The head of Europol wants tech companies to do away with encryption of messages in the name of security. She calls it the responsibility of tech companies to ensure that private conversations are readable.
Catherine De Bolle, head of Europol, wants private conversations via messaging services to be readable by anyone. De Bolle denounces that companies like Meta (with WhatsApp), Signal and others protect users’ privacy with end-to-end encryption of communications. According to her, that encryption undermines democracy. De Bolle, who was head of the Belgian Federal Police between 2012 and 2018, calls getting rid of encryption a “social responsibility” in an interview with the Financial Times.
Anonymity or privacy
In doing so, De Bolle supports the discourse of police and secret services in several European countries. Those services find it inconvenient that they cannot read messages from (suspected) criminals. Who those suspected criminals are depends on the government in power.
De Bolle is heading to Davos, Switzerland, to convince tech companies there to stop supporting the right to privacy. She argues that anonymity is not a fundamental right, but that argument is beside the point. After all, metadata, about who sends messages to whom, is not encrypted and can already be requested by government agencies today. That anonymity has nothing to do with encryption of message content.
Unfair analogy
De Bolle strengthens her argument with an analogy: “If we have a search warrant and we are standing in front of a house with a closed door, and we know that the criminal is in the house, the population will not accept that you can’t go in.”
That analogy sounds interesting, until you dissect it for a moment. The digital world does not work exactly like the real world. Messages in WhatsApp, Signal and other apps are encrypted with end-to-end encryption. That is a form of encryption that is established between the participants in a conversation without a third party having the key. If you send a message with WhatsApp to your colleague, the encryption is established between you and your colleague, without Meta itself ever having the encryption key.
There is no such thing as a little encryption
This is essential: were messages to be centrally encrypted by Meta itself, Meta would be able to read all messages. That would also open the door to hackers, who would have to exploit just one bug through such a system to see into your messages. End-to-end encryption is the only form of protection that would make messages truly secure.
If you want police to be able to peek in from time to time, then you need to drop end-to-end encryption for everyone. That way, even your messages will be readable at all times by hackers, nosy police departments or employees of messaging companies with the right permissions or bad intentions.
Leave your front door open
Back to De Bolle’s analogy with the door: she doesn’t just want permission to get inside the house with the criminal, she wants all citizens and businesses everywhere in Europe to replace all their locks with one that the government owns a runner so that it can always get in. She promises, of course, not to abuse that one. And the maker of the runner promises to keep it well preserved, so it won’t be stolen by thieves who can then also just walk into your home. The fine print then does state that such a promise cannot be made good.
read also
Belgian Europol boss wants to be able to read your messages: why that’s a disaster especially for citizens
De Bolle then goes on to assume that criminals will continue to use the apps in which she can read along. The criminal in the house will not open the door when the police knock, regardless of the rules, just as the digital bad guy will quickly download an app that still uses encryption. The result: it is mainly the ordinary citizen’s front door that is open and it is mainly our messages that are up for grabs.
Chasing China
For businesses, the call is even more frightening. Nation-states including Russia and China are already investing heavily in corporate espionage today. When end-to-end encryption disappears, the door opens for state-sponsored hackers to peek in.
The argument that end-to-end encryption is a threat to democracy is entirely dubious. Such encryption just allows people in undemocratic countries to communicate with each other without oppressive regimes being able to read in. The best example of a widely used app that does not use end-to-end encryption is China’s WeChat. There, the Chinese government can read along if it wants to. We wonder if it is wise to follow China’s example in the name of democracy.
Nefarious governments and successful police actions
We also note that at least five EU member states have already been caught using the Pegasus spyware to spy on people. Hungary is on that list. Pegasus spyware is complex, and is used to look in on phones of journalists and political opponents, for example. If De Bolle gets her way and end-to-end encryption disappears, such spyware will no longer be needed and lower the threshold for spying.
Finally, Europol has been able to prosecute many criminals in recent years with the tools at its disposal. The service took several criminal networks offline with it, and managed to read into the Sky ECC app even without the help of tech companies. So the premise that Europol cannot do its job without tech companies coming to grips with privacy is wrong.
Belgian pioneering role
In other words, De Bolle travels to Davos to ask technology companies to immensely degrade citizens’ privacy and make messages vulnerable to hackers, spies and rogue governments. She does so without thorough justification, given that Europol can do its job today, even without considering the immense impact on the security of all communications, and supported by an unfair analogy that ignores how digital encryption really works.
Unfortunately, Belgium consistently plays a major role in the fight by police departments and governments to drain privacy and encryption. An earlier attack from the European Parliament also came from Belgium.