Encrypted messaging apps such as Signal, Telegram, and WhatsApp would be forced to provide a digital backdoor to enable police forces and security services to read secure messages, under plans announced in April by the European Commission.
Apart from potential concerns of government snooping, the crime-busting aims could backfire, according to one analyst, by providing criminals with an entry point to precious personal information.
The commission said law enforcement needed “lawful access to data,” which means giving backdoor entry to encrypted apps and other tools that rely on end-to-end encryption.
Andy Jenkinson, a fellow at the Cyber Theory Institute, said opening backdoor encryption without securing government servers “is not just reckless, it’s an invitation to catastrophe.”
“The moral, legal, and security consequences of such actions will reverberate far beyond their intended targets,” he told The Epoch Times.
Jenkinson, who authored “Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare,” said there were two main issues: first, that cybercriminals could engineer ways to exploit the backdoor to access encrypted apps, and second, they could intercept data as it was transferred to various government-run servers around the world, which he said are not secure.
Durov Warns Against Backdoors
Telegram co-founder and CEO Pavel Durov was arrested in France in August 2024 and charged by the Paris prosecutor with a series of offenses, including “complicity in managing an online platform to allow illicit transactions by an organized group.”The French government recently tried to introduce encryption backdoors.
“Once introduced, a backdoor can be exploited by other parties—from foreign agents to hackers. As a result, the private messages of all law abiding citizens can get compromised,” Durov said. “This is why, as I’ve said before, Telegram would rather exit a market than undermine encryption with backdoors and violate basic human rights. Unlike some of our competitors, we don’t trade privacy for market share.”
“But the battle continues, and until we see positive statements from lawmakers and law enforcement officials worldwide, we need to keep beating this drum: backdoors are not in your interest, they’re not in governments’ interest, and they’re not in businesses’ interest.”
FBI’s AN0M App
In 2019, Vincent Ramos, CEO of Phantom Secure—a Canada-based company that knowingly sold encrypted devices to thousands of criminals—was jailed for nine years.Following the takedown of Phantom Secure, the FBI developed its own encrypted app, AN0M, and arranged for it to be sold to unwitting criminals.
‘Fishing Expeditions’
Justus Reisinger, a Dutch lawyer who represents dozens of clients accused of offenses based on evidence from EncroChat or Sky ECC, told The Epoch Times that law enforcement agencies in Europe were acting like fishing trawlers, seeking to scoop up criminals in their nets.“Putting out a fish net like this in the Netherlands wouldn’t be allowed, or in Germany,” Reisinger said. “They need a justification against a specific individual, and saying, we have a reasonable suspicion that he is committing offenses grave enough to justify this investigative measure, which is really the most intrusive digital measure you can think of, hacking somebody’s phone.”
Reisinger said all EU countries have different laws and law enforcement can use a warrant to intercept or capture the data of the people in their territory, but not outside of it.
“If you want to get to the Dutch people, you need a Dutch judge to decide whether or not it’s possible according to the domestic law, and the protection of the rights of individuals,” he said.
For U.S. nationals, such trawling of encrypted data to find evidence of a crime could be considered a breach of the Fourth Amendment, which forbids “unreasonable searches and seizures” without probable cause, and the Fifth Amendment which protects the legal principle of “due process.”
The European Convention on Human Rights is supposed to protect individuals; Article Six entitles individuals to a fair trial, while Article Eight reads, “Everyone has the right to respect for his private and family life, his home and his correspondence.”
In 2024, Reisinger brought several separate appeals on EncroChat and Sky ECC to the European Court of Justice in Luxembourg—which only covers European Union countries, and the European Court of Human Rights (ECHR) in Strasbourg, which also covers Britain and several other non-EU nations.
Reisinger said they were also claiming that French authorities “violated the right of privacy by gathering all the private communication of people, the data, the metadata, without justification,” when they gained access to EncroChat and Sky ECC.
“But even more important, when law enforcement wants to use this kind of data as the sole or main piece of incriminating evidence in criminal procedures, the right to a fair trial at least requires that claims about the illegality or even unreliability of the evidence is checked by the judge,” Reisinger said.
He said it is quite common for ECHR rulings to take four or five years, so it could be 2028 or 2029 before an outcome is reached.
‘No Backdoors’ Promise
In 2018, the European Commission published a statement saying it was proposing six concrete non-legislative measures “to support law enforcement authorities in overcoming challenges posed by encryption in the context of criminal investigations.”The commission wrote, “These measures respect the safeguarding of strong encryption [...] and do not in any way prohibit, limit or weaken encryption ('no backdoors’).”
The report said that as digitalization “becomes more pervasive and provides an ever-growing source of new tools for criminals, a framework for access to data which responds to the needs to enforce our laws and protect our values is essential.”
The ProtectEU document goes on to say that the commission will present a roadmap in the first half of 2025 to set out the “legal and practical measures it proposes to take to ensure lawful and effective access to data.”
It stated the commission would produce a “technology roadmap on encryption” to identify and assess solutions that would enable law enforcement authorities to access encrypted data “in a lawful manner, safeguarding cybersecurity and fundamental rights.”
Jenkinson said governments routinely fail to secure their own critical infrastructure.
“Before mandating the erosion of civilian privacy, the European Commission and its allies must confront their own systemic vulnerabilities,” Jenkinson said. “The European Commission’s renewed push to backdoor encrypted messaging mirrors a dangerous precedent set by its U.S. counterparts—one that has already fostered systemic compromise and a global surge in cybercrime.”
