Spain advocates a ban on a type of encryption used in millions of messages exchanged among EU citizens. Specifically, the Spanish state has positioned itself against the use of end-to-end encryption, the system used by platforms such as WhatsApp and Signal. This is stated in a leaked document published by the technology magazine Wired, which obtained the text of an internal European Council document sharing the opinions of member states on the regulation of this type of technology. According to the US media, Spain has the "most extreme" position, arguing not only that private messages by EU citizens should not be protected in this way, but that states should be able to scan these messages in search of illegal activities. "Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption," say the Spanish representatives in the leaked document.
What is end-to-end encryption and why are states concerned? "End-to-end encryption is a security method that keeps your communications safe," explains Google, which also uses it in its services. "With end-to-end encryption, no one, including Google and third parties, can read messages as they travel between your phone and the phone you're sending the message to." In other words, neither the company nor third parties, such as security forces, can intercept the messages and decipher them.
But while Wired drew attention to Spain's extreme view on the issue, it should be noted that debate has been raging within Europe for years on the subject: should end-to-end encryption be protected as a way for Europeans to exercise a fundamental right to privacy, or should it be weakened to prevent criminals from communicating without the authorities being able to monitor them? According to the document, most European states want to have more control over this encryption and, by extension, to reduce the privacy of users by a greater or lesser degree. Nevertheless, the Spanish position is the most outspoken. Specifically, in Spanish representatives' response they state bluntly that it is "imperative that we have access to the data" and assert that it must be possible to decipher encrypted communications, "no matter how large the volume".
Experts shocked by Spain's stand
“It is shocking to me to see Spain state outright that there should be legislation prohibiting EU-based service providers from implementing end-to-end encryption,” said Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory, adding in comments to Wired that “this document has many of the hallmarks of the eternal debate over encryption.”
Others have pointed out the context of the Spanish state positioning on the control of end-to-end encryption. Specifically, the leaked document asks questions about the use of the technology in the context of stopping the spread of child sexual abuse material. Xnet, a network of specialists and activists working for freedom of expression on the Internet, has denounced that the Spanish stand is presented in the guise of preventing child abuse. "Excuse: To prevent child sexual abuse. Reality: [The Spanish proposal] does not contain measures to prevent this. It imposes massive surveillance", they stated on social media. Xnet denounces the threat to the individual's right to privacy that this regulation would pose. Especially, if its form is as radical as what Spain is asking for. "Spain's position is the most extreme, overtaking Poland and Hungary on the right," say the Xnet digital rights activists. They also stress that the matter is especially concerning since Spain will hold the rotating presidency of the European Union when this measure is voted on.
Is it really useful to undo the right to privacy of citizens under the banner of the fight against crime, specifically against child abuse? Iverna McGowan, general secretary of the European branch of the Centre for Democracy and Technology, told Wired: "Breaking end-to-end encryption for everyone would not only be disproportionate, it would be ineffective in achieving the goal of protecting children".
Puigdemont denounces Spain's position
The Catalan president in exile and MEP, Carles Puigdemont, also shared a message on the US magazine's revelations and denounced Spain's position on this technology. "Spain has a vision of technology typical of authoritarian countries," he said on social media.
Puigdemont, who himself has been a target of Spain's massive use of surveillance software to control the Catalan independence movement, made the link between Spain's stance on the encryption issue and its willingness to violate the basic rights of its own citizens using Pegasus spyware: "Spain has a vision of technology that is typical of authoritarian countries, be it in the use of espionage tools, or now, in promoting the elimination of end-to-end encryption."