EU Wishes To Prohibit Backdoors in New Data Protection Regulations

Last updated: July 5, 2023 Reading time: 4 minutes
Disclosure
Share
EU-prohibits-backdoors

The European Union is considering to officially forbid the implementation of the so-called “backdoors”. These backdoors allow infiltrating encrypted communications. Thus the banning of these backdoors would interfere with the desire of UK government to gain access to ever secure communication.

The draft report by the European parliament’s committee states that the data protection regulations have not maintained the progress with advances in technology. Furthermore, it says that amendments were required in the 2002 regulation on privacy and electronic communications (ePrivacy).

These amendments were proposed by the European Commission in January. They are now reviewed by the European Parliament and part of the amendments look to deal with over-the-top services (OTT services). These services depict the functionality of traditional communications systems like the landline telephones. However, they are not regulated in a similar way and thus they do not afford similar protections as well.

For instance, different methods were sought by the UK government to become accessible to encrypted communications. The UK government desired to infiltrate the encrypted messaging feature, like the end-to-end encryption (E2EE) that prohibits the interception of private messages, currently utilized by Whatsapp and Signal.

Such measures were, therefore, categorically ruled out by the EU draft proposal. The draft says, “The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used, or by state-of-the-art end-to-end encryption of the electronic communications data.”

It also states, “Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.”

The causatum of terror attacks, earlier this year, across the UK instigated the home secretary Amber Rudd. Many a time she called for gaining access to messages sent across encrypted communications that use E2EE. In the Conservative manifesto, this issue was repeated again.

EU draft’s amendments banned such attempts by the government particularly by stating, “The Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”

However, it is still unclear how the brewing Brexit negotiations will impact legislation like the IPA. The UK is supposed to have completed the Brexit process by the time amendments are made to the ePrivacy directive.

The new GDPR – General Data Protection Regulation, kicked out the new proposed amendments related to the digital communications and privacy. This tougher GDPR is due to come into effect in 2018.

The change proposals of the ePrivacy directive are pursuing to bring the 2002 law abreast with the new GDPR. It is also trying to stay parallel with technological development. They also cover the collection of behavioral data and metadata, the tracking of users for advertising along with the specific agreement to do so.

In order to become a law, the amendments in the EU draft have to journey through different stages. These various stages include the European Parliament approval and the European Council approval so as to become a law.

An independent privacy and security technology researcher, Lukasz Olejnik said, “These amendments significantly improve security and privacy properties of the regulation. This is a step in a great direction.”

He further says, “The end-to-end aspect is additionally of interest due to the worldwide campaign of weakening cryptography and introducing backdoors. Such voices are in the USA, Australia, Germany, France, and UK. These last points put ePrivacy on a potential collision course with the supposedly imminent regulations negatively affecting cybersecurity and privacy.”

Just when EU is thinking to empower the law enforcement to directly gain access to cloud storage in order to retrieve electronic evidence, the proposed ePrivacy amendments popped out.

An element of a three-option proposal will form the foundation of future legislative reform. In accordance with this basis, the EU Justice Commissioner Vera Jourova said that it was an extraordinary measure for extraordinary threats. In the wake of terror attacks across Europe, the European Union is trying to speed up the process of evidence collection.

Share this article

About the Author

Rutaba Rais is Editor at Be Encrypted with focus on Technology and Internet Security. Apart from her Healthcare background, she has interests in Lifestyle, Journalism, and expressing her opinion by her writing. You can follow her on Twitter.

More from Rutaba Rais

Related Posts