Proposed amendment 116 by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (Libe) calls for the providers of electronic communications services to ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data.
The amendment also calls for the confidentiality and safety of the transmission to be guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.
“Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited,” the amendment reads.
The amendment goes on to state that: “Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”
The Libe committee proposals come just days after Theresa May vowed tougher action on tech companies applying encryption. In particular, the amendment will pose a challenge to the UK government’s aim of keeping UK privacy and data protection laws consistent with EU laws to ensure the free flow of data after Brexit.
The UK government may have to rethink its stance, despite the Conservatives’ election promises that terrorists should have no “safe space” to conspire online.
If passed, amendment 116 would put EU law at odds with leaked Conservative plans to require telecommunications operators to provide real-time access to named individuals’ data through regulations on technical capabilities notices (TCNs) under the controversial Investigatory Powers Act (IP Act).
In terms of the IP Act, TCNs can be used to order companies with more than 10,000 UK users to adapt their technology to enable interception and metadata collection.
The IP Act currently also requires companies to remove “electronic protection”, where possible, when requested by the government.