Encryption is either secure or it’s not – there is no middle ground
The principle of end-to-end encryption underpins a system of communication where only the communicating users can read the messages. To this end, it exists to prevent any potential eavesdroppers (telecom providers, internet providers, law enforcement agencies) from being able to access the cryptographic keys needed to decrypt the conversation.
Adopting new rules
We remain deeply concerned, therefore, that the Council of the European Union is seeking to adopt new rules that would effectively do away with encryption. At the end of last year, they released a five-page resolution that called for the EU to pass new rules to govern the use of end-to-end encryption in Europe. We are completely against this resolution as it effectively ends the notion of true encryption.
There’s no such thing as strong encryption if you allow the institution of backdoors for government or law enforcement officials – and don’t believe any politicians who say otherwise – they are, at best, ill-informed. The most important takeaway here is that encryption is either secure or it is not. Users either have privacy or they do not.
Weak encryption
We strongly believe that encryption is the very foundation of the internet. Every citizen needs encryption to safeguard their data and to offer themselves protection against hackers and other malicious online forces. Politicians will argue that they see backdoors as an easier way to thwart all manner of crimes, ranging from terrorist attacks through to drug trafficking. However, by effectively quashing end-to-end-encryption, the government disregards all the other crime that effective encryption protects citizens from.
By calling on technology companies to find ways to bypass encryption so that law enforcement agencies can quickly access a suspect’s messages or device, we may end up with weak encryption. And weak encryption is, in our opinion, the same as no encryption.
We understand the need to combat online criminal activity in all of its various guises, but we do not believe that weakening encryption will solve that. Indeed, weakening encryption is actually counterproductive. For example, putting pressure on popular messaging apps to have a backdoor in their encryption doesn’t deter criminals from establishing their own encryption services.
Business impact
There is an impact on businesses, too. Many organizations use end-to-end encryption for protecting their trade secrets and classified information. And what about the impact on many of the apps that we all use to communicate? These apps are underpinned by a zero-knowledge ethos which means that users don’t need to worry about being tracked or monetized and can exercise their right to privacy.
The Council of the European Union’s proposed resolution is all the more surprising in light of the General Data Protection Regulation (GDPR). This model for data protection legislation is very much in favor of robust encryption as an elementary technology to ensure the right to privacy (for citizens).
Ultimately, adopting this resolution would severely undermine the trust that individuals and businesses place in end-to-end encrypted services. It also threatens the security of users who merely wish to share information securely. When politicians expect the introduction of encryption backdoors, they completely miss the point regarding security and privacy. They are effectively asking us to say no to security.