The European Court of Human Rights (ECHR) recently ruled against laws and legislative proposals, saying that weakening end-to-end encryption of messaging services is not proportionate. They would also have no place in a democratic society.
In the recent ruling, the ECHR indicates that end-to-end encryption plays an important role in protecting private life and privacy in online communications.
Encryption should be weakened to give investigative cases a read into digital messages via messaging services. This would happen even for uninvolved users. Weakened encryption also unnecessarily exposes all users to a variety of risks.
In conflict with democracy
In the eyes of the ECHR, these kinds of legal obligations are not proportional to the ultimate goal. Especially since they thus affect all users of messaging services. Such laws let government agencies track all online communications of all residents, allow security services to access this data without restrictions, and create a loophole in end-to-end encryption.
In a second argument, the European Court finds that such legislation is disproportionate to a democratic society. Furthermore, such legislation violates Article 8 of the European Convention on Human Rights (ECHR), the Court said.
Russian case
The ECHR made its ruling in a case brought by a Russian citizen against the Russian government. The country had introduced a law requiring Telegram to store all communication data for one year and all content of messages for a period of six months. This was for fighting “terrorist actions”. Communication providers would also have to provide Russian authorities with information on how to circumvent encryption.
Setback for EU law
The ECHR ruling is a possible setback for the European Commission’s plan to inspect all messaging service communications using client-side scanning. This law is proposed to counter child abuse, among other things. There is much opposition to this legislation, mainly due to privacy concerns.
Read also: No agreement, but EC sticks to introduction of client-side scanning