EU to Pursue Backdoors in Encrypted Apps for Law Enforcement Access

May 4, 2025 TruthUSA

“Implementing backdoor encryption while neglecting to secure government servers is not merely imprudent; it’s a recipe for disaster,” stated cybersecurity expert Andy Jenkinson.

News Analysis

The European Commission’s plans, announced in April, would require encrypted messaging platforms like Signal, Telegram, and WhatsApp to create a digital backdoor for law enforcement, allowing them to access secure communications.

These proposals raise significant concerns about government surveillance, with some analysts warning that such measures could inadvertently aid criminals by creating vulnerabilities to sensitive personal data.

In an April 1 statement, Ursula von der Leyen, President of the European Commission, declared, “We will bolster Europol and equip law enforcement with modern tools to combat crime.”

The Commission emphasized the need for “lawful access to data,” which entails allowing backdoor access to encrypted applications and other end-to-end encryption tools.

Andy Jenkinson, a fellow at the Cyber Theory Institute, remarked that introducing backdoor encryption without enhancing government server security “is not only careless; it invites catastrophe.”

“The ethical, legal, and security ramifications of such actions will have lasting impacts well beyond their intended audience,” he conveyed to The Epoch Times.

Jenkinson, who authored “Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare,” identified two primary concerns: first, that cybercriminals might find ways to exploit the backdoor to gain access to encrypted applications; and second, they could capture data transmitted to various government-operated servers worldwide, which he noted are often insecure.

Many messaging apps—like WhatsApp, Telegram, Signal, iMessage, and BrightChat—utilize end-to-end encryption, rendering information unreadable to anyone except the sender and recipient.

Durov Warns Against Backdoors

Telegram co-founder and CEO Pavel Durov was arrested in France in August 2024, facing charges by the Paris prosecutor for incidents including “complicity in managing an online platform facilitating illicit transactions by an organized group.”

Durov—who denies any wrongdoing—was permitted to leave France in March and return to his home in Dubai as he awaits trial.

The French government has recently attempted to introduce backdoors for encryption.

Durov stated in an April 21 social media post: “Last month, France almost banned encryption. A law requiring messaging apps to implement a backdoor for police access to private messages was approved by the Senate. Fortunately, it was rejected by the National Assembly. Yet just three days ago, the Paris Police Prefect raised the issue again.”

In a follow-up post, he added that adopting a law permitting encryption backdoors “would have made France the first nation to take away its citizens’ right to privacy.”

He noted that many authoritarian regimes have shied away from such systems, as “it is technically unfeasible to ensure that only law enforcement can access a backdoor.”

Telegram co-founder Pavel Durov appears at an event in Jakarta, Indonesia, on Aug. 1, 2017. (Tatan Syuflana/AP Photo) — Telegram co-founder Pavel Durov appears at an event in Jakarta, Indonesia, on Aug. 1, 2017. Tatan Syuflana/AP Photo

“Once implemented, a backdoor can be exploited by various parties—from foreign agents to hackers. Consequently, the private messages of all law-abiding citizens could be compromised,” Durov remarked. “For this reason, as I’ve previously stated, Telegram would prefer to exit a market rather than compromise encryption with backdoors and violate fundamental human rights. Unlike some competitors, we do not exchange privacy for market share.”

Mike Bursell, a cybersecurity expert and co-chair of the Open Source Security Foundation’s cyber policy working group, shared on LinkedIn in January that, “It would be nice to believe that recent telecommunications breaches in the U.S. have converted everyone to the idea that backdoor encryption is inherently a poor choice.

“However, the debate is ongoing, and until we receive affirming statements from lawmakers and law enforcement officials globally, we must continue advocating this point: backdoors are detrimental not just for individuals, but also for governments and businesses.”

Since 2020, law enforcement in Europe has infiltrated and dismantled servers from several services, including EncroChat, Sky ECC, Ghost, and Matrix, which were allegedly created for or exploited by criminals.

Data obtained during these operations has resulted in the prosecution and conviction of thousands in several European Union countries and the UK.

FBI’s AN0M App

In 2019, Vincent Ramos, CEO of Phantom Secure—a Canada-based company knowingly distributing encrypted devices to criminals—was sentenced to nine years in prison.

After the dismantling of Phantom Secure, the FBI created its own encrypted app, AN0M, and sold it to unsuspecting criminals.

In June 2021, a global law enforcement operation targeting AN0M users revealed large-scale organized crime.

On Feb. 7, 2025, the U.S. Department of Justice announced that Alexander Dmitrienko, a Finnish citizen, was the last of eight defendants extradited to the U.S. to plead guilty for distributing encrypted AN0M devices to criminal networks facilitating drug trafficking and other offenses.

‘Fishing Expeditions’

Justus Reisinger, a Dutch attorney representing numerous clients charged based on evidence from EncroChat or Sky ECC, expressed to The Epoch Times that law enforcement agencies in Europe are acting like fishing trawlers, attempting to catch criminals indiscriminately.

“Deploying a fishing net like this in the Netherlands or Germany would be unlawful,” Reisinger stated. “They need justification against a particular individual, based on reasonable suspicion that they are committing sufficiently serious offenses to warrant such invasive investigative actions, which is akin to hacking into someone’s phone.”

Reisinger explained that all EU member states have diverse laws; while law enforcement can obtain a warrant to intercept or seize the data of individuals within their jurisdiction, they cannot do so for those outside it.

“To target Dutch citizens, a Dutch judge must authorize it according to domestic laws, safeguarding individuals’ rights,” he clarified.

For U.S. citizens, such extensive data collection for evidence may infringe upon the Fourth Amendment, prohibiting “unreasonable searches and seizures” absent probable cause, as well as the Fifth Amendment ensuring “due process.”

The European Convention on Human Rights seeks to protect individuals; Article Six guarantees a fair trial while Article Eight upholds, “Everyone has the right to respect for their private and family life, their home, and their correspondence.”

In 2024, Reisinger filed multiple appeals concerning EncroChat and Sky ECC to the European Court of Justice in Luxembourg, which pertains to EU nations, and the European Court of Human Rights (ECHR) in Strasbourg, which includes the UK and other non-EU countries.

Reisinger noted that they contend French authorities “violated privacy rights by collecting all personal communications and associated data without justification” when accessing EncroChat and Sky ECC.

“More importantly, if law enforcement intends to use this kind of data as the primary or sole incriminating evidence in criminal cases, the right to a fair trial necessitates that claims regarding potential illegality or unreliability of evidence be verified by a judge,” Reisinger added.

He mentioned that ECHR decisions typically take four to five years, implying a resolution might not arrive until 2028 or 2029.

Various law enforcement agencies, including Europol, have been advocating for backdoor access to encrypted applications, believing it would eliminate the necessity to infiltrate servers.

‘No Backdoors’ Promise

In 2018, the European Commission released a statement highlighting six specific non-legislative measures to assist law enforcement in overcoming encryption challenges during criminal investigations.

The Commission affirmed, “These measures safeguard strong encryption and in no way prohibit, limit, or weaken encryption (‘no backdoors’).”

On April 1, the European Commission announced ProtectEU, a European internal security strategy, revealing that law enforcement and judiciary have “lost ground to criminals in the past decade, as they exploit tools and products from jurisdictions that have circumvented their means of cooperation with lawful requests in individual criminal cases.”

European Commission President Ursula von der Leyen speaks during a press conference in Brussels on April 7, 2025. (Nicolas Tucat/AFP via Getty Images) — European Commission President Ursula von der Leyen speaks during a press conference in Brussels on April 7, 2025. Nicolas Tucat/AFP via Getty Images

The report stated that as digitalization continues to expand, providing an increasing array of new tools for criminals, establishing a data access framework that responds to the needs of law enforcement while upholding our values is imperative.

The ProtectEU document also noted that the Commission plans to introduce a roadmap in the first half of 2025 outlining “the legal and practical measures it intends to undertake to enable lawful and effective data access.”

It was indicated that the Commission would produce a “technology roadmap on encryption,” aimed at discovering and evaluating solutions that would permit law enforcement to access encrypted data “lawfully while ensuring cybersecurity and fundamental rights.”

Jenkinson remarked that governments often neglect to secure their own critical infrastructure.

“Prior to mandating the compromise of civilian privacy, the European Commission and its allies must address their systemic vulnerabilities,” Jenkinson stated. “The European Commission’s recent drive to implement backdoors in encrypted messaging reflects a perilous trend paralleled by U.S. authorities—one that has already led to systemic failures and a global increase in cybercrime.”

Source link