Stuart Breckenridge

The personal blog of Stuart Breckenridge

European Parliament Committee Recommends End-to-End Encryption For All Electronic Communications

In a rare sign of complete competence, the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs recommendation on end-to-end encryption makes total sense. By Lucian Armasu, Tom’s Hardware:

The European Parliament’s (EP’s) Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal for a new Regulation on Privacy and Electronic Communications. The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens’ fundamental privacy rights. The committee also recommended a ban on backdoors.

Interestingly, the Committee also believe that metadata associated to data is within the scope of end-to-end encryption:

The metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc.

The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.

I wonder how this would affect a company’s ability to comply with law enforcement requests for metadata? My assumption is they simply won’t be able to. Earlier this month, Tim Cook confirmed that Apple had provided metadata to UK authorities (via The Telegraph):

“Encryption doesn’t mean there’s no information,” said Cook. “Because metadata probably exists and metadata, if you’re putting together a profile, is very important.”

I don’t think this would be possible under the new recommendation.

Bringing the focus back to the Strong and Stable™ UK Government, there is still total incompetence when it comes to end-to-end encryption. Jonathan Haynes (via The Guardian):

She [Amber Rudd, Home Secretary] said she supports end-to-end encryption for families (presumably those using WhatsApp?), for banking and for business. But she insisted: “We also need to have a system whereby when the police have an investigation, where the security services have put forward a warrant signed off by the home secretary, we can get that information when a terrorist is involved.”

Ridge challenged Rudd that this was “incompatible with end-to-end encryption”. Rudd said it wasn’t. But Ridge is right: it is incompatible. As Cory Doctorow wrote when Cameron was suggesting the same thing: “It’s impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security.” A lot of things may have changed in two years but the government’s understanding of information security does not appear to be one of them.