France and Germany want to compel operators of mobile messaging services to provide access to encrypted content to terrorism investigations, after a series of deadly attacks in both countries.
French intelligence services, on high alert since attackers killed hundreds of civilians in Paris in November and in Nice in July, are struggling to intercept messages from Islamist militants.
Many of the groups now use encrypted messaging services rather than mainstream social media, with Islamic State a big user of such apps, investigators in several countries have said.
French Interior Minister Bernard Cazeneuve said the European Commission should draft a law obliging operators to cooperate in investigations of militants.
“If such legislation was adopted, this would allow us to impose obligations at the European level on non-cooperative operators,” he told a joint conference with his German counterpart in Paris.
The European Commission said it welcomed the Franco-German initiatives. An existing online privacy framework is already under review, it said.
“Security is a national competence, but creating the right framework at EU level will help member states carry out their duty to protect our citizens,” spokeswoman Natasha Bertaud said.
Telegram under the spotlight
Cazeneuve singled out an app operated by Telegram, which he said did not cooperate with governments, adding that legislation should target both EU and non-EU companies. A spokesman for Telegram did not immediately respond to a request for comment.
Telegram, founded by Russian Pavel Durov in 2013 and incorporated in several jurisdictions, promotes itself as ultra-secure, because it encrypts all data from the start of transmission to the finish.
A number of other services, including Facebook Inc’s WhatsApp, say they have similar capabilities.
Cazeneuve’s initiative, which he hinted at earlier this month, has come under fire from privacy and digital experts, who warned against opening “back doors” that would let governments read content.
“How could we then prevent terrorists from creating their own encrypted apps and as a consequence enjoy a higher level of security than users who have nothing to hide,” privacy advocates wrote in a piece in the newspaper Le Monde on Monday. Among them was the head of CNIL, France’s privacy watchdog.
“Cracking down on encryption for the wider public would therefore give a monopoly on its usage to organisations that would abuse it.”
US tech giants worried
A US-based tech lobby group, CCIA, which represents companies such as Facebook and Google, said it was worried about the proposals.
“It is certainly understandable that some would respond to recent tragedies with back doors and more government access,” said Christian Borggreen, Europe director at CCIA. “But weakened security ultimately leaves online systems more vulnerable to all types of attacks from terrorists to hackers. This should be a time to increase security – not weaken it.”
France and Germany – where nerves are raw following a wave of attacks on civilians this summer, including two claimed by Islamic State – are also seeking closer links between the continent’s databases of personal information.
That would cover data on visas, potential militant threats within the border-free Schengen area, refugees and airline passengers, German Interior Minister Thomas de Maiziere said.
“We believe that after Brexit …. it’s important to make clear where Europe offers better solutions for our members than if we carried out those solutions unilaterally – and that includes the areas of internal and external security,” he said.