobile users in the EU traveled to another country and connected to another cellular network. The practice of charging consumers extra while they were abroad gained widespread notoriety because users often ended up having to pay extortionate fees for relatively moderate data usage.
"Each time a European citizen crossed an EU border, be it for holidays, work, studies or just for a day, they had to worry about using their mobile phones and a high phone bill from the roaming charges when they came home," said the European Commission in a statement. "The European Union is about bringing people together and making their lives easier. The end of roaming charges is a true European success story. Eliminating roaming charges is one of the greatest and most tangible successes of the EU," the statement added.
The EU has been negotiating with mobile networks for nearly 10 years to come to an agreement regarding the legislation, following repeated warnings from networks that the law could mean higher tariffs at home. That outcome appears to have been avoided, however.

"The EU has managed to find the right balance between the end of roaming charges and the need to keep domestic mobile packages competitive and attractive," continued the statement. "Operators have had 2 years to prepare for the end of roaming charges, and we are confident that they will seize the opportunities the new rules bring to the benefit of their customers."

Despite the new law, consumer watchdog Which? told the BBC that mobile users need to be aware that if they exceed contract data allowances while traveling within the EU they will still be charged, just as they would be in their own country. Also, the law only applies to travelers, so calling another EU country from home will still incur additional charges.


Discuss this article in our forums

U.K. Surveillance Powers Are ‘Illegal’, Rules E.U.’s Highest Court

The European Union's highest court has ruled that the "general and indiscriminate retention" of electronic communications by governments is illegal, in a direct challenge to the U.K.'s recently passed Investigatory Powers Act, the so-called "Snooper's Charter" (via The Guardian).

The U.K. bill requires that internet service providers retain a record of all websites visited by citizens for 12 months at a time, but today's decision by the European Court of Justice (ECJ) in Luxembourg ruled that the collection of data in such a manner puts citizens under "constant surveillance" and enables governments to draw "very precise conclusions" about their private lives.

european_court_of_justice-4f451e1-intro
The European Court of Justice.

The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious. The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference.
It's unclear at this point whether the ruling can be used to overturn the United Kingdom's surveillance laws. The U.K.'s Home Office has said it will appeal the ruling, which could eventually prove academic once the country has withdrawn from the E.U. and the ECJ loses judicial authority over the U.K.

Martha Spurrier, director of the human rights group Liberty, said the ruling "upholds the rights of ordinary British people not to have their personal lives spied on without good reason or an independent warrant."
The government must now make urgent changes to the Investigatory Powers Act to comply with this. This is the first serious post-referendum test for our government's commitment to protecting human rights and the rule of law. The UK may have voted to leave the EU – but we didn't vote to abandon our rights and freedoms."
Apple has long opposed the U.K.'s Investigatory Powers bill, which originally required companies to build anti-encryption backdoors into their software, before an amendment to the wording meant that companies aren't required to do so when a government agency requests it, unless taking such an action "is technically feasible and not unduly expensive". The exact definition of those terms are set to be left to the decision-making of a British judge on a case-by-case basis.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums