ENDitorial: Progress for encryption & rule of law
In times of crisis, it appears that critical, evidence-based policymaking goes out the window in favour of direct emotional reassurance. This became apparent after the 9/11, Madrid and Charlie Hebdo attacks, and once again after the Paris attacks of November 2015. Regrettably, it is as if political judgement is impaired after such events, with proposals being made that would be unlikely to see the light of day under normal circumstances. In the search for easy and immediate solutions, online communication is often treated as a convenient scapegoat. And indeed both the European Parliament and the Commission have responded with troubling statements on encryption and the duties of private online intermediaries. Now that some time has passed, however, the EU is stepping back from the most extreme examples of this panic-driven policy.
Recurring elements in the EU’s response to the Paris attacks have been the privatisation of online law enforcement and the undermining of encryption technology. This is most directly visible in the European Parliament’s report on ‘the prevention of radicalisation and recruitment of European citizens by terrorist organisations’. After Paris, it was amended to express concern over the use of encryption, calling on the Commission to ‘address these concerns in its dialogue with internet and IT companies’ – regardless of the fact that the Paris attackers did not use any encryption. The report also emphasises the ‘legal responsibility’ of online service providers in deleting extremist content, and threatens non-cooperative companies with the risk of criminal liability. These measures are not based on tangible evidence and create very real threats to privacy, security and the rule of law.
Now that some of the dust surrounding ‘Paris’ has settled, this chaotic approach to anti-terrorist measures appears to be losing steam. Just before Christmas, Commission Vice-President Andrus Ansip came out strongly in favour of encryption. At an event organised by the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE), he stated that a high level of encryption was ‘an essential tool for security and trust on open networks’ and that ‘People must be 100% sure that nobody can interfere with this’. Similarly, the European Parliament also took a more moderate stance in their report ‘Towards a Digital Single Market’. This report restates the central importance of limited liability for online services, and specifically warns against the ‘privatisation’ of law enforcement – a first in EU standard-setting which EDRi has campaigned for over many years.
These minor victories suggest that the post-Paris panic is losing its sway on European politics. However, the EU has not yet fully come to its senses. The Digital Single Market report contains many disappointing provisions, including repeated emphases on the unclear role of intermediaries in regulating citizens’ online speech. Furthermore, we still see overwhelming support for the EU PNR Directive, despite a complete lack of evidence of effectiveness, despite its cost and despite the fact that it is likely to be illegal. We can only hope that the pendulum of political sentiment continues to swing from reactionary panic to deliberate, evidence-based policymaking, with people elected as political leaders finally showing political leadership.
Techdirt: After Endless Demonization Of Encryption, Police Find Paris Attackers Coordinated Via Unencrypted SMS (18.10.2015)
Andrus Ansip, Statement before the European Parliaments LIBE Committee (08.10.2015)
European Parliament, Report on Prevention of radicalisation and recruitment of European citizens by terrorist organisations (25.11.2015)
European Parliament, Report on Towards a Single Digital Market (19.01.16)
Joe McNamee (EDRi), Paris attack: Imagine if political leaders were leaders (14.01.2015)
(Contribution by Paddy Leersen, Intern at EDRi)