EU to propose encryption backdoor rules in June, commissioner says

EU to propose encryption backdoor rules in June, commissioner says
© Getty Images

The European Union will consider a few different plans to require backdoors in encryption products this June, EU Justice Commissioner for Human Rights Věra Jourová announced Monday. 

Jourová said she would propose "three or four" plans requiring encrypted communications to provide law enforcement access to encrypted data “with a swift, reliable response," policy publication Euroactiv reported. Those plans would include voluntary and mandatory options. 

“At the moment, prosecutors, judges, also police and law enforcement authorities, are dependent on whether or not providers will voluntarily provide the access and the evidence. This is not the way we can facilitate and ensure the security of Europeans, being dependent on some voluntary action,” said Jourová.

ADVERTISEMENT

A number of officials around the world, including FBI Director James Comey, have proposed that tech companies design mechanisms to circumvent otherwise functionally unbreakable encryption for law enforcement. Officials in the EU, Germany, France and the United Kingdom have all called for these encryption backdoors. 

Comey has described the problem as criminals "going dark" — entering a space beyond the limits of surveillance. 

Encryption and security experts not employed by law enforcement nearly unanimously believe this strategy is fraught with problems. For one, they say, backdoors will not work.

Encryption is based on mathematics available in the public domain, while encryption products are designed in a wide variety of countries. There may be no reason to believe that the criminal and terrorist networks law enforcement say necessitates the backdoors would willfully use products with backdoors in them. 

Worse, say experts, creating these backdoors will inadvertently add new gateways for hackers to attack, weakening security for all users worldwide. 

Beyond chatting, encryption is used to secure online commerce, protect customer personal data stored by companies — including medical data — and other day-to-day activities.