At Access Now, we continuously fight legislation which seeks to introduce vulnerabilities into technology, thereby placing the security and safety of users at risk. From time to time, policy makers need to be reminded that they have a responsibility to strengthen and protect the security and integrity of our communication and systems, not to purposefully weaken it. As the UN Special Rapporteur on freedom of expression pointed out in his report, ‘Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop, and share opinions and information without interference.’
Yet anonymity and encryption cannot seem to catch a break from legislators — with most recent opposition coming from some within the European Union.
Earlier in August, the French Minister of Interior, Bernard Cazeneuve, came out to publicly demonize encryption. In his attack, he pegged encryption as nothing more than a tool used to execute terrorist attacks — something that endangers the general population and requires a coordinated international resistance. This is not a new narrative to France, which is quickly building a reputation for trying to pass privacy invasive legislation, but it is increasingly worrying given the sensitive climate in France’s ever-expanding state of emergency.
Others immediately criticized his position. Jan Philipp Albrecht, a German MEP, went on record to say that a ban on encryption is wrong, stating ‘It’s not like the GDR [former East Germany] where you can open every letter and read what’s in it’. Indeed, encryption is an essential tool in protecting the integrity and privacy of all our online interactions. The EU’s Network and Information Security Agency (ENISA), which is tasked with research and informing EU’s policy makers on best practices for technology, has continuously highlighted the important role encryption has in keeping us secure. That’s an opinion shared by France’s very own data protection agency, the CNIL. In a position paper on crypto, ENISA asked that policy makers:
- Refrain from limiting in any way security features in computer software,
- Consider lifting any and all existing limitations for security features in computer software.
In spite of the evidence and political resistance, Cazeneuve today met with Germany’s Minister of Interior, Thomas de Maiziere, to discuss new “security demands” for Europe. The duo then presented three key demands:
- Strengthen the protection of Europe’s external borders,
- Improve information sharing between EU Member States,
- Arm our democracies against the question of encryption.
The tone of the last demand as well as the convivial alliance between two of EU’s most powerful member states is worrying. This proclamation is backed by a series of aggressive Tweets from the French Ministry of Interior itself, in which the ministry calls for the EU Commission to put forward legislation which would force the decryption of messages by communications providers, regardless of where the corporate headquarters is located.
The two ministers ended their statement by promising to bring these ideas to the European Council meeting scheduled for the 16th of September. We will be keeping a close eye on the process, to make sure the integrity of encryption remains uncompromised in the EU and beyond.