27 November 2020
A declaration calling for "technical solutions for gaining access to encrypted data" through cooperation between states, industry and "other stakeholders" is due to be approved by the Council's Committee of Permanent Representatives (COREPER), the final step before receiving formal sign-off at the December meeting of justice and home affairs ministers. The declaration sets out the Council's policy stance on obtaining access for state authorities to encrypted data, but does not establish any new binding measures. However, the declaration notes that a "regulatory framework... could be further assessed." Here we are publishing the declaration itself - which is currently secret - along with previous versions of the document, so it is possible to see how it has changed over time.
The final version due for adoption today (at the latest) by COREPER is: Council Resolution on Encryption - Security through encryption and security despite encryption (13084/1/20 REV 1, LIMITE, 24 November 2020, pdf)
The document is listed on the lengthy agenda of COREPER meetings on 25 and 27 November (13245/1/20 REV 1, pdf). Once approved by COREPER, it will be placed on the agenda of the Justice and Home Affairs Council meeting planned for 14 December, for the final seal or approval.
The declaration continues to promote the idea that some form of exceptional access to encrypted data may be possible, without creating fundamental security flaws for all other users of a service or technology - an approach that has been proven wrong-headed numerous times by technical experts:
"Potential technical solutions will have to enable authorities to use their investigative powers which are subject to proportionality, necessity and judicial oversight under their domestic legislation, while respecting common European values and upholding fundamental rights and preserving the advantages of encryption."
The statement goes on to say:
"Possible solutions should be developed in a transparent manner in cooperation with national and international communication service providers and other relevant stakeholders. Such technical solutions and standards – and the fast development of technology in general – would also require continually improving the technical and operational skills and expertise of competent authorities to effectively address the challenges of digitalisation in their work on a global scale."
What shape these "solutions" may take remains to be seen. However, the European Commission's thinking was recently revealed through a leaked document (“Technical Solutions for Detecting Child Abuse in End-to-End Encrypted Communication”) which proposed a variety of potential methods to "break end-to-end encryption as we know it," as EDRi put it in their discussion of the measures the document accompanied.
Previous versions of the declaration
And: NOTE from: Presidency to: Delegations: Recommendations for a way forward on the topic of encryption (12864/20, 16 November 2020, pdf)
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.