European Privacy Directive: Encryption Without Backdoors

“The confidentiality of online communications by individuals and businesses is essential for the functioning of modern societies and economies. The EU rules designed to protect privacy in electronic communications need to reflect the world that exists today,” European Data Protection Supervisor (EDPS) Giovanni Buttarelli opined after reviewing a new proposal on the ePrivacy Directive.

The existing ePrivacy Directive is currently under revision. The European Commission is collecting feedback on the proposal, and should prepare a new, updated version of the legislation by the end of 2016. One of the purposes of the EDPS is to advise EU institutions on policies and legislation that affect privacy.

In his opinion, the EDPS says that the scope of new ePrivacy rules needs to be broad enough to cover all forms of electronic communications irrespective of network or service used, not only those offered by traditional telephone companies and internet service providers. Individuals must be afforded the same level of protection for all types of communication such as telephone, Voice over IP services, mobile phone messaging app, Internet of Things (machine to machine).

The updated rules should also ensure that the confidentiality of users is protected on all publicly accessible networks, including Wi-Fi services in hotels, coffee shops, shops, airports and networks offered by hospitals to patients, universities to students, and hotspots created by public administrations.

Any interference with the right to confidentiality of communications is contrary to the European Charter of Fundamental Rights.

No communications should be subject to unlawful tracking and monitoring without freely given consent, whether by cookies, device-fingerprinting, or other technological means. Users must also have user-friendly and effective mechanisms to give, or not give, their consent. In order to better protect the confidentiality and security of electronic communications, the current consent requirement for traffic and location data must be strengthened.

The existing rules in the ePrivacy Directive protecting against unsolicited communications, such as advertising or promotional messages, should be updated and strengthened and require prior consent of the recipients for all forms of unsolicited electronic communications.

The new rules should also clearly allow users to use end-to-end encryption (without “backdoors”) to protect their electronic communications. Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.

A new provision for organisations to periodically disclose aggregate numbers indicating EU and non-EU law enforcement or government requests for information would offer some welcome transparency in the sensitive, complex and often contentious area of government access to communications.

The new rules should complement, and where necessary, specify the protections available under the General Data Protection Regulation (GDPR). They should also maintain the existing, higher level of protection in those instances where the ePrivacy Directive offers more specific safeguards than in the GDPR.

HelpNetSecurity

 

« UK Security Agencies Say Mass Internet Spying Is Crucial
Candidate Trump Supports Russian ‘cyber warfare’ Against US »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Simplilearn

Simplilearn

Simplilearn is the world's #1 online bootcamp for digital skills training in disciplines such as Cyber Security, Cloud Computing, Project Management, Digital Marketing, and Data Science.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

Couno

Couno

Couno is a trusted provider of IT support services throughout the UK and Europe.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.