Belgian encryption backdoor law
In June 2021, the Belgian government proposed a draft law called "Law on the collection and storage of identification, traffic and location data in the electronic communications sector and their access by the authorities", or short, "the Data Retention Legislation". This draft included a passage that would have forced companies such as WhatsApp and Signal to decrypt their encrypted chats upon request by the authorities for criminal investigation.
This law would have been the worst in Europe, worse than the Snoopers' Charter in the UK or the EARN IT bill in the USA.
Public protest against Belgian law
Thus, the Belgian government did not have to wait long for the public outcry: Belgian intellectuals like Professor Bart Preneel said that "by putting a backdoor into Whatsapp, you would make it less safe for everyone".
The main criticism was that it is simply impossible to rule out that a backdoor - once it is built - is abused by criminals or undemocratic regimes. A lowering of the security level would immediately affect all users - and not just those who are the subject of a judicial investigation.
We at Tutanota supported the public protest by sending an open letter written by the Global Encryption Coalition together with more than 100 security experts, NGOs and companies to the Belgian government explaining the importance of encryption:
"End-to-end encryption keeps Belgium safe."
"Encryption protects everyday activities, like handling bank accounts online, securing confidential data like salary slips or tax information, and communicating with your friends and family. End-to-end encryption also protects vulnerable communities and professions where private communications are essential, such as for journalists, lawyers, and medical professionals."
"The Belgian government is considering new legislation, the most dangerous being considered among European Union Member States, that would undermine the security and privacy provided by end-to-end encryption."
The proposed law "would require operators of encrypted systems to enable law enforcement to be able to access on request content produced by specific users after a specified date in the future. That is, they would have to be able to “turn off” encryption for specific users. There is no way to simply “turn off” encryption; providers would need to create a new delivery system and send targeted users into that separate delivery system. Not only would this require significant technical changes, but it would thereby break the promises of confidentiality and privacy of end-to-end encrypted communications services."
The proposed law would have undermined security and privacy for all users. For us and for many others, this proposal was inherently flawed and had to be fought tooth and nail.
Belgian government removes 'decryption requirement'
Consequently, you will not be surprised to hear how happy we were when the news made the round that we won!
The public outcry against the Belgian draft law was so strong that politicians within the government itself changed their course. Finally, the proposed passage that would have forced companies to decrypt encrypted data upon request by the authorities got removed from the draft law.
At the Federal Council of Ministers last Friday, the government approved a reworked version of the law, in which the backdoor requirement was dropped entirely.
Instead, the text now states: "To promote digital security, the use of encryption is free."
Encryption is gaining support
As we enter what we call the 'privacy era on the internet', encryption is gaining support - also among politicians.
We have noticed the same here in Germany where the new government has written down the 'right to encryption' into their coalition contract.
This is great news for everyone fighting for privacy online.
While the crypto wars are raging globally, we now have a chance that Europe is changing its direction by supporting and upholding strong encryption for all citizens.
Let's keep fighting for privacy together!