Last week, EU Justice Commissioner Vera Jourova announced that she was going to propose a law on law enforcement access to encrypted data.
She is reacting to pressure from interior ministers from EU countries to introduce new rules to help police fight terrorism and organized crime.
European Commission officials acknowledged they did not have an answer to this basic question: “can you open a backdoor for Europol only, or would doing that create a vulnerability and open a backdoor for the Russian mafia or third party state spies?” But they seemed determined to press on in any case.
As we’ve said many times before, this is a bad idea. The Economist got the key point right in its editorial on cyber security this week:
“Governments’ first priority is to refrain from making the situation worse. Terrorist attacks, like the recent ones in St Petersburg and London, often spark calls for encryption to be weakened so that the security services can better monitor what individuals are up to. But it is impossible to weaken encryption for terrorists alone. The same protection that guards messaging programs like WhatsApp also guards bank transactions and online identities. Computer security is best served by encryption that is strong for everyone.”
We need better security to protect everyone – especially as the world moves toward the ubiquitous presence of connected devices. Introducing weakened encryption into such a world would be worse than a crime. It would be a mistake.