EU: Council set to adopt declaration against encryption


A declaration calling for "technical solutions for gaining access to encrypted data" through cooperation between states, industry and "other stakeholders" is due to be approved by the Council's Committee of Permanent Representatives (COREPER), the final step before receiving formal sign-off at the December meeting of justice and home affairs ministers. The declaration sets out the Council's policy stance on obtaining access for state authorities to encrypted data, but does not establish any new binding measures. However, the declaration notes that a "regulatory framework... could be further assessed." Here we are publishing the declaration itself - which is currently secret - along with previous versions of the document, so it is possible to see how it has changed over time.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

The final version due for adoption today (at the latest) by COREPER is: Council Resolution on Encryption - Security through encryption and security despite encryption (13084/1/20 REV 1, LIMITE, 24 November 2020, pdf)

The document is listed on the lengthy agenda of COREPER meetings on 25 and 27 November (13245/1/20 REV 1, pdf). Once approved by COREPER, it will be placed on the agenda of the Justice and Home Affairs Council meeting planned for 14 December, for the final seal or approval.

The declaration continues to promote the idea that some form of exceptional access to encrypted data may be possible, without creating fundamental security flaws for all other users of a service or technology - an approach that has been proven wrong-headed numerous times by technical experts:

"Potential technical solutions will have to enable authorities to use their investigative powers which are subject to proportionality, necessity and judicial oversight under their domestic legislation, while respecting common European values and upholding fundamental rights and preserving the advantages of encryption."

The statement goes on to say:

"Possible solutions should be developed in a transparent manner in cooperation with national and international communication service providers and other relevant stakeholders. Such technical solutions and standards – and the fast development of technology in general – would also require continually improving the technical and operational skills and expertise of competent authorities to effectively address the challenges of digitalisation in their work on a global scale."

What shape these "solutions" may take remains to be seen. However, the European Commission's thinking was recently revealed through a leaked document (“Technical Solutions for Detecting Child Abuse in End-to-End Encrypted Communication”) which proposed a variety of potential methods to "break end-to-end encryption as we know it," as EDRi put it in their discussion of the measures the document accompanied.

Previous versions of the declaration

And: NOTE from: Presidency to: Delegations: Recommendations for a way forward on the topic of encryption (12864/20, 16 November 2020, pdf)

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error