The fight to protect end-to-end encryption is a never-ending one, and it’s seen some setbacks in recent months, most notably the passage in the U.K. of the Online Safety Act, which (theoretically, for now) empowers the government there to order communications providers like Signal or WhatsApp to bypass the strong encryption on their messages.
Well, here’s some good news for those who are keen on protecting their messages from prying eyes. The European Court of Human Rights said today that, while security services may want to decrypt some people’s communications to fight crime, weakening encryption for some people means weakening it for all—and that would violate human rights law (specifically, Article 8 of the European Convention on Human Rights, which guarantees the right to privacy).
This useful nugget of wisdom came in a long-awaited ruling about the Telegram messaging service and its tussle with the Russian authorities. (It may be located in France, but the European Court of Human Rights has nothing to do with the European Union, instead having jurisdiction over the entire Council of Europe, whose members include not only EU countries, but also neighbors like Turkey and the U.K. Russia was a member until early 2022, when it stormed off in the wake of its Ukraine invasion—but that didn’t put an end to this case.)
Back in 2017, Russia told Dubai-based Telegram that it had to give the authorities the keys to the encrypted conversations of its users. With Telegram pointedly ignoring the order, Moscow blocked the app the following year—or at least, it tried to. A kind-of-hilarious game of whack-a-mole ensued, with Telegram merrily skipping from IP address to IP address, and Russian communications regulator Roskomnadzor blocking entire Google and Amazon sub-networks in its attempt to enforce the order. Swathes of the Russian internet got taken out in the mayhem.
In the end, the authorities seemingly gave up, and Telegram (which is notoriously popular with Kremlin officials) remains available in Russia to this day. But all the while, Telegram’s lawyers tried to fight the original give-up-your-keys order in the courts. It had no luck in Russia itself, which is how the case ended up at the European Court of Human Rights. Fast-forward to today’s ruling about Russia’s security laws.
“In so far as this legislation permits the public authorities to have access, on a generalized basis and without sufficient safeguards, to the content of electronic communications, it impairs the very essence of the right to respect for private life under Article 8 of the Convention,” the court concluded.
That obviously implies that, with proper targeting and safeguards, an anti-encryption law might be kosher. But the ruling also sings the praises of end-to-end encryption, noting that it protects freedom of expression and “appears to help citizens and businesses to defend themselves against abuses of information technologies, such as hacking, identity and personal data theft, fraud and the improper disclosure of confidential information.” A law obliging a communications provider to decrypt communications “risks amounting to a requirement that providers of such services weaken the encryption mechanism for all users.”
To be clear, even though Russia has slipped out of its jurisdiction, the European Court of Human Rights has no enforcement powers anyway. But, that said, ignoring its rulings is not a good look if you claim to be pro-human-rights. What the court just said about encryption could well prove influential if and when the U.K. government decides to use its new Online Safety Act powers to try forcing a service like Signal to undermine users’ encryption. Same goes for the EU, where the European Commission was recently trying to do the same thing with a proposal aimed at fighting child sexual abuse material—EU lawmakers pushed back, leading to an ongoing deadlock, but again, the war over encryption seems destined to go on forever.
More news below.
David Meyer
Want to send thoughts or suggestions to Data Sheet? Drop a line here.
NEWSWORTHY
Gig sector strikes. Thousands of couriers and drivers for gig-sector companies like Uber and DoorDash are set to strike across North America and the U.K. tomorrow. As the Financial Times explains, the Valentine’s Day strikes—yep, this is timed for maximum disruption, despite a lack of central coordination—will hit against the backdrop of clashes between workers’ desire for better pay and investors’ desire for higher profits.
FCC commissioner eyes Apple. Last December, Apple effectively killed a third-party app called Beeper Mini, which made it possible for Android users to use iMessage to chat with iPhone users. Apple claimed it did so on security and privacy grounds, but now a member of the Federal Communications Commission wants the agency to take a closer look. As TechCrunch reports, Brendan Carr suspects Apple may have violated FCC rules around accessibility and usability for users with disabilities—he would also like competition authorities to examine “Apple’s wider set of exclusionary practices.”
…but EU gives Apple reprieve. The European Commission has decided that Apple’s iMessage is not a “gatekeeper,” meaning it doesn’t have to abide by the strictest rules under the new Digital Markets Act—rules that include interoperability with rivals. As Reuters reports, Microsoft’s Bing search engine and Edge browser have also escaped the designation, as has Microsoft Advertising. Of course, other Apple and Microsoft platforms like iOS and Windows are very much designated as gatekeepers. Meanwhile, key EU committees have rubber-stamped what is now certain to be the final text of the bloc’s new AI Act.
SIGNIFICANT FIGURES
$3.8 billion
—The increase in Masayoshi Son’s net worth this year, according to Bloomberg, which attributes the SoftBank CEO’s wealth boost to Arm’s soaring stock price (which surged 90% since Wednesday last week, before falling 14% this morning). SoftBank owns 90% of Arm, and Son owns around a third of SoftBank.
IN CASE YOU MISSED IT
Exclusive: Ex-Salesforce co-CEO Bret Taylor and longtime Googler Clay Bavor raised $110 million to bring AI ‘agents’ to business, by Kylie Robison
Exclusive: Thrive Capital has invested in more than a dozen other VC firms from its growth fund, emails show, by Jessica Mathews
Exclusive podcasts have lost their allure for Spotify chief Daniel Ek—and Joe Rogan’s new deal is just the latest example, by Rachyl Jones
Amazon reportedly wins exclusive streaming rights for an NFL playoff game next year, following in Peacock’s footsteps, by Chris Morris
BEFORE YOU GO
Beware Afghan TLDs. It’s easy to forget how many top-level domains (the ends of web addresses) are tied to particular countries or territories. The “.ly” TLD is Libya’s, “.io” refers to the Chagos Islands, whose inhabitants were banished to clear space for a U.S. military base, and so on. Which explains why, as 404 Media reports, a Mastodon instance called “queer.af” has just had its domain shuttered—“.af” is Afghanistan’s and Afghanistan is run by the Taliban, who are far from supportive of such communities.
This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.