SaveTheInternet


End-to-End Encryption

Characteristics

Name:

Draft Council Resolution on Encryption (EU Ministerrat Resolution zur Ende-Zu-Ende Verschlüsselung)
 

Stand 2020:

The plans for the disputed resultion became public in the beginning of November 2020. Data privacy activists, scientists, politicians and the economy are criticizing the attack on end-to-end encryption. In response, the Commission announced that there was no softening of encryption in mind.

The resolution was passed on the 14th December 2020. EU states are planning to work on possible 'technical solutions' together with service providers such as WhatsApp. Particular caution is required since not only this resolution aimed at weakening encryption.

Dangers:

The resulting communication surveillance of all persons that exchange and store private data via Messenger and other forms of digital media with end-to-end encryption automatically creates an indirect general suspicion of terrorism for every citizen of the EU member states.

Master keys are not only a way for authorities to take a wide view of our data. It creates a gap in the security system that cyber criminals like hackers and similar can find and exploit to break into our systems. The given surveillance capability, which was intended to protect against terrorism, therefore limits our protection against criminal activities such as cyber attacks and massively increases the risk of publication of our private data. Also the danger from foreign, negative-minded secret services with professional structure & given modernity increases immeasurably by the creation of these security gaps.
 

To date, it has not been defined which authorities should be responsible in the event that the EU resolution should be transformed into applicable law by an EU regulation. A form of separation of powers within the control processes is not planned. The misuse of general keys to monitor political, private communication is therefore not excluded, so that political opponents with unwanted opinions, which can occur in private chats, could be identified and silenced. Here a critical view towards Hungary.

Only recently, the GDPR was established to ensure the protection of all our data. Now we are working against exactly this basic principle. A cloud of surveillance is constantly hovering over all our private data. This is an ironic development, considering that the European Court of Justice has only recently been working to protect our privacy and data.

Ziel der EU-Resolution ist eine effektivere Bekämpfung des Terrorismus in der Europäischen Union, indem Plattformen wie WhatsApp und andere Messenger Dienste dazu verpflichtet sein werden einen Generalschlüssel für ihre Ende zu Ende Verschlüsselung (E2EE) anzufertigen, um ihn bei zuständigen Stellen und Behörden zu hinterlegen.

With this master key, all encryption in communications is opened up, allowing chat histories and other sensitive data to be detected and tracked. This is intended to make investigations into suspected terrorist cases more efficient.
However, a review of recent, tragic terrorist incidents has shown that insufficient access in digital form has not prevented the authorities from working effectively against terrorism. Rather, the failure of official processes has been responsible in some places.

 Quotes
 
Softening encryption weakens overall IT security" – Susanne Dehmel, 2020
 
Experience shows that backdoors of any kind are abused sooner or later“ – Ulrich Kelber, 2020
  

Übersicht möglicher Alternativen für sichere Kommunikation

Moechel (2020): „Auf den Terorranschlag folgt EU-Verschlüsselungsverbot“, radio FM4, 08.11.2020
https://fm4.orf.at/stories/3008930/ (November 2020)

Feld & Kliss (2020): „Eine Hintertür für die Ermittler?“, Tagesschau, 13.11.2020
https://www.tagesschau.de/inland/eu-messenger-sicherheit-101.html (November 2020)

Witte (2020): „Ende-zu-Ende-Verschlüsselung – was genau ist das?“, heise online, 23.06.2020
https://www.heise.de/tipps-tricks/Ende-zu-Ende-Verschluesselung-was-genau-ist-das-4007116.html (November 2020)

Link (2020): „Ende-zu-Ende-Verschlüsselung: EU will im Eilverfahren Generalschlüssel für die Behorden“, PCGH, 11.11.2020
https://www.pcgameshardware.de/Recht-Thema-241308/News/Ende-zu-Ende-Verschluesselung-EU-will-im-Eilverfahren-Generalschluessel-fuer-Behoerden-1361666/ (November 2020)

Wölken (2020). Twitter, 09.11.2020
https://twitter.com/woelken/status/1325793159138447360 (November 2020)

Dehmel, Krösmann, Artz (2020): „Bitkom kritisiert geplante Hintertüren in Kommunikationsdiensten“, bitkom, 10.11.2020
https://www.bitkom.org/Presse/Presseinformation/Bitkom-kritisiert-geplante-Hintertueren-in-Kommunikationsdiensten (November 2020)

Haufe Online Redaktion (2020): „EU will sichere Ende-zu-Ende-Verschlüsselung für behördliche Ermittlungen lockern“, Haufe, 16.11.2020
https://www.haufe.de/compliance/recht-politik/eu-verfolgt-plaene-zur-umgehung-der-sicheren-verschluesselung_230132_530478.html (Stand: 01.03.2021)

Breyer, Patrick (2021). Twitter, 28.01.2021
https://twitter.com/echo_pbreyer/status/1354688157086834688 (Stand: 01.03.2021)