TZUTC: -0500   
   MSGID: 727.consprcy@1:2320/105 2c4bfd22   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   VPN services may soon become a new target of EU lawmakers after being deemed    
   a "key challenge"   
      
   Date:   
   Fri, 28 Mar 2025 12:33:08 +0000   
      
   Description:   
   The EU is considering solutions to ensure lawful data access by design. Yet,   
   privacy experts and security tech providers are worried.   
      
   FULL STORY   
      
   For the first time, an EU expert group has explicitly mentioned VPN services   
   as "key challenges" to the investigative work of law enforcement agencies,   
   alongside encrypted devices, apps, and new communications operators.    
      
   The group's final report also refers to end-to-end encryption as "the biggest   
   technical challenge."    
      
   Known as the High-Level Group (HLG) , the expert group was tasked by the EU   
   Council in June 2023 to develop a strategic plan "on access to data for   
   effective law enforcement."   
      
   Lawful data access by design    
      
   The HLG's first set of recommendations leaked to the public in June last    
   year. The goal was simple  make the digital devices we use every day, from   
   smartphones and smart homes to IoT devices and even cars, legally and   
   technically monitorable at all times by law enforcement bodies.    
      
   Commenting on this plan, Mullvad VPN CEO Jan Jonsson told TechRadar at the   
   time: "It would mean total surveillance and that Europe's inhabitants carry   
   state spyware in their pockets."    
      
   The final wording of the LHG report from March 13, 2025, shows not much has   
   changed from the original ethos. Yet, the recommendations on achieving"lawful   
   data access by design" look more refined.    
      
   As mentioned, experts are now considering including VPN services among the    
   key challenges to investigations.    
      
   Previously, concerns were mostly reserved for messaging apps or secure email   
   software using encryption to scramble users' content into an unreadable form,   
   de facto making it difficult (if not impossible) for authorities to   
   successfully decrypt wanted information. Law enforcement agencies from the    
   EU, North America and Australia continue their work to gain future lawful   
   access to private communications within the EU initiative Going Dark.   
      
   Widening the target to VPN services seems to align with experts' view on   
   metadata access as "essential for identifying suspects."    
      
    Metadata refers to data not concerning the content, such as who's sending    
   the message, who's receiving it, at what time, and from where. VPNs work to   
   mask IP addresses , which provide the details of our location when we access   
   the internet.    
      
   For experts, however, EU lawmakers need to find solutions to force service   
   providers to retain some necessary metadata for a minimum time period.   
   Thankfully, the need for a "harmonised and consistent" legal framework for   
   data retention is among the latest LHG suggestions.    
      
   Introducing new obligations to collect users' identifiable metadata, however,   
   would clash with the technical infrastructure and policies of many   
   privacy-focused services. That's especially true for no-log VPNs that, as the   
   name suggests, never collect information that can link users with their    
   online activities.   
      
   The security conondrum    
      
   Despite the emphasis on the need for authorities to access people's data to   
   carry out investigations, LHG experts recognize that "this must not be at the   
   expense of fundamental rights or the cybersecurity of systems and products."    
      
   In particular, the report highlights on more than one occasion how encryption   
   is also essential for people's security, protecting against data theft,   
   state-sponsored espionage, and other forms of unauthorized data access. Did   
   you know? (Image credit: Shutterstock) The aftermath of the Salt Typhoon   
   attacks sparked an outcry from authorities for all citizens to switch to   
   Signal-like messaging apps to improve their online security.    
      
   It remains to be seen how EU lawmakers will find a balance between the will    
   of accessing people's data  no matter if these are encrypted  and preserving   
   information security.    
      
   On their side, cryptographers and other tech experts have long argued that   
   encryption either works as intended or is broken for everyone.    
      
   Commenting on the ongoing push for encryption backdoors , Proton CEO Andy Yen   
   recently said, "Encryption is math  it either adds up or it doesn't. You're   
   not able to create a backdoor that will preserve encryption. It is simply not   
   possible."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/vpn/vpn-privacy-security/vpn-services-may-soon-becom   
   e-a-new-target-of-eu-lawmakers-after-being-deemed-a-key-challenge   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426