TZUTC: -0500   
   MSGID: 1181.consprcy@1:2320/105 2cb6bbb3   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Europol doesn't only want an encryption backdoor, but also your metadata   
      
   Date:   
   Tue, 17 Jun 2025 13:34:01 +0000   
      
   Description:   
   Europols 2025 Internet Organized Crime Threat Assessment (IOCTA) indicates   
   E2EE apps as an obstacle to investigations and calls for better rules on   
   metadata collection and tracking.   
      
   FULL STORY   
      
   Criminals are increasingly exploiting end-to-end encrypted apps to impede   
   police investigations, according to Europols 2025 Internet Organized Crime   
   Threat Assessment (IOCTA).    
      
   The report also warns that current metadata collection practices are too   
   limited, further complicating the work of law enforcement. This is why    
   Europol highlights the need to establish lawful access by design to encrypted   
   communications, alongside EU standards for the targeted retention and access   
   to metadata.    
      
   Europol's recommendations echo the EU Commission's plan for creating an   
   encryption backdoor for law enforcement  something experts are said to be   
   "deeply concerned" about.   
      
   The encryption conundrum    
      
   Online services, like the best VPN , email, messaging apps, and other apps,   
   employ end-to-end encryption (E2EE) to guarantee your communications remain   
   private between the sender and the receiver  end-to-end.    
      
   "Technically, E2EE blocks service providers from accessing communication   
   content, rendering warrants for lawful access unserviceable within the EU.   
   This creates a lack of visibility of, and ability to investigate, criminal   
   activity," reads Europol's IOCTA report . Encryption is the tech responsible   
   for scrambling the content of internet connections into an unreadable form to   
   prevent unauthorized access.   
      
   This isn't the first time that Europol has expressed its concerns about the   
   use of encrypted technologies. Talking to the Financial Times in January, the   
   group's chief, Catherine De Bolle, said that anonymity isn't a fundamental   
   right and law enforcement should be able to decrypt encrypted messages to   
   fight back crime.    
      
   Technologists, cryptographers, and other experts, however, have long argued   
   against the risks of undermining encryption protections. According to the   
   industry, an encryption backdoor for law enforcement will inevitably   
   compromise the security of all.    
      
   Recent cyberattacks have demonstrated the need for strong encryption   
   protections. For example, last year's Salt Typhoon incident targeting all   
   major US telecoms led to US authorities warning all citizens to switch to   
   encryption .    
      
   This may be one of the reasons why proposed legislations that seek to   
   undermine encryption keep failing. Most recently, France rejected a new   
   encryption backdoor provision in March, with Florida doing the same in May.    
   EU lawmakers keep disagreeing on the Chat Control proposal, too, after three   
   years of trying.   
      
   The new target, metadata    
      
   "When content is blocked by E2EE, metadata becomes essential for mapping   
   networks and identifying suspects. However, the current legislative landscape   
   lacks harmonized rules, and this results in fragmented national policies,"   
   reads Europol's IOCTA report.    
      
   Metadata refers to all pieces of information that aren't the content. This   
   includes IP addresses , location, phone numbers, who you have spoken with,    
   and when, but also the size of your data packets, the patterns they move to,   
   timestamps, and so on.    
      
   Thanks also to AI-powered tools, metadata tracking is enabling law    
   enforcement (or any other third party with the necessary skills) to get a   
   pretty accurate picture of people's online behaviors even without accessing   
   the encrypted content.    
      
   Authorities know that, and that's why they are pushing for new data retention   
   obligations to be enforced. "Crucial metadata, such as subscriber information   
   or IP logs, is often subject to short or inconsistent retention periods,"    
   said the Europol assessment, advocating for clear standards "for the targeted   
   retention and/or expedited access to essential metadata."    
      
   Again, that's something technologists have long warned against, and that    
   could make the work of no-log VPN and other privacy software impossible. Law   
   enforcement has begun realizing what the industry known for a while  metadata   
   privacy matters.   
      
   As mentioned, Europol isn't the only group pushing for greater access to   
   users' encrypted data and their identities.    
      
   The EU is also working on lawful and effective access to data for law   
   enforcement  the so-called ProtectEU strategy, which seems to follow   
   recommendations collected as part of the EU Going Dark initiative .    
      
   The plan includes a roadmap to encryption alongside an evaluation to expand   
   data retention obligations for service providers, as well. Experts have so    
   far criticized such a plan and have asked to play a key role in this debate.    
      
   While taking a different approach against encryption backdoors, Switzerland    
   is also considering amending its surveillance law to force online service   
   providers to retain certain users' metadata. This has opened up a debate in   
   the country over the need for online anonymity , with the likes of Proton and   
   NymVPN vowing to leave Switzerland if the new rules pass.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/vpn/vpn-privacy-security/europol-doesnt-only-want-an   
   -encryption-backdoor-but-also-your-metadata   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426