Securing private communications: Protecting private communications security in EU law: fundamental rights, functional value chains and market incentives

As we increasingly depend on private communications security and realize our private communications are systematically insecure, communications security has become a major concern for law- and policymakers around the world. This study researches the central question: how should the EU lawmaker protect private communications security?
The study contains the first in-depth historical analysis in the legal literature of over three decades of EU communications security law (Part I). Subsequently, the study researched concepts and tools for the EU lawmaker in fundamental rights law, computer science and the political sciences (Part II). The study then developed of a procedural model for EU communications security legislation, which was tested in two case studies on communications protocol HTTPS and ‘cloud’ communications through the lens of the Snowden disclosures, operation MUSCULAR in particular (Part III).
The study concludes (Part IV) that the EU lawmaker can and must augment private communications security, but fails to integrate crucial fundamental rights, socio-technical and market developments. The study therefore recommends a fundamental reconceptualization of EU communications security law and offers five suggestions on how to reorganize its very foundations:
i) Afford basic and comprehensive protection to meet new positive obligations from EU fundamental rights law;
ii) Make explicit the implicit and covert capture of the EU policy agenda by national security interests of the Member States and align these with fundamental rights;
iii) Afford protection along the entire functional value chain of networked communications, rather than merely to ‘personal data’ or a narrow set of market actors.
iv) Correct deep and persistent market failures in networked communications;
v) Use the analytical model of Part III as a new departing point for protecting private communications.
It is the first academic study of its kind on the thorny conundrum of securing private communications through EU law.