Sergii Figurnyi - Fotolia

MEPs propose ban on encryption backdoors

A European parliamentary committee has proposed a ban on backdoors that allow governments to access encrypted communications

European members of Parliament (MEPs) are calling for greater protections for electronic communications in proposed amendments to draft EU privacy legislation.

Proposed amendment 116 by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (Libe) calls for the providers of electronic communications services to ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data.

The amendment also calls for the confidentiality and safety of the transmission to be guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.

“Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited,” the amendment reads.

The amendment goes on to state that: “Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”

The Libe committee proposals come just days after Theresa May and French president Emmanuel Macron vowed tougher action on tech companies applying encryption and a week after Germany’s interior minister Thomas de Maizière said his country was working on a law to give itself the right to decrypt messages.

If adopted, the amendment would put European privacy legislation at odds with the UK, US, Australia and some European governments that have called for backdoors to aid in the fight against terrorism.

In particular, the amendment will pose a challenge to the UK government’s aim of keeping UK privacy and data protection laws consistent with EU laws to ensure the free flow of data after Brexit.

The UK government may have to rethink its stance, despite the Conservatives’ election promises that terrorists should have no “safe space” to conspire online.

If passed, amendment 116 would put EU law at odds with leaked Conservative plans to require telecommunications operators to provide real-time access to named individuals’ data through regulations on technical capabilities notices (TCNs) under the controversial Investigatory Powers Act (IP Act).

In terms of the IP Act, TCNs can be used to order companies with more than 10,000 UK users to adapt their technology to enable interception and metadata collection.

The IP Act currently also requires companies to remove “electronic protection”, where possible, when requested by the government.

Read more about the Investigatory Powers Act

Lukasz Olejnik, an independent cyber security and privacy consultant and a researcher involved in the EU’s privacy proposals, said the laws “would put the UK on a potential collision course” with the EU, according to the Telegraph.

In addition to banning backdoors, the Libe committee’s proposed amendments also seek to ban the sale of web browsing histories, require consent for monitoring of devices to infer behaviour, and require service providers to respect no-tracking requests from customers.

According to the Libe committee, new technologies have led to inconsistent privacy protection under the 2002 Regulation on Privacy and Electronic Communications with over-the-top (OTT) services, for example, offering substitutes for existing services without being subject to the same regulations.

The committee also said the current regulations do not cover things like personal data exposure by machine-to-machine (M2M) traffic in the internet of things (IoT).

The proposals by the Libe committee will have to be approved by MEPs and scrutinised by the EU Council before being incorporated into new privacy legislation.

Read more on Privacy and data protection