The document is a survey commissioned by the European Council, a body within the European Union's executive branch. The survey polled member countries' views on the regulation of encrypted communications systems. (Related: European Commissioner that wants to snoop on private messages has no idea how the technology works.)
The leaked document provided media outlets with the behind-the-scenes opinions of European officials on how to craft a controversial law meant to stop the spread of child sexual abuse (CSA) material in Europe through the internet. This proposed law would require tech companies operating within the bloc to scan their platforms and bypass encryption to find illegal material.
This proposed EU-wide legislation would be the culmination of a debate within the bloc that has been ongoing for years on whether end-to-end encrypted communication platforms like WhatsApp and Signal should be protected as a way for Europeans to exercise a fundamental right to privacy even if such protections would interfere with law enforcement investigations.
End-to-end encryption is designed so only the sender and receiver of communications like messages and calls can see or hear their contents. This prevents all other parties, from scammers to law enforcement and even the companies providing the encrypted communication services, from accessing the contents sent through the platform.
Law enforcement agencies around the world have long been advocating for some kind of mechanism to be installed to allow end-to-end encryption to be bypassed for investigations. But privacy advocates have argued that this would introduce weaknesses that would pretty much spell the doom of encrypted messaging.
According to tech-focused media outlet Wired, which first got hold of the leaked documents, a majority of the 20 EU member states are in favor of implementing some type of scanning system for encrypted messages. Spain's position has emerged as the most extreme among member states.
"Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption," said the Spanish representatives in the document.
The Spanish response to the survey, crafted with the help of the Minister of the Interior Fernando Grande Marlaska, noted that it is "imperative that we have access to the data." The nation further suggested that it should be made possible for law enforcement authorities to decrypt encrypted communications to prevent the spread of CSA material.
Of the 20 countries mentioned by the leaked documents, 15 expressed support for scanning end-to-end encrypted communications for CSA material, with many claiming it is necessary to enable authorities to win the fight against child abuse.
Representatives from Belgium, Croatia, Romania and Slovenia noted that it is necessary for scanning programs to apply to encrypted networks to avoid them turning into safe havens for malicious actors.
Ella Jabukowska, a senior policy advisor at the European Digital Rights internet advocacy group, warned that Cyprus, Hungary and Poland held positions similar to that of Spain and they "very clearly see this law as their opportunity to get inside encryption to undermine encrypted communications, and that to me is a huge problem."
Denmark, Ireland and the Netherlands expressed support for scanning encrypted messaging networks for CSA material while also endorsing the inclusion of wording that protects end-to-end encryption from being weakened. This is a feat that cryptographers and cybersecurity experts have said is technically impossible.
The representatives from Estonia, Finland, Germany and Italy took positions in opposition to weakening encryption tech.
Italy said creating a new system to weaken end-to-end encryption is a disproportionate response to the spread of CSA material online. "It would represent a generalized control on all the encrypted correspondence sent through the web," the country's representative said.
Estonia warned that scanning end-to-end encrypted messages would allow companies to either redesign their systems to allow them to decrypt their data or shut down all access in the EU to protect their users.
Finland warned that supporting efforts to jeopardize online security would conflict with the Finnish constitution. Germany's position was that the wording of the proposed law needs to explicitly state that no technology would be used to disrupt, circumvent or modify encryption.
Learn more about the expansion of surveillance states at Surveillance.news.
Watch this video of internet personality and cybersecurity and tech expert Rob Braxman discussing how Apple has a backdoor to bypass encryption.