Encryption under fire: Signal and rights groups oppose EU law

4 months ago 71

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


In a strongly worded statement, Meredith Whittaker, President of Signal, has called out the EU’s latest attempts to weaken end-to-end encryption under the guise of new terminology.

Her comments come in response to ongoing discussions surrounding the EU’s chat control legislation, which has seen some European countries pushing for measures that could potentially compromise user privacy.

Whittaker’s concerns are echoed by a joint statement issued in May by several prominent organisations, including the Electronic Frontier Foundation, Mozilla, and Privacy International. These groups have expressed alarm over the Belgian Presidency’s latest compromise proposal on the Regulation on Child Sexual Abuse (CSA).

The Signal President emphasises the critical role of end-to-end encryption in protecting privacy in an era of “unprecedented state and corporate surveillance.” She argues that despite clear expert consensus on the impossibility of preserving encryption while allowing surveillance, proposals to do so continue to resurface.

“End-to-end encryption is the technology we have to enable privacy in an age of unprecedented state and corporate surveillance. And the dangerous desire to undermine it never seems to die,” Whittaker states.

Both Whittaker and the joint statement criticise the rebranding of contentious surveillance methods. The Belgian Presidency’s shift from “client-side scanning” to “upload moderation” is described by the coalition as “a mere cosmetic change” that fails to address fundamental security and rights concerns.

Whittaker specifically calls out this terminology shift, dismissing claims that “upload moderation” doesn’t undermine encryption because it occurs before message encryption. “Instead of accepting this fundamental mathematical reality, some European countries continue to play rhetorical games. They’ve come back to the table with the same idea under a new label,” she explains.

Let’s be clear. 'Upload Moderation' is a mass surveillance program.

We urge EU governments to reject mass scanning of their citizens' communications by voting against this proposal tomorrow. https://t.co/4Hbr4Aui2S

— Proton (@ProtonPrivacy) June 18, 2024

The joint statement from the digital rights groups welcomes the EU Parliament’s decision to exclude end-to-end encrypted services from the scope of the regulation. However, it expresses concern that “the Council of the EU is not following the same path.”

Furthermore, the signatories warn that scanning at the upload point “defeats the end-to-end principle of strong encryption, could easily be circumvented, and would create new security vulnerabilities that third parties could exploit.”

Whittaker emphatically states, “mandating mass scanning of private communications fundamentally undermines encryption. Full stop.” She argues that regardless of the method or terminology used, any approach that compromises encryption creates vulnerabilities that can be exploited by malicious actors.

The joint statement also criticises the Belgian Presidency’s proposal for user consent to scanning, arguing that such consent would not be freely given if users are effectively barred from services for not consenting. Additionally, they point out that the proposal can be easily circumvented by embedding photos or videos in different file types.

Both Whittaker and the coalition of organisations urge policymakers to heed expert warnings and recognise the far-reaching implications of weakening encryption.

“We ask that those playing these word games please stop and recognise what the expert community has repeatedly made clear. Either end-to-end encryption protects everyone, and enshrines security and privacy, or it’s broken for everyone,” Whittaker concludes.

With cyber threats evolving and geopolitical tensions rising, the importance of robust encryption in safeguarding personal and national interests cannot be overstated.

(Photo by Harpal Singh)

See also: Hackers are increasingly exploiting packers to spread malware

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , , , , , , ,

Read Entire Article