France and Germany ask EU Commission directive mandating compliance to lawful access for IT communication providers
Last week, France and Germany have proposed to the EU Commission to issue an update of of a current EU directive, that would mandate providers of IT communication services to be able to respond to lawful access requests.
There are signs that these may be more political posturing and knee jerk reaction to th recent terror attacks, rather than real proposals, as some noted on Fortune Magazine by David Meyer, moderator at our next FSC edition in Brussels. But only time can tell.
On the other hand, although details of the proposal are still lacking- as for those of their US counterparts – there is surely a call to invite shared solutions to the problem, and possibly already some well thought out solutions yet to be disclosed.
When France and Germany Interior Ministers state in such proposal…
“What we are saying, however, is that exchanges more systematic operated via some applications, such as Telegram, must be able, as part of court proceedings — and I stress this — to be identified and used as evidence by the investigation and magistrates services.”
… they are acknowledging that current “lawful hacking” tools and (mostly nonexistent) standards – although supported by recent legislations or courts in Italy and in Germany – cannot produce evidence that can be solid enough to stand up in court (and probably to withstand constitutional challenges …).
That’s why they are proposing some kind of server-side access, that could replace remote lawful hacking. Nothwithstanding the huge increase over the state-of-the-art of technical and procedural safeguards that both such solutions would require – in order to reduce to acceptable levels the risks of abuse of citizen privacy, as well as of error or tampering of evidence in cyber-investigation – arguably, a server-side access would arguably be substantially less difficult to properly regulate and standardize than lawful hacking.
During our next Free and Safe in Cyberspace event in Brussels on Sept 22-23rd, we’ll explore what should be such radically-enhanced safeguards for lawful access compliance – and the related primarily non-governmental standard setting and certification bodies – and explore to what extent many of those safeguards are those needed to give citizen access to IT device and services that provide constitutionally-meaningful levels of trustworthiness.
Some of the speakers of the Free and Safe in Cyberspace (FSC) event series and advisors to the Trustless Computing Initiative, led by Rufo Guerreschi, have joined together to research and propose a comprehensive solution, in a 1-pager Manifesto and a long Study of tens of pages: “The Trustless Computing Certification Body: a new standard and certification body for wide-market ultra-high assurance IT systems, with voluntary compliance to “constitutional” lawful access requests.
UPDATE (Aug 26th 2016): We corrected that it is not a new directive but an update of a previous one (Thanks Jennifer). And corrected some typos.