Criminals aren’t going to be using services that comply anyways. They’ll have their own underground ones. This is just a violation of regular citizens rights.

This seems to be a general theme. Those arguing loudest for better privacy are really saying “only we should be allowed to invade your privacy”. See: Google, Apple, the EU

Fairly fucking sure this is a nothingburger like Art. 13-17 was, and will not break E2EE messengers.

The reason:

Encryption plays an essential role in securing communications. The international human rights law test of legality, necessity and proportionality should be applied to any measures that would affect encryption. Both the UN Commissioner for Human Rights[1]and the European Data Protection Supervisor[2]have concluded that the EU’s proposal for a regulation on child sexual abuse material fails this test[3].

A recent article published by Wired[4]described a European Council survey of Member States’ views on regulating encryption. In its response to the survey, Spain stated that there should be legislation prohibiting EU-based service providers from implementing end-to-end encryption.

Requiring platforms and device manufacturers to build back doors to facilitate law enforcement access would make everyone more susceptible to malicious hacking from criminals and foreign adversaries alike[5]. Measures allowing public authorities to access the content of communications affect the essence of the right to privacy.

1.Which encryption experts did the Commission consult when preparing its proposal for a regulation on child sexual abuse material?

2.Will the Commission revise its position on encryption in view of the opinions of human rights associations and experts?

3.Given the abuse of Pegasus, how will the Commission ensure that the fundamental right to privacy is protected if a Member State, such as Spain, decides to ban encryption?

Submitted: 24.5.2023

[1] UN High Commissioner for Human Rights, ‘The right to privacy in the digital age’, A/HRC/51/17, 4 August 2022, para. 28, https://www.ohchr.org/en/documents/thematic-reports/ahrc5117-right-privacy-digital-age.
[2] https://edps.europa.eu/press-publications/press-news/press-releases/2022/combat-child-sexual-abuse-online-presents-serious-risks-fundamental-rights_en.
[3] https://home.crin.org/readlistenwatch/stories/privacy-and-protection.
[4] https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law/.
[5] https://cdt.org/area-of-focus/government-surveillance/encryption-and-government-hacking/.

Source: https://www.europarl.europa.eu/doceo/document/E-9-2023-001661_EN.html (EUP Parliamentary question E-001661/2023)

So yeah, it is now established that forcing law enforcement on E2EE messaging services goes against human rights. glhf EUC

1: “… and then we’ll be able to stop terrorist attacks. Simple”.

2: “ok but if you put a back door into encryption, won’t others be able to find it?"

1: "no we’ll be the only ones with the key. Great huh?“

2: “and you don’t think the key will be leaked or be hacked?”

1: “I said we’ll be the only ones with the key.”

2: “so what’s your plan to make sure the key stays secure”

1: “…”

2: “what’s your contingency plan if the key *is * hacked or leaked?”

1:“…”

1: "I SAID WE’LL BE THE ONLY ONES WITH THE KEY. "

2: “…”

1: “don’t you want to protect our children ??”