ProtonBlog(new window)
An illustration of four locks.

EU citizens’ rights are under threat from anti-encryption proposals

Share this page

In December 2020, The Council of the European Union released a five-page resolution that called for the EU to pass new rules to govern the use of end-to-end encryption in Europe. We strongly oppose this resolution because it foreshadows an attack on encryption(new window).

We were not the only European-based end-to-end encrypted service that was alarmed by the EU’s sudden shift against privacy. Along with Threema, Tresorit, and Tutanota, we are sharing the following joint statement:


Proton Mail, Threema, Tresorit, Tutanota, January 28, 2021 — On Privacy Day, European end-to-end encrypted services Proton Mail, Threema, Tresorit, and Tutanota are calling on EU policymakers to rethink proposals made in December’s Council Resolution on Encryption(new window).

The Council’s stated aim of “security through encryption and security despite encryption” — and the backdoors to encryption that this would require — will threaten the basic rights of millions of Europeans and undermine a global shift towards adopting end-to-end encryption. In response, these four leading European technology companies reject any attempts to use legal instruments to violate citizens’ privacy and stand up to protect the rights of people and businesses choosing end-to-end encryption.

While it’s not explicitly stated in the resolution, it’s widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors. However, the resolution makes a fundamental misunderstanding: encryption is an absolute. Data is either encrypted or it isn’t; users have privacy, or they don’t. The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizen’s home and might begin a slippery slope towards greater violations of personal privacy.

Last year’s unprecedented shift to remote work saw tens of millions of individuals and businesses turning to technologies like end-to-end encryption to ensure their digital security and privacy. More recently, after more people became aware of WhatsApp sharing data with Facebook, users are switching to privacy-first, end-to-end encrypted services in record numbers. People around the world are taking back control of their privacy, and often it’s European companies helping them do it. It seems illogical that policymakers in the EU would now push for laws that fly in the face of public opinion and undermine a growing European technology sector.

The Resolution has effectively given the European Commission the go ahead to start preparing concrete proposals over the coming months. But, as Proton Mail, Threema, Tresorit, and Tutanota point out, the Commission should remember that, from a technological point of view, it is impossible to provide any kind of access to end-to-end encrypted content, even targeted access in a lawful process, without critically weakening the whole system.

“This is not the first time we’ve seen anti-encryption rhetoric emanating from some parts of Europe, and I doubt it will be the last. But that does not mean we should be complacent,” said Andy Yen, CEO and Founder of Proton Mail, the Swiss end-to-end encrypted email service. “Put simply, the resolution is no different from the previous proposals which generated a wide backlash from privacy-conscious companies, civil society members, experts, and MEPs. The difference this time is that the Council has taken a more subtle approach and avoided explicitly using words like ‘ban’ or ‘backdoor.’ But make no mistake, this is the intention. It’s important that steps are taken now to prevent these proposals going too far and keep European’s rights to privacy intact.”

“Companies rely on end-to-end encryption for protecting their trade secrets and confidential information. Citizens use apps that follow the zero-knowledge design goal to communicate freely without being tracked and monetized and to exercise their statutory right to privacy. Young European companies are now at the forefront of this revolution in technology and data protection. Experience shows that anything that weakens these achievements can and will be abused by third parties and criminals alike, thus endangering the security of all of us. With the abundance of open-source alternatives, users would simply switch to those applications if they knew a service was compromised,” Martin Blatter, CEO of Threema, the end-to-end encrypted instant messaging application, said. “Forcing European vendors to bypass or deliberately weaken end-to-end encryption would not only destroy the European IT startup economy, it would also fail to provide even one bit of additional security. Joining the ranks of the most notorious surveillance states in this world, Europe would recklessly abandon its unique competitive advantage and become a privacy wasteland,” he added.   

“This resolution would seriously undermine the increasing trust individuals and businesses place in end-to-end encrypted services and threaten the security of users who simply wish to share information securely or leverage end-to-end encryption as part of data protection compliance. We find this resolution especially alarming given the EU’s previously progressive views on data protection. The General Data Protection Regulation (GDPR), the EU’s globally recognized model for data protection legislation, explicitly advocates for strong encryption as a fundamental technology to ensure citizens’ privacy. These new proposals are irreconcilable with the EU’s current stance on data privacy: the current and proposed approaches are at complete odds with each other, as it is impossible to guarantee the integrity of encryption while providing any kind of targeted access to the encrypted data,” Istvan Lam, Co-founder and CEO at Tresorit, the end-to-end encrypted file sync & sharing service, said.

“Encryption is the backbone of the internet. Every EU citizen needs encryption to keep their data safe on the web and to protect themselves from malicious attackers. With the latest attempt to backdoor encryption, politicians want an easier way to prevent crimes such as terrorist attacks while disregarding an entire range of other crimes that encryption protects us from. End-to-end encryption protects our data and communication against eavesdroppers such as hackers, (foreign) governments, and terrorists. By demanding encryption backdoors, politicians are not asking us to choose between security and privacy. They are asking us to choose no security,” said Arne Möhle, Co-Founder at Tutanota, the German end-to-end encrypted email provider.

As the recent scandal of WhatsApp’s privacy policy changes demonstrates, even if a service uses end-to-end encryption, user data can still be misused. European service providers Proton Mail, Threema, Tresorit, and Tutanota are committed to protecting their users’ data with transparent privacy policies beyond securing communications with end-to-end encryption.


Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Protect your privacy with Proton
Create a free account

Share this page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail