EU should oblige Internet firms to hand over encryption keys, says antiterrorist advisor

Law enforcement access to encrypted communications is needed, says the EU's Counter-Terrorism Coordinator

Internet and telecommunications companies should be obliged to share encryption keys with police and intelligence agencies to help them fight terrorism, the European Union's Counter-Terrorism Coordinator has advised.

It's a remarkable suggestion, because companies such as Google and Facebook have only just begun encrypting their Internet traffic to shield it from intelligence agencies, after documents leaked by Edward Snowden detailed the depth of government surveillance programs.

EU Counter-Terrorism Coordinator Gilles de Kerchove suggested that the European Commission "should be invited to explore rules obliging Internet and telecommunications companies operating in the EU to provide ... access of the relevant national authorities to communications (i.e. share encryption keys)," according to a leaked document published by civil rights group Statewatch.

In that document, De Kerchove sets out his views on anti-terrorism measures to be taken in the EU in preparation for a meeting of EU justice and home affairs ministers in Riga next week.

The proposal is controversial because, as De Kerchove notes, Internet and telecommunications companies' increasing use of encryption makes lawful interception by the relevant national authorities technically difficult or even impossible -- yet the companies extended their use of encryption because of the unlawful interception by those same authorities revealed in the Snowden documents.

The call for more surveillance on the Internet is back high on the EU's agenda in the wake of shootings at the offices of the satirical magazine Charlie Hebdo in Paris.

After the shootings, EU justice and home affairs ministers issued a statement in which they said it is essential" to stem online terrorist propaganda in close cooperation with ISPs, a measure which could be illegal, according to one of the three EU lawmaking bodies.

Next week in Riga, the ministers will follow up on plans set out in that statement, a Commission official said.

The Commission declined to comment on De Kerchove's anti-encryption plans, and the leaked document contains few additional details.

It does, though, refer to the companies' introduction of "decentralized encryption". This could be a reference to end-to-end encrypted communication. However, companies that use such encryption don't handle the encryption and decryption of messages in a central location, and will be unable to hand over the encryption keys.

De Kerchove is not alone in his call for greater access to encrypted communication. U.K. prime minister David Cameron has floated the idea of banning encrypted online messaging services such as WhatsApp and Apple's iMessage as part of his plans to fight terrorism. U.S. President Barack Obama later sided with Cameron, saying encryption should not lock out police and intelligence services.

Next week's EU ministerial meeting will be an informal one behind closed doors, where no formal decisions will be made. The ministers will discuss broadly how to implement all the counter terrorism measures that have been discussed in the last month, the Commission official said, adding that in addition to De Kerchove's advice, ministers will also take into account suggestions made by the Commission and EU member states.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags regulationsecurityeuropean commissionlegislationgovernmentprivacy

More about AppleEUEuropean CommissionFacebookGoogleIDGNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place