Spain, along with other countries, is trying to ban the use of encryption across the European Union in an effort to control the spread of child sexual abuse material (CSAM), according to a leaked report obtained by Wired.
Encryption, whether in a messaging app, email or another form of communication, is a double-edged sword. It gives users a reasonable measure of privacy, but it also helps criminals hide their communications. Breaking one will always result in hurting the other.
The situation is more complicated if we take into account the fact that companies, at least publicly, say that encryption prevents even them from seeing discussions between two or more users. According to the leaked document Wired published, 20 EU countries are in favor of a middle road.
Companies should be policing what people share, but for that to happen, they would need to break their own encryption. Any claim a company would make that it has no access to its customers’ communications would go out the window.
Other countries favor a more direct approach and want the ability to bypass encryption using court orders. The countries' views vary from one extreme to the other, with Spain being the most aggressive in this direction, wanting to drop the use of encryption altogether.
"First, in many cases, the ISP will be able to access encrypted data," Spain explained. "This means that the provider may have the ability to decrypt the encrypted CSA material."
"Secondly, the Law Enforcement Authority (LEA) could request access to the encrypted material and, if the internet service provider refuses to provide it, the LEA could present a judicial order to obtain access to the encrypted data."
"If the judicial order is issued, then the encrypted material could be decrypted. Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption. in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption," Spain argues.
The country representatives also discussed possible immediate effect if encryption were no longer present. The volume of data to be investigated would be so large that it could make it impossible to scan correctly.
How the use of encryption across the EU will continue in the future is yet to be determined because other countries consider the breach of privacy too high of a price to pay. The reality is that discussions are taking place, and it's unlikely to end in a stalemate. Encryption is about to change in the EU, either by being weakened or by becoming stronger.