Euro MPs back end-to-end encryption for all citizens

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP
Mobile messaging app WhatsApp enables end-to-end encrypted conversationsImage copyright Reuters
Image caption The European Parliament could enforce end-to-end encryption as an extension of personal privacy

A European Parliament committee wants end-to-end encryption to be enforced on all forms of digital communication to protect European Union (EU) citizens.

The draft legislation seeks to protect sensitive personal data from hacking and government surveillance.

EU citizens are entitled to personal privacy and this extends to online communications, the committee argues.

A ban on “backdoors” into encrypted messaging apps like WhatsApp and Telegram is also being considered.

“Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication,” said a draft proposal from the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs.

“The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, email, internet phone calls and personal messaging provided through social media.”

The proposal seeks to amend Article Seven of the EU’s Charter of Fundamental Rights to add online privacy and will require approval by the European Parliament and the European Council before it can be passed into law.

‘Existing techniques’

During the UK’s recent election campaign, the Conservative Party said that tech firms should provide the authorities “access to information as required” to help combat online radicalisation, but ministers have also said they do not want to weaken encryption.

That has led to some confusion among tech industry leaders as to whether the government wants some kind of “backdoor”, a way to have end-to-end encryption disabled in specific cases or some other action.

However, cyber-security experts warn that criminals can still find a way to protect their communications, even if end-to-end encryption is banned.

Media playback is unsupported on your device

Media captionWhat is encryption?

“There are lots of existing techniques law enforcement can use,” Dr Steven Murdoch, a cyber-security researcher in the department of computer science at University College London told the BBC News website.

“One of them is traffic analysis, which is looking at patterns of communications, eg who is talking to who, when and from what location.

“The other one is hacking – equipment interference in British law – which can happen before data is encrypted and after it’s been decrypted, so there are still ways for law enforcement to gain access to information.”

In the Manchester, Westminster and London Bridge terror attacks, the perpetrators were already known to UK security services, Mr Murdoch added.

“They were not stopped because there were either insufficient resources or the resources were not sufficiently prioritised,” he said.

“The suggestions being considered by the UK government would be worse for computer security. So much of people’s lives are now carried out online. We should have privacy online just as we have offline.”