Skip to main content
banner image
venafi logo

EU Regulation Proposal Could Block Germany’s Desire to Read Encrypted Messages

EU Regulation Proposal Could Block Germany’s Desire to Read Encrypted Messages

blocking encryption backdoors
June 27, 2017 | David Bisson

The European Parliament has proposed a regulation that could block Germany's efforts to pass a law allowing authorities to decrypt and read encrypted messages.

On June 14, German interior minister Thomas de Maizière announced the government is in the process of preparing a law that would empower authorities to decrypt and read encrypted messages. Such legislation would grant law enforcement the legal justification to read messages exchanged by suspected criminals and terrorists using messaging apps that offer end-to-end encryption like WhatsApp and Signal.

The minister did not specify how Germany intends to achieve this ability to read encrypted messages. But as reported by The Register, he did mention inducing phone companies to install software on their products directly. Law enforcement could then use that software to gain access to a device in the event of an investigation, thereby bypassing encrypted messaging apps.

Germany's desire to undermine encrypted mobile messaging services for the sake of fighting terrorism isn't new. In August 2016, the country voiced its support for compelling mobile operators to grant law enforcement access to encrypted content as part of terrorist investigations after a series of terrorist attacks rocked both Germany and France earlier that summer. A few months later in February 2017, Thomas de Maizière along with his French counterpart sent a letter (PDF) to the European Commission vocalizing support for legislation that would require backdoors in encryption-based communication systems.

Jeff Hudson, CEO at Venafi, stands fully against Germany's calls for encryption backdoors:

"It is a terrible idea to give governments and law enforcement unrestricted access to encrypted communications through a backdoor. Backdoors destroy security. And in the case of backdoors to machine identities, the entire internet will become untrusted. Our collective ability to secure data as it is transmitted around the internet is the only mechanism we can count on for privacy. Once a backdoor is created, it is almost immediately taken advantage of by criminals and cyberterrorists and there goes privacy and security. Anyone that is calling for backdoors either doesn't understand or doesn’t care about security and privacy."

As it turns out, the European Union might be on the same page as Hudson.

On June 9, 2017, the European Parliament's Committee on Civil Liberties, Justice, and Home Affairs published a report proposing regulations "concerning the respect for private life and the protection of personal data in electronic communications." The report contains numerous proposals on encryption, but Amendment 116 stands out. As the report (PDF) reads:

"The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorized access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services." 

If adopted by the European Parliament, Amendment 116 would effectively block Germany from passing its law. Such an outcome would work in the interest of users everywhere. After all, though mobile service providers would be responsible for developing Germany's proposed encryption-bypassing software, nothing would stop attackers from attempting to abuse it for their own nefarious purposes.

Some terrorists do use encryption to commit atrocious acts. But that's no reason to undermine encryption in general. On the contrary, organizations owe it to users to not only implement encryption when storing customer data but to also manage their encryption keys in order to prevent anomalies and misuse.

Get complete visibility and control over your keys and certificates.

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more