EU wants to create backdoors to encrypted social media apps
The proposals would force companies like WhatsApp to hand over user data
The European Commission is planning to introduce new measures that will provide a backdoor to application encryption, making it easier for security agencies to access data on services like WhatsApp.
EU Justice Commissioner Vra Jourov made the proposals during a public speech on Tuesday, following calls from interior ministers for tougher crackdowns on social media apps that hide user communications.
The plans would focus on "three or four options", including legislation and voluntary agreements that would enable police forces to demand the turn over of user data with a "swift, reliable response", according to EU policy website Euractiv.
The voluntary measures would act as a "quick solution" as EU negotiations on permanent legislation could take years to complete, although a slow introduction of non-legislative proposals should reveal any pushback likely to come from large US social media companies like Google and Facebook.
Eventually the proposals should also allow police forces to request and gain access to data from companies registered outside of their jurisdictions.
Vra Jourov said: "At the moment, prosecutors, judges, also police and law enforcement authorities, are dependent on whether or not providers will voluntarily provide the access and the evidence. This is not the way we can facilitate and ensure the security of Europeans, being dependent on some voluntary action."
Since that declaration, Germany's interior minister Thomas de Maizire, and French interior minister Matthias Fekl have also approached MEPs lobbying for police have the same legal rights around data as they do with access to telecoms companies, according to Euractiv.
This is the latest in a string of EU crackdowns on social media services. The Commission recently announced it would be taking action against the likes of Google, Facebook and Twitter to "make sure social media companies comply with EU consumer rules", with proposals that would force companies to make service terms more transparent for their customers, or risk fines of up to $53 million.
The news comes after home secretary Amber Rudd said social messaging services should be compelled to hand over user data, in a response to reports that the attacker involved in last week's terrorist attack in London was a user of Facebook-owned WhatsApp. Rudd argued that social media "can and must do more" to remove extremist content online.
However the tech industry has struck back, labeling Rudd's comments as "deeply misguided", providing an overly simplistic view of encryption. Although her comments sparked mockery on social media, many industry experts have raised concerns over the continued push by government to compromise data security for unrestricted access.
David Emm, principal security researcher at Kaspersky Lab, argues that proposals for "see through" encryption pose some real dangers to user security.
"Creating a 'backdoor' to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside," said Emm. "Your intention is for it to be used only by those you have told about it. But if someone else discovers it, you'd be in trouble."
"If a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic - thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application," added Emm.
The challenge of securing the remote working employee
The IT Pro Guide to Sase and successful digital transformationFree Download
VMware Cloud workload migration tools
Cloud migration types, phases, and strategiesFree download
Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions
IDC PeerScapeFree Download
Container network security guide for dummies
Enforcing Kubernetes best practicesFree download