Going Dark: EU States Push for Access to Encrypted Data and Increased Surveillance

The recently published recommendations of an high level expert group on the topic of going dark were also discussed in the Standing Committee on Internal Security (COSI). On May 29, several EU member states spoke out in favor of access to encrypted data and communications, as well as Europe-wide data retention. We are publishing the secret minutes of the meeting in full (in German).

The Going Dark expert group („High-Level Group on access to data for effective law enforcement“), dominated by security authorities, called for backdoors to encrypted data and many other surveillance options in 42 recommendations at the end of May this year. We published the full text of the categorized document (PDF) last week, and the expert group’s demands can also be derived from a freedom of information request.

The group’s topic was how investigating authorities deal with encryption. The authorities fear a scenario in which large parts of communication are encrypted and they are therefore no longer able to investigate. Police forces and intelligence services call this phenomenon „going dark.“ However, studies doubt the negative effects, partly because digital technologies provide the security authorities with a wealth of data that they did not have in the past.

Plenty of Support for More Surveillance

According to the protocol drawn up by the German Permanent Representation in Brussels, EU member states have already called for a concrete roadmap to implement the recommendations. The document also shows that the recommendations have been endorsed by various bodies within the European Union. The CATS Committee, which coordinates police and judicial cooperation in criminal matters, has supported the panel’s recommendations and the EU Commission has also „welcomed“ the results, stating that they have „great potential.“

A range of countries, including Estonia, the Czech Republic, Spain, Sweden, Finland, Italy, the Netherlands, and Ireland, see an urgent need for action on encryption and data retention. Hungary called access to data a „key element for effective law enforcement“ and found the results of the expert group to be „impressive and forward-looking.“ According to the minutes, the police authority Europol emphasized the danger of end-to-end encryption being misused by criminals, a view shared by Greece.

Only Luxembourg Warns Against Weakening Encryption

Only Luxembourg spoke out against weakening encryption. Germany, on the other hand, did not welcome the weakening of encryption, but spoke out in favor of improved cooperation with industry and standardization bodies. The expert group had described the latter as important because technical standards could be set here that could make the work of investigating authorities easier.

Germany also emphasized that as part of the national implementation of the European Electronic Communication Code (EECC), „over-the-top services (OTTs) […] must be made mandatory as interpersonal communication services without any doubt and without exception.“ This should impose obligations to cooperate in monitoring on messengers such as WhatsApp & Co. In this context, Germany argued that „the major market players in particular should be called upon to apply the standards implemented for data transfers to law enforcement authorities.“

„Setting the Right Narrative“

At the same time, it seemed clear to the members of the committee that, in view of the numerous new surveillance powers and encroachments on fundamental rights contained in the expert catalogue, the EU member states are facing political headwinds and thus difficult communication. According to the minutes, the chair of the committee said that it was important to „set the right narrative,“ and Sweden, with the support of several countries, advised „a communication strategy that emphasizes that the recommendations are intended to protect fundamental rights.“

It will be interesting to see what such a communication strategy will look like in view of the plans for all kinds of additional surveillance and backdoors into encrypted communications.

One-Sided Committee

The group of high-level experts had been meeting since last year to tackle the so-called „going dark“ problem. The High-Level Group set up by the EU was characterized by a bias right from the start: The committee is primarily made up of representatives of security authorities and therefore represents their perspective on the issue.

This imbalance was criticized by data protection activists, who were then involved in the process, albeit at a late stage and only unofficially. They apparently had little influence on the committee’s recommendations. Outgoing Pirate MEP Patrick Breyer called the panel’s recommendations the „secret wish list of EU governments“ and warned that these proposals would be implemented after the European elections. The approval in the COSI committee shows that Breyer’s fears are justified.

Original Article in German, Translation by Daniel Leisegang