ENISA, Europol Reconcile Positions and Come to Agreement on Encryption


Two agencies that have been on opposite sides of the encryption debate in the European Union have come to an agreement on the importance of encryption and law enforcement access to encrypted communications.

The European Union Information Security Agency (ENISA) has come out strongly against backdoors before, and Europol Chief Rob Wainwright has dismissed encryption in the past as an impediment to terrorism investigations and has criticized Apple Inc., among other tech companies, for the encryption technology they provide to their customers.

In a joint statement, ENISA and Europol called on lawmakers to pass legislation that sets out clear rules that balance law enforcement’s access to encrypted information against privacy.

The statement denounced the idea of introducing mandatory backdoors because, while it would give law enforcement lawful access, “it would also increase the attack surface for malicious abuse, which, consequently, would have much wider implications for society.” Instead, the focus should be on accessing communications without breaking encryption, “by means of live forensics on seized devices or by lawful interception on those devices while still used by suspects,” that could be achieved with undercover operations and infiltration into criminal organizations.

To this end, law enforcement should share best practices among jurisdictions for the circumvention of encryption. When circumventing encryption isn’t possible, legislation and technology evolution need to provide solutions that don’t weaken encryption, according to the statement. 

None of this is possible without cooperation between government, industry and the research community, the statement advised.

ENISA continued its message to member states about the need for both cooperation and cybersecurity legislation at the European Internet Forum May 24, where ENISA’s Head of Stakeholder Relations and Administration, Paulo Empadinhas, highlighted 10 ways that member states can improve their cybersecurity capabilities and comply with the new Network and Information Security (NIS) Directive.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.