EU wants to create backdoors to encrypted social media apps

European flag

The European Commission is planning to introduce new measures that will provide a backdoor to application encryption, making it easier for security agencies to access data on services like WhatsApp.

EU Justice Commissioner Vra Jourov made the proposals during a public speech on Tuesday, following calls from interior ministers for tougher crackdowns on social media apps that hide user communications.

The plans would focus on "three or four options", including legislation and voluntary agreements that would enable police forces to demand the turn over of user data with a "swift, reliable response", according to EU policy website Euractiv.

The voluntary measures would act as a "quick solution" as EU negotiations on permanent legislation could take years to complete, although a slow introduction of non-legislative proposals should reveal any pushback likely to come from large US social media companies like Google and Facebook.

Eventually the proposals should also allow police forces to request and gain access to data from companies registered outside of their jurisdictions.

Vra Jourov said: "At the moment, prosecutors, judges, also police and law enforcement authorities, are dependent on whether or not providers will voluntarily provide the access and the evidence. This is not the way we can facilitate and ensure the security of Europeans, being dependent on some voluntary action."

Since that declaration, Germany's interior minister Thomas de Maizire, and French interior minister Matthias Fekl have also approached MEPs lobbying for police have the same legal rights around data as they do with access to telecoms companies, according to Euractiv.

This is the latest in a string of EU crackdowns on social media services. The Commission recently announced it would be taking action against the likes of Google, Facebook and Twitter to "make sure social media companies comply with EU consumer rules", with proposals that would force companies to make service terms more transparent for their customers, or risk fines of up to $53 million.

The news comes after home secretary Amber Rudd said social messaging services should be compelled to hand over user data, in a response to reports that the attacker involved in last week's terrorist attack in London was a user of Facebook-owned WhatsApp. Rudd argued that social media "can and must do more" to remove extremist content online.

However the tech industry has struck back, labeling Rudd's comments as "deeply misguided", providing an overly simplistic view of encryption. Although her comments sparked mockery on social media, many industry experts have raised concerns over the continued push by government to compromise data security for unrestricted access.

David Emm, principal security researcher at Kaspersky Lab, argues that proposals for "see through" encryption pose some real dangers to user security.

"Creating a 'backdoor' to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside," said Emm. "Your intention is for it to be used only by those you have told about it. But if someone else discovers it, you'd be in trouble."

"If a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic - thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application," added Emm.

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.