Cloud Hosting

The recently published recommendations of an high level expert group on the topic of going dark were also discussed in the Standing Committee on Internal Security (COSI). On May 29, several EU member states spoke out in favor of access to encrypted data and communications, as well as Europe-wide data retention. We are publishing the secret minutes of the meeting in full (in German).

The Going Dark expert group (High-Level Group on access to data for effective law enforcement), dominated by security authorities, called for backdoors to encrypted data and many other surveillance options in 42 recommendations at the end of May this year. We published the full text of the categorized document (PDF) last week, and the expert groups demands can also be derived from a freedom of information request.

The groups topic was how investigating authorities deal with encryption. The authorities fear a scenario in which large parts of communication are encrypted and they are therefore no longer able to investigate. Police forces and intelligence services call this phenomenon going dark. However, studies doubt the negative effects, partly because digital technologies provide the security authorities with a wealth of data that they did not have in the past.

According to the protocol drawn up by the German Permanent Representation in Brussels, EU member states have already called for a concrete roadmap to implement the recommendations. The document also shows that the recommendations have been endorsed by various bodies within the European Union. The CATS Committee, which coordinates police and judicial cooperation in criminal matters, has supported the panels recommendations and the EU Commission has also welcomed the results, stating that they have great potential.

A range of countries, including Estonia, the Czech Republic, Spain, Sweden, Finland, Italy, the Netherlands, and Ireland, see an urgent need for action on encryption and data retention. Hungary called access to data a key element for effective law enforcement and found the results of the expert group to be impressive and forward-looking. According to the minutes, the police authority Europol emphasized the danger of end-to-end encryption being misused by criminals, a view shared by Greece.

Only Luxembourg spoke out against weakening encryption. Germany, on the other hand, did not welcome the weakening of encryption, but spoke out in favor of improved cooperation with industry and standardization bodies. The expert group had described the latter as important because technical standards could be set here that could make the work of investigating authorities easier.

Germany also emphasized that as part of the national implementation of the European Electronic Communication Code (EECC), over-the-top services (OTTs) [] must be made mandatory as interpersonal communication services without any doubt and without exception. This should impose obligations to cooperate in monitoring on messengers such as WhatsApp & Co. In this context, Germany argued that the major market players in particular should be called upon to apply the standards implemented for data transfers to law enforcement authorities.

At the same time, it seemed clear to the members of the committee that, in view of the numerous new surveillance powers and encroachments on fundamental rights contained in the expert catalogue, the EU member states are facing political headwinds and thus difficult communication. According to the minutes, the chair of the committee said that it was important to set the right narrative, and Sweden, with the support of several countries, advised a communication strategy that emphasizes that the recommendations are intended to protect fundamental rights.

It will be interesting to see what such a communication strategy will look like in view of the plans for all kinds of additional surveillance and backdoors into encrypted communications.

The group of high-level experts had been meeting since last year to tackle the so-called going dark problem. The High-Level Group set up by the EU was characterized by a bias right from the start: The committee is primarily made up of representatives of security authorities and therefore represents their perspective on the issue.

This imbalance was criticized by data protection activists, who were then involved in the process, albeit at a late stage and only unofficially. They apparently had little influence on the committees recommendations. Outgoing Pirate MEP Patrick Breyer called the panels recommendations the secret wish list of EU governments and warned that these proposals would be implemented after the European elections. The approval in the COSI committee shows that Breyers fears are justified.

Original Article in German, Translation by Daniel Leisegang

View post:
Going Dark: EU States Push for Access to Encrypted Data and Increased Surveillance - netzpolitik.org