A new federal government bill worries privacy advocates. This legislation, if approved, would be considered one of the most dangerous in the Member States of the European Union. It not only undermines the protection of privacy but also the security offered by end-to-end encryption.
Track criminals and terrorists
Telecommunications service providers must allow law enforcement (police, justice, state security, etc.) to decipher what is exchanged in encrypted messaging applications such as Whatsapp or Signal by certain specific users.
The goal is obviously to be able to track down criminals and terrorists. In other words, service providers will be forced to “turn off” encryption for users targeted by police and legal investigations.
Partial decryption not possible
The problem is, there is no way to just “turn off” encryption for some users. Consequently, it is all encrypted communications that will become accessible, and no longer exclusively those of people of interest to the police and the judiciary.
Weakening encryption will therefore make Belgians much more vulnerable to malicious attacks. This will effectively break the promise of confidentiality and privacy of end-to-end encrypted communications services.
Opportunities for criminals
“It is to offer additional opportunities to the crooks”, considers Frédéric Taes, volunteer within the NGO Internet Society. The loopholes will thus be created liable to be exploited by people with criminal or terrorist objectives. “the hacking of the St Luc de Bouge clinic or the Bar of Charleroi is possible because flaws, vulnerabilities exist “, explains Frédéric Taes.
These demands go against the consensus of cybersecurity experts around the world that there is no way to allow law enforcement to access a user’s end-to-end encrypted data without putting in danger the safety of each user.
►►► Read also : Is WhatsApp reliable or does it spy on its users?
Three essential elements
Encryption allows security thanks, firstly, to confidentiality, secondly to integrity – no one should be able to modify my message -, thirdly to the electronic signature – the sender and the receiver must be able to verify that it is the right interlocutor . “Take our movements on our bank account, for example, we need these 3 elements to ensure money transfers from the beginning to the end of the chain”, details Frédéric Taes.
Internet is an open medium, accessible to everyone like the radio or the telephone. “We can therefore intercept messages, explains Frédéric Taes, himself a cybersecurity specialist. Hence the importance of end-to-end encryption.
“To track criminals and terrorists, there are other techniques “, estimates the computer scientist. “You have to target the suspicious individual more and you can get a lot of information outside of messages, simply by analyzing who is sending a message, when, how often …”
The international privacy community is now mobilizing against these projects. Fifty NGOs, universities and companies involved in privacy protection and encryption issued an open letter against the bill.
The letter was signed by a long series of European actors, but also by organizations and scientists from the United States, Canada, India, Uganda, Brazil and Japan. Belgian professor and cybersecurity expert Bart Preneel from KU Leuven also signed it.
The Belgian data protection authority has already expressed its serious concerns in an earlier opinion on the draft law.