The new law prepared by the European Commission (EC), aimed at curbing the content of sexual abuse of minors, aims to force technology companies to be even more effective when detecting, reporting and deleting illegal content. According to a leaked document obtained by Wired, Spanish representatives claim that "it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption."
The document, which contains the allegations of the different governments of the EU regarding the regulation that Europe intends to promote, collects how while most countries are positioned in favor of private messages being scanned and analyzed by judicial request; Spain goes a step further and defends a more radical position, according to the leaked document. Eliminate end-to-end encryption.
The proposal for a regulation published by the European Commission on 11 May reopened the debate on anonymity on the Internet, the privacy of communications and the fight against child abuse on the Internet, at the expense of the former. However, investigative units under the Ministry of the Interior consulted affirm that the only thing necessary is for companies and suppliers to collaborate with the authorities when there is a court order.
Removing encryption is not the solution
In fact, they insist on the danger of eliminating end-to-end encryption. "New risks would appear such as the communications networks that transport/support the communication channels being compromised," they say. That is, eliminating end-to-end encryption would open the door to cybercriminals, making it easier for them to intervene in the communication channels of any citizen.
"What is more than evident is that with this encryption you cannot access such communications and, therefore, the legal instruments of intervention and location of illicit content, through those channels, is impossible," they stress. So from these research units urge to "assess what is more important for the general interest and global security, maintain anonymity or give instruments to democratic legal systems to ensure legality."
The ball is then in the roof of the Over The Top or OTT, which are the ones that encrypt and transfer communications over the networks of telecommunications operators. That is, the responsibility falls on WhatsApp, Messenger or WeChat.
"Spain is committed to encrypted applications being able to operate in Spain as long as they collaborate with judicial requirements. If the application does not collaborate, it will not be able to operate in the country, "they insist from the unit. They also insist that "either there is a commandment or you don't spy. Since it is necessary for a judge to authorize them to open the networks of one or a few people in particular."
Other experts such as Hervé Lambert, Global Consumer Operations Manager at Panda Security, share the opinion on the danger posed by the elimination of end-to-end encryption, as stated in the document to which Wired refers. "It is clear that there is a very serious problem in the use of encrypted communications to commit such terrible crimes as pedophilia or drug trafficking. But, if end-to-end encryption is eliminated, it would be a brutal setback at the level of cybersecurity for all European citizens," says Lambert.
"We can't fix a danger by giving someone the key so they can see everything that's happening on WhatsApp," he says. That is why he points out that a public-private agreement is needed so that companies that own any technology, in which there is end-to-end encryption, propose tools that solve this type of problem.
In this regard, legislators should try to persuade the owners of communication systems that they are currently making use of this type of encryption. "In no case should regulators be the ones who impose changes with such a complex technological scope and difficult to understand and address," says Lambert.
Encryption as a shield against cybercriminals
End-to-end encryption in messaging apps is a security method that protects the privacy of conversations. Basically, when a message is sent through an app with end-to-end encryption, the messages are encrypted (converted into a secret code) on the device before they are sent. Then, only the legitimate recipient can decrypt and read this message. The important thing about this encryption is that third parties cannot access the content of your messages, even if they are intercepted or stored on the application's servers.
An example of what is intended to be avoided is the use that was given to the encrypted communications network EncroChat for years. The main difference between WhatsApp and EncroChat, two encrypted messaging applications, is that while the first can be installed and run on any device, the other only works on certain devices, which are usually sold with the system already pre-installed.
After a huge operation at European level, in which the Civil Guard contributed, which uncovered the machinations of up to 50,000 alleged criminals who carried out their 'business' through EncroChat, the shadow of alternatives such as Pinephone smartphones put the European Union on alert. Hence the speed it seems to have when it comes to regulating how and where these services operate.
- 5G Telephony
According to the criteria of The Trust Project