ENDitorial: “When crypto is outlawed, only outlaws will have crypto”

By EDRi · September 7, 2016

Fortunately, all terrorists are law-abiding citizens. That must have been what the interior ministers of France and Germany were thinking when they asked on 23 August the European Commission to draft a new law that would require services such as Telegram to cooperate with the decryption of encrypted communications.

In their joint press statement, the French Minister of Interior Bernard Cazeneuve stated that for law enforcement purposes, the conversations people have via apps such as Telegram have to be accessible to the police and secret services.

................................................................. Support our work - make a recurrent donation! .................................................................

The approach of the Minister is perplexing. A day earlier, on 22 August, France’s domestic intelligence chief gave the Financial Times the lay of the land. He explained how countless gigabytes were confiscated following the Paris attacks, and how a big part of that information was encrypted and therefore unreadable. The Financial Times continued stating that many terrorists use WhatsApp and Telegram because those services offer end-to-end encryption. On second thought, it’s easy to see why the French minister would single out Telegram.

Telegram is a pretty clumsy application for those wanting to be completely sure their messages won’t be accessible to anyone but the intended recipient. When you open the app and start a new conversation, it won’t be encrypted by default. The end-to-end encryption only applies when you explicitly choose to start a “Secret Chat”. This means that when someone has an end-to-end encrypted conversation in Telegram, it is not an accident, but a conscious choice.

In a world where terrorists deliberately encrypt their connections, how big is the chance that a terrorist would (continue to) use a service that is known to be insecure? Our guess: as soon as the European Commission introduces legislation forcing services such as Telegram to decrypt secure communications, terrorists will turn to alternative tools. The “solution” offered by the French and German ministers will only work if all the alternative tools to communicate using encryption are outlawed. However, outlawing them would hardly prevent terrorists from using them.

The idea that the way to gain access to terrorists’ communications is by backdooring services such as Telegram, is preposterous. Let’s be clear, the French and German proposal will undermine the security of every single person, under the populist guise of improving security. Or, in the words of cryptographer Phil Zimmerman:

“When crypto is outlawed, only outlaws will have crypto.”

Franco-German initiative on Europe’s interior security (only in French, 23.08.2016)

EDRi: France and Germany: Fighting terrorism by weakening encryption (24.08.2016)

(Contribution by Rejo Zenger and Evelyn Austin, EDRi member Bits of Freedom, the Netherlands)