Techdirt has been covering the disgraceful attempts by the EU to break end-to-end encryption — supposedly in order to “protect the children” — for two years now. An important vote that could have seen EU nations back the proposal was due to take place recently. The vote was cancelled — not because politicians finally came to their senses, but the opposite. Those backing the new law were worried the latest draft might not be approved, and so removed it from the agenda, to allow a little more backroom persuasion to be applied to holdouts.
Although this “chat control” law has been the main focus of the EU’s push for more surveillance of innocent citizens, it is by no means the end of it. As the German digital rights site Netzpolitik reports, work is already underway on further measures, this time to address the non-existent “going dark” threat to law enforcement:
The group of high-level experts had been meeting since last year to tackle the so-called „going dark“ problem. The High-Level Group set up by the EU was characterized by a bias right from the start: The committee is primarily made up of representatives of security authorities and therefore represents their perspective on the issue.
Given the background and bias of the expert group, it’s no surprise that its report, “Recommendations from the High-Level Group on Access to Data for Effective Law Enforcement”, is a wish-list of just about every surveillance method. The Pirate Party Member of the European Parliament Patrick Breyer has a good summary of what the “going dark” group wants:
according to the 42-point surveillance plan, manufacturers are to be legally obliged to make digital devices such as smartphones, smart homes, IoT devices, and cars monitorable at all times (“access by design”). Messenger services that were previously securely encrypted are to be forced to allow for interception. Data retention, which was overturned by the EU Court of Justice, is to be reenacted and extended to OTT internet communications services such as messenger services. “At the very least”, IP connection data retention is to be required to be able to track all internet activities. The secure encryption of metadata and subscriber data is to be prohibited. Where requested by the police, GPS location tracking should be activated by service providers (“tracking switch”). Uncooperative providers are to be threatened with prison sentences.
It’s an astonishing list, not least for the re-appearance of data retention, which was thrown out by the EU’s highest court in 2014. It’s a useful reminder that even when bad laws are overturned, constant vigilance is required to ensure that they don’t come back at a later date.
These people don’t seem to realise that opening this stuff up for law enforcement (who do misuse their powers), also opens it up to criminals.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft