Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement’s ability to intercept communications during criminal investigations.
The agency has previously highlighted in its Digital Challenges series that law enforcement problem of end-to-end encryption on communication platforms is a hurdle when it comes to collecting admissible evidence.
The case with Home Routing
Home Routing is a system in telecommunication services that allows customers to route traffic (calls, messages, internet data) through their home network even when traveling abroad.
When privacy-enhancing technologies (PET) are enabled in Home Routing, data is encrypted at the service level and subscribers' devices exchange session-based keys with the provider in the home network.
With the home network provider using PET, the keys remain inaccessible to the visiting network, which acts as a forwarder, and all traffic remains encrypted.
This setup prevents authorities from gathering evidence with the help of local ISPs through lawful interception activity.
“Once Home Routing is deployed, any suspect using a foreign SIM card can no longer be intercepted,” the European agency explains.
“This problem occurs both when a foreign national uses their own (foreign) SIM card in another country, and when citizens o-r residents use a foreign SIM card in their own country” - Europol
In such cases, police forces have to rely on voluntary cooperation of service providers abroad or issue an European Investigation Order (EIO), which could take longer than required for an investigation, especially when emergency interceptions are needed; for instance, a reply to an EIO could take as much as four months.
The European agency notes that criminals know about this loophole and taking advantage of it to evade law enforcement in the countries they reside.
Proposed solutions
Europol calls for stakeholders to consider two potential solutions that would remove delays and procedural friction from lawful communication interception requests.
The first proposed variant is the enforcement of an EU regulation to disable PET in Home Routing. This would allow domestic service providers to intercept communications from individuals using foreign SIM cards without disclosing information about the person of interest with parties from other countries.
The agency says that "this solution is technically feasible and easily implemented" because both roaming and local subscribers benefit from encryption that is at the same level as communication through national SIM cards. Subscribers abroad, though, do not benefit from the added encryption of the home country.
A second proposal is to implement a cross-border mechanism that allows law enforcement to issue within the European Union interception requests that are quickly processed by service providers.
While this means that PET can be enabled for all users, a service provider in another member state would learn about the person(s) of interest in an investigation, which may not be desirable.
The second solution is to establish a mechanism for quickly processing interception requests from service providers in other EU member states.
The two solutions from Europol are just "possible avenues for safeguarding and maintaining current investigatory powers" and the agency aims to call attention to the impact Home Routing has on investigations so that national authorities, legislatures, and telco service providers can work together to come up with an answer to the problem.
Comments
pnda73 - 4 months ago
*Society has privacy/security protection feature*
"This makes it easier for criminals to break the law and so we MUST undo this"
The world is so backwards. As Edward Snowden says “America’s fundamental laws exist to make the job of law enforcement not easier but harder. This isn’t a bug, it’s a core feature of democracy.”
While this was said for the US, it could just as well be said for all other "free" countries. As soon as you break encryption to find criminals, you'll also be breaking it for everyone else and that's never worth the trade off in a free country, not just from a moral a point of view (innocent until proven guilty) but also because mass surveillance doesn't prevent crime.
thatirish - 4 months ago
The whole idea of end to end encryption is protection from prying eyes, that includes government. So to make it easier for law enforcement to go after criminals we have to sacrifice privacy protections to make their jobs easier. Makes perfect sense....NOT
thatirish - 4 months ago
Hmmm seeing double...my bad
0Willy - 4 months ago
I do want my privacy. I don't want organized crime to have their privacy. Where's the balance?
Why do politicians support increased privacy over the recommendations of law enforcers?
powerspork - 4 months ago
There is no difference between your privacy and someone else's privacy. Organized crime isn't some nebulous abstract floating in government talk. It is other people. If they can't have it, why should you?
Privacy is necessary to preserve the power of the people. Knowledge is power, and a well organized group with lots of resources to process data (the government) can use information about you against you. If they don't have it, they can't.
It is important to balance your interests with government interests, lest theirs take over yours. They only care about you as much as they have to.
Hmm888 - 4 months ago
Challenges? As soon as I seen that word in the blog I knew it was generated by ChatGpt. Another giveaway is the phrase "it is important to note".