EU to impose encryption rules on all web communication services

EU plans to impose telecoms rules on web communication services

The European Commission is planning to make web-based communication services subject to the same laws as telecoms providers - with major implications for online security, privacy and encryption.

The law would essentially demand that Skype, WhatApp, Apple's iMessage and any other online communication service provide the ability for law enforcement and other agencies across the European Union to tap online communications, subject to the safeguards in the ePrivacy Directive.

Telecoms providers currently have several obligations governing how they protect, store and access data on customers under the Directive. However, they have long complained that it is unfair that so-called over-the-top (OTT) providers are not subject to these laws, despite offering essentially the same services.

Reuters cites internal Commission documents in reporting that regulators are weighing up this situation and may extend laws to OTT players, which would affect the likes of Google, Facebook, Microsoft and Apple, as well as start-ups bidding to compete with the established giants.

This could threaten the end-to-end encryption offered on these services because telecoms operators cannot currently offer this protection as they are required to make communication data available, on request, to law enforcement and other government agencies.

Law enforcement and tech companies are increasingly coming to blows on encryption and privacy, and a shift in the law to govern those carrying the majority of communications would mark the latest effort by the authorities to win this battle.

Facebook, which owns WhatsApp, has already noted its concern at this development. Reuters quoted Facebook's response to the EC's consultation as saying that user privacy would be at risk.

"[We would] no longer be able to guarantee the security and confidentiality of the communication through encryption because governments would have the option of restricting the confidentiality right for national security purposes," the firm said.

"Therefore, any expansion of the current ePrivacy Directive should not have the undesired consequence of undermining the very privacy it is seeking to protect."

Furthermore, the Commission's move is probably the opposite of what telecoms and tech firms want, after an open letter published by the GSMA last month called for the ePrivacy Directive to be repealed.

"We believe that simplifying and streamlining regulation will benefit consumers by ensuring they are provided with a simple, consistent and meaningful set of rules designed to protect their personal data," said the letter.

The EC's full proposals for overhauling the ePrivacy Directive are expected later this year.