A European perspective on the encryption dilemma
After last year’s terrorist attacks in France and in Belgium, several EU member states expressed concern at the December 2016 Justice and Home Affairs Council that encryption was slowing down the process of accessing data in criminal investigations. In response, the European Commission initiated an information-gathering process on these issues to formulate a proposal for the European Union, which was released on October 18th. This proposal was discussed at a recent CEPS ‘cyber event’ with the private sector, civil society and foreign analysts from the US. The Commission does not propose legislation to weaken encryption, implement mandatory backdoors, or mandatory key escrow. Rather, it proposes a series of practical measures to deal with encryption in the context of criminal investigation: i) to strengthen Europol decryption capabilities; ii) to establish a network of expertise centres at national level; iii) to create a toolbox of alternative investigation techniques; iv) to increase collaboration with service providers and other industry partners to provide assistance in accessing data; v) to offer training programmes for law enforcement and judicial authorities; and (vi) to continuously assess the technical and legal aspects of encryption in criminal investigations.
All speakers were pleased with the overall content of the proposal. Whether or not member states will take other measures in this context it is an open question.