Backdoors to end-to-end encrypted messages violate human rights: EU court


Article Contents

In This Article

Creating a backdoor to end-to-end encrypted messaging services like Telegram and Signal would erode freedom of expression and open up innocent users to hackers, identity thieves, and indiscriminate state surveillance, says the European Court of Human Rights.

In a Feb. 13 judgment, the court ruled in favor of Telegram user Anton Podchasov — who went up against his government in 2018 after it demanded Telegram decrypt messages that were sent using its encrypted “secret chat” function.

The court judged that while criminals may use end-to-end encryption (E2EE) to avoid law enforcement, providing encryption backdoors would put innocent, regular users at risk while eroding their rights to freedom of expression — thus violating the European Convention on Human Rights.

It argued that encryption backdoors would “affect everyone indiscriminately,” including those posing no threat to governments, and would make it possible for “routine, general and indiscriminate surveillance of personal electronic communications.”

“Technical solutions for securing and protecting the privacy of electronic communications, including measures for encryption, contribute to ensuring the enjoyment of other fundamental rights, such as freedom of expression,” the court added.

The court argued there are other ways to monitor encrypted communications that wouldn’t require an encryption backdoor, such as gaining access to the communication devices.

Podchasov first filed a lawsuit against his country’s government in 2018, saying a requirement made by his government for Telegram to turn over messaging logs of users it suspected of terrorism would open it up to decrypting all user communications — breaching European Human Rights conventions.

Telegram had refused the requirement, saying it was impossible without a backdoor that would weaken encryption for all users. In turn, the country then blocked access to Telegram in April 2018.

Podchasov’s lawsuit saw multiple appeals and reached the country’s supreme court, which struck it down, leading it to ultimately end up at the European Court of Human Rights.

Related: Chelsea Manning and Nym co-founder say privacy tech must be decentralized

In its latest ruling, the court has judged the country violated Article 8 of the European Convention on Human Rights which provisions “everyone has the right to respect for his private and family life, his home and his correspondence.”

Judging in favor of Podchasov, Europe’s court said the requirement to decrypt E2EE communications “cannot be regarded as necessary in a democratic society,” and its laws permitting access to communications without safeguards impairs rights and it as “overstepped any acceptable margin of appreciation in this regard.”

AI Eye: Outrage that ChatGPT won’t say slurs, Q* ‘breaks encryption’, 99% fake web