EU gearing up to extend telecom security rules to WhatsApp and Skype

The European Union (EU) is all set to introduce telecom security rules to web services such as Facebook's WhatsApp and Microsoft's Skype as well as Apple's FaceTime. The security rules currently apply to telecom companies such as Vodafone and Orange.

The European Commission is expected to propose rules for web firms that offer calls and messaging services over the internet next week.

The draft proposal accessed by Reuters suggests that over-the-top (OTT) services must ensure security of their services such as reporting breaches to authorities, besides having contingency plans and strategies for service continuity.

Some security obligations in the proposal are to be lighter for services like WhatsApp. The draft reads, "Providers of such services should thus ensure a level of security commensurate with the degree of risk posed to the security of the communications services they provide.

"Therefore, whenever it is justified by the actual assessment of the security risks involved, the security requirements ... should be lighter."

The web firms will need to notify authorities "without undue delay" if there is a security breach that has a significant impact on their services. The document adds that the OTT services that allow users to make calls like Skype Out and Viber Out will have to offer emergency calls.

As for consumers in the EU, the commission is considering giving the right to affordable basic broadband to perform activities like checking emails and getting access to online banking.

Some tech firms such as Google and Facebook that offer end-to-end encryption on their messaging services argued there is no need to extend the telecom rules to internet services.

Facebook in its response to the commission's plan to extend rules to online services indicated it would "no longer be able to guarantee the security and confidentiality of the communication through encryption" as governments would be able to restrict confidentiality rights for security purposes.

Facebook said, "Therefore, any expansion of the current ePD (ePrivacy Directive) should not have the undesired consequence of undermining the very privacy it is seeking to protect."