EU wants to create backdoors to encrypted social media apps

The proposals would force companies like WhatsApp to hand over user data

EU flag flying

The European Commission is planning to introduce new measures that will provide a backdoor to application encryption, making it easier for security agencies to access data on services like WhatsApp.

EU Justice Commissioner Vra Jourov made the proposals during a public speech on Tuesday, following calls from interior ministers for tougher crackdowns on social media apps that hide user communications.

The plans would focus on "three or four options", including legislation and voluntary agreements that would enable police forces to demand the turn over of user data with a "swift, reliable response", according to EU policy website Euractiv.

The voluntary measures would act as a "quick solution" as EU negotiations on permanent legislation could take years to complete, although a slow introduction of non-legislative proposals should reveal any pushback likely to come from large US social media companies like Google and Facebook.

Advertisement - Article continues below
Advertisement - Article continues below

Eventually the proposals should also allow police forces to request and gain access to data from companies registered outside of their jurisdictions.

Vra Jourov said: "At the moment, prosecutors, judges, also police and law enforcement authorities, are dependent on whether or not providers will voluntarily provide the access and the evidence. This is not the way we can facilitate and ensure the security of Europeans, being dependent on some voluntary action."

Since that declaration, Germany's interior minister Thomas de Maizire, and French interior minister Matthias Fekl have also approached MEPs lobbying for police have the same legal rights around data as they do with access to telecoms companies, according to Euractiv.

This is the latest in a string of EU crackdowns on social media services. The Commission recently announced it would be taking action against the likes of Google, Facebook and Twitter to "make sure social media companies comply with EU consumer rules", with proposals that would force companies to make service terms more transparent for their customers, or risk fines of up to $53 million.

The news comes after home secretary Amber Rudd said social messaging services should be compelled to hand over user data, in a response to reports that the attacker involved in last week's terrorist attack in London was a user of Facebook-owned WhatsApp. Rudd argued that social media "can and must do more" to remove extremist content online.

However the tech industry has struck back, labeling Rudd's comments as "deeply misguided", providing an overly simplistic view of encryption. Although her comments sparked mockery on social media, many industry experts have raised concerns over the continued push by government to compromise data security for unrestricted access.

Advertisement - Article continues below

David Emm, principal security researcher at Kaspersky Lab, argues that proposals for "see through" encryption pose some real dangers to user security.

"Creating a 'backdoor' to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside," said Emm. "Your intention is for it to be used only by those you have told about it. But if someone else discovers it, you'd be in trouble."

"If a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic - thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application," added Emm.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020