The „decryption platform“ at Europol plans to switch to supercomputers soon. A working group is looking for ways to counter end-to-end encryption. By the end of the year, the Commission plans to present a study on how internet providers can break these secure connections and report criminal content to the relevant authorities.
For years, the European Commission has been calling for law enforcement authorities to have more access to encrypted communications. The Council, in which the Member States are organised, also adopted conclusions to this effect three years ago. In addition, the European Union’s “ Anti-Terrorism Co-ordinator“ Gilles de Kerchove regularly publishes papers calling for the elimination of secure communications. Most recently, Kerchove drew attention to the gaming community and its chats with end-to-end encryption.
At EU level, Europol is responsible for reading encrypted communications and storage media. The police agency has set up a „decryption platform“ for that. According to Europol’s annual report for 2018, a „decryption expert“ works there, from whom the competent authorities of the Member States can obtain assistance. The unit is based at the European Centre for Cybercrime (EC3) at Europol in The Hague and received five million euros two years ago for the procurement of appropriate tools.
Success rate of „Hashcat“ software at 39%
However, only content and storage media that are protected with simple passwords can be cracked. Europol uses the software „Hashcat“ for this purpose, which runs on a cluster with graphic processors from the company Nvidia and uses brute force attacks to try out known passwords. In its first year of existence, the „decryption platform“ has been used in 32 cases. In its annual report for 2019 Europol names another 59 cases, the success rate is accordingly 39%. A total of more than 1,750 password-protected mobile devices were investigated.
In the future, the „decryption platform“ is to use supercomputers of the European Union. For this purpose, Europol has concluded an agreement with the Joint Research Centre of the EU Commission, according to which the attacks on encrypted content are to be carried out in Ispra, Italy, at Lake Maggiore. Europol says, however, that the commissioning of the facility, which was planned last year, has been delayed and is now to take place in the summer of this year. Problems have therefore arisen with the secure connection between Ispra and Europol’s control room in The Hague.
Europol is also organising training courses to teach the relevant techniques. In 2019, the agency has set up two „decryption expert groups“ for this purpose. One group is aimed at forensic investigators from Member States, which are trained in the use of „Hashcat“. The Agency is working on a „decryption handbook“, which is intended to serve as a training material.
„Expert Process“ in the EU Internet Forum
Europol’s second „expert group“ is explicitly dedicated to the search for technical and legal options against end-to-end encryption. Their efforts are being listened to by the Commission, which published its current „Strategy for the Security Union“ on Friday, announcing new measures against encryption. The focus is on child sexual abuse, for which the Commission has issued a further communication „EU strategy for a more effective fight against child sexual abuse“.
Internet service providers such as Google, Facebook and Microsoft are to create opportunities to read end-to-end encrypted communications. If criminal content is found, it should be reported to the relevant law enforcement authorities. To this end, the Commission has initiated an „expert process“ with the companies in the framework of the EU Internet Forum, which is to make proposals in a study.
This process could later result in a regulation or directive that would force companies to cooperate. In the study, the Commission therefore wants to look at the „regulatory and operational challenges“ to decryption. However, this should not be the end of the story, as the question of anonymity and encryption on the Internet and darknet will be considered in another „comprehensive“ study. It will identify „legislative gaps, best practices and priority actions“ in the fight against child sexual abuse. The results of both studies should be available by the end of 2020, at which point implementation will be discussed.