European Union, Use Facts to Make Cybersecurity Decisions – Not Myths Thumbnail
Encryption 19 November 2020

European Union, Use Facts to Make Cybersecurity Decisions – Not Myths

By Ryan PolkDirector, Internet Policy

Nearly 450 million EU citizens are counting on the Council of the European Union to make decisions that protect their safety. The Council has a duty make these decisions based on reliable information.

In the next week, the Council of the European Union is expected to consider a resolution that argues that law enforcement “must be able to access data in a lawful and targeted manner.” This resolution is the first step of a wider push by the European Union to demand law enforcement access to encrypted data.

But are they relying on accurate information to make their decisions?

A report leaked from the European Commission in September, Technical solutions to detect child sexual abuse in end-to-end encrypted communications, tries to analyze different ways to spot illegal content in private communications that use end-to-end encryption. This leaked report could influence their decison-making on encryption policy in the EU.

The EU Commission’s report alludes to the idea that some access methods may be less risky than others. However, the bottom line is that each method presents serious security and privacy risks for billions of users worldwide.

Don’t take just my word for it. According to the Internet Society and the Center for Democracy and Technology’s joint evaluation, Breaking Encryption Myths: What the European Commission’s Leaked Report Got Wrong about Online Security, the report fails to adequately identify or evaluate the risks presented by these proposed methods of access. Breaking Encryption Myths, signed by over 30 cybersecurity experts, highlights critical omissions that undermine the utility of the leaked report. The report also fails to explore the security impact of these access methods on users, leaving dangerous vulnerabilities unmentioned.

The consensus among cybersecurity experts is clear:

There’s no way to break encryption without making everyone – including the children we are trying to protect – more vulnerable.

By forcing service providers to undermine the security of their end-to-end encrypted services, these methods jeopardize the safety of the countless people who rely on them each day. Breaking end-to-end encryption to curb objectionable content online is like trying to solve one problem…by creating 1,000 more.

Over 30 leading global cybersecurity experts from academia, civil society, and the private sector have said that the conclusions drawn by the EU Commission’s leaked report are untenable. As the Council of the European Union considers their resolution on law enforcement access to encrypted data, they must base their decisions on technical reality.

No matter the method, when you force companies to provide law enforcement with access to end-to-end encrypted communications, it weakens security for all. That is a fact.


Image by Vlad Zaytsev via Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Encryption 10 December 2024

Global Encryption Day Panel Highlights Encryption’s Role in Children’s Online Safety

Encryption is a tool that ensures privacy for all online users, including children. In our panel, we heard from...

Encryption 19 July 2024

Encryption Is a Preventative Tool that Protects Children

Encryption is one of the best tools we have to help keep children safe online. Child safety and encryption...

Strengthening the Internet 30 May 2024

Bill S-210 Threatens Canadians’ Access to the Internet 

Canadian Bill S-210 threatens to break the Internet in Canada and fragment Canadians' access. Help spread the word that...