Interesting news out of Europe as the EU's data protection authorities (Working Party 29) resoundingly endorsed end-to-end encryption as a “necessity" to protect personal privacy, and specifically rejected backdoors and key escrow by authorities. Score one for the people.
Developers know that user trust relies on principles of Transparency, Security, and Stewardship and that there is no security without strong encryption.
WP29 listed a number of conclusions in their statement:
- The availability of strong and trusted encryption is a necessity in the modern digital world. Such technologies contribute in an irreplaceable way to our privacy and to the secure and safe functioning of our societies.
- Encryption must remain standardized, strong, and efficient, which would no longer be the case if providers were compelled to include backdoors or provide master keys. Whatever the technical solution, it can never be safe to compel encryption providers to include master keys and backdoors in their software.
- Law enforcement agencies already have access to vast quantities of data via their existing powers. Such access must remain proportionate and targeted. They should focus on improving their capabilities to interpret those data to investigate and prosecute criminals.
The tension between law enforcement and consumer privacy remains a hot topic in the US and the EU, despite the unanimous agreement of the experts involved that strong encryption is incompatible with backdoors and master keys. We can either build systems which are fundamentally insecure and open to both law enforcement and hackers, or we can have systems that are securely encrypted. There is no half-way. There is no both.
The Developers Alliance is a strong proponent of encryption as a fundamental practice in safeguarding user data. Alongside thoughtful data architecture, anonymization techniques, and data minimization, encryption should be universally applied where user data must be kept secure.