Five Countries Want EU-Wide Laws On Encryption

By

By Catherine Stupp

(EurActiv) — Five EU countries said they want the European Commission to propose legislation that would make it easier for police to crack through encryption technology.

Croatia, Italy, Latvia, Poland and Hungary all want an EU law to be created to help their law enforcement authorities access encrypted information and share data with investigators in other countries.

Poland and Latvia want EU legislation to focus on making it easier to access data stored remotely in clouds, which are often operated by companies based in other EU countries or outside the 28-member bloc.

“One of the most crucial aspects will be adopting new legislation that allows for acquisition of data stored in EU countries ‘in the cloud’,” without forcing police to request data through official exchange agreements, Polish officials wrote.

The Slovakian government, which currently holds the rotating presidency of the Council of the EU, asked EU countries over the summer to identify how their law enforcement authorities deal with encryption technology that’s designed to prevent anyone from intercepting communication unless they have secure passwords.

Twelve countries’ responses were obtained through a freedom of information request by the Dutch internet rights NGO Bits of Freedom. Requests are still pending in the 16 EU countries that haven’t responded yet.

Authorities in Estonia, Denmark, Finland, Croatia, Italy, Poland and Sweden often come up against encrypted data during criminal investigations, according to the countries’ responses.

Latvia and the UK said their law enforcement authorities “almost always” encounter encryption.

Several countries that responded to the survey said their police forces lack the funds and technical know-how to intercept criminals’ communication if they use encryption. Most respondents said they wanted the EU to help sharpen national authorities’ technical skills.

Outspoken ministers from a group of EU countries have amped up pressure to introduce laws that would make it easier to crack open encryption technology, following terrorist attacks in Paris and Brussels over the last year.

The German and French Interior Ministers Thomas de Maiziere and Bernard Cazeneuve recently wrote to the European Commission asking for an EU-level fix to help authorities access encrypted data in terrorism investigations, as first reported by AFP on Saturday (19 November).

National ministers will discuss encryption at a meeting early next month, diplomats told AFP.

German government officials have been quick to dismiss charges that the country is pushing tech companies to create so-called backdoors, or built-in ways to bypass encryption in their products. Critics argue backdoors would weaken encryption across the board, making technology less secure and vulnerable to attacks from anyone.

“A regulation to prohibit or to weaken encryption for telecommunication and digital services has to be ruled out, in order to protect privacy and business secrets,” the German government wrote in its response to Slovakia’s survey.

Germany has instead used software that can be secretly installed on devices to monitor communication before it’s encrypted.

Italian authorities responded that their criminal investigations are mostly hampered most by “the lack of traceability of Tor connections and Bitcoin transactions”. Tor is the secure internet browser that can be used anonymously to access encrypted websites.

Days after it was revealed that the shooter who killed nine people in Munich this July bought his gun on the darknet, Angela Merkel announced that her government would look into how investigators can trace criminals who use encryption and the darknet.

But so far, EU authorities have struggled to agree on how to address encryption.

Andrus Ansip, the Commission vice president in charge of the EU’s technology policies, has said he opposes laws that force companies to create backdoors to weaken encryption.

Europol, the EU law enforcement agency, and ENISA, the agency in charge of cybersecurity, signed an agreement in May opposing laws that strongarm firms into providing backdoors.

EurActiv

EurActiv publishes free, independent policy news and facilitates open policy debates in 12 languages.

Leave a Reply

Your email address will not be published. Required fields are marked *