ACT | The App Association has long been a leading voice in the fight to ensure that our members and other digital economy innovators are permitted to utilize strong technical encryption to protect consumers and their data. We strongly encourage policymakers around the globe to think carefully as they deliberate potential policy changes, especially those prompted by tragic events, to consider the broader implications of targeted decisions. The recent terror attack in London, and the European Commission’s (EC’s) subsequent requests for law enforcement’s access to encrypted data, highlight the need for candid discussion and meaningful solutions to protect encrypted consumer data, even in the wake of tragedy.
According to reports, before attacking London’s Parliament, Khalid Masood sent messages using the encrypted messaging service WhatsApp on his personal device. In the aftermath of the attack, UK Home Secretary Amber Rudd said that electronic communications services like WhatsApp should be required to turn over information to law enforcement during an investigation. Following Rudd’s comments, German and French Interior Ministers Thomas de Maizière and Matthias Fekl, respectively, publicly stated their preference for law enforcement to have the same rights to access encrypted online services as they do to phone call information from telecommunication companies when conducting similar investigations. More recently, European Justice Commissioner Věra Jourová announced on March 28th that the EC will release related rules on June 20 that will give law enforcement easier access to end-to-end encrypted data on electronic communications services like WhatsApp.
Such an approach is seriously flawed from both a policy and a technical perspective. Any transaction involving data depends on technical data protection methods, such as the use of strong encryption techniques, to maintain user trust. Mandating the development of “backdoors” into encryption frameworks for the purposes of government access would not only degrade the safety and security of data, but also jeopardize the trust of end users by creating known vulnerabilities that unauthorized parties can exploit. Undermining the technical proficiency of encryption moves us away from, rather than towards, the legitimate policy goals that the App Association supports, including law enforcement’s proper and timely access to data.
Within the app economy, consumer trust in the integrity and security of their data plays a role in the technologies they choose to use, and app development companies’ growth and success depends on the trust of its end users. The App Association strongly discourages the EC from implementing policies that will only weaken the ability of companies, like our members, to protect consumers’ private data from hackers, theft, and other threats.
Law enforcement bodies and our companies have a shared interest in the public’s safety and security, but overbroad legislation and rules that ask companies to lower their encryption levels or create a backdoor to consumer data do not accomplish that mutual goal. We believe that secure and encrypted data can exist within a safe and secure society, and a frank and informed debate across all stakeholder communities is needed to craft a balanced solution.
The debate in the European Union (EU) continues. While some EC officials call for law enforcement access to encrypted data, others, like the EU’s counter-terrorism coordinator Gilles de Kerchove, have publicly argued against backdoors that would weaken a technology’s encryption. Though inconsistencies from the EC on this important issue remain, the App Association hopes that reason and technical feasibility will prevail, and that any proposals to ease the relationship between law enforcement and technology companies and services will not lower encryption or put consumer data at risk.
Written with Emily Baker