The European Union thinks digital privacy is so important it should be protected by law, and that’s exactly what its trying to do with new proposed legislation. Unlike the United States and United Kingdom, which are pushing for laws that would strip away digital privacy and encryption security, the EU looking to mandate those protections.
The proposed law will prohibit EU member governments from hacking through the encryption in chat apps like Messages and WhatsApp, and would require companies and online services that don’t currently offer encryption in their products to do so. The proposed laws will also block member countries from forcing companies to build back doors in their encryption.
U.S. and U.K politicians have been arguing that their governments need a way to bypass encryption in apps and services to fight crime and stop terrorists. Without a way to sidestep security and encryption measures, they argue, criminals can do as they please without any fear of repercussion.
Both governments are downplaying the risks that go along with forcing companies to create back doors through their encryption—something the EU is not. Instead, the proposed EU laws acknowledge that a back door for a government is also a a potential access point for criminals, hackers, and rogue governments.
The US Anti Encryption Fight
The EU laws stand in stark contrast to FBI and U.S. Department of Justice claiming those back doors are necessary and essential. That stance became very apparent and public last year when the FBI sought out a court order forcing Apple to create a version of iOS that strips away the security measures blocking passcode brute force attacks.
The court order stemmed from a mass shooting in San Bernardino where the suspects gunned down their coworkers at a holiday party. They were killed later in the day in a shootout with police. A work-issued iPhone 5c was recovered from the shootout scene, but no one knew the device’s passcode.
Apple worked with the FBI to recover as much data as it could, but wasn’t able to work around the phone’s passcode. The FBI then obtained a court order compelling Apple to make what’s been dubbed GovOS. Apple refused saying there wasn’t any way to ensure the hackable iOS version would be used only for this case and that the code wouldn’t fall into hacker’s hands.
The FBI took their fight to the public saying the hackable iOS was necessary for its investigation. The FBI dropped its legal fight with Apple only hours before the two were scheduled to appear in court after an unnamed company hacked into the suspect’s iPhone.
U.S. law enforcement agencies, along with the FBI, have continued to push for government mandated backdoors through encryption although so far no laws have been passed.
The EU and Privacy versus the US and UK
The U.K. has been pushing for similar laws citing recent local terrorist attacks as proof that encryption is dangerous. The reasoning is in line with the U.S. stance that criminals and hackers are getting a free pass to keep all of their evil doings secret and forever out of the grasp of law enforcement agencies.
The EU’s progressive take on digital privacy is refreshing because it shows at least some politicians understand that a back door for one is a back door for all, meaning any special access governments get into your encrypted data is a weakness anyone can exploit.
The proposed EU laws aren’t new in that they’re updated interpretations of existing rights for all citizens in member countries. These new laws will clarify that the privacy rights EU members currently have extend to digital formats and to any format that may be invented.
Hopefully thee new proposed laws will pass and set a precedent for other countries—including the United States. The alternative is a future where the citizens governments say they’ll protect by stripping away digital security will ultimately be more vulnerable than the criminals.