Europe’s police chiefs and the police agency Europol are once again acting as political actors. They have issued a joint statement expressing concern that the Meta corporation is enhancing privacy standards for millions of users on its platform. Meta is currently rolling out end-to-end encryption for communication on Instagram and Facebook, albeit with some delay.
In this process, the police see the danger of lawless spaces, or as they put it: “spaces beyond the reach of law enforcement authorities.” This argumentative pattern of “Going Dark” and the recipient, Facebook, are far from new, but the words of the European police chiefs are all the more alarmist. Europol Chief Catherine De Bolle is quoted as follows:
“Our homes are becoming more dangerous than our streets, as crime moves to the internet. To ensure the safety of our society and its people, this digital environment must be secured. Technology companies have a social responsibility to create a safer environment in which law enforcement and justice can operate. If the police are no longer able to gather evidence, our society will not be able to protect people from becoming victims of crime.”
“Identifying harmful and criminal content” In a joint statement (PDF), apparently decided upon at a meeting of European police chiefs in London, it is stated that the encryption currently being implemented at Meta would hinder law enforcement agencies from obtaining evidence to prevent and prosecute serious crimes such as sexual child abuse, human trafficking, drug smuggling, murder, economic crime, and terrorist offenses.
According to the police chiefs, technology companies are responsible for both identifying and reporting “harmful and criminal content” on their platforms and providing evidence for law enforcement purposes. The statement asserts that our societies have not tolerated spaces beyond the reach of law enforcement where criminals could communicate safely.
If one breaks down this demand a bit, it would also entail obligating pubs to preemptively record conversations of their patrons, search for specific content, and retain the recordings for the police. It’s also interesting to note that, for the European police chiefs, it’s not just about criminal content they want to identify and report, but also “harmful” content – which falls outside the purview of law enforcement agencies, especially since it’s unclear what that entails.
“Security-by-Design” Regarding encryption, the police chiefs write: They do not accept “that there must be a binary choice between cybersecurity or data protection on the one hand and public security on the other” – and therefore propose the term “Security by Design,” which is already established. While the original concept refers to IT security, the police chiefs now prioritize “public security” as the highest goal and conceptually differentiate themselves from the established concept of “Privacy by Design.” “Security by Design” would thus ensure that technology companies are able to identify and report “harmful and illegal activities.”
The technology for this already exists, it just requires flexibility from both companies and governments. However, the joint statement fails to specify what existing technology is being referred to – such as client-side scanning, ghost users, backdoors and master keys, or weak encryption. In general, the text remains technically vague, blending encryption with anonymity at one point to compare Meta’s encryption initiative with the darknet.
At the end of their statement, the authorities call for new powers from legislators: “We call on our democratic governments to create frameworks that provide us with the information we need to protect our citizens.”
This is criticized by Linus Neumann, spokesperson for the Chaos Computer Club, referring to previous Five Eyes lobbying against Facebook: “It is fascinating how transparent and brazenly the police authorities engage as a public lobbying group of the Five Eyes right after a visit to London.” Usually, security authorities do not need open letters to be heard by their respective ministries. “Here, security authorities are campaigning to erode civil liberties,” Neumann continues.
EU working group is already undermining encryption While the open letter suggests that the police are essentially victims without political backing, the European Union set up a High-Level Expert Group (HLEG) against encryption and anonymity last year, postulating the principle of “Security by Design.” In the initial sessions, the security apparatus mostly kept to itself, as reported.
Accordingly, the demands of the working group were as follows: They desire their own access for investigative authorities to IT devices and applications, preferably endorsed by standardization bodies, and sell this as “Security by Design.” Additionally, they want to reintroduce data retention across Europe and obtain more data from messengers like Signal, which prioritize data minimization and encryption.
At the four meetings, for which redacted participant lists are available, there were almost exclusively representatives from EU institutions and police forces of EU countries, alongside representatives from Europol, Eurojust, or the counterterrorism coordinator. Non-governmental organizations, on the other hand, were virtually excluded initially, then complained – and were subsequently heard for the first time.
Even in the development of chat control legislation, security authorities played a central role. Intelligence representatives and police forces from various countries were involved early on, as documented by netzpolitik.org research. As a result, the approaches that emerged aimed at weakening and circumventing encryption.
The myth of Going Dark The postulate of “Going Dark” due to encryption is scientifically controversial. A Harvard University study in 2016 concluded: While individual channels may become more difficult to monitor in the future, new surveillance methods are simultaneously emerging. The advancing digitization also provides law enforcement with numerous new investigative approaches they did not have before. This was also confirmed by a study from the Dutch Ministry of Justice in 2023, which stated that the police have always had to consider alternatives to obtain relevant information.
In recent years, police authorities have demonstrated that despite the existence of encryption, they have repeatedly achieved investigative successes against various forms of crime using both traditional and creative investigative methods. Even in the now resurrected darknet.
There has always been “panic” against crypto. But in the end, nobody can control it.
The same discussion year after year 😛