French, German ministers demand new encryption backdoor law
But is it just a matter of looking tough with elections around the corner?
A meeting this week between the interior ministers of France and Germany has focused on the issue of encryption and its potential impact on security.
In the lead-up to the meeting and in subsequent public comments from the ministers, they both made repeated mention of the issue of data encryption, even calling out the app Telegram as an example of a problem they wish to find a solution to.
French interior minister Bernard Cazeneuve even went so far as to argue that the European Commission (EC) should draft a new law that would require companies to work with the authorities to decrypt secure communications on demand and help track down terrorist suspects.
This proposed law would "impose obligations on operators who show themselves to be non-cooperative, in particular when it comes to withdrawing illegal content or decrypting messages as part of an investigation," Cazeneuve said to reporters.
Predictably, those remarks have led to concerns that the European Union will pass new legislation that would effectively ban secure end-to-end-encryption, and hence outlaw the use of apps such as Whatsapp and Telegram.
However, while the debate is fresh in Europe, an almost identical path has already been trodden in the United States in the past year.
Politicians make the case, persuasively, that while they approve of greater security in communications to limit things such as fraud, when it comes to issues of national security, they want there to be the ability to investigate what people are saying to one another. It is a long-held compromise that has worked in the best interests of nations for a long time despite periodically swinging too far in favor of the naturally secretive security services.
The issue with encryption however, as many technologists have repeatedly pointed out, is that it is either secure or it is not. Encryption is mathematics. And so while politicians want it to be the case that a system is secure until they give the order, the reality is that to introduce a backdoor in that process is to undermine the very process.
In the States, the term "magical thinking" has grown up to explain this wish. And after months of debate among politicians, civil servants and the security services, ultimately the FBI's and some Congressmen's pro-backdoor efforts were beaten back by consumer agencies – other Congressmen and the White House deciding that the solution was not to force companies to introduce flaws, but to figure out what to do around an encrypted digital world.
Efforts to pass new laws failed and the two sides have reached an uneasy stalemate, with some – including presidential nominee Hillary Clinton, who u-turned on an earlier call for backdoors – trying to break it by suggesting a new national commission on digital security and encryption be set up to find future solutions.
While Europe and the United States have frequently gone in different directions when it comes to the intersection between security, privacy and technology, typically Europe takes a more pro-privacy stance. The US, on the other hand, has usually taken a more pro-surveillance (and pro-corporate) stance.
In the case of encryption, that equation may be flipped upside down since it is US corporations that have been increasingly supportive of end-to-end encryption, especially after the Snowden revelations put their business models at risk.
Of course it is also notable that it was the French minister who actively called for new laws. French politicians, unlike their German counterparts, tend to have a more flexible approach between what they say and what they do.
A law that tries to make magical thinking a reality is unlikely to work. And if Europe insisted on it, it would have far-reaching repercussions that may not make the assumed benefits worthwhile.
There will also be some strong opponents to such a plan within the EC. EC VP Andrus Ansip has repeatedly stated that there will be no backdoor legislation, even tweeting his support for strong encryption after a meeting with Apple CEO Tim Cook.
If, however, the German and French interior ministers managed to get across the message that they felt very strongly about gaining access to encrypted communications, well then that might resolve most of the political problems if not the technological ones. Especially with an election for both countries just around the corner. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Let's Encrypt
- Palo Alto Networks
- Trusted Platform Module
- Zero trust