EU: Open letter on security-cloaked threats to encryption

EU: Open letter on security-cloaked threats to encryption - Transparency

ARTICLE 19 joined a coalition of civil society and digital rights organisations in signing an open letter calling on the High Level Group on access to data for effective law enforcement (the HLG) to engage civil society in ongoing discussions on access to data for effective law enforcement in the European Union. The HLG, set up by the Swedish Council Presidency, has been tasked with finding ways for the EU to facilitate police investigations as data is increasingly shared and stored in encrypted forms. Though advertised as a ‘collaborative and inclusive platform’, there is little transparency around the discussions and civil society has been excluded, while police and private sector participation has been prioritised. Engaging civil society in genuine and ongoing dialogue with the HLG is key to ensuring the EU Commission does not enable the security apparatus to undermine encryption and digital privacy in the EU. Read the letter below, and view as a PDF to view all signatories.

10 January 2024

Subject: Call to the High Level Group on Access to Data for Effective Law Enforcement for greater transparency and participation of all stakeholders

Dear Chairs of the High Level Group,

We, the undersigned digital rights and civil society organisations, emphasise the crucial importance of guaranteeing transparency, participation, inclusion and accountability, notably through the involvement of civil society in ongoing discussions held by the High Level Group (HLG) on access to data for effective law enforcement.

The European Commission and the Council of the EU are bound by Article 11 of the Treaty on European Union to ‘give citizens and representative associations the opportunity to make known and publicly exchange their views in all areas of Union action’ and to maintain ‘open, transparent and regular dialogue with representative associations and civil society’. We therefore welcome the intention of the Commission, as described in the Commission Decision setting up the group, to ‘establish and operate a collaborative and inclusive platform for stakeholders from all relevant sectors, including (…) data protection and privacy, (…) non-governmental organisations [to] work towards commonly accepted solutions’.

However, in the context of these treaty obligations, the current working arrangements of the HLG raise multiple challenges for participation and inclusion.

In October 2023 several of our organisations proposed to contribute as civil society experts and participants to the upcoming activities and working sessions of the HLG given their expertise and long-term engagement with the subject matter. However, their requests were turned down and they were invited instead to submit written comments, which, if deemed relevant, could lead to a proper invitation at a later date.

In the meantime, we learnt that several industry players have been invited to the HLG meetings. This opaque and unequal participation process that may lead to an unbalanced representation of interests can hardly achieve one of the objectives of the HLG, which is ‘to stimulate the interactive participation of all stakeholders and the sharing of different perspectives’.

We would like to stress that transparency, inclusion, and accountability requires genuine opportunities for civil society to be informed about deliberations in the HLG and provide comments and advice, which the HLG can consider at all stages of its work. This dialogue is needed continuously throughout the process, and cannot be reduced to a one-time meeting where civil society presents its views separately from the main HLG process. It is critical that civil society can listen to Member States, and provide targeted advice on the specific discussions taking place.

In particular, we are deeply concerned that the very premise of the HLG objectives is to push for a ‘security by design’ approach in all EU existing and future policies and legislation. We understand this framing as an attempt to impose a law enforcement ‘access by design’ obligation in the development of all privacy-enhancing technologies, which would result in a serious impediment to people’s exercise of their fundamental rights to privacy and data protection and to freedom of expression, information and association. It could also have an unforeseen detrimental impact on the security of the critical infrastructure that we all rely on when using electronic communications services and digital devices. Hence it is all the more important to bring this debate into the public sphere.

Lastly, we would like to point out that, although the HLG is considered a sui generis group and not an official Commission expert group, there is a worrying lack of compliance with transparency requirements.

Article 11 of the Commission Decision states that an equivalent degree of transparency must be ensured to that applicable to Commission expert groups within the meaning of the Commission Decision C(2016) 3301. Yet, the HLG and its working groups are not registered on the Register of Commission expert groups and other similar entities, despite what its own rules of procedure prescribe.

The rules of procedure further state that ‘DG HOME shall publish the agenda of the meetings of the group and other relevant background documents in due time ahead of the meeting, followed by timely publication of minutes’. None of the meeting minutes have yet been made available to the public. Exceptions should be individually justified and internally reviewed. All documents should be published proactively and by default. This would also prevent the administrative burden of granting access to documents (see this request for example). We therefore call for a diligent approach to making all possible documents public and proactively engaging with civil society.

View as PDF