On 13 February, the European Court of Human Rights issued a ruling (in English, can be found here) stating that encryption should not be undermined for the purpose of fighting crime.

The ruling concerns the requirement set out in a Russian law for all internet communication organisers (“Internet communication organisers“, “ICO”) to claim communications data for a long time and make encrypted communications accessible (“submit those data to law-enforcement authorities or security services in circumstances specified by law, together with information necessary to decrypt electronic messages if they are encrypted“). In practical terms, the law amounts to allowing the government to pry into all communication data of citizens, regardless of whether they are suspected or not [1].

The defendant in this case is messaging company Telegram which takes the following position:

57. The applicant argued that it was technically impossible to provide the authorities with encryption keys associated with specific users of the Telegram messenger application. In order to enable the decryption of end-to-end encrypted communications it would be necessary to weaken the encryption technology used by the Telegram messenger application. However, because these measures could not be limited to specific individuals, they would affect everyone indiscriminately. This argument is based on the submissions by the Telegram company in the domestic proceedings (see paragraph 8 above).

Legal and technical context
Paragraph 28 onwards of the ruling sets out the legal context of the issue, including:

• Report on the right to privacy in the digital age by the Office of the United Nations High Commissioner for Human Rights, published on August 2022 (A/HRC/51/17), mentioned in para 28.
• Appendix of Recommendation by the Committee of Ministers of the Council of Europe on the protection of human rights with regard to social networking services (CM/Rec(2012)4, adopted on 4 April 2012, mentioned in para 29.
• The Council of Europe Parliamentary Assembly Resolution 2045 (2015) on mass surveillance, adopted on 21 April 2015, mentioned in para 30.
• Case law of the European Court, mentioned in paras 31 and 32.
• Statement by Europol and ENISA of 20 May 2016, mentioned in para 33.
• EDPB and EDPS opinion of 28 July 2022, mentioned in para 34.

Technical context is mentioned:

• The European Information Society Institute (EISI) believes that the Russian government’s requirements lead to undermining the security of all service users [2].
• Privacy International has similar comments.

Safeguards
The human rights court then proceeds to assess against the Convention for the Protection of Human Rights and Fundamental Freedoms (‘the convention’) and considers that high requirements must be imposed on the large-scale collection of personal data and on breach of security measures such as encryption:

63. In the context of the collection and processing of personal data, it is essential to have clear, detailed rules governing the scope and application of measures, as well as minimum safeguards concerning, inter alia, duration, storage, usage, access of third parties, procedures for preserving the integrity and confidentiality of data and procedures for their destruction, thus providing sufficient guarantees against the risk of abuse and arbitrariness (…). The domestic law should notably ensure that retained data are relevant and not excessive in relation to the purposes for which they are stored, and preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored. The domestic law must also afford adequate guarantees that retained personal data were efficiently protected from misuse and abuse (…). The core principles of data protection require the retention of data to be proportionate in relation to the purpose of collection and insist on limited periods of storage (…).

64. In the context of secret surveillance, where a power vested in the executive is exercised in secret, the risks of arbitrariness are evident. To meet the requirement of “foreseeability”, the domestic law must be sufficiently clear to give citizens an adequate indication as to the circumstances in which and the conditions on which public authorities are empowered to resort to any such measures. Moreover, since the implementation in practice of measures of secret surveillance of communications is not open to scrutiny by the individuals concerned or the public at large, it would be contrary to the rule of law for the discretion granted to the executive or to a judge to be expressed in terms of an unfettered power. Consequently, the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity to give the individual adequate protection against arbitrary interference (see Roman Zakharov, cited above, §§ 229-30). For a detailed description of safeguards that should be set out in law for it to meet the “quality of law” requirements and to ensure that secret surveillance measures are applied only when “necessary in a democratic society”, see Roman Zakharov, §§ 231-34, and Big Brother Watch and Others, §§ 335-39, both cited above.

65. Lastly, the Court reiterates that confidentiality of communications is an essential element of the right to respect for private life and correspondence, as enshrined in Article 8. Users of telecommunications and Internet services must have a guarantee that their own privacy and freedom of expression will be respected, although such a guarantee cannot be absolute and must yield on occasion to other legitimate imperatives, such as the prevention of disorder or crime or the protection of the rights and freedoms of others (see K.U. v. Finland, no. 2872/02, § 49, ECHR 2008, and Delfi AS v. Estonia [GC], no. 64569/09, § 149, ECHR 2015).

The Court recalls that the world has changed with the increase of technological capabilities:

68. The Court further notes that while technological capabilities have greatly increased the volume of communications traversing the global Internet, the threats being faced by Contracting States and their citizens have also proliferated. These include, but are not limited to, global terrorism, drug trafficking, human trafficking and the sexual exploitation of children. Many of these threats come from international networks of hostile actors with access to increasingly sophisticated technology enabling them to communicate undetected (see Big Brother Watch and Others, cited above, § 323). The Court is satisfied that the contested legal provisions pursued the legitimate aims of protecting national security, preventing disorder and crime and protecting the rights and freedoms of others.

If there are good reasons for a government to intervene, the legal safeguards of citizens will have to be assessed:

69. Therefore, it remains to be considered whether the domestic law contained adequate and effective safeguards and guarantees to meet the requirements of “quality of law” and “necessity in a democratic society”.

(α) Storage of Internet communications and communications data

70. The Court notes that in the current, increasingly digital age, technological capabilities have greatly increased the volume of Internet communications so that a significant part of communications take digital form. The contested legislation requires the continuous automatic retention and storage of the contents of all Internet communications for a duration of six months and the related communications data for a duration of one year. It applies to all Internet communication services used to transmit voice, textual, visual, sound, video or other electronic communications (see paragraph 19 above). It affects all users of Internet communications, even in the absence of a reasonable suspicion of involvement in criminal activities or activities endangering national security, or of any other reasons to believe that retention of data may contribute to fighting serious crime or protecting national security. It covers the contents of all communications and all communications data without any circumscription of the scope of the measure in terms of territorial or temporal application or categories of persons liable to have their personal data stored. The Court is struck by the extremely broad duty of retention provided by the contested legislation and concludes that the interference is exceptionally wide-ranging and serious (compare Ekimdzhiev and Others, cited above, § 394, concerning retention of communications data only).

71. Taking into account the seriousness of the interference, the Court will examine with particular attention whether the domestic law provides adequate and sufficient safeguards against abuse relating to the access by the law-enforcement authorities to the Internet communications and related communications data stored by ICOs pursuant to the Information Act.

The Court is of the opinion that the safeguards are inadequate (73):

The manner in which the access to the stored data is organised in Russia gives the security services technical means to circumvent the authorisation procedure and to access stored Internet communications and communications data without obtaining prior judicial authorisation. Although the possibility of improper action by a dishonest, negligent or overzealous official can never be completely ruled out whatever the system, the Court considers that a system, such as the Russian one, which enables the secret services to access directly the Internet communications of each and every citizen without requiring them to show an interception authorisation to the communications service provider, or to anyone else, is particularly prone to abuse. The need for safeguards against arbitrariness and abuse appears therefore to be particularly great (…)

Weakening of the security for all users
The Court observes that encryption provides strong technical safeguards against unlawful access to the content of communications and has therefore been widely used as a means of protecting the right to respect for private life and for the privacy of correspondence online (76) and notes (77):

it appears that in order to enable decryption of communications protected by end-to-end encryption, such as communications through Telegram’s “secret chats”, it would be necessary to weaken encryption for all users. These measures allegedly cannot be limited to specific individuals and would affect everyone indiscriminately, including individuals who pose no threat to a legitimate government interest. Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general and indiscriminate surveillance of personal electronic communications

Encryption can also be used by criminals, but the Court notes:

However, it takes note in this connection of the calls for alternative “solutions to decryption without weakening the protective mechanisms, both in legislation and through continuous technical evolution” (see, on the possibilities of alternative methods of investigation, the Joint Statement by Europol and the European Union Agency for Cybersecurity, cited in paragraph 33 above, and paragraph 24 of the Report on the right to privacy in the digital age by the Office of the United Nations High Commissioner for Human Rights, cited in paragraph 28 above; see also the explanation by third-party interveners in paragraph 47 above).

The Court concludes that in the statutory obligation to decrypt end-to-end encrypted communications risks weakening the encryption mechanism for all users; for that reason it is not proportionate to the legitimate aims pursued (79). It holds, unanimously, that there has been a violation of article 8 of the human rights convention.

Notes:

[1] “26. Order no. 571 of 29 October 2018 of the Ministry of Digital Development and Communications provides that an ICO must install equipment which is capable of, among other things, searching, processing and delivering to the control centre of the FSB – at the request of that control centre or automatically – the following data: the identity of registered users; the receiving, sending, delivering or processing of voice, textual, visual, sound, video or other electronic communications by Internet users; the contents of voice, textual, visual, sound, video or other electronic communications; and the information necessary to decrypt electronic communications if they are encrypted (paragraph 4). The control centre of the security services must have round-the-clock remote access to the equipment and be capable of administering it (paragraph 14).”

[2] “45. EISI further argued that the FSB’s disclosure order to Telegram amounted to a “backdoor order” which indiscriminately affected all users of Telegram. Compliance with that order would essentially mean that Telegram would have to centrally store “private” keys, that is, it would be unable to legally provide end-to-end encrypted services to its users.
46. EISI submitted that encryption used by messaging services was a self-defence mechanism against surveillance. It played a vital role in ensuring the integrity and security of messages during transmission. It offered essential protection to vulnerable individuals, such as journalists, opposition leaders or victims of cyber abuse. There was therefore a strong connection between encryption and human rights, particularly Articles 8 and 10 of the Convention. Introducing backdoors in encrypted communications would weaken that defence mechanism and pose security risks.
47. EISI argued against the necessity and proportionality of requiring backdoor access to all encrypted messages because it compromised the privacy of all users for the sake of a small number of suspects. It made all users vulnerable to unauthorised State surveillance, cybercriminal activities and other malicious actors. Even if these risks did not materialise, the knowledge of such threats created a chilling effect, making authors, researchers, journalists and opposition activists hesitant to speak up or communicate with their sources. EISI also submitted that less intrusive targeted alternatives to combat crime and protect national security existed, such as, among other things, using live forensics on seized devices, guessing or obtaining private keys held by parties to the communication, using vulnerabilities in the target’s software or sending an implant to targeted devices. While indiscriminate backdoors might be cheaper for the State than alternative investigative measures, they were expensive for society at large on account of the security risks they produced. The fact that the alternative methods were significantly more difficult to use on a large scale on account of their labour intensiveness, cost and logistical complexity should be viewed positively as hurdles forcing the prioritisation and targeting of measures.”

Addition on 13 March 2024
On EJIL the article by Rudraksh Lakra, Cracking the Code: How Podchasov v. Russia Upholds Encryption and Reshapes Surveillance. was published on 13 March.
The author ends with:

Conclusion
Podchasov is a landmark decision, which safeguards encryption, which has become sine qua non for secure and confidential communication in the digital age.(…)
The Strasbourg Court’s verdict demonstrates a commendable grasp of the cryptographic tools at the heart of this case and the gravity of potentially weakening the encryption standard. This is a result of the Court properly engaging with technical expert evidence. (…)
The Strasbourg Court’s ruling may cast a long shadow over future negotiations for the regulation of child sexual abuse material, proposed by the EU Commission in May 2022. It requires the scanning of messages that could weaken E2EE. This decision may provide greater leverage to representatives from the EU Parliament who oppose scanning and lead to stronger pushback by civil societies and other advocacy groups.