Connect with us


What’s all this about Europe wanting crypto backdoors?



A press report emerged over the weekend claiming European lawmakers who are worried about terrorism are speeding towards a ban on end-to-end encryption. Spoiler: It’s a little more nuanced than that. Read on for our break down of what’s actually going on… 

Is Europe about to ban E2E Encryption?


A report in the Austrian press yesterday appeared to suggest a ban incoming on end-to-end encryption which the headline linked to a recent terror attack in the country. In fact there have been discussions ongoing between Member States on the topic of encryption — and whether/how to regulate it — for several years now.

The report is based on a draft resolution of the Council of the European Union (CoEU), dated November 6. Per the draft document a final text, which could incorporate further amendments, is due to be presented to the Council on November 19 for adoption.

The CoEU decision-making body is comprised of representatives of Member States’ governments. It’s responsible for setting the political direction for the bloc however it’s the European Commission which is responsible for drafting legislation. So this is not in any way ‘draft EU legislation’.

One Commission insider we spoke to who’s involved in cyber security strategy couched the resolution as a “political gesture” — and most likely an empty one.

What does the CoEU draft resolution actually say? 

It starts by asserting the EU’s full support for “the development, implementation and use of strong encryption” — which would be a very odd position to hold if you also intended to ban E2EE.

Then it discusses “challenges” to public security that flow from criminals having easy access to the same technologies that are used to protect vital civic infrastructure — suggesting criminals can use E2EE to make “lawful” access to their communications “extremely challenging” or “practically impossible”.

This is of course a very familiar discussion in security circles — regularly fuelled by the ‘Five Eyes’ nations’ push for greater surveillance powers — and one which recurs repeatedly in relation to the technology industry owing to developments in communications tech. But note the CoEU does not say access to encrypted data is actually impossible.

Instead the resolution moves on to call for discussion of how to ensure the powers of competent security and criminal justice authorities can be preserved — while ensuring full respect for due legal process and EU rights and freedoms such as (notably the right to respect for private life and communications; and the right to the protection of personal data).

The document suggests a “better” balance should be created between these competing interests. “The principle of security through encryption and security despite encryption must be upheld in its entirety,” is how it’s phrased.

The specific call is for “governments, industry, research and academia… to work together to strategically create this balance”.

Click to access 783284_fh_st12143-re01en20_783284.pdf

Does the draft resolution call for encryption to be backdoored?


Indeed, the Council of Ministers specifically writes [emphasis ours]: “Competent authorities must be able to access data in a lawful and targeted manner, in full respect of fundamental rights and the data protection regime, while upholding cybersecurity. Technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity and proportionality.”

So the push here — beyond the overarching political push to be seen to be doing something ‘pro-security’ — is for ways to improve targeted access to data but also that such targeting respect key EU principles that link to fundamental rights (like privacy of communications).

That doesn’t sum to an E2EE ban or backdoor.

But what does the resolution say about the legal framework? 

The Council of Ministers want the Commission to carry out a review of relevant existing regulations with relevance to ensure it’s all pulling in the same direction and therefore contributing to law enforcement being able to operate as efficiently as possible.

There is a mention of “potential technical solutions” at this point — but again the emphasis is on any such law enforcement aids supporting the use of their investigatory powers within domestic frameworks that comply with EU law — and a further emphasis on “upholding fundamental rights and preserving the advantages of encryption”. Security of information is a vital advantage of encryption previously discussed in the document so it’s essentially calling for preserving security without literally spelling that out. 

This portion of the draft document has several strike-throughs so looks most likely to be subject to wording changes. But for a signal of the direction of travel one bit of rewording emphasises the need for transparency should there be joint working with comms services providers on developing any “solutions”. (And a backdoor that everyone is told about obviously wouldn’t be a backdoor.)

Another suggestion in the draft calls for upskilling relevant authorities to boost their technical and operational expertise — aka more cyber training for police.

In a final section, joint working to improve relevant co-ordination and expertise across the EU is again highlighted by the CoEU as key to bolstering authorities’ investigative capabilities.

There is also talk of developing “innovative approaches in view of new technologies” — but the conclusion makes a point of stating clearly: “there should be no single prescribed technical solution to provide access to encrypted data”. Aka no golden key/universal backdoor.

So there’s nothing to be worried about then? 

Well, the Commission may feel some pressure over the issue as it works on its new cyber strategy so it could get some political push on specific policy ideas — although we’re unlikely to see anything much on this front before next year. The CoEU isn’t setting out any policy ideas yet. At most it’s asking for help formulating some.

TechCrunch spoke to Dr Lukasz Olejnik, an independent cybersecurity researcher and consultant based in Europe, to get his thoughts on the draft resolution. He agreed there’s no broadside against E2EE in the draft, nor any near-term prospect of legislation flowing from it. Indeed, he suggested the CoEU appears not to know what to do — hence looking to outside experts in academic and industry for help.

“First, there is no talk of backdoors. The message sets things clearly with respect to encryption being important for cybersecurity and privacy,” he told us. “As for the topic of this document, it is a long-term process in the exploratory phase now. Problems and ideas are identified. Nothing will happen immediately.

“It’s not getting even near to banning E2EE. It appears they do not know what to do exactly. So among the ideas is to perhaps set up a ‘high level expert group’ — the document speaks about engaging ‘academia’. This process is sometimes initiated by the Commission to identify ‘recommendations’ which may or may not be used in the policy process. It would then revolve around who would get to be admitted to such a group, and this varies a lot.

“For example the AI group was seen as quite reasonable, while the other dedicated one on disinformation was in fact geared towards the EU media figures rather than researchers or concrete expertise. We do not know where all this will lead.”

Olejnik expressed doubt that the Council could drive legislation on its own in this case, given the complexity involved. “It’s too premature to speak of any legislation,” he said. “Legislative process in the EU can be quite complex to understand but the EU Council would be unable to pull such a complex thing on their own.”

But he did highlight the CoEU’s coining of the phrase ‘security despite encryption’ as a noteworthy development — suggesting it’s unclear where this novel framing might lead in policy terms. So, as ever, the security debate around encryption demands a close eye.

“What I find of particular importance is coining the term ‘security despite encryption’. It is both unfortunate and ingenious. But the problem with this technology policy term is that it may consciously blend policy understanding of (physical?) security with technology security, as guaranteed today by encryption. This puts the two in direct opposition,” he said, adding: “Where the fallout would lead is anyone’s guess. I believe this process is far from over.”

But couldn’t there be a push to introduce some kind of ‘lawful intercept mechanism’ across the EU?

There would be huge challenges to such a step given all the EU legal principles and rights that any mechanism would need to respect.

The CoEU’s draft resolution reiterates this multiple times — highlighting the need for security activity to respect fundamental rights like privacy of communications and principles of legality, transparency, necessity and proportionality, for example.

Domestic surveillance laws in several EU Member States have also recently been found falling short in this regard by Europe’s highest court — so there would be a clear path to challenging any security overreach in the courts.

That means that even if some kind of intercept mechanism could be pushed through an EU legislative process, via enough political will to drive it, there’s no doubt it would face fierce legal challenge and the prospect of being unpicked by the courts.

Asked for a view on the notion put forward in the draft resolution — of seeking a “better” balance between security and privacy — and whether it might be a push towards something like the ‘ghost protocol’ advocated by GCHQ in recent years as an “exceptional access mechanism” (but which critics argue would both undermine user trust and introduce a blanket security risk that’s all but equivalent to a backdoor) — Olejnik told us: “Undermining encryption is a tricky territory because modern technology goes in a direction of more security, not less. In modern security ecosystems it would be hard to imagine a lawful intercept functionality known from the telecommunication infrastructure. For private business it’s also a question of trust. Can the individual users freely move their social interactions online even further? It’s a question measured in billions of dollars.”

Continue Reading


Primer, the fintech helping merchants consolidate the payments stack, raises £14M Series A



Primer, the U.K. fintech that wants to help merchants consolidate their payments stack and easily support new payment methods in the future, has raised £14 million in Series A funding. The round was led by Accel, who I understand were quite proactive in persuading Primer to take the VC firm’s money.

The young company wasn’t actively fund-raising, having quietly raised £3.8 million in funding announced in May. Instead, the team was heads down building out the product and wooing potential customers by holding technical workshops and in-depth interviews over Zoom with 100 merchants — activity that didn’t go unnoticed.

Also participating in the Series A are existing investors: Balderton, SpeedInvest and Seedcamp, who were joined in the round by new backer RTP Global. Sonali De Rycker, partner at Accel, will join Primer’s board.

Founded by ex-PayPal employees – via PayPal’s acquisition of Braintree — Primer wants to offer one payments API to (hopefully) rule them all, with the explicit aim of bringing greater transparency to a merchant’s payment stack.

The thinking is that larger merchants, especially those that operate in more than one geography, have to support an array of payment methods, which brings with it significant technical overhead, a poor user experience, and lack of transparency.

Primer, now described as a “low code” platform, carries out a lot of that heavy-lifting on behalf of merchants and while remaining steadfastly payment method agnostic. By doing so, the idea is to reduce friction when adopting new payment methods as they come to market, and be able to provide better insights into things like how well each checkout option is performing.

As well as payment-service-providers (PSPs), the platform has connectors for fraud providers, chargeback services, subscription billing engines, BI tools, loyalty and rewards platforms. Both payments and non-payments services can be “seamlessly connected to the checkout experience and payments flow via workflows, enabling merchants to unify their fraud migration efforts, build sophisticated transaction routing, and solve complex flows – all with no code,” explains Primer.

Primer says the additional funding will be used for international business development and scaling its team. Billed as a remote-first company, Primer has 23 employees across six countries, and says it has already picked up traction across mid-market and large enterprise e-commerce merchants across Europe.

Comments Paul Anthony, Primer’s co-founder and head of product and engineering: “During our time at PayPal, we saw first-hand the technical burden online merchants face trying to offer the best payments experiences to their customers globally. Our low-code approach enables merchants’ payments teams to manage and expand their payments ecosystems, and maintain sophisticated payments logic with a familiar workflow UI”.

Meanwhile, the new investment brings Primer’s total funding to £17.8 million, and comes only a few weeks after the initial launch of the company’s platform.

Continue Reading


Gillmor Gang: Electrical Banana



Thanks I’m giving for the start of the first big online season. Yes, the pandemic has put in place a gigantic move to the digital for our immediate and accelerated future. We all know how this plays out in the required state of things pre-vaccine. But there’s an undercurrent not so hidden there of a dynamic answer to my wife’s stubborn question: Where’s my Jetpack?

She’s a child of the 60s, a post-Beatles time of imploding dreams and dashed expectations. James Bond got to fly a Jetpack, but the telltale burned gasoline exhaust made the effect an artifact of what wasn’t going to happen. In an electric decade and noise-canceling AirPods, maybe it’s more likely to surface than not, but if so, what’s the next Jetpack?

My vote is for the electric newsletter, a notification engine that knows what I’m tracking, projects the trends circulating my core peers, and invests proactively in the products we want to accelerate. It’s a self healing economy, a research coordinator, a humor and media rewarder. On the Gang, we use a blend of live streaming, backchannel notifications, and everything up to but not including a newsletter.

From its earliest days, Twitter promised a future where RSS authority would be mined in a social context. What I mean by that is RSS delivered the ability, the chair in the sky opportunity Louis C.K. described, the chance to explore the world alongside the artists formerly known as accredited journalists. It was always a tough sell for the displaced gatekeepers, but flash forward to today and you can see they’re all bloggers and podcasters now.

The moment the meritocracy window opened, the definition of success moved to the readers, the viewers, the social enterprise as Marc Benioff insisted. Software as a service mined those social signals as fuel for what the iPhone delivered in the mobile wave. Now the mobile economy is expanding to the silicon on the desktop. M1 seems like an evolution, but its entry point on consumer laptops is designed to produce network effects in the same way Office 97 boosted Windows 95 into orbit.

So where is this electric newsletter if it’s so important? As a vehicle for finding stuff I didn’t know I cared about, newsletters suffer from too many of them with too few business models driving them. Subscriptions derive revenue but reduce the network effects of advertising supported subsidy of firewalls. You get reach but quantity explodes. Context glut is not a pretty thing, either.

Our early attempts at constructing a Gang newsletter spawned the realtimeTelegram feed; its group-shared notification stream valuable as much for what we skipped as when we dipped in to it. As a framing device for the Gillmor Gang recording sessions, we could anticipate both what we wanted to talk about and what we wanted to avoid. Trump fatigue gets burned off in Telegram, while science and innovation get drilled down on and fleshed out in advance.

Adding a Twitter feed (follow @gillmorgang) pushes Likes and retweets into the mix. The live recording stream generates Facebook Watch Parties and additional comments. An edited version here on TechCrunch adds this related commentary. But where’s the newsletter for all these live pieces?

Perhaps the answer goes back to the Jetpack? It may not be the Jetpack we are looking for, but rather the components that make up this stream as a service. A Jetpack offers the dream of instant teleportation without the traffic jams or being polite about your Uber driver’s musical taste. Zoom already offers some of that promise, where saving the commute opens up hours in your day. Zoom-enabled shopping and delivery management will go a long way.

As Donovan presciently proclaimed, Electrical Banana gonna to be the very next phase. My electric newsletter is the perfect definition of a pipe dream. It’s not so much as when it’s going to get here as what.


The Gillmor Gang — Frank Radice, Michael Markman, Keith Teare, Denis Pombriant, Brent Leary, and Steve Gillmor . Recorded live Friday, November 20, 2020.

Produced and directed by Tina Chase Gillmor @tinagillmor

@fradice, @mickeleh, @denispombriant, @kteare, @brentleary, @stevegillmor, @gillmorgang

For more, subscribe to the Gillmor Gang Newsletter and join the backchannel here on Telegram.

The Gillmor Gang on Facebook … and here’s our sister show G3 on Facebook.

Continue Reading


Firstminute Capital launches second $111 fund, featuring a whos-who of founders as LPs



London HQ’d Firstminute Capital has announced its second early-stage venture fund of $111m (£87m). Founded and cornerstoned in 2016 by Brent Hoberman CBE (best known as co-founder of and, together with Spencer Crawley (formerly of Goldman Sachs), this new fund comes after the first fund of $100M, giving Firstminute $211M assets under management, investing across Europe and the US at the seed stage.

Firstminute’s team of 18 is based in London, Stockholm and Berlin and now has plans to open an office in LA next year.

Of note is the fact that its LPs now number 70 founders of billion-dollar businesses as investors, and that Firstminute is being so open. VCs typically do not reveal much information about LPs. Hoberman has clearly also leveraged his position as founder of the Founders Forum group which runs events and activities for European tech founders.

The fact that so many founders – largely drawn from the ranks of European startups – have invested is unusual, certainly for European VC funds. It includes 16 founders of $10bn+ “decacorn” technology businesses, including Palantir, Wayfair, Ocado, MongoDB, Zalando, Supercell and Check Point, as well as founders from Huda Beauty, Graphcore and Rappi. Included are board members and CEOs from large technology companies.

RIT Capital Partners is the fund’s anchor investor. This is their first such position in a European venture capital firm. They previously backed leading US funds including Sequoia, Benchmark, Thrive and Iconiq. Additional institutional investors include the Chinese technology giant Tencent, FMCG conglomerate Henkel, London-based venture fund Atomico and four Californian multi-stage firms.

The existing Fund I portfolio consists of 56 companies that have collectively raised approximately $0.5bn in funding.

Firstminute says half of its current portfolio companies have UK headquarters, with the remaining half split between continental Europe and North America. Two-thirds of the businesses are B2B and one third are B2C.

Hoberman said in a statement: “European technology is reaching escape velocity, and it’s fantastic to enable so many global serial entrepreneurs to give their experience to the next generation: we have over 70 unicorn founders joining us on this journey so far, and more to come as we approach final close. Seed venture investing is attracting ever higher quality backers which will help more founders succeed.”

Crawley, firstminute Co-founder & General Partner, said: “Our healthcare systems, workplaces and educational establishments face fresh complexities. The service economy is having to re-imagine itself. The gap between financial markets and the real economy is growing wider (with the young most at risk). Start-ups are not a panacea, but emerging technology companies have a key role to play in today’s recovery strategy, both in their mindset and the products they will create.”

I asked Hoberman to what extent was the internationalization of the fund‘s geographical footprint related to Brexit?

“Some investors have asked us about the risks of Brexit to a UK-based fund and it’s been great to highlight the international nature of our approach,” he said. “The potential threats of a bad Brexit deal ensured we moved faster to cover more geographies.”

I also asked him what advantages or disadvantages does having so many founders as LPs confer on the fund?

“Operators understand the rollercoaster of the founder journey well. They know the path to success is rarely linear. They have lived the scaling journey with all its challenges. They can impart this wisdom to the next generation.

“These founders know about blitzscaling, board management, prioritization, fundraising, internationalization and above all the role of talent and teams. This knowledge can make the difference between failure and extraordinary success.

“Furthermore successful founders often have world-class network, useful for hiring, internationalization and business development deals,” he said.

Firstminute also announced some team changes. Arek Wylegalski, formerly of Index Ventures, has joined as a partner for Fund II. Arek was a Venture Partner with the firm during Fund I. Lina Wenner, formerly of BCG, has been promoted to Associate Partner, and Camilla Mazzolini, Clara Lindh Bergendorff and Sam Endacott have been promoted to Principals. Min Nolan, Head of Platform & Operations, and Anais Benazet, Head of Community, lead the portfolio support function, whilst Henry Lane-Fox, Steve Crossan and Tommy Stadlen continue to invest as venture partners.

The backers of firstminute capital funds include the founders and/or executives from the companies listed below:

firstminute LPs – Founders of $10bn+ companies, include:

Joe Lonsdale (Palantir Technologies), Robert Gentz (Zalando), Niraj Shah (Wayfair), Tim Steiner (Ocado), Marius Nacht (Check Point), Kevin Ryan (MongoDB), Ilkka Paananen (Supercell), Adyen, Autonomy, Airtel.

firstminute LPs – Founders of $1bn+ companies, include:

Sebastian Mejia (Rappi), Ross Mason (MuleSoft), Pete Flint (Trulia), Martin Migoya (Globant), Vikrant Bhargava (PartyGaming), Martin Varsavsky (Jazztel, Fon, Eolia), Fabrice Grinda (OLX), Steve Fredette (Toast), Rafi Gidron (Chromatis), Simon Nixon (Moneysupermarket), Lars Hinrichs (XING), Johan Brand (Kahoot), Huda Kattan (Huda Beauty), Tom Chapman & Ruth Chapman (Matchesfashion), Nigel Toon (Graphcore), Carl Pei (OnePlus), Hanzade Dogan (Hepsiburada), Barry Smith (Skyscanner), Sir Charles Dunstone (Carphone Warehouse), Hamish Shephard (HelloFresh), Alexander Rittweger (Payback), Marketshare,, BlaBlaCar, Qunar, Net-a-Porter, Fox Kids Europe, Webhelp, Betfair, Datamonitor, Tradex Technologies, Zoopla.

firstminute LPs – Current or Former CEOs and Chairs, include:

Eric Schmidt (former Chairman and CEO, Google), Michael Lynton (Chairman, Snap and Warner Music Group, former CEO and Chairman, Sony), Sir Paul Ruddock (Co-founder & former CEO of Lansdowne Partners, Chairman Oxford University Endowment), Lord Mervyn Davies (Chairman of Corsair Capital, former Minister and Standard Chartered CEO & Chairman), Linda Fayne Levinson (former Chairwoman of Hertz), Jeremy Coller (Founder, Chairman and CIO Coller Capital), David Giampaolo (Chairman, Gousto), Ian Gallienne (CEO, Sienna Capital), Alexander de Carvalho (Co-founder & CIO of, Heineken NED), Babatunde Soyoye (Co-founder and Managing Partner, Helios Investment Partners), Nextdoor, PicsArt,, Nordeus, Kinnevik AB, JCDecaux Holdings.

firstminute LPs – Institutional Investors, include:

RIT Capital Partners, Tencent, Atomico, Henkel, Felicis Ventures, The Raine Group, LionTree Partners, Lombard Odier.

Continue Reading