Creating a backdoor to end-to-end encrypted messaging services like Telegram and Signal would erode freedom of expression and open up innocent users to hackers, identity thieves and indiscriminate state surveillance, says the European Court of Human Rights.
In a Feb. 13 judgment , the court ruled in favor of Telegram user Anton Podchasov, who went up against his government in 2018 after it demanded Telegram decrypt messages that were sent using its encrypted “secret chat” function.
The court judged that while criminals may use end-to-end encryption (E2EE) to avoid law enforcement, providing encryption backdoors would put innocent, regular users at risk while eroding their rights to freedom of expression, thus violating the European Convention on Human Rights.
It argued that encryption backdoors would “affect everyone indiscriminately,” including those posing no threat to governments, and would make it possible for “routine, general and indiscriminate surveillance of personal electronic communications.”
“Technical solutions for securing and protecting the privacy of electronic communications, including measures for encryption, contribute to ensuring the enjoyment of other fundamental rights, such as freedom of expression,” the court added.
The court argued there are other ways to monitor encrypted communications that wouldn’t require an encryption backdoor, such as gaining access to the communication devices.
“The ruling is a landmark judgment,” Christoph Schmon, the international policy director at non-profit digital rights group Electronic Frontier Foundation (EFF) told Cointelegraph.
“EFF has long maintained that encryption is essential for protecting users’ privacy and freedom of expression and that weakening it risks general surveillance of all users,” he added.
Schmon claimed the ruling counters efforts within the European Union and the United Kingdom “to weaken encryption, which aim to allow access and scanning of our private messages and pictures.”
Podchasov first filed a lawsuit against his country’s government in 2018, saying a requirement made by his government for Telegram to turn over messaging logs of users it suspected of terrorism would open it up to decrypting all user communications, breaching European Human Rights conventions.
Telegram had refused the requirement, saying it was impossible without a backdoor that would weaken encryption for all users. In turn, the country then blocked access to Telegram in April 2018.
Podchasov’s lawsuit saw multiple appeals and reached the country’s supreme court, which struck it down, ultimately ending up at the European Court of Human Rights.
Related: Chelsea Manning and Nym co-founder say privacy tech must be decentralized
In its latest ruling, the court found that the country violated Article 8 of the European Convention on Human Rights, which states that “everyone has the right to respect for his private and family life, his home and his correspondence.”
Judging in favor of Podchasov, Europe’s court said the requirement to decrypt E2EE communications “cannot be regarded as necessary in a democratic society,” and its laws permitting access to communications without safeguards impair rights and “overstepped any acceptable margin of appreciation in this regard.”
Magazine: Outrage that ChatGPT won’t say slurs, Q* ‘breaks encryption,’ 99% fake web:AI Eye