In a landmark ruling that spells the end for ChatControl, the European Court of Human Rights (ECHR) yesterday banned the weakening of E2EE (end-to-end encryption) (1). The decision was based on the recognition that encryption provides strong technical safeguards against unlawful access to the content of communications and is therefore widely used as a means of protecting the right to respect for private life and the privacy of correspondence online.
The court considers that in the digital age, technical solutions for securing and protecting the privacy of electronic communications through encryption measures contribute to ensuring the enjoyment of fundamental rights. These include freedom of expression and the right to privacy.
Encryption also helps citizens and businesses defend themselves against misuse of information technologies, such as hacking, identity theft and personal data, fraud and improper leaking of confidential information. This should be considered when evaluating measures that could weaken encryption.
The Court concludes that the challenged legislation, which provides for the retention of all Internet communications of all users, direct access by security authorities to stored data without adequate safeguards against misuse, and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be considered necessary in a democratic society. To the extent that this legislation allows state authorities to access the content of electronic communications on a general basis and without adequate safeguards, it violates the core right to respect for private life under Article 8 of the European Convention on Human Rights. The respondent state (Russia)has therefore exceeded any acceptable margin of judgment in this regard.
"The Court concludes from the foregoing that the contested legislation providing for the retention of all Internet communications of all users, the security services' direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society. In so far as this legislation permits the public authorities to have access, on a generalised basis and without sufficient safeguards, to the content of electronic communications, it impairs the very essence of the right to respect for private life under Article 8 of the Convention. The respondent State has therefore overstepped any acceptable margin of appreciation in this regard."
This historic decision sets a powerful precedent for protecting digital privacy and highlights the critical role of encryption in maintaining the security and privacy of online communications. The ruling sends a clear message to governments and regulators about the importance of protecting digital rights and freedoms. The ruling underscores the need for lawmakers to balance national security with protecting the privacy and freedom of their citizens in the digital age.
(1) https://hudoc.echr.coe.int/eng/#{%22itemid%22:[%22001-230854%22]}
