Europol, European police chiefs come out against end-to-end encryption

Another day, another call from law enforcement to build back doors into encrypted products.

An association of European police chiefs has issued a joint declaration saying end-to-end encryption (E2EE) undermines capabilities “crucial to supporting online safety.” The statement says E2EE prevents tech firms from complying with “lawful access” orders during police investigations, as well as the “ability of technology companies proactively to identify illegal and harmful activity on their platforms.”

The declaration says European police are “deeply concerned” that tech firms are rolling out E2EE products “in a way that will undermine both of these capabilities.”“Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish,” the letter continued. “They should not now.”

The chiefs also called for tech firms to build “security by design” into their products, though didn’t offer any specifics as to what that would entail.

Europol, the European Union’s chief criminal intelligence sharing hub, has also endorsed the statement.

E2EE refers to a variety of encrypted communications systems where the decrypted data is only visible to senders and recipients—preventing surveillance by intermediaries like a service provider or third parties intercepting a message in transit. For example, texts sent via E2EE messaging app Signal can only be opened on one of the devices involved in a conversation; the service’s operators can’t comply with subpoenas or search warrants for the contents of communications, as the decryption keys never pass through their servers.

Because E2EE comms are wiretap-proof, they can pose an additional hurdle for police investigators—and law enforcement agencies have often demanded tech firms build back doors into E2EE apps that would allow the firms to comply with warrants. In the US, the FBI and Department of Justice have fought for years to force tech firms to help them access encrypted devices.

Building in such back doors would, by definition, make an E2EE product no longer E2EE, as well as create a risk of threat actors discovering and exploiting them. Polls have shown that the vast majority of security experts are skeptical of arguments against encryption. Beyond privacy concerns for individuals, E2EE products are also being increasingly adopted in many enterprise environments.

“End-to-end encryption is nonnegotiable,” Ani Chaudhuri, CEO of data security firm Dasera, told Cybernews. “It’s the digital age’s fortification against unwarranted intrusions.”