Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption
Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content.
The document, a European Council survey of member countries’ views on encryption regulation, offered officials’ behind-the-scenes opinions on how to craft a highly controversial law to stop the spread of child sexual abuse material (CSAM) in Europe. The proposed law would require tech companies to scan their platforms, including users’ private messages, to find illegal material. However, the proposal from Ylva Johansson, the EU commissioner in charge of home affairs, has drawn ire from cryptographers, technologists, and privacy advocates for its potential impact on end-to-end encryption.
For years, EU states have debated whether end-to-end encrypted communication platforms, such as WhatsApp and Signal, should be protected as a way for Europeans to exercise a fundamental right to privacy—or weakened to keep criminals from being able to communicate outside the reach of law enforcement. Experts who reviewed the document at WIRED’s request say it provides important insight into which EU countries plan to support a proposal that threatens to reshape encryption and the future of online privacy.
Of the 20 EU countries represented in the document leaked to WIRED, the majority said they are in favor of some form of scanning of encrypted messages, with Spain’s position emerging as the most extreme. “Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” Spanish representatives said in the document.
The source of the document declined to comment and requested anonymity because they were not authorized to share it.
“It is shocking to me to see Spain state outright that there should be legislation prohibiting EU-based service providers from implementing end-to-end encryption,” says Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory in California who reviewed the document at WIRED’s request. “This document has many of the hallmarks of the eternal debate over encryption.”
End-to-end encryption is designed so only the sender and receiver of communications like messages can see their contents. This boxes out all other parties, from scammers to police and even the company providing the digital platform. Law enforcement advocates often propose creating technical mechanisms through which end-to-end encryption can be bypassed for investigations, but cryptographers and other technologists have long argued that this would introduce weaknesses that inherently undermine end-to-end encryption, putting users’ privacy at risk. Furthermore, they have repeatedly concluded that this expanded exposure would ultimately hurt the digital safety and security of vulnerable groups, including children, rather than defend them.
"Breaking end-to-end encryption for everyone would not only be disproportionate, it would be ineffective of achieving the goal to protect children,” says Iverna McGowan, the secretary general of the European branch of the Centre for Democracy and Technology, a digital rights nonprofit organization, who reviewed the document at WIRED’s request.
Source: WIRED
