EU police want access to encrypted communication – a detailed look
Recently, an MEP published documents on the activities of the EU expert group Going Dark. One of the topics that’s discussed is surveillance of chat apps. As the document reveals, some police authorities want to be able to read chat content – preferably in real time.
This week, MEP Patrick Breyer (Pirates/DE) published documents and presentations on the work of EU expert group Going Dark. The group’s working on a strategy to get «access to data for effective law enforcement».
In other words, they’re trying to solve the encryption problem and find ways to make it as easy as possible for EU police authorities to access encrypted content. The focus is on messenger chats.
Belgium wants real-time access
The request from the National Technical Support Unit (NTSU) of the Belgian Federal Police is particularly striking, as it emphasises the wish for real-time data. This data is managed by so-called over-the-top platforms (OTT). OTT is content that’s offered via an internet connection without the supplier having any influence over the content. This includes, for example, messengers such as WhatsApp or Signal.
The NTSU wants tech companies to provide this content and suggests companies based in the EU could be obliged to cooperate. The aim is for police authorities to receive data on request directly, in real time and «in an understandable format». The NTSU only excludes past communication data from this. In other words, it would only apply to future data.
No backdoors, no competition between eavesdropping technologies
It’s called a front-door solution, which allows authorities to obtain the required data without having to resort to back-door procedures. According to the NTSU, so-called state trojans and other hacking tools are unreliable, inefficient and expensive, and direct access would make international cooperation much easier, too.
Source: Florian Bodoky
The NTSU hasn’t clarified the question of how providers would obtain data in the first place. Encryption means even the messenger services don’t have access to plain text. With end-to-end encryption, messages are encrypted at the sender’s end and only decrypted again at the recipient’s end.
This is the question the European Telecommunications Standards Institute (ETSI) is dealing with. The institute’s currently working on a trusted authenticated party concept. In this scenario, a trusted authority would receive a master key with which it can read encrypted content.
For experts, this is the same as getting rid of encryption, which would have far-reaching consequences. Even outside the EU. Former President Toomas Hendrik Ilves, for example, has warned that states with strong cyber departments, such as Russia or China, could steal such master keys.
The EU Commission is pushing for general cooperation between tech companies and law enforcement authorities. The latter are to be given access to product documentation and program source codes. This requires laws to combat the use of encryption devices that are demonstrably used exclusively for communication between criminals. However, the report doesn’t specify which devices these are. It remains to be seen whether this request really is limited to the supposedly secure crypto phones popular in criminal circles.
Chat control light – states are hesitant
The Council Presidency – currently still under Belgian leadership – would like to push through an agreement on this matter despite the European elections. At the moment, there’s a compromise proposal, which includes only scanning images, videos and posted URLs. This is legitimised by the fight against child abuse. Audio files and text aren’t included in this scenario. Users should voluntarily agree to this procedure by accepting the terms and conditions. If they don’t, uploading images and videos will be blocked.
Source: Florian Bodoky
Some countries are against this option, too. Nevertheless, the plan’s looking more likely than it did a few months ago. So far, the idea had failed due to the blocking minority: at least four states, whose population corresponds to at least 35 per cent of the total EU population, must agree. As France, among others, had previously been against surveillance, the project had failed. However, France is said to be more open to the new proposal, as reported by Netzpolitik.org.
Another report will probably be published after 13 June. That’s when the justice and interior ministers of the EU member states will meet to discuss the current proposal.
Header image: Shutterstock
45 people like this article
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.
