The governments of the EU member states have agreed to ban secure encryption across the EU. This emerges from the secret draft of a planned declaration by the EU Council of Ministers, which the Austrian broadcasting (ORF) has published. Although the document first emphasizes the importance of encryption and vows to promote it, it then calls for “innovative approaches” and technical solutions to break the encryption.
Translated into generally understandable German, the document means that the governments want to force all service providers to build back doors into their encryption. Apparently there is already unanimity in the Council of EU Ministers. The draft resolution is officially called “Security through encryption and security despite encryption”.
After Assessment of the ORF Operators of end-to-end encrypted services such as WhatsApp and Signal are to be obliged to generate unnecessary master keys for operation and to deposit them with authorities. These can then lock into private conversations and other encrypted transmissions undetected at any time. The concrete method is a man-in-the-middle attack and goes back to a proposal by British spies.
It should go quickly
The EU governments only have until Thursday afternoon to make “substantial comments”. A week later, the resolution is to be passed in the Council Working Group on Cooperation in the National Security Sector (COSI) before it will be presented to the Council of Permanent Representatives of the EU Member States (COREPER) on November 25th.
Discussion is no longer necessary there. Once it has been adopted by COREPER, the document becomes an order for the EU Commission to work out a regulation that turns the back doors into mandatory EU law. At the same time, the EU members should train more state hackers. Back doors fundamentally undermine security as they could also be used by unauthorized third parties.
The meaning of the document dated November 6th becomes clear when compared with the previous version dated October 21st. The bold and underlined passages are new. In the October version, access for law enforcement and the judiciary was mentioned, but it is now called “Competent Authorities”. This means that the secret services should also have legal access. This means that those affected will probably never find out about the surveillance.
Extensions after the attack
Not only European secret services but also the “Five Eyes” have long wanted this expansion of their legal possibilities. The Five Eyes Alliance consists of the espionage services of the US, Australia, Great Britain, Canada and New Zealand.
Between the two versions of the text was the terrorist attack in Vienna, in which an Austrian shot four people and injured 23 others on November 2nd. This attack now serves as a political argument for more surveillance. As far as is known, encryption did not play a decisive role in the attack.
Rather, it was due to the failure of Austrian services that the relevant criminal record was neither monitored nor imprisoned. Not only did the man have contact with people who were being monitored by Austrian agents on behalf of the German Office for the Protection of the Constitution, the terrorist had also tried to buy ammunition in Slovakia in July.
The Slovak Ministry of the Interior then informed the Austrian colleagues via Europol. However, these failed to notify the public prosecutor. You could have taken the convicted Austrian back into custody immediately. The Austrian Interior Minister Karl Nehammer (ÖVP) has admitted omissions.