Recently a Resolution by the Council of the EU has been leaked titled “Encryption — Security through encryption and security despite encryption“. Beside the unsettling play with different interpretations of “Security”, the resolution requires “Competent authorities must be able to access data in a lawful and targeted manner [..]”. While not explicitly requiring backdoors or weakened encryption, the text suggests a so-called “middle ground” of reasonable secure information technology and investigative powers for encrypted content. This middle ground does not exist today and, most likely, cannot exist.
Recent attacks for example targeted at the European Medicines Agency or the vaccine producer BIONTECH demonstrate that already today IT infrastructure is at risk. Increasing the attack surface by adding functionalities for criminal investigation will weaken infrastructure even more. Scientists in the field of Cybersecurity reacted with an open letter to the EU institutions.