The EU agency for law enforcement has recognised the increasing difficulty of police authorities in Europe to access data stored on encrypted networks, as the EU itself attempts to find legal solutions that will facilitate police access to protected communications.
In Europol’s 2020 Internet Organised Crime Threat Assessment published on Monday (5 October), the agency surveyed the latest trends in cybercrime, highlighting one issue that has for a number of years frustrated police investigations: encrypted communications.
“For several years now, the advancement and increased implementation of certain technological developments have complicated the ability of law enforcement to gain access to and gather relevant data for criminal investigations,” the report notes.
“One of the most prominent examples in this regard remains the widespread use of encryption, which contains many benefits from a security perspective but is also a development that criminals have gratefully used to their advantage.”
Europol’s concerns related to the access of potentially criminal communications has further been exasperated with the introduction of new technologies into the consumer environment. One burgeoning technology that has law enforcement concerned in the EU, is 5G.
In January, the European Commission is working alongside Europol and EU member states to “identify appropriate ways of preserving lawful interception capabilities in 5G networks,” according to Ylva Johansson, the EU’s home affairs Commissioner.
New challenges for law enforcement authorities will arise with the gradual onset of 5G in Europe because the technology employs 256-bit encryption that allows for unprecedented levels of privacy and anonymization in mobile communications networks.
The news had provoked the concern of many of the privacy-conscious in Brussels, with German leftist MEP Cornelia Ernst saying that any move to weaken privacy protocols in next-generation telecommunication networks would only provide for unwarranted “eavesdropping opportunities.”
Involvement of private sector
Moreover, recently leaked Council documents reveal that the German presidency of the EU is attempting to find a consensus between EU nations on creating ‘legal solutions’ that would facilitate the police in their ongoing investigations of encrypted communications networks.
One document obtained by Statewatch notes that “there is a need for a regulatory framework that safeguards the advantages of end-to-end encryption without compromising the ability of law enforcement agencies and judicial authorities to protect the general public”.
It added that in order to preserve the crime-fighting capacities of EU police authorities, “new solutions may be required with the support of service providers.”
Although the Commission appears to be against any such solution that could mandate the possible technical weakening of encryption technology, the EU executive has also suggested turning to private companies in order to find solutions for how they can best assist law enforcement agencies in their quest for accessing criminal data.
“There should be no single prescribed technical solution to provide access to the encrypted data,” a Commission services note reads. “Companies providing the encryption for their products can contribute to identifying the best solutions.”
In this vein, Europol’s report published on Monday notes their desire for more collaboration with the private sector, in order to identify the means by which law enforcement agencies could gain greater access to encrypted networks.
“Due to these emerging technologies used by criminals and the opportunities new technology may pose for law enforcement, even more intense thinking beyond law enforcement cooperation is required, including with the private sector,” the report states.
In terms of wider risks in the world of encrypted communications, Europol’s 2020 assessment also hones in on the circulation of child sexual abuse material online. The report finds that “one-to-one distribution and sharing among larger groups routinely takes place on social networking platforms and widely used encrypted communication applications such as WhatsApp.”
In this regard, the Commission put forward a proposal earlier this year, allowing for a derogation from the ePrivacy directive and new definitions introduced under the European Electronic Communications Code, which comes into force on 21 December this year.
The derogations would allow for communications platforms to continue to monitor child sexual abuse material across their platforms.