Open letter: EU investigators want to circumvent encryption – and mathematics

Numerous civil rights organizations are warning against the EU's plans to "grant law enforcement authorities the greatest possible access to personal data". The Chaos Computer Club (CCC), European Digital Rights (EDRi), Digitale Gesellschaft and around 50 other organizations wrote this in an open letter. The recommendations of the working group set up by the EU for this purpose represent "fundamental risks of mass surveillance as well as significant threats to security and the protection of privacy".

The signatories also include the German Bar Association (DAV), the eco Association of the Internet Industry, the Electronic Frontier Foundation (EFF), Privacy International and Statewatch. They criticize the "Lawful Access by Design" concept recommended by the working group, according to which access for investigators to unencrypted communication data should be built directly into the technology.

"In practice, this would require the systematic weakening of all digital security systems - including, but not limited to, encryption," warn the voices from civil society. "This would undermine the security and confidentiality of electronic data and communications, jeopardize the security of all people and massively restrict their fundamental rights."

Extended data retention is not an option

There is an urgent appeal to politicians to "reject all measures that could circumvent or weaken the protection of encryption". Otherwise, "the entire digital information ecosystem" would inevitably be damaged. A backdoor intended for law enforcement - or any other circumvention mechanism - could always be exploited by other actors. There are numerous examples of this.

The participants also consider the HLG's call for an "extension of the data retention obligation to practically all information society services, including the Internet of Things" to be "particularly worrying". The associated "comprehensive and general surveillance would give the entire population the feeling that their private lives are under constant surveillance". This would be contradicted by supreme court rulings in Europe. There is also a risk that these measures could be misused to persecute journalists, human rights defenders, lawyers, activists and political dissidents.

Squaring the circle

The call for unrestricted access to all private data is completely "detached from technical or legal realities", adds the CCC. The "misguided and exaggerated demands" should in no way serve as the basis for the future EU agenda: "The working group must be shut down, because the secret squad is not legitimized anyway." What is ominously referred to by law enforcement officers as "going dark" only stands for "private individuals, the state and business finally encrypting all data as a matter of routine in order to protect themselves from criminals and espionage".

With its anti-encryption initiative as part of the ongoing Crypto Wars, the HLG is also attempting to "circumvent the laws of mathematics", explains EDRi, adding that such a "squaring of the circle in surveillance and IT security" is not possible. It is a "dangerous proposal" that does not get any better through constant repetition. The Digitale Gesellschaft association points out that even the FBI is now urging everyone to use encrypted communication in response to Chinese cyber attacks. The HLG, on the other hand, has still not understood that attacks on encryption massively endanger the communication security of the entire population.

(vbr)