From security through encryption…
The draft Resolution acknowledges the importance of strong encryption as a tool to protect fundamental rights and the digital security of governments, industry and society. It further notes that “encryption has been identified by EU data protection authorities as an important tool contributing for instance to the protection of personal data transferred outside the EU but subject to the requirement of an essentially equivalent level of protection”. The draft Resolution underlines that more and more communication channels are secured by end-to-end encryption.
… to security despite encryption
However, the document states “[…] the European Union needs to ensure the ability of competent authorities in the area of security and criminal justice, e.g. law enforcement and judicial authorities, to exercise their lawful powers, both online and offline”. The text mentions the fight against terrorism, organised crim, child sexual abuse and cyber-enabled crimes.
The draft Resolution further notes that “there are instances where encryption renders analysis of the content of communications in the framework of access to electronic evidence extremely challenging or practically impossible despite the fact that the access to such data would be lawful”.
Competent authorities should be granted a lawful access in some cases
The draft Resolution explains that a better balance must be found between encryption of communications and lawful access. Competent authorities should have the possibility, in the area of security and criminal justice, to lawfully access relevant data for legitimate, clearly defined purposes in fighting serious and/or organised crimes and terrorism.
The document states that technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity and proportionality. Industry, research, academia and governments need to work together. Possible solutions should be developed in cooperation with communication service providers.
Modifying the legal framework
Member States wish to develop a consistent regulatory framework across the EU to allow competent authorities to carry out their tasks.
The document concludes that there should be no single prescribed technical solution to access to encrypted data.
Next steps:
The final version of the Resolution should be adopted by the Council by the end of November.
As a public document published by the Council, this Resolution is setting a direction for the Council and also sends a message to the Commission.
If you have any questions, please do not hesitate to contact Camille Dornier - Policy Manager: camille.dornier@eurosmart.com
|