In an open letter, Cryptee, EDRi, EFF, Tuta, Wikimedia and a broad coalition of other organizations warn of EU Council's "Going Dark" Report

 
 
 

Following up on recent discussions and developments in European digital security policy, today Cryptee joined EDRi, EFF, Tuta, Wikimedia, Element, Nextcloud, Chaos Computer Club (CCC), Article19 and many other organizations in submitting an open letter to raise our concerns about the the final report of the EU Council's High Level Group on Access to Data for Effective Law Enforcement (HLG “Going Dark”).

This group recently presented recommendations that would pose a substantial threat to digital security and privacy for the EU and its citizens. The Going Dark agenda is also characterized as “insecurity by design” and would result in giving law enforcement maximum access to personal data. We co-signed an open letter to reject the proposals by the HLG Going Dark and to demand a better approach.

Click here to read the full open letter on EDRi's website, or scroll down to read the full letter in PDF format.


High Level Group's "Going Dark" is rehashing dangerous ideas


The HLG Going Dark proposes measures that have previously been rejected by experts and courts alike. Three main points are especially concerning:

So called “lawful access by design” describes a new attempt to mainstream backdoors in technologies. This would effectively put the security and confidentiality of all electronic communications and data at risk. It would also severely encroach on fundamental rights of people in the EU.

  • Data retention: The HLG Going Dark suggests extending data retention to virtually all internet services with harmonized rules across the EU, including data retention for the Internet of Things.
  • Encryption is to be undermined via legal and technical means, so that law enforcement can access encrypted data. The HLG Going Dark suggests tasking service providers with the impossible task of providing access to encrypted data in clear without compromising security. In effect this would undermine encryption and cybersecurity and shift responsibility to service providers.

This final report follows an earlier proposal of 42 recommendations by the HLG Going Dark, which received heavy criticism by experts such as the EDRi-network. The European Data Protection Board warned that demands by the HLG Going Dark to service providers are contradictory, since it is not possible to provide access for surveillance purposes and to protect the security of the digital systems at the same time.

Recommendations for a better approach

The EU and its citizens face increasing threats that require a focus on more IT-security. So policy- makers in the EU should reject the HLG Going Dark agenda. Instead we recommend:

  • Strengthening a digital ecosystem of diversified, safe and trustworthy solutions so that citizens can be empowered by technology, instead of putting them at risk.
  • Ensuring the security and confidentiality of digital spaces so that citizens can exercise their fundamental rights.
  • Upholding the right to privacy and inviolability of protected information.

This is the right approach for an EU digital security policy that fits contemporary challenges and is in line with the Charter of Fundamental Rights and case law of the Court of Justice of the EU and the European Court of Human Rights.

We would like to thank EDRi for putting this coalition together and all organizations who joined this initiative as we continue advocating for strong encryption and digital rights in the EU.