EU law enforcement authorities would be allowed to access end-to-end encrypted communications under plans that set up a potential clash with both technology companies and privacy advocates.
The proposal to expand “targeted lawful access” for such data would help an EU crackdown on child abuse networks and other organised crimes, according to an European Commission internal note seen by the Financial Times.
The plans from the commission’s home affairs wing aim to “stimulate a discussion” among EU member states “on the issues posed by end-to-end encryption” for the ability to “advance investigations and prosecute criminals”. That push is coming into increasing conflict with the privacy safeguards both tech business and European digital authorities have sought to maintain for internet users.
“The application of encryption in technology has become readily accessible, often free of charge, as industry is opting to include encryption features by default in their products,” the commission note said. “Criminals can make use of readily available, off-the-shelf solutions conceived for legitimate purposes. This makes the work of law enforcement and the judiciary more challenging, as they seek to obtain lawful access to evidence.”
The note echoes language used by US attorney-general William Barr, who, in December, said that the difficulties posed for law enforcement agencies by encryption technology were among the US Justice department’s “highest priorities”.
The paper said EU member states have “called for solutions” to allow “law enforcement and other competent authorities to gain lawful access to digital evidence”, without weakening encryption or breaching privacy and fair trial guarantees. It said the commission will recommend that the bloc’s 27 justice and home affairs ministers discuss next steps, possibly at a meeting next month.
The note, written to be shared with the EU’s 27 member states and marked as “need to know” only, said it does not represent the official position of the commission.
EU experts including members of law enforcement and the judiciary estimated at a workshop late last year that the use of encryption had affected their ability to gain lawful access to electronic evidence in between a quarter and all of their cases, depending on the crime area, the commission paper said. The criminal use of legitimate end-to-end encrypted technology in online communications platforms would “continue to increase”, the experts added.
The commission note points to how the dismantling this summer of the EncroChat criminal network showed how criminals were using services such as crypto telephones, “which go well beyond publicly available end-to-end encrypted services”. The Europe-wide crackdown resulted in more than 800 arrests, the seizure of millions of euros in cash, illegal drugs, weapons and vehicles and — according to the UK’s National Crime Agency — averted 200 possible murders being planned.
“Successful operations of this kind remain the exception at the moment, due in part to limitations in technical capabilities available to law enforcement, and also because the existing legal landscape across EU member states is very diverse,” the note said. “Few member states have specific legal provisions allowing law enforcement and judicial authorities to tackle encryption.”
The commission initiative comes as the US-led “Five Eyes” intelligence alliance pushes for law-enforcement access to encrypted material. The grouping, which brings together the US, UK, Canada, Australia and New Zealand, called last year for tech companies to “include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format”.
Asked about the commission’s plans, one official at the EU executive said: “The objective here is to enable the intelligence community to track WhatsApp messages.”
The commission did not immediately respond to a request for comment.
The Commission note said any official orders to access encrypted electronic communication should be proportionate and targeted at specific individuals or groups in the context of the investigation of a specific crime. Technical solutions to access encrypted information should be used only where they are effective and “where other, less intrusive measures are not available”, the paper adds.
EU home affairs officials have grown increasingly concerned about international paedophile networks and in July unveiled plans to force technology companies to take greater responsibility for reporting them. Law enforcement officials said child abuse has risen during the Covid-19 pandemic social restrictions, as criminals have had the chance to spend more time at home sharing illegal images online or targeting housebound children.
Ylva Johansson, EU home affairs commissioner, told the FT earlier this year that the bloc must develop “new tools in the digital age” as part of a broader security strategy due to be published this year. She has called for measures to make it easier for law enforcement agencies and judicial institutions to obtain electronic evidence from other EU states.
Read more from source here…