Today we know: After the tragic events of September 11th 2001, the U.S. put into place – in the name of security – a set of secret policies that sacrificed the very values they were supposedly defending. These measures, ranging from global mass surveillance all the way to the torture of prisoners, were enforced with the avid support of EU member states.

Today, Europe finds itself faced with a similar challenge, and we must not repeat these mistakes: We must be vigilant about attempts to terrorise us, and we must at the same time be vigilant about letting fear turn our reaction against ourselves.

The Commission is considering re-introducing data retention after the previous legislation was found to be incompatible with fundamental rights by the European Court of Justice. Rather than rejecting these plans, the Parliament yesterday passed a resolution inviting the Commission to develop increased anti-terror measures, like indiscriminately saving data about all air travelers in Europe for 5 years. Meanwhile, some of our political leaders are proposing to weaken what multiple European bodies agree is the only effective measure against mass surveillance:

Without cryptography, every email you send and every word you type into a form on a website can easily be intercepted, read and even modified. Encryption is essential to protect the integrity of the communications of individuals and businesses in Europe.

And in the light of the abject failure of the European Union to stop the mass surveillance of its people politically, it is the best available (though unsatisfactory) way to safeguard our rights. It is obvious:

We must promote end-to-end encryption technologies and ensure they are usable by and available to everyone.Tweet this!

In March 2014, investigating the Snowden revelations, the European Parliament adopted a resolution strongly supporting this:

[The EP] calls on the Commission to […] ensure a high level of security of telecommunication networks and services, including by way of requiring state-of-the-art end-to-end encryption of communications

[The EP] calls for the EU to take the lead in […] rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy

[The EP] calls for the promotion of … encrypting communication in general, including email and SMS communication

* * *

But not a year later, politicians from the UK’s prime minister and Germany’s interior minister to the EU counter-terrorism coordinator are plotting to do quite the opposite: To undermine these technologies and demand the installation of back doors for governments in secure software and services.

These ideas are as technically unsound – every back door for a government is a new attack vector for criminals – as they are a danger to our fundamental rights. It is unacceptable to now turn around and call the people’s right to use encryption into question.

This is echoed in a new draft report in the parliamentary assembly of the Council of Europe:

The assembly is deeply worried about threats to internet security by the practice of certain intelligence agencies […] of seeking out systematically, using and even creating “back doors” […] which could easily be exploited also by terrorists and cyber-terrorists or other criminals. […] The creation of “back doors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited.

And a new study by the European Parliament’s Science and Technology Options Assessment unit correctly concludes:

The only way for citizens to counteract surveillance and prevent breach of privacy consists in guaranteeing uncorrupted end-to-end encryption of content and transport channel in all their communications.

The EU should invest in resilent open source implementations of different encryption specifications that can be verified and validated for correctness … providing users with unbreakable cryptographic protection. … The EU should invest in making users aware […] how [they] can reduce their digital footprint by following behavioural rules and applying encryption and anonymising principles.

* * *

Europe must listen to the advice of its expert and representative bodies, reject any kind of mass surveillance and promote privacy-protecting technologies instead:

  • We must reject government back doors in security software, which are always also attack vectors for criminals.
  • We must reject all mass data retention, which just expands the haystack, rather than helping find needles.
  • We must reject Internet censorship with secret website blocking lists, which can be abused to stifle free speech.

The freedom and openness of our society must not be compromised – neither by outside forces nor, in reaction to them, from within.Tweet this!

Header photo: (cc-by) AKVorrat

To the extent possible under law, the creator has waived all copyright and related or neighboring rights to this work.

Comments closed.