By Alan Mcleod
The European Union is rushing through new legislation to get rid of end-to-end digital encryption. This would mean the end of privacy for users of popular messaging apps like WhatsApp and Signal.
A European Council draft resolution on encryption quietly published on Friday afternoon lays out the EU’s Orwellian position in detail. “The European Union fully supports the development, implementation and use of strong encryption,” it states, “Encryption is a necessary means of protecting fundamental rights and the digital security of governments, industry and society.” Yet in the very next sentence it insists that “At the same time, the European Union needs to ensure the ability of competent authorities” to “exercise their lawful powers, both online and offline.” These “competent authorities” (a phrase occurring throughout the document) refer to law enforcement agencies and judicial authorities.
“Protecting the privacy and security of communications through encryption and at the same time upholding the possibility for competent authorities in the area of security and criminal justice to lawfully access relevant data for legitimate, clearly defined purposes infighting serious and/or organized crimes and terrorism, including in the digital world, are extremely important,” it concludes. Thus, the EU’s position is that its citizens should be able to hide their data from criminals, but not from the government or its various spying agencies.
The official justification for these new laws, Austrian public service broadcaster Österreichischer Rundfunk reports, is the Vienna terrorist attack of November 2, which left five people dead and 23 injured. However, it notes, the EU has long dreamed of pushing through legislation which lets it surveil its population. In June, for instance, European Commissioner for Home Affairs Ylva Johannson gave a speech outlining what must be done to win the fight against child trafficking and abuse. “We must also deal with encryption. Military grade encryption that’s easy to use but impossible to break makes paedophiles invisible and hides evidence of their crimes from police,” she insisted. “It’s our obligation to protect children. We must do what is necessary,” she added.
Civil rights group the Electronic Freedom Foundation is not impressed by the various arguments put forward by the EU in order to justify the end of end to end encryption, calling it a “drastically invasive step.”
We are in the first stages of a long anti-encryption march by the upper echelons of the EU, headed directly toward Europeans’ digital front-doors. It’s the same direction as the United Kingdom, Australia, and the United States have been moving for some time. If Europe wants to keep its status as a jurisdiction that treasures privacy, it will need to fight for it,” they wrote last month.
WhatsApp, a subsidiary of Facebook, has over 2 billion users around the world and is particularly popular with Europeans. In terms of user penetration, the top five countries for WhatsApp are all in Europe, with over 85 percent of Dutch smartphone owners using the service. Commonly thought to be the most secure messaging app, Signal is also extremely popular. While it does not reveal how many users it has, its app has been downloaded more than 10 million times by Android users alone. Launched in 2014, Signal is an open source app specifically created with journalists, NGO workers, and other professions who share sensitive data in mind. And while Facebook and WhatsApp have a history of cooperating with governments around the world, Signal has so far resisted attempts to co-opt or neutralize its software, notably rejecting the Australian government’s demands to install a spying “backdoor” for it.
Österreichischer Rundfunk alleges that the campaign against encryption is being led by France and President Emmanuel Macron in particular; “The ground for this has been prepared since 2015 in a whole series of campaigns,” emanating from Paris, it writes. This week, Macron will discuss “further steps against terrorism” with Austrian Chancellor Sebastian Kurz.
While the EU represents just 27 nations and around 450 million people, decisions the body makes have a profound effect on the rest of the world. Indeed, Friday’s European Council document makes this clear, claiming that, “the EU will leverage its tools and regulatory powers to help shape global rules and standards.” Thus, regulations enforced on tech companies will likely become the standard in many other parts of the world, if not globally.
Last Monday, a lone gunman wearing a fake explosive belt opened fire in the historic center of Vienna, killing four others before police shot him dead. Authorities stated that the perpetrator, 20-year-old Kujtim Fejzullai, was an ISIS sympathizer. This is not the first time that terrorist incidents have been used to justify increasing surveillance laws. Just six weeks after the September 11 attacks, the U.S. government rushed through the PATRIOT Act, a piece of legislation that drastically increased the state’s ability to spy on its own citizens, even allowing for indefinite detention of non-U.S. citizens. The act has been continually condemned by rights groups such as the ACLU and Amnesty International. Likewise, the 7/7 bombings in London led to unprecedented levels of government surveillance in the United Kingdom.
While the latest European laws would increase the level of government pressure on tech companies, the reality is that it is already difficult to ascertain where one ends and the other begins. Facebook, already partners with the Atlantic Council, a NATO cutout organization funded by governments and defense contractors, to help curate its users’ news feeds. A senior Twitter executive was found last year to be an undercover British Army officer specializing in online psychological operations. Meanwhile, last week Zoom appointed former Secretary of Homeland Security Janet Napolitano to its board of directors. Other communications giants like Microsoft are also huge defense contractors themselves.
While it is likely impossible to ever end terrorism or child trafficking, it is certainly possible to end user privacy online. This latest law would likely do little of the former and a great deal of the latter.