E-mail company wants EU to pick a side on encryption
With Europe’s Data Protection Day approaching, citizens and businesses are being encouraged to take a bit of time to consider who has access to their personal data and to what end. At the same time, end-to-end encryption of communications is set to become a major political faultline on the continent, as indeed it is elsewhere.
Tuta, formerly known as Tutanota and one of only a few end-to-end encrypted e-mail services, has published an open letter saying that the EU needs to protect citizens’ fundamental rights, “in particular data protection”. Signed by a number of Internet companies and trade associations, the letter also suggested that supporting a right to encrypted communications would create a competitive advantage for EU-based businesses.
The letter cricitised pending legislative changes in Britain, the United States and Australia, going on to note that given the majority of governments the Anglophone world are coming down against encryption the European Union “has the unique chance to become the beacon of hope for freedom of speech and democracy”.
Encryption has long been a fraught issue, as those who remember the so-called ‘crypto wars’ of the 1990s, which came in the wake of the 1991 release of Phil Zimmermann’s PGP, or Pretty Good Protection, will recall. For added murkiness, late last year Tuta was forced to deny allegations that it was a “storefront” for state intelligence services.
European governments appear to be divided on the matter. Those against allowing end-to-end encryption have long said that a prohibition is necessary to fight criminals, abuse material and terrorism. Spain, for example, is among those seeking to ban end-to-end encryption, according to a government document leaked last year. In addition, the interior ministry has said “it is necessary to have, as soon as possible, the best tools that can confront the threat posed by encrypted communications”.
Speaking the same language
The difference appears to be primarily cultural, with privacy-centric Germany among the strongest advocates of encryption as part of a right to privacy. Notably, Germany and Austria have resisted even the forward march of Google’s Street View, seeing it as an affront to privacy.
Other countries seem to occupy somewhat incoherent positions on the matter. France, for example, has banned government ministers from using the end-to-end encrypted messaging services WhatsApp and Signal, not because they are too secure but because, according to Élisabeth Borne, who was the country’s prime minister until 8 January they are not secure enough.
“The main consumer instant messaging applications are playing an increasingly important role in our day-to-day communications. However, these digital tools are not without security flaws, and so cannot guarantee the security of conversations and information shared via them,” she said.
Starting on 8 December last year, ministers have been directed to use the newly developed – and French – application Olvid, which also uses end-to-end encryption.
At the same time, France, which has been rocked by terrorist attacks in the past decade, is pushing for the addition of so-called ‘backdoors’ to encrypted mobile apps.
For the moment it seems like a deadlock. In November, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs voted against allowing mass surveillance. However, with national governments divided and all arms of the EU set to debate a European Commission proposal on preventing abuse material it seems likely that 2024 will not be short of lobbying.