The Government has been dealt a blow in its bid to force WhatsApp and other tech companies to hand over terror suspects' encrypted messages by EU proposals.
MEPs have tabled laws that would forbid countries in the EU from breaking the electronic protection that prevents security services from reading messages sent via WhatsApp. The plans would also impose obligations on tech companies that do not currently apply encryption to messages to do so.
The proposals would be a major setback to Theresa May’s election pledge that terrorists should have no “safe space” to conspire online, and threatens existing security legislation that requires companies to remove encryption where possible.
Smartphone apps including WhatsApp and Telegram electronically seal messages using end-to-end encryption, meaning that governments and even the companies themselves cannot read them.
Technology companies defend encryption on the grounds that it helps guarantee privacy and security, and warn that “backdoors” applied by governments could be exploited by criminals and rogue states to spy on citizens.
But MPs have said the technology gives terrorists a safe place to plot attacks without the threat of police scuppering their plans.
The proposals, from MEPs on the European Parliament’s Civil Liberties, Justice and Home Affairs Committee, have been tabled as amendments to draft EU privacy legislation.
Buried in the amendments, the documents state: “When encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.
"Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”
Dr Lukasz Olejnik, an independent cybersecurity and privacy consultant and a researcher involved in the EU's privacy proposals, said the laws "would put the UK on a potential collision course with the European Union Member States".
The proposals will first have to be approved by MEPs and scrutinised by the EU Council. Kristina Holt, a senior associate at law firm Pinsent Masons, said the Government may be able to achieve some exemptions on national security grounds, which the EU does not have power over.
It remains unclear how the laws will apply in the UK after Brexit. The Government has indicated it will co-operate with other EU data regimes on some areas to ensure cross-border data flows.
As well as hampering any attempts to access encrypted messages, the rules could also imperil the Investigatory Powers Act, legislation created when Theresa May was Home Secretary and passed last year. The act requires companies to remove “electronic protection” when requested by the Government where possible.
Critics have said the laws legalise extreme snooping and bulk surveillance, and threaten the privacy of law-abiding citizens. The prior legislation, 2014’s Data Retention and Investigatory Powers Act, was declared illegal by the European Court of Justice in December.
The perpetrator of March’s Westminster attack, Adrian Ajao, sent a final WhatsApp message minutes before he began his slaughter outside the Houses of Parliament, but police and security services were unable to access its content for several weeks, until they found its recipient.
After the attack the Home Secretary Amber Rudd accused WhatsApp of giving terrorists "a place to hide” and said it was “completely unacceptable” that they could communicate in secret.
This week, Ms May and French president Emmanuel Macron vowed tougher action on tech companies applying encryption.
As well as outlawing encryption backdoors, the MEPs propose forcing communications providers that do not currently encrypt communications to do so.
“Service providers who offer electronic communications services should… ensure that such electronic communications data are protected by using specific types of software and encryption technologies,” the proposals state.
A Home Office spokesman said: "The Government has been clear that we support the use of encryption. It helps keep peoples’ personal information safe and ensures secure online commerce. But we have also been clear that we must ensure that, in tightly proscribed circumstances, our law enforcement and security and intelligence agencies are able to access communications of criminals, including terrorists."
Source: The Telegraph