The EU is looking to improve its capabilities to circumvent and crack encryptions. Member states are to invest in hardware and software with Europol coordinating these efforts
The police agency Europol is set to receive a further 5 million euros to reinforce its capabilities with regard to decrypting content, as was reported by the European Commission in its Thirteenth progress report towards an effective and genuine Security Union. According to the report, the money will be set aside in the Europol budget for 2018. The Commission had already pledged these funds in its twelfth progress report, but did not disclose the amount until 24 January. Prior to this, the EU home affairs ministers had called for further support at their December meeting.
It is envisaged that Europol will help member states’ criminal police forces to crack encrypted content or circumvent such encryptions. This applies to both telecommunications and encrypted devices. The agency “should assess the technical and legal aspects of the role of encryption in criminal investigations” on a regular basis. Two weeks ago, Europol hosted a workshop with the police forces of the member states in The Hague.
The European Cybercrime Centre (EC-3), which is also part of Europol, will create a “decryption platform” featuring a “tool box” kitted out with the necessary hardware and software. Europol will be reinforced with an additional 19 staff members for this purpose.
The European Union is providing half a million euros for training national experts, and the training courses are being developed by the EU police academy CEPOL. National competence centres could be set up in the member states to this end, the development of which could be supported using funds from the European Union’s Internal Security Fund (ISF). Europol could coordinate the national centres.
The Council of the European Union, which brings together the governments of the member states, goes even further still. According to the Council, the competent authorities should investigate “weaknesses in algorithms and implementations” in order to be able to exploit “possible errors”. The European Commission will step up cooperation with the private sector with a view to developing decryption capabilities. Companies could provide “specialised hardware and software with adequate computational capacity” to crack passwords through “intelligent analysis”. In order to crack weak encryptions, the authorities should ensure that they collect information on “possible passphrases, phrase fragments, character set, password length” in investigative proceedings.
In addition to the new budgetary resources, Europol could also receive funds for the “decryption platform” from the research framework programme Horizon 2020. In December, the Commission hosted a workshop on cybercrime for the Safe, Secure and Resilient Societies research strand that focused on topics including digital forensics and electronic evidence.
The Council and Commission proposals are now under further discussion at EU level. The recently established European Judicial Network for Cybercrime (EJCN) is among the bodies involved.
Image: Europol-Hauptsitz in The Hague (OSeveno/CC BY-SA-3.0)
