It’s episode #7850281 of security researchers imploring governments not to backdoor encryption because duh.
Cybersecurity experts and civil society organisations have urged the European Commission (EC) to rethink its plans to backdoor encryption.
In an open letter on May 26, the 89 organisations said this would weaken “the very foundation of secure communications and systems, leaving individuals, businesses, and public institutions more vulnerable to attacks.”
In it, they also flagged that “Government agencies elsewhere in the world3 actively encourage more usage of end-to-end encryption, not less, to protect the integrity of cyberspace against increased security threats,” pointing to recent guidance [pdf] from the US’s CISA on securing mobile infrastructure.
Their letter came after the EC said it would “identify and assess technological solutions that would enable law enforcement authorities to access encrypted data in a lawful manner,” under its nascent ProtectEU security strategy.
See also: Spying on MPs and breaking encryption: New UK legislation damned as “unprecedented” – and “deeply troubling”
(The EC is the European Union’s executive. It proposes laws, makes sure EU laws are applied, and manages EU spending programmes. “ProtectEU” is part of plans for an improved “European Internal Security Strategy to better counter threats in the years to come [and enhance its] collective ability to anticipate, prevent, detect and respond effectively to security threats.)
The technology roadmap announced by the European Commission mirrors efforts taken by other governments to identify encryption circumvention tools, such as the UK’s “Safety Tech Challenge’ the signatories wrote.
“In the case of UK efforts, the selected independent third party reviewer, REPHRAIN [pdf], found that none of the resulting proofs of concept fulfilled their evaluation framework for human rights, security, accountability, and other criteria. We believe that any similar EU approach would produce the same results, wasting valuable resources,” they concluded this weekend.
The letter has been signed by the likes of the Electronic Frontier Foundation, Element, the Internet Society, Bruce Schneier, Kenn White and many others.
The link has been copied!
