Equilibrium between security and privacy: new report on encryption

Encryption represents an important means of securing private communications. However, at the same time, it also enables threat actors to manage their malicious activities below the radar of law enforcement. Understanding the needs and challenges of stakeholders in the Justice and Home Affairs (JHA) community is the foundation of adopting the necessary measures to keep Europe safe, while safeguarding fundamental rights.

Today, the EU Innovation Hub for Internal Security publishes its first report on encryption, with contributions from Europol, Eurojust, eu-LISA, the EU Counterterrorism Coordinator as well as the European Commission’s Directorate-General Joint Research Centre (DG JRC) and Directorate-General for Migration and Home Affairs (DG HOME). The report highlights that endorsing the benefits of encryption for privacy while acknowledging the challenges that this technology poses to combat serious organised crime and terrorism is of utmost importance. The objective is to advance a constructive discussion on encryption and to identify a balanced solution to protect individuals and society from malicious actors.

Five key conclusions of the report:

• Introducing legal frameworks for lawful access to data and the use of encrypted communications in judicial proceedings is paramount for achieving the right balance between privacy and security.
• Further research and monitoring on technologies using cryptography, such as telecommunications (5G, 6G networks), biometrics, DNS, the blockchain, and quantum computing, are needed to ensure both lawful access to data and privacy.
• Collaboration with academia and private industry is essential for the creation of new tools to both serve law enforcement investigations without compromising the overall security of communications.
• Artificial intelligence solutions can both help and hinder law enforcement efforts to fight serious and organised crime, requiring a multi-faceted and collaborative approach.
• While quantum computing can significantly improve investigations, it also poses a significant threat to encryption, requiring a swift transition to post-quantum cryptography. Europol’s recent report on quantum computing can be found here.

Europol’s Executive Director, Catherine De Bolle, said:

A decade ago, one of our main challenges was the availability of data. Today, one of our main challenges is the accessibility of data. Law enforcement agencies and judicial authorities need lawful access to data to prevent and investigate serious crimes and terrorism, because our citizens and victims of crime deserve better.

Privacy and security – the balancing of protection

Most significantly, operations targeting encrypted communications platforms such as EncroChat and SkyECC have uncovered the extent to which large-scale criminal organisations use this technology. The rapid increase of the criminal use of encrypted communication led to the implementation of new legal provisions in a number of EU Member States to allow law enforcement to lawfully access encrypted communication in criminal investigations. However, end-to-end encryption currently being rolled out will stop tech companies from seeing any offending that occurs on their platforms. This is why during an informal meeting on 18 April 2024 in London, European Chiefs of Police have agreed upon a Joint Declaration calling for industry and governments to take urgent action to ensure public safety across social media platforms.

The access to encrypted communications and their admissibility as evidence in judicial procedures is instrumental for the functioning of law enforcement and judicial procedures. In that respect, the newly adopted EU electronic evidence package is a step in the right direction towards successful cross-border investigations and prosecution. On 30 April 2024, the Court of Justice of the European Union issued a ruling in which the Court clarified conditions under which EU Member States could request and transmit intercepted data from encrypted communication channels and use as evidence in criminal proceedings. From the technical side, new developments and tools represent both challenges and opportunities for law enforcement. This new report looks into quantum computing, cryptocurrencies, biometric data, telecommunication, artificial intelligence and how the development of these technologies can enable or hinder criminal investigations.