Encryption is under attack around the world, and not just by hackers trying to break into systems. Governments continue to call for access to encrypted communications, despite universal warnings from experts that every way of doing so would significantly weaken security and privacy for billions of users. As well as moves by individual countries like the UK, which seems determined to destroy its software industry by undermining encryption technologies in that country, there have been various calls for international collaboration to weaken crypto. For example, back in March, the then FBI Director, James Comey, said:
“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate”
Around the same time, the European Union also made noises about giving police access to encrypted communications across the EU. Just last week, Australia’s prime minister revealed that the Five Eyes intelligence agency club of the US, UK, Canada, Australia and New Zealand, were also discussing ways of forcing Internet companies to share encrypted data with the authorities. UK and France have even released a formal “action plan“, which states: “When encryption technologies are used by criminal groups, and terrorists, it must be possible to access the content of communications and their metadata.”
Against that depressing background of wilful refusal to recognize the technical impossibility of what is being demanded, the following comes as something of a surprise:
“The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.