European citizens’ communications should be protected on all mediums, including online, by telephone, over VoIP services, and across apps. Decryptions and other efforts to weaken or reverse engineer encryption should be prohibited. This is the conclusion that the EU’s Data Protection Supervisor (EDPS) reached with regards to the EU’s ePrivacy Directive.
Giovanni Buttarelli, the EDPS and Europe’s so-called data chief, expressed his view in an official piece published as the European Commission is looking to revamp the EU ePrivacy Directive – the “Cookie Law” – to get it in line the new General Data Protection Regulation (GDPR).
As originally spotted by our friends at Ars Technica, Buttarelli seems to come out heavily in favor of encryption and its uses with regards to citizens’ privacy. Not only should encryption be kept strong, but, Buttarelli said, it should be encouraged, even mandated when necessary.
This is in stark contrast to what many governments and intelligence agencies are advocating, with encryption coming under assault in the name of national security. Buttarelli made his position crystal clear by saying:
The new rules should also clearly allow users to use end-to-end encryption (without 'backdoors') to protect their electronic communications.
Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.
Perhaps this was a not-so-subtle dig at the UK government, which recently confirmed that if the so-called Snooper’s Charter became law, it would soon have the power to not only spy on all its citizens, but also request that backdoors be baked into services, or even ban encryption. Or perhaps Buttarelli was addressing the criticism that the EU’s new Privacy Shield agreement with the US is little more than kowtowing to American pressure for more user data from the EU.
In either case the EDPS’s comments are unequivocally against mass spying as perpetrated by the NSA, GCHQ and other agencies around the world. In his published opinion, he added that mass surveillance of communications should be banned both for content and metadata spying. He said:
No communications should be subject to unlawful tracking and monitoring without freely given consent, whether by cookies, device-fingerprinting, or other technological means.
Finally, he addressed another privacy issue, related to transparency of governmental requests for users’ data. He suggests that law enforcement agencies should have to publish occasional statistics informing the public of their actions.
Right now, even acknowledging such data requests by law enforcement or intelligence agencies is illegal in a number of EU countries.