Don’t restrict encryption before alternatives have been explored, says advisory council
The Dutch cabinet should explore alternative regulatory avenues for access to encrypted data, according to its chief advisory council for cyber security. The advice is very interesting for a number of reasons.
Firstly, it is good to know that the Cybersecurity Raad (CSR) is the cabinet’s most important advisory body concerning cyber security. Council members have earned a solid reputation in the subject matter, each from their own area of expertise. The council is built from a diverse representation, with contributions from both the public and private sector. The Cybersecurity Raad therefore has an esteemed representation of the police forces, the General Intelligence and Security Service (AIVD), the anti-terrorism coordinator (NCTV) and the Ministry of Defence. These happen to be institutions that not only benefit from the widespread use of encryption, but also experience its downside. And yet they say: consider the alternatives and do not restrict encryption.
Hardly rocket science
Secondly, some of the alternatives sketched out are surprisingly simple. For example, it is no generally knowledge about what data companies keep and store. The council further concludes that companies and similar institutions do not quickly or fully respond to claims for disclosure (sometimes it takes months). The council sees plenty of room for improvement. The government should revert to legal proceedings to force a handover of data. The law should be changed where necessary and elsewhere we should strive for better cooperation. All this is easier said than done, but neither is it rocket science.
The advice in a nutshell: the cabinet should broaden its horizon and not merely focus on the drawbacks of encryption.
With a broad perspective
The cabinet should widen its perspective, is what the advice boils down to. Do not focus solely on the authority to tap phone and internet traffic, the council claims. That investigative tool is no longer as effective, but there are plenty of alternatives. The cabinet should instead focus on the totality of available information and privileges, and use these to the full. This is also what we have been saying for a while. Encryption was made possible through technical developments. These very same developments are responsible for the wholesale and detailed recordings of our daily lives. This makes the job of investigative institutions and secret services often a lot easier. And although it is not an identical alternative, it should be evaluated in the discussion and deliberations.
“Surely everybody agrees that limiting encryption is a bad idea”. This is how Bits of Freedom and dozens of others in 2021 joined forces to urge the cabinet to encourage all forms of encryption. Among the signatories are organizations who champion the rights of consumers or children, companies that maintain the Dutch digital infrastructure, the experts who keep it safe, and human rights organisations. And less than two months ago an overwhelming parliament majority backed a motion calling on the cabinet to safeguard end-to-end encryption. This is three quarters of the coalition parties’ seats, including the liberal Right (VVD). All this is a clear signal to the cabinet and especially to the minister of Justice.