- The EU HLG (high -level group) now considers VPN among the “key challenges” for research work.
- End -to -end encryption is also mentioned in the final report as the greatest technical challenge
- Experts ask for restriction and consideration in measures, fearing that civilians carry “state spyware in their pockets”
For the first time, a group of EU experts has explicitly mentioned the VPN services as “key challenges” for the research work of the law enforcement agencies, together with encryption devices, applications and new communications operators.
The final report of the group also refers to the end -to -end encryption as “the biggest technical challenge.”
Known as the High Level Group (HLG), the group of experts was commissioned by the EU Council in June 2023 to develop a strategic plan “in access to data for the application of the effective law.”
Legal data access by design
The first set of HLG recommendations leaked to the public in June last year. The objective was simple: to make the digital devices that we use every day, from smartphones and smart houses to IoT devices and even cars, legal and technically monitable at all times by the laws of application of the law.
When commenting on this plan, the Mullvad VPN CEO, Jan Jonsson, told Techradar at that time: “Total surveillance would be meant and that the inhabitants of Europe carry a state spyware in their pockets.”
The final wording of the LHG report of March 13, 2025 shows that it has not changed much from the original spirit. However, recommendations to achieve “access to legal data by design” are more refined.
As mentioned, experts are now considering including VPN services among the key challenges for research.
Previously, the concerns were mostly reserved for messaging applications or sure email software that used encryption to reveal the user’s content in an illegible, de facto way, which makes it difficult (if not impossible) for the authorities successfully decipher the desired information.
The application agencies of the EU Law, North America and Australia continue their work to obtain future legal access to private communications within the EU initiative that darkens. We also notice that VPNs are mentioned under “key challenges” .https: //t.co/ktu9hlzre0March 18, 2025
Expanding the objective to VPN services seems to align with the opinion of experts about access to metadata as “essential to identify suspects.”
The metadata refer to data that are not aware of the content, such as who is sending the message, who is receiving it, at what time and from where. VPNS works to mask the IP addresses, which provide the details of our location when we access the Internet.
However, for experts, EU legislators must find solutions to force service providers to retain some necessary metadata for a minimum period of time. Fortunately, the need for a “harmonized and consistent” legal framework for data retention is among the latest LHG suggestions.
However, the introduction of new obligations to collect the identifiable metadata of users would collide with the technical infrastructure and policies of many services focused on privacy. That is especially true for VPN without registration that, as the name implies, never collects information that can link users with their online activities.
The security cons
Despite the emphasis on the need for the authorities to access people’s data to carry out research, LHG experts recognize that “this should not be at the expense of fundamental rights or the cybersecurity of systems and products.”
In particular, the report stands out on more than one occasion how encryption is also essential for people’s safety, protecting against data theft, spying sponsored by the State and other forms of access to unauthorized data.
Did you know?
The sequels of salt typhoon attacks caused a protest from the authorities so that all citizens change to applications of messages similar to the signal to improve their online safety.
It remains to be seen how EU legislators will find a balance between the will to access people’s data, regardless of whether they are encrypted and preserve information security.
On their side, cryptographers and other technology experts have argued for a long time that encryption works as planned or is broken for all.
When commenting on the continuous impulse by the rear encryption doors, the CEO of Proton, Andy Yen, said recently: “The encryption is mathematics: it adds or does not. You cannot create a rear door that will preserve the encryption. It simply is not possible.”
You may also like
