What are the challenges in law enforcement that encryption and data protection bring?

25 February 2020

On 18 February, EIF hosted a lunch debate where participants discussed the interplay between encryption, data protection and law enforcement. The debate was co-hosted by MEPs Patrick Breyer and Rasmus Andresen and featured the following speakers:
- Maximilian Schubert, President of EuroISPA
- Ceren Ünal, Regional Policy Manager Europe, Internet Society
- Birgitta Jónsdóttir, Internet Archive Fellow, Electronic Frontier Foundation
- Bert Hubert, Founder of PowerDNS
- Cathrin Bauer-Bulst, Acting Head of the Cybercrime Unit, DG HOME, European Commission

#EIFasks - Encryption, data protection and law enforcement

MEP Breyer opened proceedings by reiterating the importance of discussing these matters, as the right to privacy is about power: “The right to privacy protects the powerless from abuses by the powerful. If we don’t uphold this right, there is a risk that the power balance in our society may shift”. “Encryption benefits society”, he added, while also calling for standardisation in order to preserve confidentiality of private life and businesses. MEP Breyer considered trainings of police staff as a necessity: we need specialised units with knowledge and capacity of dealing with digital evidence: “A 20th century police cannot deal with 21st century crime”.

MEP Andresen seconded MEP Breyer’s opinion on the importance of these discussions especially at the beginning of the parliamentary term, as it will affect many of the Parliament’s files in the years to come.

Max Schubert stated that EuroISPA supports strong encryption as an aspect of security. For this reason, backdoors should be avoided, as they undermine security, and trust is essential: “Users need to trust the system”. Mr. Schubert highlighted the importance of metadata, which could actually be “more revealing than content, which can be encrypted”. “We need to make sure that law enforcement has access to the information”, he concluded.

Encryption is essential for law enforcement, in Ceren Unal’s opinion, but also for the foundation of trust in order for the world to reap the internet’s benefits. “In Europe, privacy and security are no contradiction, but it is about device security vs national security”. Ms Unal stated that it is impossible to create exceptions without vulnerabilities: “Exploits are not safe in the hands of governments or companies working for them”. New liability rules, such as the ones drafted by the EU, could be used to undermine encryption.

Birgitta Jonsdottir, former Member of the Icelandic Parliament, brought to the table the civil society perspective, stating that “all laws and policies should be made with the worst possible scenario in mind: a dictator having access to the 'backdoors’. We should then ask ourselves if we still want them”. Moreover, Ms. Jonsdottir reiterated the importance of making policies accessible to everyone: “We should use language that people understand”.

Bert Hubert kicked off his presentation by stating that we live in a ‘golden age’ for law enforcement: “never has there been so much data available”. He then offered an example of the GSM encryption which was made in order for the NSA to intercept it and can now be intercepted by just about anyone. In his opinion, Google and Facebook would be able to solve most crimes, quite quickly, thanks to the amount of data that they have. “Law enforcement has always complained about new technology. It is not about black or white, but by finding the right balance”.

In Cathrin Bauer-Bulst’s view, companies have an important role on fighting illicit online activities. She shared Facebook’s case study, where their ‘photo DNA’ technology contributed to the rescue of many child sexual abuse victims. “We shouldn’t lose sight of the rights of victims of crime. Data protection is not a challenge to law enforcement, but encryption could be used to create lawless spaces”.
In conclusion, Ms. Bauer-Bulst enumerated a few of the actions through which the European Commission aims to support law enforcement:
- The creation of a decryption facility to facilitate investigation
- Trainings for law enforcement officers
- The development of a handbook
- The creation of a network of experts for knowledge sharing and best-practices exchange

  • #encryption
  • #dataprotection

Videos

  • 1:09:27 Geo-blocking: the next steps
  • 6:03 Patrick Breyer MEP - Encryption, data protection and law enforcement
  • 2:56 Rasmus Andresen MEP - Encryption, data protection and law enforcement

Related content