The Portuguese Presidency is calling for an EU-wide regulation on access to encrypted content by police and judiciary. This should also affect device manufacturers. Failure to comply could result in companies being banned from doing business in the EU.
The European Union is to adopt a legal framework on decryption in the near future so that authorities can access „lawfully relevant data“. This was written by the Portuguese EU Council Presidency in a Communication which also presents a roadmap for this purpose. An important milestone is a proposal for „way forward“, which the EU Commission will prepare by 2022.
The paper from Portugal has been coordinated with the previous German and the upcoming Slovenian EU Presidencies. The German Ministry of the Interior had taken a new initiative against end-to-end encryption at the start of this so-called trio presidency and adopted a Resolution and Conclusions on the implementation of decryption capabilities. It states that the member states themselves should decide on the methods they use. „EU Council and Commission: New roadmap for access to encryption“ weiterlesen
Since 2016, the Council and Commission of the European Union have been working on ways to decrypt digital content. After setting up a department at Europol, the Internet companies are now being urged to cooperate more. They are to provide police and secret services with decrypted data on request.
Within the framework of its EU Council Presidency, the German government wants to achieve a declaration on encrypted communication on the Internet. This common line taken by all member states should put pressure on service providers to introduce appropriate solutions for decrypting. According to a Council document published yesterday by the British Civil Liberties Organization, the individual governments are to send their position to an e-mail address of the German Ministry of the Interior by October 7. After that, the Standing Committee on Operational Cooperation on Internal Security (COSI) will decide on how to proceed. There, the national interior ministries are coordinating among themselves. „German Ministry of the Interior plans EU declaration against encryption“ weiterlesen
The planned EU e-Evidence regulation is intended to force Internet service providers to cooperate more with police and judicial authorities. However, a survey shows that the companies already comply with their requests voluntarily. But they are often incorrect and thus rejected.
The police from Germany, France and Great Britain request by far the most data from Internet service providers. This is the result of a study by the SIRIUS project, which Europol has published on its website. 38% of all requests (67,991) come from German authorities. Although the so-called G6 countries (Germany, France, the UK, Poland, Spain and Italy) represent half of the EU population, their authorities are responsible for around 90% of crossborder internet surveillance activities.
The SIRIUS platform located at the police agency Europol in The Hague is intended to facilitate the exchange of knowledge on electronic evidence. Via a secure connection, authorities in all EU member states can obtain information on how to query Internet service providers. This applies to traffic, user and content data, which are released in different ways. SIRIUS also contains instructions for „Open Source Internet Searches“ (OSINT) and for conducting queries on user data from various service providers. This enables the persons behind IP addresses or mail accounts to be determined. „Europol Study: Disclosure of electronic evidence often fails due to incompetence of authorities“ weiterlesen
The EU is increasing the surveillance in its Member States. US authorities could soon also wiretap legally in Europe
The new European Parliament is to be constituted in September, after which the EU Commission will be re-elected. The governments of the member states use this phase to put far-reaching surveillance measures on track. This week the Justice and Home Affairs Ministers debated this on their Council meeting in Luxembourg.
Data retention is right at the top of the agenda. EU-wide, Internet and telephone providers are to be forced to store data on customers and their communications for years. If necessary, these could later be queried by police authorities or secret services. Although the European Union adopted a corresponding directive in 2006, it was declared invalid ten years later by the European Court of Justice (ECJ). As a result, many member states issued national regulations that differ in the depth of intervention or storage period. „EU surveillance state“ weiterlesen
The FBI could soon demand sensitive communication data from European Internet service providers. It would also be possible to have the data retrieved in real time. With this, the European Union wants to make the Trump administration weigh the possibility of being able to query „electronic evidence“ on Facebook & Co.
The EU Commission wants to negotiate an agreement with the US government that forces Internet providers based in the European Union to cooperate more with US authorities. The companies would have to grant police forces and secret services from the USA access to the communication of their users. European prosecutors would then also be able to issue an identical order directly to Facebook, Apple and other Internet giants. The legal process via the judicial authorities that has been customary up to now is to be dropped. „US authorities want to legally intercept telecommunications in Europe“ weiterlesen
Police and judicial authorities are to have easier access to cloud data in the USA. To this end, a decree of the US government will also apply in the EU member states. As part of the „Budapest Convention“, US authorities could also knock directly on the door of European Internet companies.
The European Commission has today submitted two negotiating mandates for easier data retrieval from Internet companies. Their purpose is to facilitate access to „electronic evidence“ in the US. This is also possible via the EU-US Mutual Legal Assistance Agreement or bilateral mutual recognition procedures. However, this existing international legal process takes up to 10 months. But allegedly, the EU member states only make use of this laborious procedure in around 4,000 cases a year. „European Commission wants to facilitate access to servers in third states“ weiterlesen
The European Investigation Order in criminal matters allows judicial authorities in all EU Member States to instruct each other to collect evidence. It also sets forth provisions for cross-border telecommunications surveillance. The European standardisation institute ETSI is consequently working on interfaces for the hand-over of intercepted phone calls.
By May 22nd, the Member States of the European Union have to transpose the European Investigation Order in criminal matters (EIO) into national law. The Directive defines cross-border cooperation between judicial authorities including courts, investigating judges and public prosecutor’s offices. In the future, an “issuing State” can oblige an “executing State” to gather evidence in criminal proceedings. This entails inter alia conducting investigations.
It also sets forth provisions for the “temporary transfer of persons held in custody”, hearings by video or telephone conference or the use of the European arrest warrant to transfer people (including temporarily) to courts of another state. There is a dedicated chapter on telecommunications surveillance and the transfer of the “electronic evidence” gathered during such. „Project SMILE: Interface for European telecommunications interception“ weiterlesen
When conducting digital investigations, authorities often run up against the problem that the data they are looking for is stored on servers abroad or that service providers do not respond to requests. The European Commission is therefore working to develop uniform standards. A number of companies are already cooperating in these efforts.
The European Union intends to make it easier for the police and secret services to access servers belonging to Internet providers. This is set out by a position paper by the European Commission on gaining access to e-evidence, which was discussed at the recent Justice and Home Affairs Council. The paper contains proposals for implementing the Council conclusions on “Improving criminal justice in cyberspace” of June of this year. Allowing authorities to submit direct enquiries to companies is on the table. „E-evidence: Internet companies in the USA to facilitate direct enquiries by European authorities“ weiterlesen
The European Union is discussing access by law enforcement authorities to encrypted communications in a number of papers, working groups and new cooperation forums. The “crypto debate” begun around a year ago on ways to circumvent encryption or access protected communication has gained new momentum.
Most recently, the Luxembourg Council Presidency sent out a paper setting out the challenges posed by “Internet communication channels and multiple social media” to the Member States. The paper expresses the view that new “encryption based technologies” are increasingly hampering or rendering impossible effective investigations. According to this paper, these technologies are of particular significance not only in the area of “counter-terrorism policies”, but also of “anti-radicalisation measures”. „EU puts circumvention of encryption back on the agenda“ weiterlesen