Oh you really couldn’t make it up. Recent terrorist outrages have prompted various European politicians to call, with more or less complete technological illiteracy, for encryption to be weakened so that the security services can spy on us more effectively.

I’ve written about this several times, pointing out why this is a criminally stupid suggestion, but now I can just fetch some popcorn and sit back. Why?

Because the European Parliament is presently considering the new ePrivacy Directive, which complements the GDPR and will replace our existing Privacy and Electronic Communications Regulations, which date from 2003 (roughly the late mediaeval period in tech terms) and still think fax is a thing.

So what?

So the Directive now contains Amendment 116 to Article 17:

“the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services(my emphasis)

Remember, if (when) this passes the European Parliament, this will be binding European law. Amber Rudd can still steer us onto the reefs of compromised encryption after Brexit if she really really wants to (and is happy for us not to be able to process EU citizen data) but Thomas de Maizière will have to plot a different course.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.