Access to data-in-clear of encrypted communications and stored data presents several difficult and controversial issues and continues to create tensions between key stakeholders, including law enforcement and the judiciary and civil society organisations, leaving policy makers with the mammoth task of balancing all the important considerations in this debate. Thus far efforts to identify technical solutions that are feasible and proportionate and which safeguard fundamental rights have struggled to reconcile all the equities. In the midst of this discussion encryption continues to develop and become the main means to safeguard a number of online technologies, including electronic communication services, online storage spaces, mailboxes etc...This further complicates the encryption landscape, and significantly challenges criminal investigations.

This third report of the Observatory Function on encryption builds on previous reports and looks at the relevant technical and legislative developments, re-visiting some topics, which deserved further consideration. In the interim between this and previous reports, there have only been a few developments in European Union (EU) Member States’ national legal regimes to incorporate new provisions that tackle the challenge of encryption in criminal investigations. These new approaches can be categorised into two distinct parts: one deals with tools that directly tackle encryption and the others category provides for tools to gain access to content before it is encrypted, or after it is decrypted and bypass encryption altogether. This is further underpinned by jurisprudence that exemplifies the use of the provisions mentioned. Insights are shared on encryption in the context of cross-border cases. Eurojust here identifies two key focuses; cases in which decryption of the tool used by criminals is the main focus of the investigation and ‘spin-off cases’ where the focus is on other aspects rather than decryption, but where the decrypted communications among criminals are required as evidence. An analysis of considerations ancillary to decryption, such as the need to find legal means to decrypt electronic communications, admissibility of evidence obtained from decrypted devices, and the sharing of such data with other law enforcement agencies in the context of cross-border cases is explored.