In the future, you might be just casually browsing the web from the world’s loneliest island and privately chatting with your peers and yet be in danger that somebody, technically, can access your conversations – even those protected by end-to-end encryption.
The push for end-to-end encrypted communication to be accessible to law enforcers is strong globally, not just in the U.S. but also in the UK and European Union, among others.
However, implementing such laws in Europe will be even more difficult than it was until now. As The Register reports, the European Court of Human Rights (ECHR) has ruled that legislation requiring weakening the encryption – essentially creating a government backdoor access – violates the European Convention on Human Rights
Long story short, it is a matter of proportionality. Law enforcers want this access to more easily and successfully investigate cases of terrorism, human trafficking, or child pornography. However, making such access to encrypted communication requires weakening the encryption technology – for every single user.
On top of that, implementing such a weakness also opens the door for hackers which would certainly try to break through from the moment such a weak spot exists.
The ECHR ruling is the result of the Podchasov v. Russia case from 2019. The Russian secret service FSB (Federal Security Service) demanded access to end-to-end encrypted Telegram communication of a local citizen Anton Valeryevich Podchasov. Telegram refused to comply with the disclosure order based on Russian law, arguing that it was technically impossible to execute it without creating a backdoor that would weaken the encryption mechanism for all users.
Ironically, the Russians might not be bothered by the ruling. ECHR’s rulings are binding on the members of the Council of Europe that have ratified the European Convention on Human Rights. However, the Russian Federation was excluded from the Council in 2022 following its invasion of Ukraine in February of that year.
Therefore, more than for Russia, the ruling will be important for the rest of European states, including the UK and the European Union. ECHR isn’t an EU institution, although the member states are also signatories to the European Convention on Human Rights. So in theory, they should act in line with the ruling when voting for new policies in European Parliament and other EU levels.
Specifically, the EU is preparing a legislation known as Chat Control. In November, the European Parliament agreed on the wording that kept the encryption intact. That was met with praise from privacy-focused companies like Proton, calling it “a definitive stand for privacy and security.”
However, the European Council appears to want to keep the possibility of such backdoor access to encrypted communication alive. After the ECHR ruling, making this a reality – it seems – will be much more difficult.
Image via: Proton