EU Counter-Terrorism Coordinator seeks mandatory disclosure of encryption keys by EU internet companies & telcos

UPDATE 2015-07-01: Ars Technica reports: “The UK’s prime minister, David Cameron, has re-iterated that the UK government does not intend to “leave a safe space—a new means of communication—for terrorists to communicate with each other.” This confirms remarks he made earlier this year about encryption, when he said: “The question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not.””

UPDATE 2015-01-30: the joint statement (.pdf) that followed the meeting does not contain any indication that mandatory disclosure of encryption keys was in fact discussed during the Jan 29/30 meeting. (Which does not imply it was not discussed.)

The EU Counter-Terrorism Coordinator (CTC) wrote input (.pdf, Jan 17) for preparation of the informal meeting of Justice and Home Affairs Ministers in Riga, Latvia on January 29th. On page 10 (of 14) the document addresses access to communication, and explicitly suggests discussing rules to oblige internet companies and telcos operating in the EU to disclose encryption keys:

f) Encryption/interception

Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys).

This of course is not unlike the UK Prime Minister reportedly (Jan 13, BBC) stating that there should be no “means of communication” that “we cannot read”; and a few days later, Barack Obama reportedly (Jan 16, WSJ) making statements of similar nature.

It is not clear why the EU CTC’s document mentions “often de-centralized” in the first sentence in the above quote, as “de-centralized encryption” in its usual meaning is not a problem that one would typically address by obliging internet companies and telcos to disclose keys.

We’ll learn more after January 29th.



2 thoughts on “EU Counter-Terrorism Coordinator seeks mandatory disclosure of encryption keys by EU internet companies & telcos

  1. Is the solution here to make a push for forward secrecy to be enabled on all web sites, so that transmissions can’t be spied upon even if the companies hand over their encryption keys?

Leave a Reply

Your email address will not be published. Required fields are marked *