UPDATED 14:13 EDT / FEBRUARY 15 2024

POLICY

Human rights court rules against backdoored end-to-end encryption

The European Court of Human Rights, or ECHR, has made a landmark ruling on data encryption that could affect the European Union’s online safety efforts. 

The court issued the decision on Tuesday but it got wide attention only today. It was made in connection with a 2019 complaint brought by a Russia-based user of Telegram, the popular messaging service. The case centered on a privacy technology known as end-to-end encryption.

With end-to-end encryption, a message sent through a chat app is scrambled before leaving the sender’s device and only becomes readable on the recipient’s handset. This ensures not even the chat app’s operator, in this case Telegram, can read the message. The company provides an opt-in end-to-end encryption option through a feature called “secret chat.”

In 2017, Russia’s intelligence agency ordered Telegram to decrypt the communications of “users who were suspected of terrorism-related activities.” The company refused to comply with the order, saying it would be impossible to do without “creating a backdoor that would weaken the encryption mechanism for all users.” In 2019, a Russian Telegram user brought a complaint before the ECHR charging that such a backdoor would breach Telegram users’ right to respect for their private life and for the privacy of their communications.

In its Tuesday ruling, the court accepted that position. The judges wrote in the decision that “the contested legislation providing for the retention of all Internet communications of all users, the security services’ direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society.”

According to Ars Technica, it’s believed the ruling could have implications for an online safety bill currently being developed in the EU. The proposed legislation is commonly referred to as Chat Control 2.0. The implications of the ECHR encryption case for the bill will reportedly depend on whether Tuesday’s ruling is endorsed by the Court of Justice of the European Union, the EU’s top court.

The initial version of Chat Control 2.0 was proposed in May 2022. If implemented, the bill will require tech firms that offer chat apps and other communications services to scan users’ encrypted messages for illegal content such as child sexual abuse material. The rule would also apply to certain other companies, notably operators of commercial cloud storage services.

The original version of the bill would have required companies to scan all their users’ messages for illegal content. In November, the European Parliament’s civil liberties committee updated the draft with safeguards designed to prevent mass content scanning. The final text of the bill will be developed through negotiations between the European Parliament and EU member states. 

Image: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU