EU should oblige Internet firms to hand over encryption keys, says antiterrorist advisor

Law enforcement access to encrypted communications is needed, says the EU's Counter-Terrorism Coordinator

Internet and telecommunications companies should be obliged to share encryption keys with police and intelligence agencies to help them fight terrorism, the European Union's Counter-Terrorism Coordinator has advised.

It's a remarkable suggestion, because companies such as Google and Facebook have only just begun encrypting their Internet traffic to shield it from intelligence agencies, after documents leaked by Edward Snowden detailed the depth of government surveillance programs.

EU Counter-Terrorism Coordinator Gilles de Kerchove suggested that the European Commission "should be invited to explore rules obliging Internet and telecommunications companies operating in the EU to provide ... access of the relevant national authorities to communications (i.e. share encryption keys)," according to a leaked document published by civil rights group Statewatch.

In that document, De Kerchove sets out his views on anti-terrorism measures to be taken in the EU in preparation for a meeting of EU justice and home affairs ministers in Riga next week.

The proposal is controversial because, as De Kerchove notes, Internet and telecommunications companies' increasing use of encryption makes lawful interception by the relevant national authorities technically difficult or even impossible -- yet the companies extended their use of encryption because of the unlawful interception by those same authorities revealed in the Snowden documents.

The call for more surveillance on the Internet is back high on the EU's agenda in the wake of shootings at the offices of the satirical magazine Charlie Hebdo in Paris.

After the shootings, EU justice and home affairs ministers issued a statement in which they said it is essential" to stem online terrorist propaganda in close cooperation with ISPs, a measure which could be illegal, according to one of the three EU lawmaking bodies.

Next week in Riga, the ministers will follow up on plans set out in that statement, a Commission official said.

The Commission declined to comment on De Kerchove's anti-encryption plans, and the leaked document contains few additional details.

It does, though, refer to the companies' introduction of "decentralized encryption". This could be a reference to end-to-end encrypted communication. However, companies that use such encryption don't handle the encryption and decryption of messages in a central location, and will be unable to hand over the encryption keys.

De Kerchove is not alone in his call for greater access to encrypted communication. U.K. prime minister David Cameron has floated the idea of banning encrypted online messaging services such as WhatsApp and Apple's iMessage as part of his plans to fight terrorism. U.S. President Barack Obama later sided with Cameron, saying encryption should not lock out police and intelligence services.

Next week's EU ministerial meeting will be an informal one behind closed doors, where no formal decisions will be made. The ministers will discuss broadly how to implement all the counter terrorism measures that have been discussed in the last month, the Commission official said, adding that in addition to De Kerchove's advice, ministers will also take into account suggestions made by the Commission and EU member states.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Tags privacyregulationlegislationeuropean commission

Show Comments