European police now want real-time access to messengers


Whether it’s Signal, WhatsApp, or another platform, the Belgian police want “front-door” access to any user communications, encrypted or unencrypted, documents released by the European Commission have revealed. Another document suggests establishing a trusted authority for holding the encryption keys.

“As soon the operator receives a legitimate request, issued by a competent Judicial authority, the operator is responsible to provide real-time communication,” a high-level presentation by the National Technical Support Unit (NTSU) of the Belgian Federal Police reads.

This document, found by German news outlet heise online, is part of discussions carried out behind doors for almost a year at the European High-Level Group (HLG) on access to data for effective law enforcement, also known as “Going Dark.”

ADVERTISEMENT

The EU Commission released some partly redacted presentations in response to the information request from Member of the European Parliament Patrick Breyer from the Pirate Party.

The NTSU presentation discusses the “real need” for law enforcement agencies and justice to have efficient access to data, including in almost real-time, even if as an exceptional measure, strictly limited by law.

The police argue that it’s important to identify perpetrators after the criminal act, but even more important is identifying possible targets and preventing the criminal act from happening.

“This level of efficiency is achieved when the data is obtained in “near” real-time – in real-time, also from the OTT,” the presentation reads.

The NTSU assures there’s no need to break encryption, add backdoors, or “reinvent the wheel”, as similar models already have been in place for decades with “classic” telecommunications operators across the EU.

The standard “front-door” procedure for accessing the data would include a standardized request from authorities, possibly backed by a court order, and a standardized response from the service provider, sent in a secure and understandable format.

“Invisible, discreet, secret for the target (during the time of the investigation). Technologically neutral,” the Belgian police say.

They state that they love encryption, too, “Even if it is end-to-end encryption.” However, messaging service operators would be responsible for the interception design and collaboration when needed. The NTSU rejects using state trojans or hacking tools to access user data.

ADVERTISEMENT

The presentation was posted by Fragdenstaat, a non-profit organization that promotes freedom of information in Germany and the EU.

Some of the arguments include leveling the playing field for all operators, both classical and “over-the-top” (OTT) ones such as WhatsApp. The data would help police rapidly react to and prevent criminal or terrorist acts and respond to emergency cases.

Another presentation by the Cyber ​​Technical Committee of the European Telecommunications Standards Institute (ETSI) proposes a solution – a “trusted authenticated party” that would provide and manage access keys. It could provide “on-line on the fly real-time interception of OTT E2E communications.”

ETSI proposal

Previously, Europe’s Police Chiefs and Europol publicly urged politicians and industry leaders “to take urgent action to ensure public safety across social media platforms” as the adoption of end-to-end encryption allows offenders to hide. Police in Europe want to maintain ‘lawful access’ to suspected criminals' data when investigating.

Operators of messaging services repeatedly emphasize that they themselves have no access to encrypted communications. Meredith Whittaker, President of Signal Foundation, strongly opposes “chat control” proposals and leaves no doubt.

“We will leave the EU market rather than undermine our privacy guarantees,” Whittaker said on X in response to a proposal to enforce scanning and moderation of European chats.

Civil society and digital rights organizations are fighting against attempts to weaken encryption and digital privacy. Multiple organizations signed an open letter on January 10th, calling for greater transparency and participation of all stakeholders in the discussions at HLG.

“We are deeply concerned that the very premise of the HLG objectives is to push for a ‘security by design’ approach in all EU existing and future policies and legislation. We understand this framing as an attempt to impose a law enforcement ‘access by design’ obligation in the development of all privacy-enhancing technologies, which would result in a serious impediment to people’s exercise of their fundamental rights to privacy and data protection and to freedom of expression, information and association,” the letter reads.

ADVERTISEMENT