The ECtHR in Podchasov v. Russia – Preserving Encryption And Denying Backdoors

by | Aug 27, 2024

author profile picture

About Kabir Singh, Sarvika Singh and Abhay Raj

Kabir Singh is a prolific writer with a keen interest in the intersectionality of law and technology while holding editorial positions in various law journals. | Sarvika Singh is a scholar with a deep passion for arbitration, international private law and international human rights. Her work at the intersection of arbitration and international private law highlights her commitment to shaping effective legal frameworks and practices in a globalised world while respecting human rights. | Abhay Raj is an Associate at TLP Advisors, a UAE-based legal and strategy consulting firm. He is keen on exploring the complexities of technology and regulation, focusing on regulatory issues and disputes.

On 13th February 2024, the European Court of Human Rights (ECtHR) pronounced the seminal judgment of Podchasov v. Russia, holding that the weakening of end-to-end encryption (“E2EE”) or creating backdoors infringes upon the human right to privacy, per Article 8 of the ECHR. From the 90’s Crypto Wars to various contemporary surveillance cases, this is the first time an international Court has explicitly adjudicated and upheld the necessity of E2EE in online communications, marking a watershed victory for privacy globally.

Understanding Encryption and E2EE

Encryption converts plain-text data into unintelligible forms for anyone else except the intended recipient, establishing confidentiality and preserving data integrity. David Kaye, the UN Special Rapporteur notes that encryption is necessary for the protection of key human rights by creating a ‘zone of privacy’, which further protects the freedom of opinion and expression. Hence, encryption is protected under various international conventions, such as the ICCPR (Articles 17 & 19), the UDHR (Articles 12 & 19) and the ECHR (Articles 8 & 10).

While there exist various kinds of encryption, E2EE particularly stands out for its unique nature of preventing even the host platform from accessing the data between the sender and receiver. Indeed, as per the UN, E2EE is ‘the most basic building block’ for privacy on modern messaging applications, such as WhatsAppTelegramInstagram, etc. E2EE’s uniqueness makes it technologically impossible for messaging platforms to comply with law enforcement demands (impossibilium nulla obligatio est), given that tracing the originator of even a single message would require disabling E2EE for all the users on that platform.

Podchasov vs. Russia – A Brief Overview

E2EE’s distinctiveness has opened a new chapter in the “Privacy vs. National Security” debate, prompting a legislative trend mandating E2EE breakdown on messaging platforms across various nations, such as the UK, the EU, and the USA. Joining this legislative trend is Russia, which via Section 10.1(4.1) of the Russian Information Technology Act, mandated digital communication providers to store all user data, including content, and furnish law enforcement (the Federal Security Serve (“FSB”)) with decryption capabilities – for specified durations. Telegram opposed this order arguing that ‘decoding of communications’ of specified users would create a backdoor jeopardising encryption for all 700 million monthly active users, given the unique nature of E2EE.

The Court in Podchasov evaluated three distinct yet interconnected infringements upon the rights of the applicant. Firstly, there was the overarching issue of bulk retention of personal communication data. Secondly, the Court scrutinized the FSB’s ability to access such data with minimal judicial oversight. Thirdly, a more targeted concern involved the accessibility of end-to-end encrypted communications, coupled with the obligation to divulge decryption keys.

Protection of E2EE under Freedom of Opinion and Expression – A Missed Opportunity?

This article primarily centres on the third issue, specifically the breakdown of E2EE. The Court observed that the breakdown of E2EE would extend beyond targeting specific individuals, affecting all users inclusively, regardless of any perceived threats [57, 77]. Introducing backdoors could facilitate indiscriminate surveillance practices, posing vulnerabilities to exploitation by illicit networks and fundamentally compromising the overall cybersecurity of electronic communications for all users [65, 77]. Furthermore, the Court noted various viable alternatives to the breakdown of E2EE, making the Russian legislation disproportionate to the legitimate aims it pursued [78, 79].

While scholars have critiqued the judgment for its procedural fetishism, an overlooked point is the Court’s singular reliance on the right to privacy (Article 8, ECHR) to prevent the breakdown of E2EE. In our view, the Court failed to sufficiently consider the interrelation between E2EE and the freedom of expression and opinion (Article 10, ECHR). David Kaye noted that encryption enables privacy to act as a gateway for freedom of opinion and expression, protecting the same from arbitrary and unlawful interference. Recognising the protection of E2EE under the right to freedom of opinion and expression provides it with an extra layer of legal protection, given that its threshold of violation differs from the right to privacy.

Conclusion – A Guiding Light

Regardless of any criticism, it is undeniable that Podchasov is a strong statement against the breakdown of E2EE globally. As noted earlier, there have been legislative efforts around the world to end E2EE, such as the EU’s CSAM Proposal, the UK’s Online Safety Act 2023, Australia’s (Assistance and Access) Act 2018, the USA’s EARN IT Act, etc. The said proposals have been met with fierce criticism, with some already being challenged in the respective nation’s courts. Being the first of its kind on an international level, Podchasov holds great potential in serving as a guiding light for domestic courts globally, in upholding the legality of E2EE – for the sake of preserving the human rights to privacy and the freedom of opinion and expression.

 

Share this:

Related Content

0 Comments

Submit a Comment