Encryption Should Be Protected, Not Weakened, Privacy Lawyers Say
Encryption must be preserved as an important method for security, trust, and technological control, especially in the wake of increased cybercrime, said Charlotte Le Roux and other Hogan Lovells lawyers in a blog post Monday.
Sign up for a free preview to unlock the rest of this article
"End-to-end encryption (E2EE) is a security methodology based on a simple principle: only the sender and the recipient of information can access it in plain text, as the data is encrypted using attributes unique to their correspondence," said the lawyers. "No third party -- not even the service provider acting as an intermediary, nor public authorities -- can technically access the content, even under a judicial order."
This encryption method is "a cornerstone of the digital ecosystem," and has been implanted into digital messaging apps such as Signal or iMessage, as well as password managers and data-storing tools, the lawyers said. However, E2EE is starting to be challenged on the grounds of public security in several countries, which has forced electronic communication service providers to react, they said.
For example, for U.K. users, Apple dismantled certain data protection features, said the lawyers. In February, the Computer & Communications Industry Association raised concerns that Apple was not preserving E2EE (see 2502070040). American lawmakers (see 2503140052) and others from the tech industry called on the U.S. to step in and defend encryption against probes in the U.K. (see 2503130014).
"Introducing backdoors would create vulnerabilities that could be exploited not only by legitimate authorities, but also by malicious actors -- cybercriminals, foreign powers, and others," said the attorneys. Backdoors "are not only technically questionable," but pose concerns of legal vulnerability "to challenges based on fundamental rights and proportionality."
The lawyers said that measures intended to circumvent encryption are often presented as a means to combat crime and other serious threats, like terrorism and child sexual abuse, leading to something called the security paradox. Despite these measures having good intent, they instead create exploitative vulnerabilities, along with other adverse consequences, they said.
"The legal framework governing encryption sits at the crossroads of security law, data protection law, and digital regulation," the lawyers said. "In a digital world where threats are multifaceted, weakening the confidentiality of communications means weakening the very secrets, sovereignty, and security we are trying to protect."