The Council of State calls end-to-end encryption into question


As part of a bill to fight cybercrime, the EC wants to review end-to-end encryption. A bad decision, according to Timothée Rebours for whom such a project will undermine the individual freedoms of users and will in no way solve the problem of cyberthreats.

Currently, the European Commission is concocting a bill to control the use of end-to-end encryption to fight crime. For the EC, the identification of cybercriminals, and in particular terrorists and pedophiles, cannot be done without the interception of conversations and exchanges of illicit images on the Internet. However, if combating these acts is an absolute priority, we are convinced that questioning this technology is not the solution. This is why several associations such as EDRI, Encryption Europe [1] or EFF [2] today stand up against this EC proposal, believing that not only will it in no way solve crime, but that it also presents a danger for the protection of the private life and individual freedoms of citizens.

End-to-end encryption is the best guarantee against hackers

To fully understand the situation, let us recall the purpose and operation of this technology. Born in the 90s with PGP, end-to-end encryption aims to ensure that all Internet users can read their messages only by their recipients. Thanks to encryption keys, this technology therefore makes it possible to protect the message from end to end, thus ensuring that no third party can decrypt a conversation, including the operator of the application or the Internet service provider. Security acclaimed by all users and present today in the majority of applications including the iconic WhatsApp which has made it its punchline.

But today, the EC questions this protection by asking solutions editors to allow an authority to access, via backdoors, to messages exchanged in the event of suspicion of criminal content. If this request is certainly understandable, we can, on the other hand, only fear possible slippages. Where does this surveillance end? What subjects? Who can be monitored? How to be sure that some authority is not going to hunt down political conversations or target opponents? This fear is all the more justified as pedophiles and cybercriminals do not hesitate to fall back on applications that have become illegal with end-to-end encryption to continue their actions. These aggressors are therefore not worried, where the average user, the one who just wants to express a position different from that of power can be filed.

Never has an attack been foiled following the interception of messages on the web

We are convinced that in cases of crime, whether terrorism or pedophilia, only the investigative work of the police bears fruit. As examples, let us recall that only the long investigations of the police made it possible to dismantle in 2019 the Welcome to Video site. [3] pedophilia sheltered on the dark web and that the NSA was never able to anticipate an attack despite the interceptions of conversations on the web following September 11, 2001 [4] . We are therefore confident that legislating on the duty to deploy backdoors will not solve the problem. Only public education, victim assistance and cross-border police cooperation will make it possible to thwart these crimes..

In this context, we ask the EC to bring the subject into the public space, so that each citizen can express himself. For this, open consultations and meetings must be organized in order to explain to all European citizens the ins and outs of this technology so that they can, with full knowledge of the causes, think about new solutions.

Not only is the subject important since it concerns everyone’s freedom, but it is also surprising, for an institution at the origin of the regulation for the protection of personal data (RGPD), to note that it can today question the confidentiality of exchanges.

Design by NewsLax