A case between a Russian user of Telegram and the government saw the ECHR rule in favour of encryption, which can have profound implications for EU rules.
In good news for the protection of end-to-end encryption, the European Court of Human Rights has ruled that instances of law enforcement requiring companies to create “backdoors” to the privacy-focused technology violate human rights.
Stemming from a case involving a Telegram user in Russia and the Russian government, the European Court of Human Rights, or ECHR, ruled on Tuesday (13 February) that weakening end-to-end encryption disproportionately risks undermining human rights.
It came after the Federal Security Service (FSS), the intelligence agency in Russia, began requiring Telegram to decrypt messages from users to crack down on alleged “terrorism-related activities” back in 2017.
Anton Podchasov, a Russian Telegram user, then alleged that the FSS requirement violated his right to a private life and private communications, as well as the rights of Telegram users more broadly.
“After receiving the encryption keys [the FSS] would have the technical capability to access all communications without the judicial authorisation required under Russian law,” a document shared by the court reads.
According to the document, Telegram said it was “technically impossible” to provide the authorities with encryption keys associated with specific users of the app without affecting the privacy of the correspondence of all Telegram users.
“The applicant further argued that the domestic law provisions requiring the storage of the contents of all online communications and the provision of encryption keys to the law-enforcement authorities were not foreseeable in their application and did not contain effective guarantees against arbitrariness,” the court said.
Privacy v safety
This latest ruling can have profound implications for the EU’s own attempt to erode the sanctity of end-to-end encryption. A proposal submitted in 2022 by the Commission involved using technology to detect child sexual abuse material, or CSAM, in encrypted text messages.
In response, the Irish Council for Civil Liberties said the proposed regulation is “hugely controversial” due to concerns around mass surveillance, undermining encryption and its incompatibility with existing EU laws.
“In light of these concerns, the lack of transparency from the Commission regarding external experts is deeply worrying, more so considering alleged close links between the Commission and lobbyists in the preparation of the regulation,” ICCL senior fellow Dr Kris Shrishak said in November.
Privacy concerns have also been raised about the UK’s Online Safety Bill, which entered into law in October. While supporters of the bill claimed it will bring in a new era of internet safety, critics raised concerns against parts of the bill that could compromise end-to-end encryption.
Companies like Apple and Meta-owned WhatsApp have previously spoken out against these parts of the bill, while Signal president Meredith Whittaker previously said the company would exit the UK market if the bill is passed without changes to certain rules.
The UK’s Open Rights Group spoke out against the Online Safety Bill last year, describing it as a threat to democracy and a move that could turn the UK into a surveillance state.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.