The ongoing debate surrounding the “going dark” scenario and encryption has taken a new turn. At a meeting with envoys from the EU in Stockholm, representatives from the US law enforcement and judicial authorities have called for direct access to unencrypted communication data to be built into technology. The aim is to counter the “data protection through technology” approach with something of equal importance. This appeal was found in a protocol of transatlantic talks by the secretariat of the EU Council of Ministers that was not intended for the public and was published by the British civil rights organisation Statewatch.
Legal, lawful access is the jargon of criminal prosecutors for the implementation of legally prescribed surveillance interfaces in networks and IT systems. In Germany, the details for this are regulated by the Telecommunications Surveillance Ordinance, which has caused controversy. According to experts, the standards developed for this are often useless and ultimately build uncontrollable predetermined breaking points into the communication networks. As a point of reference for “lawful access by design”, the participants of the meeting refer to a G7 declaration from 2021, which talks about “maintaining strictly controlled, lawful access to data”.
The US delegation noted “a certain hypocrisy in the position of Internet platforms” on the sticking point of end-to-end encryption. The operators resisted “constructive cooperation with liberal democracies with regard to lawful access”, while on the other hand they “bow to the pressure of more repressive legal systems”. The Swedish Council Presidency launched an attack on encryption at the beginning of its six-month term. Investigative tools could “often no longer be used due to developments such as the use of encryption technologies, which are incompatible with lawful access from the outset”.
However, the “going dark” mantra doesn’t hold much water. As early as 2016, US experts came to the conclusion that the business models of the majority of social network operators were based on unencrypted user data for personalised advertising. The Internet of Things also brings with it an abundance of image, video and audio data that can often be intercepted in real time. The meeting participants welcomed the resumption of negotiations between the EU and the US on an e-evidence agreement, which is about access to cloud data.
Both sides agreed that close coordination was needed as part of the negotiations for a UN convention against cybercrime “to isolate China and Russia in their quest for regulation of the Internet”. The US delegation warned against setting up separate data protection rules in parallel. The EU side worked to maintain high standards in this area. According to the agreements, the transatlantic exchange of biometric data is to be strengthened.
