Letter secrecy, the right to personal confidential communication, has been enshrined in our constitution since 1848. It is a great asset that can only be violated by government services after intervention by a judge, supported by profound reasons. And they have: terrorists, child pornography producers and traffickers and other serious criminals systematically use all available means to keep their actions out of sight from intelligence services and law enforcement officials. The now widespread availability of encrypted means of communication means that crime fighters must constantly find new ways to get to the information they need to do their job: keep us safe.
In order to ensure that investigative services can use means and methods to access the necessary data before it is encrypted, the Computer Crime Act (CCIII) was passed by the Lower House at the end of 2016. In addition to criminalizing online fraud, fencing and grooming, this law regulates the hacking authority for the police. Our intelligence services have had that power for some time. With those powers it is, in principle, possible to circumvent encryption by obtaining information before or after encryption. Another approach is to break the encryption. This is a complex, time-consuming and expensive activity. Because encryption is becoming more and more advanced, it is also uncertain whether it will work. Another option is to force the provider of the communication service to include a back door in the encryption for investigation and security services. That back door is in fact for telecom and internet: these must be accessible for lawful interception in our country, which doesn’t necessarily mean that the intercepted information is automatically readible or intelligeable.
So why don’t we want such a back door for messaging services like Whatsapp? Because we have confidence in our legal system and the Dutch investigation and intelligence services that they will only use this heavy tool proportionally, subsidiary and verifiable, in a lawful manner. However, a possible back door in an (international) communication service is available to every state and to any other entity that is beyond our control. That goes far beyond the framework of our democracy. In addition, in order to enforce a “back door obligation”, they will have to ban the use of services without such a back door. The government then determines which communication services Dutch citizens and businesses may or may not use. How is that going to be enforced while preserving our free, open society? And how do you prevent criminals from using their own encryption software or switching to providers of communication platforms that operate outside the reach of our government?
In order to propagate and explain the – still prevailing – Dutch government position on encryption, a Dutch government official was sent to the European Parliament in April 2016 to state on behalf of our investigative services that the Dutch government attaches great value to the assets of citizens and companies to secure themselves and therefore encourage the use of encryption and will not ask the communications services for a back door. This official was proud to work for a government that is tech-savvy, forward-thinking and with great respect for fundamental rights. This official was me. I now work for Fox-IT, where we develop and deliver new crypto products and services, because we adhere great importance to secure communications and networks for citizens, companies and our government.
We deliver top quality products and are very proud of our work. I am no longer a civil servant, but I am still proud of our government and still wholeheartedly endorse the current government position.
On March 4, a spokesperson for the Ministry of Justice and Security confirmed that government circles are working on a method to weaken encryption. Partly on behalf of my new colleagues, I express the hope that this work will focus on the possibilities of circumventing encryption and not weakening it. We hope for a long time to come, with all colleagues in the security sector, private and governmental, to work towards a safe and more secure society for everyone. Strong encryption, without a back door, is indispensable to this end.