The European Council has drafted a resolution stating that authorities must be able to access data, even if encryption is used. The EU Council calls for a ‘better balance’ between encryption and security.
The draft of the resolution, published by the Austrian FM4, is called ‘Security through encryption and security despite encryption’. The text states that while the European Council supports the development, implementation and use of strong encryption, it is time for a ‘better balance’. If authorities gain lawful access to data, it is not possible in practice to read or use it due to encryption. This is a provisional text of a resolution, which is not legally binding but expresses the Council’s positions.
The published text states that it is “extremely important to protect the privacy and security of communications with encryption, while preserving the ability for competent security and judicial authorities to legally access relevant data.” The text mentions the aim of combating organized crime and terrorism.
How that access should proceed while maintaining strong encryption is not stated in the text. It only states that an active discussion must be initiated with the tech industry, and that technical solutions must comply with the principles of legality, transparency, necessity and proportionality. “Because there is no single way to achieve these goals, governments, industry, research and academies must work together to create this balance,” the report said.
The draft of the resolution is dated November 6. Until November 12, the parties involved are allowed to respond, such as working groups from the security sector. If no proposals for amendment are received before then, the text will be submitted to the Committee on Operational Cooperation on Internal Security on November 19 and to the Committee of Permanent Representatives on November 25 for further preparation. Only then can the resolution possibly reach the European Council.
There have been voices for some time to allow access to data for authorities. The importance of strong encryption is almost always emphasized, but no concrete possibilities are mentioned as to how strong encryption can be achieved with access to the underlying data. For example, Justice and Security Minister Grapperhaus said last year that it “should be impossible to use encryption to exchange child pornography,” although he clarified that he would not advocate weakening encryption.