The increasing encryption, especially of messenger services, makes the investigators of law enforcement agencies “blind and deaf”. With this depiction of the “going dark” scenario, the new Swedish Presidency of the EU Council of Ministers calls for a new debate on the fight against organized crime in the digital era and heralds another round in the ongoing Crypto Wars.
“Digital services are increasingly being misused by criminals to commit crimes such as child sexual abuse, online rape, fraud, ransomware attacks or attacks on critical infrastructure,” writes the head of the council in a preparatory paper for an informal meeting of interior and justice ministers of the member states on Thursday in Stockholm. Online services have long been “also an important tool” with which criminals can “incite, plan and commit crimes, advertise and offer criminal services and operate illegal marketplaces”.
Great need, no concrete proposals
For Sweden, one thing is certain: criminal prosecutors and the judiciary need significantly more data. They face “a number of challenges”. Examples include the “need for increased international cooperation to ensure access to evidence”, a “clear framework for data retention” and the need for “effective concepts for encrypted communication”. The document does not contain any concrete proposals for this, such as circumventing encryption using state Trojans or installing backdoors in programs that would endanger IT security.
Council leadership fears law enforcement will be significantly impacted. Investigative tools could “often no longer be used due to developments such as the use of encryption technologies, which are incompatible with lawful access from the outset”. If no new approaches were developed, the authorities “remained further and further behind the digital developments”. “Safe online havens of impunity could emerge, where anonymity is maintained at the expense of individual security and the security of society as a whole.”
Measures taken so far are not sufficient
Although the EU has already “taken a wide range of political measures”, the presidency has not escaped the notice. These included the e-evidence package for access to cloud data and the no less controversial Council resolution on security through and despite encryption from 2020. In it, the EU countries are pushing for access options to communication in plain text and stronger cooperation with the IT industry. However, this is not enough for the Presidency. It must be about clarifying practical questions about legal access to digital information about Europol and Whois registers about owners of domains and IP addresses.
Sweden refers to a ruling by the European Court of Human Rights from 2008, according to which the basic right to confidential communication is not absolute and must be balanced with comparable claims such as the prevention of crime. The needs of the judiciary and the police in protecting society must be “comprehensively taken into account” in EU policy in all areas, such as in the work on the regulation for artificial intelligence with the bone of contention of biometric facial recognition.
Expert group warns against panic
The presidency wants to discuss with the ministers, for example, which skills and instruments need to be further expanded or developed. She also wants to know whether a new framework might be necessary without duplicating existing structures. At Council level, there are already several permanent working groups that deal specifically with law enforcement and internal security and are constantly launching new monitoring initiatives.
At the same time, the “going dark” mantra does not become any more valid with constant repetition. A US group of experts came to the conclusion in 2016 that prosecutors should not panic. The business models of the majority of social network operators are based on unencrypted user data for personalized advertising. The Internet of Things also brings with it a flood of image, video and audio data that can often be intercepted in real time. European security authorities have also managed to siphon off large-scale communications from more or less well-encrypted services such as EncroChat, Sky ECC and Anom.
Leave a Reply