European Court of Human Rights bans weakening of secure end-to-end encryption

For a better understanding: The Court held (in the circumstances of this case) that a legal obligation to decrypt E2E communications is a disproportionate interference with the right to privacy. The law in question specifically obligated messengers such as Telegram to hand over communications alongside the &quot;information necessary to decrypt electronic messages if they were encrypted&quot;.<p>To come to that conclusion, it referred to the wide-scale impact such a weakening of E2E through backdoors would have and referred to &quot;calls for alternative &#x27;solutions to decryption without weakening the protective mechanisms, both in legislation and through continuous technical evolution.&#x27;&quot; Looking at the cited material, these include traditional policing, undercover operations, metadata analysis, international police cooperation, live forensics on seized devices, guessing or obtaining private keys held by parties to the communication, using vulnerabilities in the target’s software or sending an implant to targeted devices.<p>While a ruling on a specific case (and law), the Court seems quite skeptical towards any &quot;requirement that providers of such services weaken the encryption mechanism for all users&quot;. If I were the UK government, I would be quite worried that the UK Online Safety Bill will be overturned by domestic courts (or the European Court) on the basis of this ruling.<p>(It should be noted that, although the backdooring of E2E was considered to go beyond how the right to privacy may legitimately be restricted, the right to privacy is a so-called derogable right, i.e. a government can, upon declaration of a state of emergency, derogate from the right insofar that is necessary to address an emergency &quot;threatening the life of the nation&quot; (Art 15 ECHR))<p>Relevant paragraphs are paras 76-80 here: <a href="https:&#x2F;&#x2F;hudoc.echr.coe.int&#x2F;eng&#x2F;#{%22itemid%22:[%22001-230854%22]" rel="nofollow">https:&#x2F;&#x2F;hudoc.echr.coe.int&#x2F;eng&#x2F;#{%22itemid%22:[%22001-230854...</a>}

I am a bit confused. The article seems fairly political, quoting some promotional text by the pirate party and not describing what case was brought in front of a judge and what the ruling bans specifically, so I clicked through to the actual court case linked at the bottom.<p>It has nothing to do with the pirate party or chatcontrol or any such thing. The court case was one person against the Russian government for fining Telegram when they didn&#x27;t hand over plain text chat messages, if I&#x27;m skimming the initial facts section correctly. The whole article doesn&#x27;t even contain the word russia. What is the article reporting on and why does it portray it as being related to the recent chatcontrol legislation?!<p>Edit: found the decision<p>&gt; 80. The Court concludes from the foregoing that the contested legislation providing for the retention of all Internet communications of all users, the security services’ direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society.<p>&gt; 81. There has accordingly been a violation of Article 8 [privacy] of the Convention [of human rights]<p>Sounds like you can indeed extend that to any other encryption-circumventing law, like chatcontrol, but without considering the specific circumstances that were present in this Russian law, I&#x27;m not sure that it will be accurate. Note, for example, the wording in paragraph 80 &quot;without adequate safeguards against abuse&quot;. Maybe chatcontrol had those, if that had been brought in front of the same judges

It&#x27;s nice to know this also applies to the UK even after Brexit (still a member of the ECHR).

Man, Europe is really setting an example lately for how it&#x27;s possible to roll out sensible technology regulations.

Honestly, after so many things turning into &quot;they&#x27;ll just come back and try again in two years&quot;, it&#x27;s a little reassuring to see some longer term roadblocks being put in place against these anti-E2EE proposals.

Europe has done something that I actually love.<p>I was worried the &quot;let&#x27;s think of the children&quot; narrative would take over.<p>The value of encryption has a future in Europe at least.

There&#x27;s a degree of push&#x2F;pull on government and industry as far as encryption is concerned. Government shouldn&#x27;t be injecting vulnerabilities into algos but they also need a way to read messages from criminals and terrorists. Industry wants some way for customers to feel safe using their product to message or whatever their (legal) use case.<p>Without some local pressure, this cedes encryption commercialization to the US. Sure academics will still love their novel algos but until someone can make money from them, they&#x27;ll sit in papers, ready for the enterprising american dev to turn into the next big encrypted chat app that is more secure than Signal or something like that.

Nice. I can imagine certain ISPs (that I will not shame by name) won&#x27;t be very happy right now. This really throws a wrench in some proxy models.<p>Good riddance.

The article is semi-garbage (politics aside it is a badly written&#x2F;biased article).<p>Better read the decision.<p><a href="https:&#x2F;&#x2F;hudoc.echr.coe.int&#x2F;eng&#x2F;#{%22itemid%22:[%22001-230854%22]" rel="nofollow">https:&#x2F;&#x2F;hudoc.echr.coe.int&#x2F;eng&#x2F;#{%22itemid%22:[%22001-230854...</a>}<p>CASE OF PODCHASOV v. RUSSIA<p>(Application no. 33696&#x2F;19)

Excellent news.<p>The European Court of Human Rights ... the court our idiotic UK gvoernment are trying to paint with the same brush they painted the EU.

I realise the article contains the same typo, but the title is bugging me – it needs a space between &quot;end&quot; and &quot;encryption&quot;. &quot;Endencryption&quot; is not a word.<p>@dang ?

They also ruled a while ago on site blocking, which has at least been tested in the Mexican supreme court[0]<p>translated via google &quot;As the United Nations Human Rights Council has stated, blocking an Internet page implies any measure taken to prevent certain online content from reaching an end user. In this regard, it must be taken into account that restrictions on the human right of freedom of expression should not be excessively broad, on the contrary, they should refer to specific content; Hence, generic prohibitions on the operation of certain websites and web systems, such as blocking, are incompatible with the human right of freedom of expression, except in truly exceptional situations, which could arise when the contents of an Internet page are translate into prohibited expressions, that is, classified as crimes in accordance with international criminal law, among which the following stand out: (I) incitement to terrorism; (II) the advocacy of national, racial or religious hatred that constitutes incitement to discrimination, hostility or violence - dissemination of &quot;hate speech&quot; on the Internet; (III) direct and public incitement to commit genocide; and (IV) child pornography. Likewise, the exceptional situation regarding the prohibition of generic restrictions on the right of expression could also be generated when the entire contents of a web page are illegal, which logically could lead to its blocking, as it is limited only to hosting expressions that are not permissible by law. the legal framework.&quot;<p>[0] <a href="https:&#x2F;&#x2F;vlex.com.mx&#x2F;vid&#x2F;tesis-aisladas-683012725" rel="nofollow">https:&#x2F;&#x2F;vlex.com.mx&#x2F;vid&#x2F;tesis-aisladas-683012725</a>

Weakening of secure end-to-end encryption means the encryption is worthless.

this is a HUGE win and could very much help set precedent across the globe (looking at our congress specifically, USA). Still more hurdles to jump over but a great step in the right direction

Good news

What the hell is wrong with our democratic values to begin with? Why do we need high court decisions for these insane ideas of making a better world. Are these people infected by some corporate lobby or what is it why they cannot think in favour of human kind. I cannot phantom this.

Reminder that the European Court of Human Rights, although very powerful and influential, does not have the authority to force anyone to abide by their rulings.<p>Also, here&#x27;s a better article: <a href="https:&#x2F;&#x2F;fortune.com&#x2F;2024&#x2F;02&#x2F;13&#x2F;end-to-end-encryption-russia-telegram-european-court-of-human-rights&#x2F;" rel="nofollow">https:&#x2F;&#x2F;fortune.com&#x2F;2024&#x2F;02&#x2F;13&#x2F;end-to-end-encryption-russia-...</a>

Is there an exception for emergency purposes?

A &quot;Court of Human Rights&quot; that counts Azerbaijan as a member is not a court that should be taken seriously.

This article doesn’t actually contain any information that backs up the title, or if the title is true at all.<p>There’s a quote from some party member who doesn’t seem directly involved, and almost no information about the actual case &#x2F; ruling.

&gt; The judgement cites using vulnerabilities in the target’s software or sending an implant to targeted devices as examples [of legitimate ways to defeat E2E encryption].<p>That looks like a bad judgement, to me; exploiting vulnerabilities, or using implants, is generally some kind of criminal hacking. So the court seems to be saying that&#x27;s not OK, unless you&#x27;re a government. I.e., governments don&#x27;t have to obey the law.<p>There are quite a few EU governments that would prefer not to have to comply with the law. Every EU government gets to plant a judge on the ECHR bench.