The EU Court ruled that “Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field.” Any requirement to build in backdoors to encryption protocols for law enforcement agencies could also be taken advantage of by malicious actors.
The EU Court of Human Rights’ also builds on their acknowledgment that “mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials.”
As the EU Commision’s Chat Control Bill directly targets undermining secure end-to-end encryption, it now looks to be in trouble. In its current version, the Chat Control bill would require the scanning of content on your personal devices, including that which is sent via end-to-end encrypted messenger apps or encrypted email. At some point, providers would be required to either break this encryption to allow the scanning of content or scan content once it has been decrypted and is readable.
On February 13th, Europe received an early Valentine’s gift from the European Court of Human rights when they banned any laws that aims to weaken end-to-end encryption. This ruling is a major stumbling block for the EU Chat Control Bill, but does it really mean that Chat Control is dead? There are many reasons why Chat Control should never become law, we’ve collected the turn of events and steps you can take to help prevent this dangerous bill from ever being passed!
The ECHR ruling is good news (and there was already a post about it in this community and many others, a week ago, from a reputable publication), but this post about that news is actually spam for a company selling a snakeoil privacy product thinly disguised as news.
It’s worth taking note of the details of the court’s ruling in the context of Tuta’s architecture: this ruling specifically is not about when police demand that services like tuta use their capability to bypass encryption for specific users, which the architecture of services like Tuta very conveniently makes easy for them to do. Instead, it is about when authorities try to mandate that better-designed systems move to a tuta-like architecture to make targeted surveillance easy. Which makes Tuta’s use of this particular news for advertising purposes even more disgusting.