EU wants to create backdoors to encrypted social media apps

The proposals would force companies like WhatsApp to hand over user data

EU flag flying

The European Commission is planning to introduce new measures that will provide a backdoor to application encryption, making it easier for security agencies to access data on services like WhatsApp.

EU Justice Commissioner Vra Jourov made the proposals during a public speech on Tuesday, following calls from interior ministers for tougher crackdowns on social media apps that hide user communications.

The plans would focus on "three or four options", including legislation and voluntary agreements that would enable police forces to demand the turn over of user data with a "swift, reliable response", according to EU policy website Euractiv.

The voluntary measures would act as a "quick solution" as EU negotiations on permanent legislation could take years to complete, although a slow introduction of non-legislative proposals should reveal any pushback likely to come from large US social media companies like Google and Facebook.

Eventually the proposals should also allow police forces to request and gain access to data from companies registered outside of their jurisdictions.

Vra Jourov said: "At the moment, prosecutors, judges, also police and law enforcement authorities, are dependent on whether or not providers will voluntarily provide the access and the evidence. This is not the way we can facilitate and ensure the security of Europeans, being dependent on some voluntary action."

Since that declaration, Germany's interior minister Thomas de Maizire, and French interior minister Matthias Fekl have also approached MEPs lobbying for police have the same legal rights around data as they do with access to telecoms companies, according to Euractiv.

This is the latest in a string of EU crackdowns on social media services. The Commission recently announced it would be taking action against the likes of Google, Facebook and Twitter to "make sure social media companies comply with EU consumer rules", with proposals that would force companies to make service terms more transparent for their customers, or risk fines of up to $53 million.

The news comes after home secretary Amber Rudd said social messaging services should be compelled to hand over user data, in a response to reports that the attacker involved in last week's terrorist attack in London was a user of Facebook-owned WhatsApp. Rudd argued that social media "can and must do more" to remove extremist content online.

However the tech industry has struck back, labeling Rudd's comments as "deeply misguided", providing an overly simplistic view of encryption. Although her comments sparked mockery on social media, many industry experts have raised concerns over the continued push by government to compromise data security for unrestricted access.

David Emm, principal security researcher at Kaspersky Lab, argues that proposals for "see through" encryption pose some real dangers to user security.

"Creating a 'backdoor' to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside," said Emm. "Your intention is for it to be used only by those you have told about it. But if someone else discovers it, you'd be in trouble."

"If a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic - thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application," added Emm.

Featured Resources

The challenge of securing the remote working employee

The IT Pro Guide to Sase and successful digital transformation

Free Download

VMware Cloud workload migration tools

Cloud migration types, phases, and strategies

Free download

Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions

IDC PeerScape

Free Download

Container network security guide for dummies

Enforcing Kubernetes best practices

Free download

Recommended

WhatsApp secures permission to challenge €225 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp secures permission to challenge €225 million GDPR fine

10 Nov 2021
'Changing name to Meat': Industry reacts to Facebook's Meta rebrand
Business strategy

'Changing name to Meat': Industry reacts to Facebook's Meta rebrand

29 Oct 2021
WhatsApp launches multi-device beta with support for end to end encryption
communications

WhatsApp launches multi-device beta with support for end to end encryption

15 Jul 2021
IT Pro News in Review: VMware vulnerabilities, WhatsApp sues Indian government & UK PNC under fire
cyber security

IT Pro News in Review: VMware vulnerabilities, WhatsApp sues Indian government & UK PNC under fire

28 May 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022