Germany and France meet to discuss limits on data encryption

Only a matter of weeks after the European Data Protection Supervisor advised data encryption should be promoted, spy chiefs across the union are calling for limits.

Jamie Davies

August 23, 2016

4 Min Read
Germany and France meet to discuss limits on data encryption

Only a matter of weeks after the European Data Protection Supervisor advised data encryption should be promoted, policy makers in the union are calling for limits.

French Interior Minister Bernard Cazeneuve and German Federal Minister of the Interior Thomas de Maizière have met this week (on August 23) to discuss how data protection laws should be altered to offer more insight to intelligence agencies. Part of the alterations may include a backdoor written into the encryptions which would allow access for the intelligence agencies, while also in theory offering a suitable level of protection for the user. On the other side of the table, technology companies worldwide have largely opposed such a move based on the principles of privacy and accountability.

Both the French and German governments are unlikely to be alone in considering such moves however. In light of numerous attacks throughout the world, policy makers have to make sure they have the tools to protect civilians. There have been several cases where OTT services with end-to-end encryption have been used to plans attacks. In these instances intelligence agencies find it very difficult, if not impossible, to intercept communications or monitor movements to prevent the attacks. Finding a common ground has not been a simple task to date.

One of the main challenges here is the rapid growth and influence of technology in day-to-day lives of consumers. While the telco industry on the whole is one of the more lobbied and regulated in Brussels, OTT’s have leapt onto the scene so quickly the EU’s e-privacy directive hasn’t caught up. It’s a regulatory grey area which has caused challenges mainly due to the confusion and lack of guidance.

The task now for the European Commission and national government policy makers is to ensure privacy rights of citizens are maintained, while also granting the relevant levels of access to intelligence agencies. The following statement on the European Commission’s website demonstrates the delicate compromise:

“There are no simple means to enable lawful access to secured communications. This is not only a question of technology: checks and balances need to be put in place in order to have proportionate measures. Encryption is widely recognised as an essential tool for security and trust in open networks. It can play a crucial role, together with other measures, to protect information, including personal data, hence reducing the impact of data breaches and security incidents. However, the use of encryption should not prevent competent authorities from safeguarding important public interests in accordance with the procedures, conditions and safeguards set forth by law.”

The European Commission is pro-privacy, hence the fall of Safe Harbour and the delicate tight rope on which the EU-US Privacy Shield is currently walking, though it does accept there has to be a compromise to ensure technology does not hinder the intelligence agencies ability to protect citizens.

To make the situation slightly more complicated, the view from Giovanni Buttarelli, the European Data Protection Supervisor, is also abundantly clear, and pretty much a direct contradiction of what the German and French ministers are now trying to achieve.

“The new rules should also clearly allow users to use end-to-end encryption (without ‘backdoors’) to protect their electronic communications. Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.

“No communications should be subject to unlawful tracking and monitoring without freely given consent, whether by cookies, device-fingerprinting, or other technological means.”

This is not the first time such a joust has been witnessed between intelligence agencies and the technology industry, with each conflict generally finishing as a stalemate with neither side willing to move too far. Last month in the UK Theresa May’s IP Bill, nicknamed the Snooper’s Charter, was passed through the House of Commons but only after addressing privacy and civil right criticisms raised by a host of different parties.

The main issue here was the backdoor which policy makers wanted a permanently open backdoor which could be accessed by intelligence agencies without oversight. A lack of oversight, little definition as to what qualified as a suitable case or guidelines as to how to define who should be under observation, left the scheme open to abuse. Accountability is key here and the lack there-of it even more so.

Despite numerous official bodies, advisory groups, technology experts, influential politicians, consumer rights groups and think-tanks, warning policy makers of the consequences of such moves, it would appear France and Germany are prepared to potentially compromise its citizen’s privacy and civil rights. Whether a pro-privacy European Commission would allow such policies to make it through to legislation or regulation remains to be seen, though Germany has shown in previous years, if it wants to do something within its own boarders, it is perfectly capable.

The argument on data protection, privacy, access and encryption has been going on for some time, and is unlikely to come to an amicable solution in the short-term. Both sides of the table have capable arguments and arguers, though citizens, companies and governments will have to come to an agreement eventually; how much privacy should be sacrificed to guarantee security?

Get the latest news straight to your inbox.
Register for the newsletter here.

You May Also Like