France and Germany this week called on the European Union to adopt a law that would require app companies to make encrypted messages available to law enforcement, as part of Europe's ongoing efforts to thwart terrorist attacks.
French Interior Minister Bernard Cazeneuve and his German counterpart, Thomas de Maizière, said in a joint proposal released Tuesday that encrypted messaging apps such as WhatsApp and Telegram "constitute a challenge during investigations" by making it difficult for law enforcement to conduct surveillance on suspected terrorists. The proposal calls on the European Commission to draft a law that would oblige app makers to "remove illicit content" and "decrypt messages" in terrorist investigations.
Intelligence officials in the US and Europe have argued that end-to-end encryption makes it easier for terrorists to covertly plot attacks, since the content of encrypted messages is only accessible to senders and recipients. But privacy advocates and security experts say that creating "backdoors" for law enforcement would jeopardize security and user privacy.
"people who want to use it will still be able to"
The proposal announced Tuesday follows a spate of attacks across both France and Germany this summer, including an attack at a church in Normandy that was carried out by two jihadists who reportedly met on Telegram. The proposal acknowledges that encryption plays a critical role in securing communications and financial transactions, though it says that "[s]olutions must be found to enable effective investigation" while protecting user privacy. The ministers urged the European Commission to discuss encryption at a summit on security next month in Bratislava.
"Security is a national competence, but creating the right framework at EU level will help member states carry out their duty to protect our citizens," European Commission spokesperson Natasha Bertaud tells Reuters.
Speaking to reporters on Tuesday, Cazeneuve singled out Telegram as a company that has been particularly difficult for authorities to cooperate with. Telegram founder Pavel Durov has defended his app's end-to-end encryption, and the company has begun shutting down public channels that promote terrorist material or child pornography. A Telegram spokesperson did not immediately respond to a request for comment from The Verge.
The proposal has already come under criticism from privacy advocates and digital rights groups, including the head of the CNIL, France's data protection authority, who co-authored an editorial in support of encryption technologies in Le Monde this week. Cazeneuve and Mazières say they don't want to ban end-to-end encryption entirely, but Sherif Elsayed-Ali, head of technology and human rights at Amnesty International, says granting law enforcement backdoor access to encrypted messages "is tantamount to a ban."
In a phone interview, Elsayed-Ali added that compelling app makers to install backdoors likely wouldn't do much to deter terrorists or other criminals from using encrypted messaging, pointing to a wide range of open-source services that are available for download online. The notion that a law could completely shut off access to such apps, he says, is "frankly ridiculous."
"They’ll never be able to stop that," Elsayed-Ali said. "They may be able to stop some big companies from doing it, from using end to end encryption, but people who want to use it will still be able to."