Ministers from France and Germany are coming down hard on the use of encryption in criminal and terrorist investigations. The two countries are pushing for an EU-wide law that would compel companies and operators to decrypt suspects’ messages.
The push against robust encryption mirrors the ongoing debate in the United States, where law enforcement like the FBI has clashed with Apple over access to encrypted iPhones.
“If such legislation was adopted, this would allow us to impose obligations at the European level on noncooperative operators,” said French Interior Minister Bernard Cazeneuve at a press conference in Paris this week, where he was joined by German Interior Minister Thomas de Maiziere, who also backs the effort.
Police forces have argued that end-to-end encryption, where the operator cannot access the contents of the messages, is inhibiting the arrest of terrorists.
Cazeneuve has taken particular offense to Telegram, the popular encrypted messaging app that has found itself embroiled in controversies. Islamic State militants are allegedly using the app to coordinate their operations. France and Germany remain on edge following a series of terrorist and violent attacks over the past two years.
In response to the French and German claims, the European Commission stated via a spokesperson that national security was a matter for each individual country but an EU framework may help in guiding such rules.
The calls from France and Germany have drawn the ire of security experts and civil rights groups. Access Now, a digital rights organization, has sharply criticized the proposal.
“From time to time, policymakers need to be reminded that they have a responsibility to strengthen and protect the security and integrity of our communication and systems, not to purposefully weaken it,” wrote Lucie Krahulcova, a policy associate at the organization.
ENISA, the EU’s network and information security agency, said in a position paper earlier this year that encryption was a necessary tool for privacy and urged policymakers to refrain from any legislation that limits security features. Nevertheless, the matter is likely to be discussed at a European Council meeting on September 16.