The EU has published a resolution on how to deal with encryption, security and privacy in the future. Contrary to previous fears, the Union does not want to prohibit end-to-end encryption or require a backdoor.
In the resolution, the EU indicates that it wants to strike a balance between the possibilities for encryption to protect private data and the criminal activities that it also enables.
Confidence in digitalisation
The EU stresses that encryption is an important element in building trust in digitalisation and encourages its use and development. However, it does want ‘competent authorities’ in the field of security and criminal law to be able to access relevant data, on condition that they are ‘legitimate, clearly defined purposes in fighting serious and/or organized crime and terrorism’.
Working with tech industry
To achieve this, the EU wants to work with the tech industry and research bodies. In this way, the Union hopes to find a solution that respects privacy but also guarantees security.
The EU does not offer concrete solutions to the problem of monitoring encrypted data. However, it does state that such a solution should comply with principles of legality, transparency, necessity and proportionality, including the protection of personal data by design and by default.
Last month it was rumoured that the EU might require a ‘master key’ to access encrypted messages. To make this technically feasible, end-to-end encryption would, by definition, no longer be possible. Despite the EU’s current emphasis on guaranteeing encryption, such a master key still seems to be the only solution to their request.