Data Privacy Day 2021: our alliance in response to encryption backdoors

The Council of the European Union is currently pushing through proposals that will result in backdoors being installed in end-to-end encrypted platforms like email, messaging and file sharing apps – a step they claim is possible to make without breaking encryption or violating citizens’ rights to privacy.

This process is akin to giving law enforcement a key to every citizen’s home – a process that would  violate the privacy rights of any individual, and one we should take into account when considering how these processes would affect the integrity of a person’s inbox, messages and files.

The Council’s stated aim of “security through encryption and security despite encryption” - and the backdoors to encryption that this would require - will threaten the basic rights of millions of Europeans and undermine a global shift towards adoption of end-to-end encryption.

Whilst it’s not explicitly stated in the resolution, it’s widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors. However, the resolution makes a fundamental misunderstanding: encryption is an absolute, data is either encrypted or it isn’t, users have privacy or they don’t. The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizens’ home and might begin a slippery slope towards greater violations of personal privacy.

The shift to remote work during 2020 saw thousands of businesses and individuals switch to end-to-end encrypted technology to preserve their digital privacy, with the uptake accelerating faster after the details of WhatsApp’s data sharing policies were exposed to the general public. Companies based in the EU have been an important part of enabling this, which makes the decision of policy makers to push for laws that undermine both the general public and Europe’s tech industry questionable.

In response to this conundrum, we’ve joined together with ProtonMail, Threema, and Tutanota to formally reject these attempts to violate the privacy of EU citizens, and stand up to protect the rights of people and businesses using end-to-end encryption in doing so.

Read below for some key quotes and opinions from our coalition partners:

Istvan Lam, CEO and Founder of Tresorit

“This resolution would seriously undermine the increasing trust individuals and businesses place in end-to-end encrypted services and threaten the security of users who simply wish to share information securely or leverage end-to-end encryption as part of data protection compliance. We find this resolution especially alarming given the EU’s previously progressive views on data protection.

The General Data Protection Regulation (GDPR), the EU’s globally recognized model for data protection legislation, explicitly advocates for strong encryption as a fundamental technology to ensure citizens’ privacy. These new proposals are irreconcilable with the EU’s current stance on data privacy: the current and proposed approaches are at complete odds with each other, as it is impossible to guarantee the integrity of encryption while providing any kind of targeted access to the encrypted data.”

Andy Yen, CEO and Founder of ProtonMail

“This is not the first time we’ve seen anti-encryption rhetoric emanating from some parts of Europe, and I doubt it will be the last. But that does not mean we should be complacent.

Put simply, the resolution is no different from the previous proposals which generated a wide backlash from privacy conscious companies, civil society members, experts and MEPs. The difference this time is that the Council has taken a more subtle approach and  explicitly avoided using words like ‘ban’ or ‘backdoor’. But make no mistake, this is the intention. It’s important that steps are taken now to prevent these proposals going too far and keep European’s rights to privacy intact.”

Martin Blatter, CEO and Founder of Threema

“Companies rely on end-to-end encryption to protect their intellectual property. Citizens use apps that follow the zero-knowledge design goal to communicate freely without being tracked and monetized and to exercise their statutory right to privacy.

Young European companies are now at the forefront of this revolution in technology and data protection. Experience shows that anything that weakens these achievements can and will be abused by third parties and criminals alike thus endangering the security of all of us. With the abundance of uncontrollable open-source alternatives, users would simply move on to those applications if they knew a service was compromised.

Forcing European vendors to bypass or deliberately weaken end-to-end encryption would destroy the European IT startup economy without providing even one bit of additional security. Europe would recklessly abandon its unique competitive advantage and become a privacy wasteland, joining the ranks of the most notorious surveillance states in the process.”

Arne Möhle, CEO and Founder of Tutanota

“Encryption is the backbone of the internet. Every EU citizen needs encryption to keep their data safe on the web and to protect themselves from malicious attackers. With the latest attempt to backdoor encryption, politicians want an easier way to prevent crimes such as terrorist attacks while disregarding an entire range of other crimes that encryption protects us from: End-to-end encryption protects our data and communication against eavesdroppers such as hackers, (foreign) governments, and terrorists. By demanding encryption backdoors, politicians are not asking us to choose between security and privacy. They are asking us to choose no security.”

Want to discover more about the ramifications of encryption backdoors? Get into the details of encryption backdoors via the Tresorit blog, and read Tech Crunch’s full summary on our encrypted alliance here.