Backdoor backlash: European Parliament wants better privacy

A committee of the European Parliament is pushing back against the anti-encryption sentiment infesting governments around the world, with a report saying citizens need more protection, not less.

In a draft report that landed last week, the parliament's Committee on Civil Liberties, Justice and Home Affairs says data protection in the European Union hasn't kept pace with the threats, and needs modernisation.

New technologies have led to inconsistent privacy protection under the 2002 Regulation on Privacy and Electronic Communications, the committee's paper (PDF) explains: for example, new over-the-top (OTT) services offer substitutes for existing services, but aren't subject to the same regulations.

Similarly, the paper says, the current regulations haven't kept pace with how the machine-to-machine traffic in the Internet of Things can expose citizens.

You have to scroll a long way down the paper to get to the committee's attitude about encryption, but it's worth the wait. Here's how Amendment 116 starts:

The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.

Backdoors are dismissed out-of-hand in the proposed amendment: “decryption, reverse engineering or monitoring of such communications shall be prohibited”, it says, and EU member states “shall not” demand backdoors from communications providers.

That's the exact opposite of what Germany's interior minister Thomas de Maizière announced last week when he said the country was working on a law to give itself the right to decrypt messages (joining the UK, USA and Australia in the belief that safe backdoors are feasible and Pi can be legislated to a value of 3.0).

That, of course, is the problem the European Parliament committee faces: trying to get the proposed amendments voted through, when so many individual countries have given themselves the legal if not the technological power to crack cryptography.

The committee also wants to ban the wholesale trade in Web browsing histories, and if someone's snooping on your devices to infer your behaviour, they would need to get users' consent.

Do Not Track is supported throughout the proposal, and the committee says it should reach far beyond the browser. Cars, phones or fitness trackers should also respect no-track requests from customers.

Privacy consultant and stakeholder in the committee's deliberations Lukasz Olejnik has a discussion of the proposed privacy protections here. ®

1