"Illegal to break encryption," the European Court of Human Rights rules
"A victory for civil liberties," say privacy experts
The European Court of Human Rights banned all legal efforts of weakening encryption of secure communications in Europe.
Encryption ensures the enjoyment of fundamental rights such as privacy and freedom of expression, the judgment reads, while helping citizens and businesses to defend themselves against abuses of information technologies. Hence, the ruling to outlaw legislations that could open up backdoors for criminals to exploit.
The decision was welcomed with enthusiasm by privacy experts that have long called the EU Commission to withdraw their CSAM-scanning proposal, known as Chat Control, which planned to enable authorities to scan all citizens' private communications to halt the spread of dangerous content.
EU Chat Control banned
"With this outstanding landmark judgement, the 'client-side scanning' surveillance on all smartphones proposed by the EU Commission in its Chat Control bill is clearly illegal. It would destroy the protection of everyone instead of investigating suspects," commented European Parliament and digital freedom advocate Patrick Breyer from Pirate Party.
"EU governments will now have no choice but to remove the destruction of secure encryption from their position on this proposal—as well as the indiscriminate surveillance of private communications of the entire population," he added.
In October last year, the EU Parliament already reached a historical agreement which asked for the removal of the dangerous provision from the EU Child Sexual Abuse Material (CSAM) Scanning Proposal. Reiterating privacy as a fundamental right, also in that occasion the decision came to safeguard online security and encryption.
However, the Chat Control was still on the table—until now, at least.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
🇬🇧 The judgement of the European Court of Human Rights on the right to #EndToEndEncryption #E2EE is a victory for civil liberties! EU governments must finally remove the proposed destruction of secure encryption from the #ChatControl 2.0 bill!https://t.co/iHCqKBlaBZ pic.twitter.com/XDOT4C9vEKFebruary 14, 2024
Right from the start, tech companies using encryption to build software—including VPN services and messaging apps providers—argued that weakening encryption in order to catch criminals was a terrible idea.
VPN provider Mullvad VPN got pretty vocal last year to raise awareness of these risks. It sent hundreds of emails to both journalists and politicians, while even putting giant banners across airports and the streets of some European cities. "Mullvad is usually a very silent company. This is probably the first time we really got mad enough to speak out," Jan Jonsson, CEO at Mullvad, told me when the company began its campaign in March last year.
A group of experts wrote the umpteenth open letter less than a month ago, too, to warn that the proposed side-scanning "would negatively impact children’s privacy and security online, while also having dramatic unforeseen consequences on the EU cybersecurity landscape, creating an ineffective administrative burden."
Well, all these efforts have now been rewarded.
"Secure encryption saves lives," said again Breyer. "It is a scandal that the EU Council’s latest draft position still envisages the destruction of secure encryption. We Pirates will now fight even harder for our digital privacy of correspondence!"
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com