The EU police agency will soon receive a new regulation that will allow sensitive personal data to be used for research purposes. Corresponding projects are already underway. As early as next year, the EU border agency wants to use an AI-based lie detector for immigration control.
The European police agency Europol has existed in The Hague since 1999. Its tasks include the storage and processing of data generated in the course of police investigations. Europol has set up a comprehensive Europol Information System (EIS) for this purpose, which currently contains around 1.3 million objects and 250,000 persons. It is filled by police forces from EU member states using a „data loader“ in an automated procedure. In addition, the agency operates files on various crime areas in so-called analysis projects, including, for example, terrorism, organised crime, cybercrime or drug-related crime.
Europol is only competent if a crime that has been committed or is suspected of being committed affects two or more member states. In this case, however, the agency may also process information on contact persons, witnesses or victims of a crime. This data is processed by a software that searches for so-called cross-matches. Europol hopes that this search for connections between crimes or perpetrators will lead to new investigative approaches.
Personal data for training „law enforcement algorithms“
The European Data Protection Supervisor criticised this procedure last year, pointing out that there is no legal basis for a dragnet search of mass data. Currently, the EU member states are discussing the recast of the Europol Regulation, according to which Europol is to be allowed such „sift through large data sets“ in the future. In the Commission’s proposal, this is referred to as „big data“.
The regulation should also make it possible to use the extensive personal data for the „development, training, testing and validation“ of algorithms. This is what Europol’s deputy director, Jürgen Ebner, had presented at a high-level conference of the database agency eu-LISA in November last year. Operational data would have to be used for training „law enforcement algorithms“ because only these are „reflecting reality“.
The proposals include that Europol should carry out an impact assessment and inform the EDPS before the start of individual programmes for „research and innovation“ if they involve the processing of personal data based on algorithms. Europol is also supposed to publish the number of such projects. Somewhat hidden there is also the indication that this also includes „AI-based tools“.
Processing „enormous quantities of data“
The EU Commission announced the increased use of algorithms for law enforcement in a „White Paper“ a year ago. Artificial intelligence is therefore one of the focal points of the newly established „Innovation Laboratory“ at Europol, with which the agency is to coordinate EU security research in various fields. Europol also acts as an observatory on „risks, threats and opportunities“ of new technologies. With the „Innovation Laboratory“, Europol also conducts its own research in corresponding programmes. They are funded by the Commission through the Horizon 2020 research framework programme. With PROTON and INSIKT, two of these projects have already been completed, and three others are currently underway.
The „Immerse Interact Investigate“ (INFINITY) project, with a budget of 6.8 million euros and led by the armaments division of the Airbus Group, is intended to make it easier to search „enormous quantities of data“ for anomalies. The focus is on „cyber criminals, terrorists and hybrid threats“. An end-to-end encrypted system is to enable authorities in different member states to work on joint investigations with the help of augmented reality technologies. The findings obtained in the process are to be usable in court.
Under the title „Analytics for Law Enforcement Agencies“ (AIDA), Europol is also researching the prediction of cybercrime and terrorism with police authorities, companies and institutes. The participants want to develop a „descriptive and predictive data analytics platform“ and associated „tools“ for searching mass data. The total project costs 8.9 million euros, most of which will be borne by the Commission.
Research with Trojan authorities
The project „Global Response Against Child Exploitation“ (GRACE) deals with offences involving the sexual exploitation of children. The technology is supposed to automatically recognise material offered on the internet; it is also used to search image and video files seized in the course of investigations.
The project description also fits methods for decrypting files sent via messenger services. The EU member states had urged this in a resolution last year and demanded technical as well as legal solutions against messenger-based end-to-end encryption. Presumably, this is why Germany’s Trojan agency ZITiS is also participating in the project.
The new AI tools would presumably be used in the „Data Analysis Development Team“ that Europol recently set up in The Hague. The „highly specialised“ unit is to provide „technical and analytical“ support to the investigations of the various centres at Europol. A planning document cites the use of geodata, monitoring of publicly available sources on the internet and satellite imagery as specific areas.
Frontex profiling of travellers
While Europol is still researching artificial intelligence, Frontex is already a step ahead. The EU border agency operates the central unit of the new „Travel Information and Authorisation System“ (ETIAS). All travellers then have to answer 15 questions to a digital avatar before entering the European Union and are observed for conspicuous facial expressions using their webcam. If the system deems an answer to be a lie, the person is checked accordingly when crossing the border later.
Profiling software works in the background of the lie detector, which first compares the persons willing to travel with relevant databases and a „watch list“ managed by Frontex. ETIAS uses predefined risk indicators and screening rules, which Frontex is also responsible for creating. With iBorderCtrl, the Commission has already funded a corresponding research project.
Eu-LISA has now proposed another programme in which the use of artificial intelligence is to be researched. The agency refers to the ETIAS Regulation, which explicitly calls for „automated profiling of travellers“. According to a new Europol document, this would be „one of the first use cases“ in which artificial intelligence is used in a large EU database. The technology is expected to be available at the latest when ETIAS becomes operational at the end of 2022.