VPN Articles and News

EU Wants To Force Internet Companies To Reveal Their Encryption Keys

Friday, April 17th, 2015

Gilles de Kerchove, European Union’s Counter Terrorism Coordinator, has recommended that the European Commission must force internet and phone companies operating within the region to hand over their secret encryption keys (i.e., crypto keys) to the European governments. De Kerchove shared these views in a document which was prepared in response to Paris terror attacks and was subsequently leaked by the civil rights organization Statewatch.

The terror attacks in Paris have led to a flurry of announcements from European leaders on how to combat terrorism and homegrown extremism. While some leaders have called for increased patrols and intelligence sharing, other have recommended to increase state sponsored surveillance and even block the use of encrypted services. The leaked document prepared by De Kerchove mentions that since one of the core values of the European Union (freedom of speech) was attacked in Paris, the Union must respond with meaningful action otherwise there is bound to be disillusionment among the general population.

The leaked document also raises concern about the techniques adopted by organizations in response to Snowden’s revelations. It reveals how most telecom and internet companies have already moved towards de-centralized encryption to protect the data of their customers and how the use of such tactics is making it extremely difficult or even impossible to lawfully intercept communications.

The document recommends that in view of the difficulties faced by law enforcement agencies in monitoring communications, the European Commission should set up rules that would direct telecommunications and internet companies operating within EU to hand over their encryption keys to the national authorities in response to certain conditions and while upholding the laws of the country and fundamental rights of the involved parties.

However, the document fails to mention that by forcing companies to hand over their encryption keys, the European governments would be in fact violating the right to privacy of their citizens. Most privacy advocates fear that the authorities would not adhere to the “protection of fundamental rights” clause mentioned in the document and would misuse the law (if it gets approved) to conduct mass surveillance on an unprecedented scale.

In addition to the above proposal, the document also calls for the creation of a new data retention law. Telecom firms and ISPs in many European countries already retain data for a significant period of time so it is hard to imagine how the new legislature would improve the counter-terror operations. It is however possible that the new law would make it easy for the law enforcement agencies to tap into stored data and it could also force corporations to store metadata and actual usage data for an extended period of time.

The document also mentions that the European Law Enforcement agency Europol should have a greater say in flagging content that violates the terms of the site on which it gets posted. As per De Kerchove, this step could help in reducing the amount of dangerous content that gets posted online and as a result, prevent radicalization of Europeans. The document even suggests that Europol’s â€Check the Web’ initiative should be made stronger to monitor and analyze content posted on social sites.

If you are interested in reading the entire document, you can access it here: http://www.statewatch.org/news/2015/jan/eu-council-ct-ds-1035-15.pdf

April 17, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 1 =