- 60+ groups urge governments to protect encryption
- Signatories warn that backdoors create systemic security risks
- The commitment comes at a time when encryption is under constant scrutiny
A total of 61 organizations from across the tech industry and privacy world have signed a new global declaration calling on governments to protect strong encryption.
The statement, shared by ACT (The App Association), notes that weakening encrypted services threatens both security and the digital economy.
The letter arrives amid increasing political pressure against encrypted communications worldwide, particularly in the EU, where the debate surrounding the Chat Control bill continues to intensify.
Various proposals for encryption backdoors introduce an additional element of vulnerability, experts warn, and there is no way to ensure that these vulnerabilities will not be exploited later.
Among the signatories is the VPN Trust Initiative, which is a consortium representing many of the top VPN providers. VPNs have also been targeted by some governments as part of these recent efforts.
“Strong encryption is essential”
The global declaration highlights how important encryption is in so many aspects of our digital lives.
The letter notes that encryption “protects user privacy, protects sensitive data and enables trust.” All of these are referred to as “the foundation of commerce, communication and innovation.”
Without encryption, users are much less likely to use various apps with full confidence. Knowing that your data or your private conversations may be subject to surveillance or data leakage means that many of the more privacy-conscious users may be left without secure options for communication.
The letter notes that undermining encryption through things like backdoors or key escrow systems undermines user trust in various digital services. It also affects the digital economy and small businesses.
More than that, it introduces systemic vulnerabilities – it’s inevitable. You can’t create a bug in the system and only let law enforcement use it; cybercriminals are very likely to find their way in as well.
The coalition recognizes that governments and national security agencies need to be able to access evidence and fight crime, but notes that it should be done in ways that “do not compromise the security and privacy of billions of consumers and business users.”
Signatories include some of the largest organizations across technology and data protection, including the VPN Trust Initiative (VTI). Led by founding members such as ExpressVPN, NordVPN and VyprVPN, this organization sets industry standards for VPN providers.
Encrypted data is at constant risk
The call to protect encryption lands against a backdrop of governments’ attempts to gain access to encrypted data. This is particularly prevalent in the EU, where several recent proposals have raised alarm among privacy experts.
The European Commission presented a new roadmap in June this year that seeks to establish a way for law enforcement to access citizens’ private data by 2030.
In the past, end-to-end encryption was highlighted as “the biggest technical challenge”, and tools such as VPN services and encrypted chat apps were both seen as a threat to effective investigative work.
European lawmakers are also pushing the Chat Control proposal, which could introduce client-side scanning. This would involve scanning private chats on the device before it is ever encrypted. The latest Chat Control proposal has now received broad support from EU lawmakers and has reportedly moved to the next legislative step.
Not all law enforcement representatives agree with this. James A. Baker, former general counsel for the US Federal Bureau of Investigation, said: “Encryption is essential for law enforcement to protect society.” He also referred to client-side scanning as a “fundamentally bad idea.”
