Encrypted Services Suppliers worried over EU Backdoors Security Plan


On Thursday, European encrypted service providers ProtonMail, Threema, Tresorit and Tutanota urged European Union politicians to reconsider proposals that would enable encryption backdoors to be enforced.

A resolution on “security through encryption and security despite encryption” was adopted by the Council of the European Union in December. The Council declared that it promotes the creation and use of strong encryption to protect people and organisations, but at the same time insists that law enforcement and judicial agencies must be free to exercise their legal powers.

In recent years, there has been a lot of debate about finding a compromise between supplying consumers with strong security and still allowing law enforcement during their investigations to access encrypted messages and records. Nevertheless, while politicians around the world are persuaded that such a balance can somehow be reached, security giants claim that it is impractical, since it will entail the creation of cryptography backdoors that could be leveraged not only by law enforcement, but also by bad actors.

ProtonMail, Threema, Tresorit and Tutanota say they are worried about the EU Council’s resolution and have each released a statement warning that these anti-encryption measures violate the privacy of EU citizens.

“While the resolution is not clearly specified, it is commonly known that the initiative aims to facilitate law enforcement access through backdoors to encrypted platforms. The resolution, however, makes a profound misunderstanding: encryption is an absolute, data is either protected or not, users have protection or not,’ said Tresorit, which provides companies with end-to-end encrypted cloud storage.

Andy Yen, CEO of ProtonMail encrypted email service, commented, “Simply put, the resolution is no different from the previous proposals that generated a broad backlash from privacy-conscious businesses, members of civil society, experts and MEPs.” This time, the distinction is that the Council has taken a more nuanced approach and avoided using terms such as ‘ban’ or ‘backdoor’ directly. But make no mistake, the goal is this. It is important to take action now to avoid these measures from going too far and to keep European privacy rights intact.

Arne Möhle, CEO and operator of the free encrypted email service Tutanota, warned of the repercussions for EU residents.

Politicians want an easy way to deter crimes such as terrorist threats with the new effort at backdoor encryption while disregarding a wide host of other crimes that encryption protects us from: end-to-end encryption protects our data and correspondence from eavesdroppers such as hackers, (foreign) states, and terrorists.’ Politicians are not forcing us to pick between security and privacy by seeking encryption backdoors. They are asking us not to choose safe,’ said Möhle.

And Martin Blatter, CEO and founder of Threema, a secure communications programme, cautioned about the consequences for European companies.

“Young European companies are now at the forefront of this technical and data security movement. Experience shows that something that threatens these successes will and will be used by third parties and offenders alike, thus jeopardising the welfare of us all. Given the proliferation of uncontrollable open-source options, if they realised a service was corrupted, consumers would just move on to those applications,” said Blatter.

“He added, “Asking European suppliers to circumvent or purposely undermine end-to-end encryption, without having even a bit of extra protection, will kill the European IT start-up industry. Europe will give up its unique strategic edge recklessly to become a wilderness without anonymity, joining the ranks of the most infamous surveillance states in the process.

Although law enforcement officials have frequently argued that, due to heavy cryptography, they are unable to perform their operations, there is some indication that at least some agencies, such as the FBI, have the ability to obtain data from encrypted devices.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.