European encrypted services providers ProtonMail, Threema, Tresorit and Tutanota on Thursday urged European Union policy makers to rethink plans that would require the implementation of encryption backdoors.
The Council of the European Union in December adopted a resolution on “security through encryption and security despite encryption.” The council said it supports the development and use of strong encryption to protect citizens and organizations, but at the same time it believes law enforcement and judicial authorities need to be able to exercise their legal powers.
There has been a lot of discussion over the past years about finding a balance between providing strong encryption to users while also enabling law enforcement to access encrypted communications and data during their investigations. However, while policymakers around the world are convinced that such a balance can somehow be achieved, tech companies say it’s impossible, as it would require the implementation of encryption backdoors that could be leveraged not only by law enforcement, but also by bad actors.
ProtonMail, Threema, Tresorit and Tutanota say they are concerned about the Council of the EU’s resolution and they have each issued a statement warning that the rights of EU citizens are under threat from these anti-encryption proposals.
“Whilst it’s not explicitly stated in the resolution, it’s widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors. However, the resolution makes a fundamental misunderstanding: encryption is an absolute, data is either encrypted or it isn’t, users have privacy or they don’t,” said Tresorit, which provides end-to-end encrypted cloud storage for businesses.
Andy Yen, the CEO of encrypted email service ProtonMail, commented, “Put simply, the resolution is no different from the previous proposals which generated a wide backlash from privacy conscious companies, civil society members, experts and MEPs. The difference this time is that the Council has taken a more subtle approach and explicitly avoided using words like ‘ban’ or ‘backdoor’. But make no mistake, this is the intention. It’s important that steps are taken now to prevent these proposals going too far and keep European’s rights to privacy intact.”
Arne Möhle, CEO and founder of Tutanota, a free encrypted email service, warned about the implications for EU citizens.
“With the latest attempt to backdoor encryption, politicians want an easier way to prevent crimes such as terrorist attacks while disregarding an entire range of other crimes that encryption protects us from: End-to-end encryption protects our data and communication against eavesdroppers such as hackers, (foreign) governments, and terrorists. By demanding encryption backdoors, politicians are not asking us to choose between security and privacy. They are asking us to choose no security,” Möhle said.
And Martin Blatter, CEO and founder of secure messaging application Threema, warned about the implications for European businesses.
“Young European companies are now at the forefront of this revolution in technology and data protection. Experience shows that anything that weakens these achievements can and will be abused by third parties and criminals alike thus endangering the security of all of us. With the abundance of uncontrollable open-source alternatives, users would simply move on to those applications if they knew a service was compromised,” said Blatter.
He added, “Forcing European vendors to bypass or deliberately weaken end-to-end encryption would destroy the European IT startup economy without providing even one bit of additional security. Europe would recklessly abandon its unique competitive advantage and become a privacy wasteland, joining the ranks of the most notorious surveillance states in the process.”
While law enforcement agencies have often complained about not being able to conduct their investigations due to strong encryption, there is some evidence suggesting that at least some agencies, such as the FBI, do have the resources needed to access data from encrypted devices.
Related: ACLU Sues FBI to Learn How It Obtains Data From Encrypted Devices
Related: The Argument Against a Mobile Device Backdoor for Government
Related: ‘Five Eyes’ Alliance Demands Ways to Access Encrypted Apps
Related: DoJ Again Asks for Encryption Backdoors After Hacking US Naval Base Shooter’s iPhones
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- New York Man Arrested for Running BreachForums Cybercrime Website
- Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
- Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
- Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
- Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency
- US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing
- Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs
Latest News
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
- Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
