· 4 min read

EU Resolution Draft Seeks to Bypass Encryption - Report (UPDATED)

An alleged document has surfaced, per which the Council of the European Union is seeking to work with governments and industries to find a "balanced" way to bypass encryption and access people's personal electronic devices when a law enforcement investigation requires it, while still protecting one's privacy. The news has spread through the Cryptoverse, however, that the EU is trying to ban end-to-end (E2E) encryption on popular applications. (Updated at 14:18 UTC: updates in bold.)

Source: Adobe/peshkov

It's not clear yet how these efforts might affect privacy coins. The most popular privacy coin, monero (XMR), trades at USD 115 and is down by 1.5% in a day, while another popular privacy coin, zcash (ZEC), is up by almost 2%, reaching USD 60 (12:44 PM UTC).

An Austrian news outlet reported that the Council of the European Union has nearly completed a resolution, "made ready within five days," that would require applications such as WhatsApp and Signal to have a "master key" for monitoring end-to-end (E2E)-encrypted chats and messages.

"The Council is working on the topic of encryption, including through discussions on a possible resolution. At this stage I cannot confirm or comment on the content of this document. Discussions on this topic are expected to continue in the coming weeks," an EU official familiar with the matter told Cryptonews.com.

ORF.at claims to have received an internal document dated November, addressed from the German Presidency to the delegations of the member states in the Council. The alleged revised version of the Draft Council Resolution on Encryption argues that, while encryption is "a necessary means of protecting fundamental rights and the digital security of governments, industry and society," which should be "promoted and developed," the European Union also must "ensure the ability of competent authorities in the area of security and criminal justice [...] to exercise their lawful powers, both online and offline."

That said, an increasing number of communication channels, instant messaging apps, and other online platforms implementing E2E encryption has brought "great opportunities" and "considerable challenges" - namely "the potential for exploitation for criminal purposes," stands in the draft. Therefore, law enforcement has to increasingly depend on access to individual electronic devices during their investigations of terrorism, organized crime, child sexual abuse, etc. However, sometimes doing this is "extremely challenging or practically impossible despite the fact that the access to such data would be lawful," argues the draft.

"Technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity and proportionality," it adds, inviting governments, industry, research and academia to work together on creating a balance. "There is a clear need to review the effects arising from different regulatory frameworks in order to develop further a consistent regulatory framework across the EU that would allow competent authorities to carry out their operational tasks effectively."

The document makes no mention of either a master key or a ban.

ORF.at stated that the topic will be discussed between the French President Emmanuel Macron and the Austrian Chancellor Sebastian Kurz in a video conference at the beginning of the week, claiming that the resolution "has already been voted on in the Council," and "has already been agreed to such an extent that it can be passed in the video conference of the interior and justice ministers at the beginning of December without further discussion."

What we know from the document is that, if there are no further objections or comments, this resolution will be adopted in the Standing Committee on Operational Cooperation on Internal Security (COSI) on November 19, and submitted to the Committee of the Permanent Representatives of the Governments of the Member States to the European Union (COREPER) six days later, "followed by adoption by the Council via written procedure."

ORF.at, however, argued that the decision will be made in a virtual meeting at the beginning of December, after which the Council will draw up a draft regulation and put it through the usual procedure by the European Parliament, though it might be possible "to implement the planned regulation in its core even without the involvement of the Parliament," as has already happened in connection with surveillance, claimed the article.

Meanwhile, many in the Cryptoverse seem to be baffled by this development, arguing that the move would make users less safe. But it's important to note that many seem to be commenting under an assumption that the Council is aiming for a ban of some sort.

Others find that this move would not work for a number of different reasons, nor it would help prevent crime, given that criminal organizations would likely adapt. "If you outlaw encryption only outlaws will have privacy," said the host of The ₿iz podcast, John Carvalho.

Other comments on the news include the opinion that the Council "don’t want you to be free," and that they are "regulating tech the way Venezuela tries to run its economy," as Entrepreneur First venture partner and former Andreessen Horowitz partner Benedict Evans said, adding "Politicians who think you can create new mathematics by talking louder."


Other reactions:


Learn more:
People Want Data Privacy But Don't Always Know What They're Getting
Don't Take Your Privacy For Granted As Regulators Get Anxious About Crypto
European Police Forces Want Tougher KYC Measures for Crypto Industry