European Privacy Directive: Encryption Without Backdoors

Uploaded on 2016-08-10 in INTELLIGENCE--Europe, FREE TO VIEW, BUSINESS-Services-Law

“The confidentiality of online communications by individuals and businesses is essential for the functioning of modern societies and economies. The EU rules designed to protect privacy in electronic communications need to reflect the world that exists today,” European Data Protection Supervisor (EDPS) Giovanni Buttarelli opined after reviewing a new proposal on the ePrivacy Directive.

The existing ePrivacy Directive is currently under revision. The European Commission is collecting feedback on the proposal, and should prepare a new, updated version of the legislation by the end of 2016. One of the purposes of the EDPS is to advise EU institutions on policies and legislation that affect privacy.

In his opinion, the EDPS says that the scope of new ePrivacy rules needs to be broad enough to cover all forms of electronic communications irrespective of network or service used, not only those offered by traditional telephone companies and internet service providers. Individuals must be afforded the same level of protection for all types of communication such as telephone, Voice over IP services, mobile phone messaging app, Internet of Things (machine to machine).

The updated rules should also ensure that the confidentiality of users is protected on all publicly accessible networks, including Wi-Fi services in hotels, coffee shops, shops, airports and networks offered by hospitals to patients, universities to students, and hotspots created by public administrations.

Any interference with the right to confidentiality of communications is contrary to the European Charter of Fundamental Rights.

No communications should be subject to unlawful tracking and monitoring without freely given consent, whether by cookies, device-fingerprinting, or other technological means. Users must also have user-friendly and effective mechanisms to give, or not give, their consent. In order to better protect the confidentiality and security of electronic communications, the current consent requirement for traffic and location data must be strengthened.

The existing rules in the ePrivacy Directive protecting against unsolicited communications, such as advertising or promotional messages, should be updated and strengthened and require prior consent of the recipients for all forms of unsolicited electronic communications.

The new rules should also clearly allow users to use end-to-end encryption (without “backdoors”) to protect their electronic communications. Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.

A new provision for organisations to periodically disclose aggregate numbers indicating EU and non-EU law enforcement or government requests for information would offer some welcome transparency in the sensitive, complex and often contentious area of government access to communications.

The new rules should complement, and where necessary, specify the protections available under the General Data Protection Regulation (GDPR). They should also maintain the existing, higher level of protection in those instances where the ePrivacy Directive offers more specific safeguards than in the GDPR.

HelpNetSecurity

 

« UK Security Agencies Say Mass Internet Spying Is Crucial
Candidate Trump Supports Russian ‘cyber warfare’ Against US »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Open Information Security Foundation (OISF)

Open Information Security Foundation (OISF)

OISF is a non-profit organization led by world-class security experts, programmers, and others dedicated to open source security technologies.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Delta Partners

Delta Partners

Delta Partners is a venture capital firm investing in Ireland and the United Kingdom with a strong focus on early stage technology companies.