The European Commission has announced new plans for extending the powers of European Union security agencies and expanding Europol into “a truly operational police agency”.
Some of these proposals revealed on April 1 have attracted fierce criticisms, with centre-right Finnish MEP Aura Salla on April 2 calling the mandatory introduction of what she called encryption backdoors “worrying”.
The new internal security plans, called ProtectEU, also featured increased sharing of domestic intelligence information between EU member states and bodies, an area national governments previously had zealously guarded.
The EC proposed Europol would “become an EU FBI”, said Alec Muffett, a US software engineer and expert cryptography consultant.
A newly set up Security College would meet regularly, consisting of all 26 European Commissioners and EC President Ursula von der Leyen, to receive threat analyses from the EU member states.
Introducing “any ‘backdoors’ to break encryption or client-side scanning” was a move that “undermines” cybersecurity principles, Salla said.
The EC “has not learned from its previous failed proposal in this area, the CSA Regulation, which remains stalled in the Council and should be withdrawn!”, added the European People’s Party MEP, a former air force sergeant.
The rise of new security threats “demands a change in our mindset”, argued Magnus Brunner, the EU’s Commissioner for Internal Affairs and Migration.
According to a factsheet, the EC’s new proposals ranged from “improved intelligence-sharing by member states with the EU’s Single Intelligence Analysis Capacity”, to making Europol “a truly operational police agency to reinforce support for member states” and exploring the feasibility of “a new EU-wide system to track terrorist financing”.
Much of the planned new strategy “represents an overdue and welcome alignment with [former Finnish] President Sauli Niinistö’s recent report and reflected the “EU’s evolving security landscape”, said Salla.
On October 30, Niinistö had released a report with 80 recommendations. These included enhancing the EU’s co-operation with NATO and civilian co-operation with the military and “preparing for worst-case scenarios” in which “speed is of the essence”.
The proposals for a mandatory back-door in encryption, though, have attracted broad criticism.
“They want to risk your data even more. This is not a drill or an April first joke,” wrote one data privacy campaigner on X.
In February, encrypted messaging service Signal’s president Meredith Whittaker told the RightsCon 25 conference that “Signal’s position on this is very clear – we will not walk back, adulterate, or otherwise perturb the robust privacy and security guarantees that people depend on”.
She spoke after Apple was forced on February 21 to remove iCloud’s end-to-end encryption feature in the UK following a government order to create an encryption backdoor allowing law enforcement access to users’ data.
Sweden was also said to be considering introducing a law requiring all encrypted communications apps to introduce a similar “backdoor”.
“Here we go again,” said Muffett.
Whittaker said Signal would leave jurisdictions including the UK and Sweden rather than weaken its encryptions protections.
Whether “you call it a backdoor, a front door, or ‘upload moderation’, it undermines encryption and creates significant vulnerabilities”, she had written on X in June last year.