Laws and regulations

France, Germany calls for European Decryption Law: What’s next?

Amidst of Apple vs. FBI debacle and successful attempt of a breach at NSA headquarters by a hacker group, a new torch has flamed internationally by France and Germany calling for a European Decryption Law.

Months after the FBI-Apple encryption case standoff in the U.S. and NSA headquarters breach by hackers has started a global debate on encryption between governments and pro-security supporters.

On Tuesday, a joint press conference “Franco-German initiative on internal security in Europe” in Paris was held by Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard Cazeneuve, they called on the European Commission to think for possible new legislative act to force operators offering products or telecommunications services to decrypt messages or to remove illegal content for government investigators.

A directive, if issued by the European Commission, is a kind of EU decryption law that must pass through the interpretation stage of European Union’s member states to become a national law at European level. Meanwhile, at the international level, they also called for the signing and ratification of the Budapest Convention on Cybercrime.

These propositions by the two ministers were issued based on the incidents of terrorist attacks happened in their countries, and the attackers were said to be using the highly encrypted communications apps.

That being said, there is already a directive in practice for national security pointed out by Commission spokesperson Natasha Bertaud. In an email statement to the Fortune she said,

“The current data protection directive (which also applies to the so-called over-the-top service providers) allows member states to restrict the scope of certain data protection rights where necessary and proportionate to, for instance, safeguard national security, and the prevention, investigation, detection and prosecution of criminal offences,” she further added that “The new general data protection regulation (which will apply as from 25 May 2018) maintains these restrictions.”

In an opinion based statement on encryption, the German minister talked about “good practices” and “innovative ideas” to tackle encryption. Whereas, his fellow French minister stepped the press conference up by specifically naming the Telegram app and criticizing it.

Whatsapp and Telegram took their stance by stating that they cannot decrypt the data because of the encryption mechanism where only users have the access to their conversations. Even though a data protection directive is in practice, the explicit agenda upon access to encryption may be to have control over such apps internationally and EU-wide.

Giving her opinion on the matter of encryption, in a French editorial Le Monde, Isabelle Falque-Pierrotin, President of the National Commission on Informatics and Liberties, France’s data protection authority.

“It is through encryption that we can make a bank transfer safely. It is through encryption that we can store our health data in a shared medical file (DMP) online. It is also thanks to this tool that investigations on “Panama Papers ” were possible. For companies, encryption is now the best protection against economic espionage,” she wrote.

Earlier this year in the U.S., over the debate in FBI-Apple encryption suit we saw telecommunication providers backing up Apple and the anti-encryption hardliners such as Senator Lindsey Graham, switching sides in favor of Apple after realizing the technical reality of the case.

“I was all with you until I actually started getting briefed by the people in the intel community,” Graham told Attorney General Loretta Lynch during Senate Judiciary Committee hearings. “I will say that I’m a person that’s been moved by the arguments about the precedent we set and the damage we might be doing to our own national security.”

The strong of the anti-backdoor and pro-encryption opinion came from European Commission Vice-President, Andrus Ansip who supported Apple’s decision for refusing to unblock the iPhone of the terrorist.

“Identification systems are based on encryption. I am strongly against having any kind of backdoor to these systems.

In Estonia, for example, we have an e-voting system. If people trust an e-banking system, they can also trust an e-voting system. This trust is based on a strong single digital identity guaranteed by the government, which is based on encryption. The question is who will trust this e-voting system if there are some back doors and someone has the keys to manipulate the results. The same goes for the e-banking system.”

European Parliament resolution on September 2015 on “human rights and technology” turns out to be in favor of strong encryption.

As the debate is heating up, the next step could be the revision of “e-privacy” directive of European Union. Refreshing the memory of may 2016, the EU executive body set out new e-privacy proposal, that would significantly change the telecommunication regulation, to create a “level playing field”  between traditional and online telecommunications services like Skype and Whatsapp.

According to the Financial Times quoted documents, the European Commission will further proceed the e-privacy revision and bring Microsoft’s Skype and Facebook’s WhatsApp to same regulatory fold as traditional telecommunication operators and may explicitly ask for decryption orders. That would affect Google, Netflix, Amazon and Apple as well in the EU.

There are also some news of possible opinion that French and German governments are running into elections next year, and are using this tactics to strong arm them. The press release has started a global tug of war but there is no easy answer to what’s come next.

About the Author

Rebecca James is Chief Editor at Most Secure VPN. She has worked with diversified online businesses to help grow and voice their presence on Social Media. She is passionate about online security and privacy, blogging and living life in outskirts. You can reach Rebecca on Twitter (@rebecca_jeames) or directly at mostsecurevpn.com

 

 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Decryption law, law)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

34 mins ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

7 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

19 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

23 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.