%$@&%! (Or Why the EU Can’t Ignore the Encryption Debate)

In 2003, US air travellers were informed that they would have to use a ‘TSA approved’ luggage lock on their checked baggage. These locks could be opened using master keys held by the US’s Transportation Security Administration (TSA), thereby allowing them to inspect any checked item of luggage for explosives and then relock it. Non-approved locks would be broken off by inspectors, leaving the bags unsecured for the sake of national security and passenger safety. In 2015, plans were posted online allowing anybody with a 3D printer to produce their own master keys, giving anybody easy access to Americans’ locked luggage.
Today, the US and some EU governments are reported to want to apply a similar approach to our email and personal communications, calling for public authorities to have ‘back door access’ to encrypted devices and communications services in the name of national security. Unsurprisingly, civil liberties advocates have strongly resisted these calls, but so have technology experts. Pointing to the possibilities for exploits that such backdoor access would create, they have warned of the risk this would pose for cybersecurity in Europe and the companies, people and infrastructure that depend on it.
It is clear that the debate of personal security and privacy versus national security is not a new one, yet the circumstances of this debate are different. With entire sectors now reliant on a secure digital environment in order to be able to conduct business, and more and more sensitive information stored online, keeping our technologies secure has become of paramount importance for the functioning of Europe’s economies. At the same time, the incentives for cybercriminals and other hackers have also increased, and companies across the globe are becoming increasingly aware of this growing cyber threat; PwC’s 2016 Global State of Information Security Survey found that 38% more security incidents were detected in 2015, compared to the previous year, and Germany’s IT association Bitkom has estimated that over two-thirds of German industrial companies have been victims of digital crime over the past two years. UK government research, meanwhile, has found that two-thirds of large businesses experienced a cyber attack or breach in the past year.
In this environment, it is understandable that governments, companies and individuals will want to have the most resilient and secure systems and devices. However, whereas the EU’s Commissioner for the Digital Single Market, VP Andrus Ansip, has repeatedly voiced his objection to back door access, the evolving debate in other EU member states could require the Commission to take a more nuanced approach. Measures such as the UK’s recent Investigatory Powers Bill, or the recent vote by French lawmakers to fine companies that do not decrypt data for investigating authorities, could limit the use of the most secure forms of encryption in these countries, such as end-to-end encryption. With other countries such as the Netherlands clearly rejecting limits on encryption, and Hungary reportedly considering a ban on encryption, it is very possible that differing national systems could place pressure on the internal market for digital goods and services, strengthening calls for an EU-wide approach.
Initial steps in this direction have, to some extent, already been taken; the Commission has launched the EU Internet Forum in the context of its work on the European Agenda on Security, bringing together Ministers and CEOs of major internet companies to, amongst other things, explore ‘the concerns of law enforcement on new encryption techniques’. Whilst this has been with the support of the European Parliament, whose MEPs, who last year raised their ‘serious concerns over the increasing use of encryption technologies by terrorist organisations’, its narrow scope and the closed discussion will leave many dissatisfied.
Yet, any decision in the US or another large economy to enable access to encrypted content and communications could make European preferences for stronger security irrelevant. Europe would do well to have an open discussion on what it should do about encryption before it finds itself trying to catch up with decisions made elsewhere.

Authored by: Michael Wilen

To share your views on why EU Matters, contact us at: [email protected]

Follow @hkstrategies

H+K Belgium

Brussels

No pleasing everyone when regulating what can be considered “green”

The challenge ahead: an EU public affairs perspective on 2022

A leap into the unknown: five takeaways from the French general elections

Commission lays out ambitious climate plan, but trouble may lay ahead

Realities and consequences of mandatory supply-chain due diligence

Ireland’s local by-election that could have national consequences

Carbon Border Adjustment Mechanism – a fine line between protection and protectionism

New Rules for the Internet: Episode 4 – an H+K Hear+Know Spotlight podcast

EU aims to steal a competitive march by setting global gold standard in green batteries

EU launches the biggest digital shake up in a generation

Navigating the EU’s maze of recovery funding

Should robots own rights? Episode 2 – an H+K Hear+Know Dispatch podcast

Should robots own rights? Episode 3 – an H+K Hear+Know Dispatch podcast

Thomas Tindemans: reflections on ten years at Hill+Knowlton Strategies

Should robots own rights? Episode 1 – an H+K Hear+Know Dispatch podcast

The European Union delivers: the results of European Council of 17, 18, 19, 20 & 21 July 2020

Foreign subsidies in the single market: creating a level playing field?

Powering the recovery: the EU’s green and digital transition depends on the resilient and sustainable supply of raw materials

Will Covid-19 reshape EU’s agrifood supply chain?

EU Council adopts “Taxonomy” for green investments

Will COVID-19 contaminate the EU’s Green Deal?

COVID-19, or the end of free trade

United in crisis?

Europe’s new digital leadership agenda

Habemus Brexit: Labour, quo vadis?

Ireland’s first female Taoiseach?

Should old acquaintance be forgot?

The European approach on AI – what is on the regulatory horizon

Habemus Brexit: Britannia, quo vadis?

Day One for the new European Commission

Creating Ethical Rules for AI

The Word on the Block is Blockchain

The New Commission: Balance is the word of the day, but what does it mean?

Textiles: the next frontier for European Union regulators