EDRi published Shedding light: We address the flawed Going Dark Report on the final report of the European ‘Going Dark’ Group [*] and the open letter NGOs sent to the Justice and Home Affairs Council.

EDRi mentions that report was created behind closed-doors and without meaningful participation of civil society:

Despite painting themselves as “an inclusive forum for all relevant stakeholders”, the HLG would only simulate an openness to the involvement of digital policy experts after public pressure. Previously the HLG had restricted EDRi and other civil society organisations from participating and exclusively met with law enforcement agencies and like-minded industry actors instead. This biased composition and opaque procedure of the HLG is unfortunately also reflected in the problematic outcomes of this group.

EDRi’s summary of the recommendations in the report:

• Mainstreaming backdoors in technologies becomes “lawful access by design”. This would put the security and confidentiality of all electronic data and communications at risk and severely encroach fundamental rights of all people in the EU.
• Data retention is back on the agenda – again. The HLG wants to harmonise retention and access across the EU. Beware of the proposed extension of data retention obligations to the Internet of Things and virtually any internet-based services. This is of course not in line with well-established case law, that forbids general monitoring because it would make innocent citizens feel that their private life is under constant surveillance.
• To square the circle on surveillance and IT-security, the HLG tries to circumvent encryption – and the laws of mathematics. It is not the first time we hear the proposal to access end-to-end-encrypted data without compromising the security of relevant systems, but it remains an impossible and dangerous suggestion nonetheless.

Unfortunately there is more. So far the HLG had a list of 42 recommendations, which received heavy criticism by EDRi and other experts, since the Going Dark agenda would constitute “insecurity by design”. The European Data Protection Board recently warned of the contradictory demands by the HLG to providers, who are supposed to allow access for surveillance purposes and protect the security of their systems at the same time.

More information in the article and in the joint statement that was signed by amongst others Bits of Freedom and CCBE.

Some other recent articles on Going Dark:

• EuroISPA signs open letter in response to the Going Dark report, EuroISPA 13 December 2024. EuroISPA is a pan European association of European Internet Services Providers Associations (ISPAs). It is the world’s largest association of Internet Services Providers (ISPs).
• EU police data plans pose “substantial security and privacy threats”, Statewatch 11 December 2024.
• Digital-NGOs stellen sich gegen Forderungen nach Entschlüsselung, Netzpolitik 11 December 2024.
• Open letter: HLG Going Dark report is fundamentally flawed, IFEX 11 December 2024.
• EU-Arbeitsgruppe will Zugang zu verschlüsselten Inhalten, Netzpolitik 26 November 2024.

Note:

[*] The High Level Group on Access to Data for Effective Law Enforcement.

The articles on the Going Dark proposal on this site are found here.