Crime shouldn’t be an excuse to break encryption. Encrypted communications are either secure – and private – or they are not.
That’s what some experts told TechRadar, commenting on recent Europol’s chief statement. Talking to the Financial Times, Catherine De Bolle said that technology giants have a “social responsibility” to give the police access to encrypted messages used by criminals.
“Anonymity is not a fundamental right,” she said, arguing that law enforcement needs to be able to decrypt encrypted messages to fight back crime.
Experts, however, warn that creating a backdoor for law enforcement will undermine the protection for all, opening up to unmaintained consequences.
The encryption conundrum
Tensions between technologists and law enforcement around end-to-end encryption aren’t new. Encryption refers to scrambling data into an unreadable form to prevent third-party access and ensure communications stay private between the sender and the receiver – end to end.
As encrypted messaging apps went mainstream, however, law enforcement has been arguing police officers need to be able to decode these private messages to successfully catch criminals.
The moment an end-to-end encrypted system contains a ‘backdoor’ it is no longer secure
Amandine Le Pape, COO at Element
In the EU, for instance, lawmakers are currently pushing for the so-called Chat Control proposal that, if enacted, will require all encrypted communications providers to create such a backdoor into their software. Other countries, including the US, are also considering similar legislation.
“The truth is that people – and organizations – want secure communications except when it causes inconvenience,” said Amandine Le Pape, COO at Element, a secure communications platform used by organizations within governments, defense, and national security.
A police team, Le Pape pointed out, needs its own communication to be secure. Imagine what could happen if an organized crime gang could compromise law enforcement’s network. This is, however, exactly what would happen to citizens if secure communication platform providers would need to come with mandatory encryption backdoors.
“On a technical level, the moment an end-to-end encrypted system contains a ‘backdoor’ it is no longer secure,” said Le Pape, explaining how the same backdoor can also be exploited by ‘the bad guys’ with the same goal.
U.S. authorities installed backdoors to mass-monitor their own citizens. Someone hacked the backdoors, and millions of Americans’ communications ended up in unintended hands.They are doing the same thing over and over again and expecting different results.Ad in today’s… pic.twitter.com/XgwmBNx1VfJanuary 20, 2025
Jan Jonsson, CEO of Mullvad VPN, agrees with this. “Either [De Bolle] is aware of the consequences of backdoors and wants to impose mass surveillance on the people. Or she doesn’t understand the basics,” Jonsson told TechRadar. “Communication is either secure, or it is not.”
The Salt Typhoon attack – the China-linked cyberattack targeting all major US telecoms – is a reminder of such a threat. Attackers exploit a backdoor with malware to gain access and spy on people’s communications. This led to US authorities warning all citizens to switch to encryption.
This is why, according to Le Pape from Element, it’s unlikely that the legal efforts to weaken the security of communication will be enforced in the near future.
Although the debate swings back and forth, she explains, the tech minds guiding legislation support the need for end-to-end encryption. This is also why, for example, the EU cannot agree on Chat Control after over two years.
Jonsson from Mullvad appears less optimistic about it, arguing that Europol was involved in both the Chat Control proposal and the so-called Going Dark initiative in the EU.
He said: “We hope that politicians realize the security risks and violations of fundamental rights that these initiatives come with.”
https://cdn.mos.cms.futurecdn.net/cbDXYVMxjERSBQuEebnXGh-1200-80.jpg
Source link
chiara.castro@futurenet.com (Chiara Castro)
