Whatsapp, Signal, Threema: EU governments want to be able to continue reading

European heads of government are currently discussing how they could include encrypted communication from chat apps in law enforcement in the future. This arises from an internal document published on Sunday by the Austrian radio station ORF. Some media interpret this to mean that heads of government demand a master key with which the police and intelligence services can monitor all encrypted online communications.

Could the police prevent more crime if they had access to encrypted messages? Or would criminals just switch to other channels? In the picture: Berlin policemen.

Sean Gallup / Getty

Shortly after the leak, the EU Council presidency denied that heads of government were targeting a ban on encryption or that they wanted to weaken encryption systems in general. However, it appears from the internal document that the heads of state want to persuade WhatsApp, Signal and other chat service providers to publish the content of private chats under certain conditions.

Until now, there is no legal basis for authorities to force access to encrypted online chats. European police and secret services can tap phones, open letters and read text messages if they have a reasonable suspicion that the person being supervised is, is or has been a criminal. But end-to-end encrypted messages are “extremely difficult or practically impossible” for authorities to read, as EU heads of government write in the internal document.

The second apartment key for the Federal Office

For many chat operators, privacy is a major selling point. The most popular applications are programmed in such a way that even businesses cannot view private chats. Threema, for example, can’t decrypt the messages users send to each other, says Martin Blatter, one of the founders of the Swiss chat app. “Privacy is a human right,” says Blatter. “We do not give the key to our second apartment to any federal office.”

It can be assumed that other affected tech companies will also defend themselves against the project. In the US, there has been a dispute between the authorities and Apple over the encryption of smartphones for a long time. In 2016, in a setting of precedents, Apple refused to crack a killer’s phone for US authorities. A similar case was repeated at the beginning of the year.

Criminals switch to other channels

The attack on encryption technology does not do what politicians expect of it, says Swiss data protection activist Hernâni Marques. After all, criminal groups around pedophiles or terrorists would quickly find other means of collusion. Furthermore, it is foreseeable that back doors in the program code that would have to be created at the behest of politicians will also end up in the hands of criminal organizations, Marques says. Criminals could also make use of security holes.

If authorities soften encryption in the name of fighting crime, they create an instrument that primarily facilitates, not more difficult, the work of criminals, Marques says. The authorities would also be expected to be hacked more frequently in this way as well. “We have to prevent such conditions. After all, individuals and companies, as well as states, have an interest in encrypted communication. “

Switzerland uses a state trojan

The Federal Council also recognizes the importance of encryption. In response to an interpellation in late 2019, he wrote: “Encryption technologies are also extremely important for law enforcement and the intelligence service to protect their own data from unauthorized access.”

Even today, Switzerland is not interested in forcing chat service providers to make encrypted messages accessible, confirms a spokesperson for the Post and Telecommunications Monitoring Service (ÜPF). Encryption technology must not be weakened. And to monitor and fight crime, law enforcement authorities could already turn to “special IT programs” that make encrypted chat messages accessible.

This means state Trojans smuggled into phones or laptops without the owner noticing. The police can use Trojans if the measure is ordered by a prosecutor and approved by a mandatory measures court. The intelligence service needs the approval of the Federal Administrative Court and that of the head of the defense department.

In Germany, the police authorities use similar means. However, the demand for encrypted chat messages to be broadcast came earlier, for example when the plans were discussed at the German Interior Ministry in 2019.

The EU project was originally started by Great Britain. The secret services alliance of the United States, Great Britain, Australia, Canada and New Zealand called “Five Eyes” had already requested access to encrypted communication in the past. In October, the US Department of Justice challenged statements by data protection activists and technology companies that the additional powers of law enforcement agencies were necessarily at the expense of privacy and cybersecurity.

The EU chooses a transparent approach

Sabine Fercher, a freelance lawyer and cybersecurity expert in Zurich, is sympathetic to the draft from the EU heads of government. He hopes that Swiss law enforcement officials can also benefit from the decrypted messages.

“At least since the Edward Snowden revelations, we know the United States has the Internet under control,” says Fercher. Of course, it is scary when an authority can read and hear everything. “Unlike the United States and China, the EU chooses a transparent approach and guarantees proportionality.”

The decision of the EU heads of government has already been debated so far, which may be adopted in the videoconference of the Interior and Justice ministers in early December. The EU Commission will probably draw up a regulation then. If all goes according to plan, EU MPs will debate how much privacy they are willing to give up in order to fight crime more effectively. Authorities will have to provide credible evidence that they would actually prevent terrorist attacks and child pornography more if they could read encrypted chats.