Luxembourg and its liberal policy on cryptographic technologies has led to the emergence of a group of specialists campaigning for the use of absolute encryption.
by: Delphine Sabattier
featured: Jean-Christophe Le Toquin
Listen to article
Do you encrypt your e-mails and data? Maybe it is a part of your 2020 resolutions? Of course, encryption is an effective way to ensure the confidentiality of your personal information, but it still is stuck at the usage level. “Cryptography is perhaps the most difficult part of cybersecurity as it has an extremely high level of abstraction. It is carried out by people who have a technical background, and do not necessarily have the reflex or natural appetite for communication! Add to this military and intelligence origins and you will understand why there is still an enormous amount of evangelization work left to be done,” acknowledges Jean-Christophe Le Toquin, public affairs advisor for cybersecurity and cybercrime technology companies. From observation to action, the expert became the coordinator of Encryption Europe in Luxembourg at the beginning of 2019.
To date, the alliance has seven members (*): European SMEs committed to making encryption simple, useful and reliable for all. Another pitfall of encryption is that for a long time it has been reserved only for economic players who could afford these technologies. The last few years have been more favourable to its broader adoption. Even the general public now has the right to free encryption of communication (on the WhatsApp app, for example).
“Our members do not accept any compromise of keys. We encrypt end-to-end and leave no intentional backdoor.”
But the grey area remains. What exactly is encrypted? Communication? The storage of exchanged data (photos, videos)? Who has the key to decrypt it? The provider or the users? “We have both a problem of democratization and transparency, opines Jean-Christophe Le Toquin. This is why we have come together within Encryption Europe: we want to promote default encryption of communications, but we also want to promote good practices and a common European vision.
One of the major points between democratic countries that have liberalized the use of cryptography is whether it is possible to decrypt what has been encrypted. Free encryption, which would no longer allow decryption, could fall into the hands of terrorist or mafia organisations. In addition, some governments require technology providers to maintain a channel of access to the data. Luxembourg has not made that choice. And this is one of the reasons why the Encryption Europe alliance was created here: “Our members do not accept any compromise of keys. We encrypt end-to-end and leave no intentional backdoor. Any weakening of encryption, whether through the creation of backdoors or by handing over keys to third parties, compromises confidence in the digital world,” says Jean-Christophe Le Toquin.
In France, however, the coordinator of the alliance also wears another hat, which makes him particularly wary of the need to collaborate with the authorities. He is the president of Point de Contact, a service for reporting illegal content. “Of course, the Alliance is aware that encryption is a complexity for the authorities. But citizens must also be allowed to protect themselves against threats to their communications and privacy,” explains Jean-Christophe Le Toquin. On a personal level, I personally advocate a balance to ensure the protection of citizens against criminals and ill-intentioned state forces. On the other hand, it is also necessary to have a strong and transparent policy for the use of data analysis technologies in public spaces and equipping the authorities with the tools to do so. If you have strong encryption on one hand and under-equipped police officers on the other, you are at risk! ».
Will this line be representative of a unified Europe in the future based on the use of encryption? Still very small, the alliance has received the support of SECURITYMADEIN.LU and hopes to make its voice heard through a clear discourse on a highly technical subject. Its first political gesture for 2020 will be to join the Paris Call for the trusted cloud.
(*) PEP Security, Tetraguard systems, OnePrivacy, Seezam, INCERT, Lybero, Solutions.lu