However, the decision may ease pressure on US-based social media companies to provide workarounds that law enforcement can use to view encrypted messages. Efforts by US law enforcement to prevent end-to-end encryption in messages have fizzled in recent months as Congress has turned to other methods.
But FBI Director Christopher A. Ray cited encryption as one of the major challenges facing law enforcement, telling an audience at Texas A&M University last year that “terrorists, hackers, child predators and others exploit end-to-end encryption to hide their information.” Communications and illegal activities on our part.”
The European court's February 13 ruling came in a long-running case brought by Telegram users against Russia to require Internet communications regulators to retain all messages sent by users for six months, along with a means to decrypt them.
Although digital rights advocates said they did not expect Russia, a signatory to the Human Rights Convention, to change its laws, they said the United Kingdom, also a signatory, would likely amend pending legislation that sought to exert pressure. Similar. On companies there.
“This has to be taken into account,” said Ioannis Kovakas, assistant general counsel at the company. The UK-based rights group Privacy International, which intervened in the Telegram case. “The UK will be setting itself up for failure if it thinks this does not apply.”
Technology companies have expressed concern that the Online Safety Act, passed by the UK Parliament in September, could be used to force them to abandon strong encryption or hack their customers. The UK's Office of Communications, known as Ofcom, has issued guidance that excludes end-to-end encrypted services from basic requirements.
However, a proposed bill to amend the Investigatory Powers Act, now before the House of Commons, would require technology companies to notify British authorities whenever they update service security, giving the government the ability to order companies to stop such changes. .
Industry and rights groups say this could include shifts to end-to-end encryption, which promises that only both ends of a conversation can access content. Despite the objection of the FBI and law enforcement in other countries, Meta is rolling out such strong encryption for its Messenger service. Signal and WhatsApp already have this feature, and most security experts support it.
In the Russian case, users relied on Telegram's optional “secret chat” functionality, which is also end-to-end encrypted. Telegram has refused to hack into the conversations of a small number of users, telling a Moscow court that it would have to install a backdoor that works against everyone. It lost in Russian courts but did not comply, leaving it vulnerable to a ban that has not yet been implemented.
The European Court upheld the Russian users, finding that law enforcement with such sweeping access “impairs the essence of the right to respect for private life” and thus violates Article 8 of the European Convention, which enshrines the right to privacy except when doing so is inconsistent with laws established “in the interest of security.” national security, public safety, or the economic well-being of the country.”
The court praised end-to-end encryption in general, noting that it “appears to help citizens and businesses defend themselves against misuse of information technology, such as hacking, identity and personal data theft, fraud, and inappropriate disclosure of confidential information.”
In addition to previous cases, the justices cited the work of the United Nations High Commissioner for Human Rights, which strongly opposed an encryption ban in 2022, saying that “the impact of most encryption restrictions on the right to privacy and related rights is disproportionate, often affecting inequality.” “Not only targeted individuals but the general population.”
High Commissioner Volker Türk said he welcomed the ruling, which he promoted during a recent visit to technology companies in Silicon Valley. Turk told the Washington Post “Encryption is a key enabler of online privacy and security and is essential to protecting rights, including the rights to freedom of opinion and expression, freedom of association and peaceful assembly, security, health, and non-discrimination.”
The UK is not alone among democracies in considering bans or other obstacles to strong encryption. The Utah Attorney General filed a lawsuit against Meta last month, seeking a preliminary injunction against offering the comprehensive encrypted messaging service to under-18s. The office said that in addition to helping child predators, Meta was violating fair trade practices laws by telling users who used strong encryption improved their security rather than making it worse.
One idea being considered by the European Union would allow member states to force tech companies to scan user devices for child sexual abuse material, which hundreds of academic experts said undermines the concept of end-to-end encryption by opening up one such end to users. You feed.
Apple initially embraced scanning users' devices for images of child sexual abuse before reversing course under pressure from human rights groups and technologists. As well as ordinary users.
Even as the battle over encryption continues in Europe, police officials there have talked about going beyond end-to-end encryption to collect evidence of crimes other than child sexual abuse — or any crime at all, according to an investigative report by the Balkan Investigative Journal. Network, Union of Journalists of Southern and Eastern Europe.
An unnamed Europol official said in the minutes of the 2022 meeting: “All data is useful and should be passed to law enforcement, and there should not be any filtering… because even an innocent photo may contain information that could be useful in “Some stage of law enforcement.” Released under a Freedom of Information request by the consortium.
It remains to be seen what impact the human rights ruling will have on this approach, but it may push the onus back on law enforcement to explain why the many are not punished in the pursuit of the few.
“Our position is that the EU institutions negotiating the CSAM proposal are now bound by a clear ban on mandatory encryption backdoors,” Silvia Lorenzo Pérez of the Center for Democracy and Technology, a non-profit advocacy group, said via email on Monday.
Still, it won't let tech companies off the hook entirely, said Greg Noujaim, director of the CDT's Security and Surveillance Project.
“Where it will land, we don’t know yet,” he added. “A lot depends on how comprehensive services respond to the mandates and whether they can convince regulatory bodies that they are taking important steps to remove child sexual abuse material.”
