press release

[Desiree Miloshevic]

pozdrav

detalji o jako losim najavljenim smernicama u EU.

Subject: Leak: EU Commission announces an #EuGoingDark implementation roadmap to reintroduce data retention and break encryption

PRESS RELEASE

BRUSSELS, 12/06/2024

Leak: EU Commission announces an #EuGoingDark implementation roadmap
to reintroduce data retention and break encryption

According to leaked minutes [1] of a meeting of the Standing Committee on Operational Cooperation on Internal Security (COSI) from 30 May 2024, the EU Commission will produce conclusions and a roadmap on implementing the so-called #EuGoingDark plan. Tomorrow EU interior ministers will meet to non-publicly discuss the plan.
“Both the European Parliament and the public are to be confronted with extreme decisions already taken behind closed doors”, warns the Pirate Party MEP Patrick Breyer. “This extreme surveillance plan must not become a reality, if only because it has been cooked up by a completely one-sided secret group of surveillance fanatics working without any real transparency or democratic legitimacy.
Anyone who attacks our right to secure encryption is not only attacking our legally guaranteed right to privacy but also European businesses that rely on it. Forcing access to encrypted smartphones used ‘exclusively for criminal purposes’ would render our smartphones generally accessible and insecure. The planned internet data retention threatens to destroy our right to anonymity online, which enables crime prevention through anonymous counseling and pastoral care, victim support through anonymous self-help forums, and also investigative journalism, which often relies on anonymous whistleblowers.”
That plan consists of 42 Recommendations [2] of the High-Level Group on Access to Data for Effective Law Enforcement (HLG) [3] and summarizes key points such as "access by design", the "principle of ‘security through encryption and security despite encryption", "access to data in readable format", "accessing content data despite encryption" and "the need for law enforcement to have access to data en clair." From the recommendations:
22. Developing a technology roadmap (…), in order to implement lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity (…)

26. Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users (…)

27. Establishing a harmonised EU regime on data retention with the following features: (…)

32. Considering setting obligations on service providers to turn on or turn off certain functions in their services to obtain certain information after receiving a warrant (for example storing geolocation of a specific user after s/he is targeted by a lawful request).

34. Harmonising at EU level criminal law measures to enforce cooperation, including imprisonment. The same should apply to non-cooperative hosting providers

Recommendations are no basis for political work

Outgoing Pirate Party MEP Patrick Breyer, who did not run for re-election, has warned that the #EuGoingDark plan must not be a basis for any political work [4] due to its intransparent and illegitimate work methods and composition. The Commission has still not answered his question on why the High Level Group's transparency rules were secretly curtailed retrospectively [5]. In February 2024 Pirate Members of the previous European Parliament have called for an end of the HLG [6]. The EDRi network criticizes the lack of transparency and criticizes the lack of transparency and one-sided composition of the group and refres to evidence gaps in “Going Dark” group proposal for access to data for law enforcement [7]. EDRi and other digital rights NGOs were not allowed to joint meetings of the group. VPN provider Mullvad has revealed that "a former FBI employee" was present at a meeting in November 2023 [8].

“Going Dark” is a myth

Patrick Breyer, referring to studies [9], states [10] that the notion of “Going Dark” refers to the phenomena that “criminals can commit crimes in ways that law enforcement cannot detect and intercept.” This is a myth created by US intelligence agencies. In truth authorities have never had access to information on our private lives as comprehensive and all-encompassing as in today’s digital era.
Instead of concentrating on repeatedly successful means of targeted investigations that focus on suspects and perpetrators, the EU member state governments try to interfere with the Internet and the Rule of Law in a way that threatens everybody’s privacy and fundamental rights. Alternatives, amongst others, a democratic improvement of policing through better trained and equipped personnel and better child protection through more competent and better equipped authorities are not considered. Legislation has already been expanded with the new Electronic evidence regulation, providing yet another tool for law enforcement.
For more background information see Patrick Breyer's articles [11] and #EuGoingDark on Social Media.
[1] DE: https://netzpolitik.org/2024/going-dark-eu-staaten-wollen-zugriff-auf-verschluesselte-daten-und-mehr-ueberwachung/#dokument

[2] https://home-affairs.ec.europa.eu/document/download/1105a0ef-535c-44a7-a6d4-a8478fce1d29_en?filename=Recommendations%20of%20the%20HLG%20on%20Access%20to%20Data%20for%20Effective%20Law %20Enforcement_en.pdf

[3] https://home-affairs.ec.europa.eu/networks/high-level-group-hlg-access-data-effective-law-enforcement_en

[4] DE: https://www.patrick-breyer.de/beitraege/draft-going-dark-uberwachungsschmiede/#warum-ist-eugoingdark-ein-problem

[5] https://www.europarl.europa.eu/doceo/document/E-9-2024-001335_EN.html
https://edri.org/?s=going+dark

[6] https://european-pirateparty.eu/data-retention-going-dark-consultation/

[7] https://european-pirateparty.eu/data-retention-going-dark-consultation/

[8] https://mullvad.net/en/why-privacy-matters/going-dark

[9] https://cyber.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf

https://repository.wodc.nl/bitstream/handle/20.500.12832/3258/3218-rol-encryptie-in-opsporing-volledige-tekst.pdf?sequence=1&isAllowed=y

[10] https://www.patrick-breyer.de/en/leak-data-retention-and-encryption-eu-governments-going-dark-program-to-attack-citizens-rights-with-pr/

[11] https://www.patrick-breyer.de/tag/going-dark/

--
Dr. Patrick Breyer
Member of the European Parliament for the German Pirate Party
E-Mail: eur...@patrick-breyer.de (team mailbox)