Security and Trust: An Unsolvable Digital Dilemma?

The EU Commission plans to present a new European Internal Security Strategy on April 1 and a Digital Networks Act by the end of the year. Increased data storage and mandatory access to encrypted content could be on the agenda. "We need an approach that protects fundamental rights instead of undermining them," emphasises cep data protection expert Anja Hoffmann, who wrote the cepAdhoc together with the two cep digital experts Philipp Eckhardt and Anselm Küsters. With its new strategy, the EU is facing a fundamental decision: How can law enforcement agencies be equipped with the necessary tools to fight crime without generally jeopardising the security of devices or communications?

The debate has become explosive due to the current dispute between the USA and the UK. The British government is demanding that Apple provide a backdoor to the iCloud to allow investigating authorities access to encrypted data. Eckhardt sees parallels with the EU debate: "We must prevent the new security strategy from becoming a gateway for global surveillance." Technology companies such as Meta, WhatsApp and Signal are already under pressure to grant investigators access to encrypted messages.

"Once you install a backdoor, you lose control over who uses it," says Küsters. Chinese hackers were recently able to access sensitive data through a vulnerability in US telecommunications networks - a direct consequence of the infrastructure there. Instead, Küsters advocates a strategy of "security by design", i.e. designing systems securely from the outset, and the increased use of metadata analyses and platform cooperation as viable alternatives to mass surveillance.