Translated Article: The Terrorist Attack is followed by an EU Ban on Encryption
Auf den Terroranschlag folgt EU-Verschlüsselungsverbot by Erich Moechel for fm4.ORF.at
In the EU Council of Ministers, a resolution was made ready within five days, obliging platform operators such as WhatsApp, Signal and Co to create master keys for monitoring E2E-encrypted chats and messages.
The terrorist attack in Vienna is used in the EU Council of Ministers to enforce a ban on secure encryption for services such as WhatsApp, Signal and many others in a fast track procedure. This emerges from an internal document dated November 6th from the German Presidency to the delegations of the member states in the Council, which ORF.at has received.
This should now be understood as the “further steps against terrorism” that French President Emmanuel Macron wants to discuss with Federal Chancellor Sebastian Kurz (ÖVP) in a video conference at the beginning of the week. The resolution has already been agreed on to such an extent that it can be passed in the video conference of the interior and justice ministers at the beginning of December without further discussion.
Analogies to data retention
Macron’s visit, originally planned for the beginning of next week, turned into a video conference “to fight Islamist terrorism” due to the pandemic. In addition, the EU Council President Charles Michel is due to visit Vienna on Monday, who will also hold talks with Chancellor Kurz. And European Minister Karoline Edtstadler (ÖVP) welcomes the French Secretary of State for Europe, Clement Beaune, to the Federal Chancellery. Of course, this is not all just about expressing condolences.
In the meantime it is becoming increasingly clear that apparently hair-raising investigative errors in the BVT made the attack possible in the first place and not a lack of digital surveillance powers. However, whether there is any such connection to the act is irrelevant. In Brussels such events have been abused for 25 years with disdainful regularity to implement surveillance projects that have been planned for a long time. In this way, the data retention, which had been controversial in the EU for five years, was pushed through the Council of Ministers and Parliament after the train attacks in Madrid (2004) and London by Islamists (2005).
Passing without further discussion
According to the document – where final objections are requested – this resolution of the Council of Ministers is not only almost completely formulated. It has evidently already been voted on in the Council. On November 19, it is to be adopted by the Council Working Group on Cooperation in the National Security Sector (COSI), and on 25th it is planned to be presented to the Council of Permanent Representatives of the EU Member States (COREPER). There the council resolution already has the status of an I-item, so it can pass without further discussion.
The decision will then be celebrated in a virtual meeting of the Council of Interior and Justice Ministers planned for the beginning of December. What will follow is clear, namely an order from the Council of Ministers to the EU Commission to draw up a draft regulation, which will then go through the usual procedure by Parliament and the Council. In view of the apparent unanimity, however, it would be possible in the Council of Ministers to implement the planned regulation in its core even without the involvement of Parliament. That has already happened in connection with surveillance. The famous decision in the Council’s Fisheries Committee of 1995 on the monitorability of the then new GSM networks was carried through as an A-Item (decided matter), of which the EU Parliament only became aware after it came into force in 1996.
Driving forces in the background
France has already been promoting the action originally initiated by Great Britain against secure encryption on platforms such as WhatsApp at EU level throughout the year. The ground for this has been prepared since 2015 in a whole series of campaigns that were run alternately by Europol and FBI or the services of the “Five Eyes” espionage alliance and the responsible ministers. It was only at the beginning of October that the interior ministers of these five countries – Great Britain, USA, Australia, New Zealand and Canada – asked the Internet companies again to equip their IT networks with back doors for law enforcement officers.
They were seconded by their counterparts in Japan and India. Why the secret service alliance has so conspicuously worried about the unfortunate prosecutors for years is actually self-explanatory. They are the remaining “Competent Authorities” that will also be granted access.
“Competent Authorities” send their regards
According to further information available to ORF.at, the monitoring method “Exceptional Access” should be selected, which is already indirectly apparent from this non-technical resolution text. From eight possible model proposals, all of which stem from technical scenarios from various secret services, the one from the British “National Cyber Security Center” (NCSC) was selected . The NCSC is a division of the British military intelligence service GCHQ. Platform operators such as WhatsApp, Signal and Co, who all use E2E encryption, should be obliged to create and store additional master keys.
These are the “competent authorities”: GCHQ, DGSE, BND, etc. whose vacuum cleaner methods on the glass fibers bring in less and less processable data due to increasing transport encryption. In order to avert this threatening data poverty, general keys have now been requested and it looks like this will also be approved in the council. Then the BVT, which does not even manage to eliminate a terrorist who had been handed to them twice by two other services on a silver platter, will be able to not investigate future chat histories for weeks.