The Council of the European Union is circulating a resolution among member countries to weaken data encryption by requiring back door access of some kind for law enforcement and courts.
The document, which was leaked to an EU news outlet, has the following subject line: "Security through encryption and security despite encryption."
EU encryption back door resolution leaked online
The leaked document starts with the same points some U.S. leaders use in talking about encryption; the technology is fantastic, and we're all for it.
"The European Union fully supports the development, implementation and use of strong encryption. Encryption is a necessary means of protecting fundamental rights and the digital security of governments, industry and society."
But then, just like U.S. discussions on the topic, the EU resolution brings in the fact that lawful access through encryption should be required. In other words, there needs to be some sort of back door.
"At the same time law enforcement is increasingly dependent on access to electronic evidence to effectively fight terrorism, organised crime, child sexual abuse (particularly its online aspects), as well as a variety of cyber-enabled crimes.
For competent authorities, access to electronic evidence is not only essential to conduct successful investigations and thereby bring criminals to justice, but also to protect victims and help ensure security.
However, there are instances where encryption renders analysis of the content of communications in the framework of access to electronic evidence extremely challenging or practically impossible despite the fact that the access to such data would be lawful.
Independently of the technological environment of the day, it is therefore essential to preserve the powers of competent authorities in the area of security and criminal justice through lawful access to carry out their tasks, as prescribed and authorised by law."
And it suggests specialized tools may be developed to support this effort.
"Potential technical solutions will have to enable authorities to use their investigative powers which are subject to proportionality, necessity and judicial oversight under their domestic legislation, while upholding fundamental rights and preserving the advantages of encryption."
In other words, it will be okay, EU member governments will use any back door access very carefully.
Can you preserve the advantages of encryption and allow a back door?
So can we have it both ways? Can we live in a world with strong encryption that includes back doors for law enforcement and expect those back doors to be used only in case of a legitimate investigation?
At last year's SecureWorld Boston, I asked cybersecurity thought leader Bruce Schneier this very question, in terms of the FBI, CIA,and U.S. law enforcement. Schneier said:
"Encryption is vital for national security. That as long as our phones and computers are used and carried by our legislators, our CEOs, our nuclear power plant operators, that putting backdoors in them is not just stupid, it's dangerous. And yes, I get it that the FBI will have to do a little more work to solve crimes, but the security benefit is more than worth it."
And he told me either encryption and networks are secure, or they are not. There is no in-between option available to government.
"They have this weird definition of security which means security from everyone except them, which we as technologists can't actually build. And they are pushing for insecure protocols at the same time they're complaining about lack of security.
So yes, we need security. We need trust and that actually means the FBI and NSA are not going to be able to eavesdrop on those systems. And they have to either accept that or be happy with the insecurity. They can't get both."
But in the new EU resolution, getting both is exactly what they claim is possible.
It looks like the encryption debate is ready to go another round.
Read it here: Leaked copy of EU resolution on encryption