Data protection: Stronger right to encryption in Messenger

With the help of peer-to-peer or end-to-end encryption, messenger services can be used with a high level of data protection. A corresponding obligation is now finally to be introduced to ensure that service providers guarantee this level of security.

Data protection in every messenger

Article 10 of the German Basic Law regulates, among other things, the right to adequate encryption when using IT systems. Federal Minister of Transport and Digital Affairs Volker Wissing (FDP) now wants to apply this basic right to messenger services. So-called number-independent interpersonal telecommunications services are to offer peer-to-peer encryption in this sense. This obligation can only be waived in exceptional cases, which must be fully justified by the service in question. The legal term covers pretty much everything that even resembles a messenger service. This includes services such as WhatsApp, Signal, iMessage and Facebook Messenger.

Encryption is standard

Strictly speaking, the obligation should have come into force long ago. After all, for once the market in this field was faster than the legislation itself. As data protection is naturally also becoming increasingly important for customers of messenger services, the majority of providers have already established high standards such as end-to-end encryption of their own accord. According to Netzpolitik.org, the Ministry of Digital Affairs now considers it an important and correct step to introduce this obligation.

After all, some messengers only offer comprehensive encryption in a half-hearted form. The best example is probably Telegram. Although peer-to-peer encryption can be used in individual chats, it is not available in group chats. Of course, the whole thing is particularly annoying if the customers themselves are not even aware of when they are communicating in encrypted and unencrypted form. However, the new obligation will also apply to email communication and cloud services. Internet forums and websites, however, are excluded. These are not covered by telecommunications secrecy.

• Also interesting: Cybersecurity: theft of email access data is on the rise

Effectiveness for data protection is questionable

If you take a look at the draft law, you may well become skeptical. After all, strictly speaking, there is no real obligation here, as Netzpolitik.org points out. Instead, the operators merely have to offer their users the option of using this encryption. Furthermore, users’ efforts to do so must not be hindered by any obstacles.

• Have you seen it yet? Digital Markets Act: iMessage remains exclusive to Apple

The effectiveness for data protection must also be questioned in that the draft legislation also contains clear exceptions to encryption. For example, one clause regulates the access possibilities of authorities despite peer-to-peer encryption. Whether Wissing is actually strengthening the fundamental right to telecommunications privacy with this project or whether it is not just a media-effective campaign can therefore be critically questioned.