TZUTC: -0500
MSGID: 1181.consprcy@1:2320/105 2cb6bbb3
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Europol doesn't only want an encryption backdoor, but also your metadata

Date:
Tue, 17 Jun 2025 13:34:01 +0000

Description:
Europols 2025 Internet Organized Crime Threat Assessment (IOCTA) indicates
E2EE apps as an obstacle to investigations and calls for better rules on
metadata collection and tracking.

FULL STORY

Criminals are increasingly exploiting end-to-end encrypted apps to impede
police investigations, according to Europols 2025 Internet Organized Crime
Threat Assessment (IOCTA). 

The report also warns that current metadata collection practices are too
limited, further complicating the work of law enforcement. This is why 
Europol highlights the need to establish lawful access by design to encrypted
communications, alongside EU standards for the targeted retention and access
to metadata. 

Europol's recommendations echo the EU Commission's plan for creating an
encryption backdoor for law enforcement  something experts are said to be
"deeply concerned" about.

The encryption conundrum 

Online services, like the best VPN , email, messaging apps, and other apps,
employ end-to-end encryption (E2EE) to guarantee your communications remain
private between the sender and the receiver  end-to-end. 

"Technically, E2EE blocks service providers from accessing communication
content, rendering warrants for lawful access unserviceable within the EU.
This creates a lack of visibility of, and ability to investigate, criminal
activity," reads Europol's IOCTA report . Encryption is the tech responsible
for scrambling the content of internet connections into an unreadable form to
prevent unauthorized access.

This isn't the first time that Europol has expressed its concerns about the
use of encrypted technologies. Talking to the Financial Times in January, the
group's chief, Catherine De Bolle, said that anonymity isn't a fundamental
right and law enforcement should be able to decrypt encrypted messages to
fight back crime. 

Technologists, cryptographers, and other experts, however, have long argued
against the risks of undermining encryption protections. According to the
industry, an encryption backdoor for law enforcement will inevitably
compromise the security of all. 

Recent cyberattacks have demonstrated the need for strong encryption
protections. For example, last year's Salt Typhoon incident targeting all
major US telecoms led to US authorities warning all citizens to switch to
encryption . 

This may be one of the reasons why proposed legislations that seek to
undermine encryption keep failing. Most recently, France rejected a new
encryption backdoor provision in March, with Florida doing the same in May. 
EU lawmakers keep disagreeing on the Chat Control proposal, too, after three
years of trying.

The new target, metadata 

"When content is blocked by E2EE, metadata becomes essential for mapping
networks and identifying suspects. However, the current legislative landscape
lacks harmonized rules, and this results in fragmented national policies,"
reads Europol's IOCTA report. 

Metadata refers to all pieces of information that aren't the content. This
includes IP addresses , location, phone numbers, who you have spoken with, 
and when, but also the size of your data packets, the patterns they move to,
timestamps, and so on. 

Thanks also to AI-powered tools, metadata tracking is enabling law 
enforcement (or any other third party with the necessary skills) to get a
pretty accurate picture of people's online behaviors even without accessing
the encrypted content. 

Authorities know that, and that's why they are pushing for new data retention
obligations to be enforced. "Crucial metadata, such as subscriber information
or IP logs, is often subject to short or inconsistent retention periods," 
said the Europol assessment, advocating for clear standards "for the targeted
retention and/or expedited access to essential metadata." 

Again, that's something technologists have long warned against, and that 
could make the work of no-log VPN and other privacy software impossible. Law
enforcement has begun realizing what the industry known for a while  metadata
privacy matters.

As mentioned, Europol isn't the only group pushing for greater access to
users' encrypted data and their identities. 

The EU is also working on lawful and effective access to data for law
enforcement  the so-called ProtectEU strategy, which seems to follow
recommendations collected as part of the EU Going Dark initiative . 

The plan includes a roadmap to encryption alongside an evaluation to expand
data retention obligations for service providers, as well. Experts have so 
far criticized such a plan and have asked to play a key role in this debate. 

While taking a different approach against encryption backdoors, Switzerland 
is also considering amending its surveillance law to force online service
providers to retain certain users' metadata. This has opened up a debate in
the country over the need for online anonymity , with the likes of Proton and
NymVPN vowing to leave Switzerland if the new rules pass.

======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/europol-doesnt-only-want-an
-encryption-backdoor-but-also-your-metadata

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426