End-to-end encryption under threat? How and why governments seek access to our messages
In early November, in the wake of the Vienna terrorist attack, the media information surfaced about a possible ban on end-to-end encryption in the EU.
In the draft resolution of the Council of the European Union, it says that law enforcement agencies “are increasingly dependent on access to electronic evidence to effectively combat terrorism” and should be able to obtain lawful access to encrypted data in certain circumstances.
A month earlier, the U.S. Department of Justice issued a statement that end-to-end encryption, “which precludes lawful access to message contents under any circumstances,” creates risks to public safety.
The statement was signed by the ministries of several countries, including the United Kingdom, Australia, Canada, New Zealand, India and Japan.
Does such close scrutiny of end-to-end encryption imply it could be outlawed, and is a ban even possible?
- Officials in many countries have for years spoken of the need for law enforcement to access information protected by end-to-end encryption. In 2020, the Five Eyes alliance made a similar statement.
- In the EU, this issue is also being considered. However, there is no talk yet of restricting end-to-end encryption or embedding backdoors.
- Authorities can pressure individual companies, but a universal ban on encryption is unlikely, according to experts.
What is end-to-end encryption?
End-to-end encryption, or end-to-end encryption (E2EE), ensures the confidentiality of messages—the contents are accessible only to the sender and recipient.
Encryption and decryption occur only on users’ end devices—messages are protected from third parties.
This heightened privacy worries intelligence agencies, which say end-to-end encryption fosters crime by creating an “off-the-books” environment.
“This hinders them in investigations, because without direct access to the device of the individual or their interlocutor, the contents of the messages cannot be obtained. Intelligence agencies are extremely nervous about this, as there exists a technology that cannot be broken,” said Sarkis Darbinyan, managing partner of the Digital Rights Center and cofounder of RosKomSvoboda.
Security services push back against end-to-end encryption
The popularity of end-to-end encryption rose to a new level after Edward Snowden revealed the NSA’s secret information about the total surveillance of residents in the United States and other countries, The New York Times reports.
Since then, privacy has been raised more frequently, and messenger operators have begun deploying various privacy-protection technologies, including end-to-end encryption.
The security services have no intention of giving up without a fight.
In 2018, Australia adopted a law obliging tech companies to provide law enforcement and security agencies access to encrypted messages.
The law is largely based on the British Investigatory Powers Act, which endows a number of security services with broad powers to monitor citizens, including the power to break into devices, under the pretext of combating terrorism.
A few years after passage, the law was amended to restrict law enforcement access to data to cases involving serious crimes.
Australia and the United Kingdom are members of the intelligence alliance Five Eyes, which also includes Canada, New Zealand, and the United States.
It was these countries that, in October 2020, published a statement on the risks of end-to-end encryption to public safety. India and Japan joined them.
The authors urged tech companies to give law enforcement access to content when proper authorization exists. They also proposed embedding “public safety” features in their systems from the outset—in other words, creating backdoors.
The document stresses that encryption is a “vital safeguard for fundamental rights and digital security.”
“However, there are cases where encryption makes the analysis of message content within access to electronic evidence extremely difficult or practically impossible, even though access to such data may be lawful.”
The authors justify the need for access by “competent authorities” to electronic evidence with the fight against “terrorism, organized crime, sexual violence against children, and cybercrime.”
The resolution calls on companies, researchers, and authorities to engage in dialogue to jointly resolve the issue—developing ways to obtain access to encrypted data in line with the principles of “lawfulness, transparency, and necessity.”
Austria’s ORF, the first to publish the document, noted that such formulations lead to an obligation on operators of platforms like WhatsApp or Signal to decrypt user messages for the security services.
The document itself does not include such provisions, and WhatsApp and Signal are not mentioned at all.
It also does not speak of creating backdoors. The concluding section states:
“There should be no single mandated technical solution to ensure access to encrypted data.”
The cybersecurity researcher Lukasz Olejnik noted that the resolution more than anything shows that the EU does not know how to craft the balance described in the document.
However, in his view, some fears stem from the very idea—“security, despite encryption.”
It should be noted that the resolution’s call for access to “electronic evidence” to prevent terrorism, child abuse, and cybercrime closely echoes the Five Eyes statement.
In continuing the discussion, the Council of the EU cited the aforementioned statement and underscored the importance of close exchange and ongoing dialogue with strategic partners on this issue.
Recommendations for a way forward on the topic of encryption by ForkLog on Scribd
The document also describes encryption as a necessary safeguard for rights and digital security.
“However, there are cases where encryption makes the analysis of message content within access to electronic evidence extremely difficult or practically impossible, even though access to such data may be lawful.”
This is followed by discussion that the EU cannot easily craft the balance described in the document, according to Lukasz Olejnik.
Nevertheless, many fear that the question of security vs. encryption is itself problematic.
The resolution’s call for access to electronic evidence to prevent terrorism, child abuse, and cybercrime closely mirrors statements by Five Eyes members.
The Council of the EU emphasised continued dialogue with strategic partners on this issue.
Recommendations for a way forward on the topic of encryption by ForkLog on Scribd
It also notes that the document describes encryption as a “vital safeguard for fundamental rights and digital security.”
“However, there are cases where encryption makes the analysis of message content within access to electronic evidence extremely difficult or practically impossible, even though access to such data may be lawful.”
The authors justify the need for access by citing “competent authorities” and the aim of combating terrorism, organized crime, sexual violence against children, and cybercrime.
The resolution calls on companies, researchers, and authorities to engage in dialogue to jointly resolve the issue—developing ways to obtain access to encrypted data in line with the principles of “lawfulness, transparency, and necessity.”
Austria’s ORF, the first to publish the document, noted that such formulations could lead to platform operators like WhatsApp or Signal decrypting user messages for the intelligence services.
The document itself does not include such provisions, and WhatsApp and Signal are not mentioned at all.
It also does not speak of creating backdoors. The concluding section states:
“There should be no single mandated technical solution to ensure access to encrypted data.”
The cybersecurity researcher Lukasz Olejnik noted that the EU does not know how to craft the balance described in the document.
But some fear that the idea of “security, despite encryption” itself is problematic.
The resolution notes that the need for access to “electronic evidence” to prevent terrorism, child abuse, and cybercrime resonates with Five Eyes statements.
In continuing the discussion, the Council of the EU cited the aforementioned statement and stressed the importance of close exchange and ongoing dialogue with strategic partners on this issue.
Recommendations for a way forward on the topic of encryption by ForkLog on Scribd
The document also calls encryption a “vital safeguard for fundamental rights and digital security.”
“However, there are cases where encryption makes the analysis of message content within access to electronic evidence extremely difficult or practically impossible, even though access to such data may be lawful.”
The authors justify access by citing actions against “terrorism, organized crime, sexual violence against children, and cybercrime.”
The resolution calls for dialogue among companies, researchers and authorities to find solutions that provide access to encrypted data under the lawfulness, transparency and necessity framework.
Austria’s ORF, the first to publish the document, noted that such formulations could lead to platforms like WhatsApp or Signal decrypting user messages for security services.
The document itself does not include such provisions, and WhatsApp and Signal are not mentioned at all.
It also does not speak of creating backdoors. The concluding section states:
“There should be no single mandated technical solution to ensure access to encrypted data.”
The cybersecurity researcher Lukasz Olejnik noted that the EU does not know how to craft the balance described in the document.
However, in his view, some fears stem from the very idea—“security, despite encryption.”
It should be noted that the resolution’s call for access to “electronic evidence” to prevent terrorism, child abuse, and cybercrime closely echoes the Five Eyes statement.
In continuing the discussion, the Council of the EU cited the aforementioned statement and underscored the importance of close exchange and ongoing dialogue with strategic partners on this issue.
Recommendations for a way forward on the topic of encryption by ForkLog on Scribd
The document also describes encryption as a “vital safeguard for fundamental rights and digital security.”
“However, there are cases where encryption makes the analysis of message content within access to electronic evidence extremely difficult or practically impossible, even though access to such data may be lawful.”
The authors justify access by citing actions against “terrorism, organized crime, sexual violence against children, and cybercrime.”
The resolution calls for dialogue among companies, researchers and authorities to find solutions that provide access to encrypted data in line with the lawfulness, transparency, and necessity framework.
Austria’s ORF, the first to publish the document, noted that such formulations could lead to platform operators decrypting user messages for security services.
The document itself does not include such provisions, and WhatsApp and Signal are not mentioned at all.
It also does not speak of creating backdoors. The concluding section states:
“There should be no single mandated technical solution to ensure access to encrypted data.”
The cybersecurity researcher Lukasz Olejnik noted that the EU does not know how to craft the balance described in the document.
But some fear that the idea of “security, despite encryption” itself is problematic.
The resolution notes that the need for access to “electronic evidence” to prevent terrorism, child abuse, and cybercrime resonates with Five Eyes statements.
In continuing the discussion, the Council of the EU cited the aforementioned statement and stressed the importance of close exchange and ongoing dialogue with strategic partners on this issue.
Recommendations for a way forward on the topic of encryption by ForkLog on Scribd
In the document encryption is described as a “vital safeguard for fundamental rights and digital security.”
“However, there are cases where encryption makes the analysis of message content within access to electronic evidence extremely difficult or practically impossible, even though access to such data may be lawful.”
The authors justify access by citing actions against “terrorism, organized crime, sexual violence against children, and cybercrime.”
The resolution calls for dialogue among companies, researchers and authorities to find solutions that provide access to encrypted data in line with the lawfulness, transparency, and necessity framework.
Austria’s ORF, the first to publish the document, noted that such formulations could lead to platform operators decrypting user messages for security services.
The document itself does not include such provisions, and WhatsApp and Signal are not mentioned at all.
It also does not speak of creating backdoors. The concluding section states:
“There should be no single mandated technical solution to ensure access to encrypted data.”
The cybersecurity researcher Lukasz Olejnik noted that the EU does not know how to craft the balance described in the document.
But many feel that the very framing—”security, despite encryption”—is itself problematic.
The EU Council stresses ongoing dialogue with strategic partners on this issue and notes that the topic echoes the Five Eyes stance.
Author: Alina Saganskaya.
Subscribe to ForkLog news via Telegram: ForkLog Feed — the full feed of news, ForkLog — the most important news and polls.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!