All is not lost, but Europe is still split on encryption

Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation(new window) (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed regulation is contentious as it opens the door to a new mass surveillance regime and could force companies to scan everyone’s digital communications all the time. In other words, it threatens to effectively ban end-to-end encryption. 

Proton and others have been vocal about the dangers of this proposal. As we have discussed previously, banning encryption puts Europe’s cybersecurity (and security in general) at grave risk, undermines the competitiveness of European tech companies, and violates the basic rights to privacy that millions of Europeans have fought for. 

However, last week’s decision to delay has highlighted the differing positions of key EU Member States. As the debate continues, Proton has some specific requests for the representatives of these Member States. 

Supporting encryption

Several Member States have reportedly prevented the vote on the Council’s position from taking place on the grounds that the clauses affecting privacy will have a detrimental impact on privacy and security. We welcome this and encourage them to continue pushing for a progressive approach to tackling crime online. 

In particular, we call on Germany and Austria to use their influence in Europe to bring more countries onto the right side of the debate. Their voices and support for privacy have already had a positive impact. It’s now vital that they hold their ground. 

Sitting on the fence

Not all Member States have decided on their national position yet, most notably France. France is a highly influential member of the European community, and its support for privacy, security, and encryption would be invaluable in debates to come. 

France has rightly made cybersecurity a top government priority. At the same time, it has successfully nurtured an exciting and vibrant start-up scene. If the French government wants to protect these two cultural and economic interests, it must ensure that the EU proposal does not have any negative impact on encryption, as outlined repeatedly by its own cybersecurity agency(new window) (ANSSI).

Disregarding the dangers

Despite these positive steps from some Council members, others still do not yet see the risks this legislation will pose for encryption and security in Europe. 

To Spain, who holds the Presidency of the EU Council, we urge them to consider the facts. There are many ways for law enforcement to fight crime and protect citizens without undermining the rights and online security of the entire population. Spain is in a unique position to take a leadership role in this debate, so we ask them to listen to progressive voices in the European Parliament, their population, and the wider tech industry. 

We urge all European Union Member States to seriously consider the impact of this text specifically in two key areas: 

First, it’s vital to acknowledge that this regulation would endanger European citizens rather than protect them. Largely thanks to the war in Ukraine, Europe is now at the center of a cyberwar. But aside from the current geopolitical situation, it remains a fact that cybercrime in general has steadily increased year over year. Breaking encryption will expose us all to criminals, foreign interference, and state-sponsored actors willing to undermine Europe. Now is not the time to weaken our defenses.

Second, Europe’s economy overall, particularly its tech sector, will suffer if encryption is undermined. Tech companies headquartered and operating in Europe, especially the millions of SMEs that make up the backbone of Europe’s digital economy, are vulnerable to cyberattacks and therefore depend on the trust and security encryption offers. Not to mention the reputational hit European companies will face if they’re seen as unable to protect users’ privacy at a time when global demand for greater privacy is on the rise. 

Time to change course

It remains unclear when the Council vote will finally take place. Last week’s delay means there will have to be further negotiations between Member States. However, we urge those undecided and those unwilling to rebalance the text to better protect privacy to take a moment and seriously consider the alternatives. 

At Proton, we have been very clear. If the legislation is passed in its current form and we subsequently receive requests to undermine our encryption we would mount a robust legal challenge as we have done previously in other countries(new window). The Council’s own legal advice suggested the proposal would likely be illegal(new window) under European law and we expect to win future legal challenges. We all want a safe, secure, prosperous, democratic Europe. Without protecting encryption, none of this will be truly possible. 

Protect your privacy with Proton
Create a free account

Related articles

Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f