A broad coalition of technology companies, civil society organizations and privacy advocates in The Netherlands is deeply concerned about plans by the Minister of Justice to weaken encryption. These parties, including Fox-IT, have joined forces calling on the next cabinet to continue to encourage the development, availability and application of all forms of encryption.
Inge Bryan, Managing Director for NCC Europe, wrote a blog on this topic.
In January 2016, the Dutch government was the first in the European Union to take a position on the use of encryption. Encryption, that ensures content can only be read by the person for whom they are intended, is essentially a technical way of enforcing letter secrecy.
Letter secrecy, the right to personal confidential communication, has been enshrined in our constitution since 1848. It is a great asset that can only be violated by government services, after intervention by a judge, supported by profound reasons. And they have: terrorists, child pornography producers and traffickers and other serious criminals systematically use all available means to keep their actions out of sight from intelligence services and law enforcement officials. The now widespread availability of encrypted means of communication means that crime fighters must constantly find new ways to get to the information they need to do their job: keep us safe.
In order to ensure that investigative services can use means and methods to access the necessary data before it is encrypted, the Computer Crime Act (CCIII) was passed by the Lower House at the end of 2016. In addition to criminalizing online fraud, fencing and grooming, this law regulates the hacking authority for the police. Our intelligence services have had that power for some time. With those powers it is in principle possible to circumvent encryption by obtaining information before or after encryption. Another approach is to break the encryption. This is a complex, time-consuming and expensive activity. Because encryption is becoming more and more advanced, it is also uncertain whether it will work. Another option is to force the provider of the communication service to include a back door in the encryption for investigation and security services. That back door is in fact for telecom and internet: these must be accessible for wiretapping by law in our country, which doesn’t necessarily mean that the tapped information is automatically readible or understandable.
So why don't we want such a back door for messaging services like Whatsapp? Because we have confidence in our legal system and the Dutch investigation and intelligence services that only use this heavy tool proportionally, subsidiary and verifiable, on a legal basis. However, a possible back door in an (international) communication service is available to every state and to any other entity that is beyond our control. That goes far beyond the framework of our democracy. In addition, in order to enforce a "back door obligation", there must be a ban on the use of services without a back door. The government then determines which communication services Dutch citizens and businesses may or may not use. How is that going to be enforced while preserving our free, open society? And how do you prevent criminals from using their own encryption software or switching to providers of communication platforms that operate outside the reach of our government?
In order to propagate and explain the - still prevailing - Dutch government position on encryption, a Dutch government official was sent to the European Parliament in April 2016 to state on behalf of our investigative services that the Dutch government attaches great value to the assets of citizens and companies to secure themselves and therefore encourage the use of encryption and will not ask the communications services for a back door. That official was proud to work for a government that is tech-savvy, forward-thinking and with great respect for fundamental rights. I was that civil servant. Now I work for Fox-IT, where we invent new crypto products and services, because we attach great importance to secure connections for citizens, companies and our government.
We deliver top quality products and are very proud of our work. I am no longer a civil servant, but I am still proud of our government and still wholeheartedly endorse the government position.
On March 4, a spokesperson for the Ministry of Justice and Security confirmed that government circles are working on a method to weaken encryption. Partly on behalf of my new colleagues, I express the hope that this work will focus on the possibilities of circumventing encryption and not weakening it. We hope for a long time to come, with all colleagues in the security sector, private and governmental, to work towards a safe and more secure society for everyone. Strong encryption, so without a back door, is indispensable for this.