Director’s Speech at the conference: Privacy in the Digital Age of Encryption and Anonymity Online

19 May 2016
Press Release
Press Release/News

This News/Press release is about Cybercrime

View all crime areas

  • Good morning everyone, and welcome to The Hague and to Europol’s Headquarter. I am very happy to see such a diverse audience from a broad range of professional backgrounds and from different organisations, public and private, come together to discuss workable solutions to today’s challenges.
  • I also welcome the fruitful cooperation with the European Institute of Public Administration (EIPA), which enabled us to organise this two-day event.
  • In addition, the contributions of our partner agency ENISA to this debate are essential, and the will to work closely together to achieve a common understanding of the challenges at hand and possible solutions are highly appreciated.
  • With the participation of the European Data Protection Supervisor, the Europol Joint Supervisory Body, private industry, academia, Amnesty International and the EastWest Institute, we believe that we have created the necessary conditions for a comprehensive and inclusive debate.
  • We live in an information society characterized by the increasing interconnection and dependency of citizens, businesses and governments on internet facilitated information and communication services.
  • This has created many new opportunities but has also introduced significant risks in terms of privacy and security in the digital domain.
  • The recent terrorist attacks in Europe and high-profile legal disputes between industry and government agencies have highlighted the dilemma of privacy versus security online, and the need to find the right balance between law enforcement objectives and protecting citizens’ privacy.
  • While we fully recognise the necessity to secure personal data and the fundamental right to protect privacy online, the growing misuse of legitimate anonymity and encryption services and tools for illegal purposes poses a serious impediment to detection, investigation and prosecution, thereby becoming a threat to the security of our society.
  • For law enforcement in particular, this creates a dichotomy as we support strong encryption and oppose any technical solution that would weaken security in cyber space for everyone.
  • We believe that the availability of encryption and anonymity technologies is important and legitimate in many circumstances: the simple desire for privacy by citizens, businesses and banks having a need for secure online transactions, journalists to protect their sources and military as well as law enforcement to shield their sensitive communications.
  • But the utility and effectiveness of these technologies, like that of the internet as a whole, also creates significant criminal opportunity by masking identity and physical location, hiding communication and obfuscating financial transactions. This seriously limits law enforcement’s ability to both protect citizens from criminal and extremist behaviour and to bring those responsible to justice.
  • Backdoors, front doors, escrow systems, outlawing encryption– the current debate around these and many other possible solutions fails to address the bigger question of how to balance the competing requirements for security, privacy and law enforcement.
  • All too often these discussions have the characteristics of a zero sum game or are quite binary to use a digital analogy. What is needed is a constructive and inclusive debate with the goal to make the internet both an open and safe space.
  • For law enforcement, the challenges are very real and lead to a loss of investigative opportunities, as reported by the EU Member States themselves, who in 2015 indicated that more than 75% of cybercrime investigations in Europe involved the use of some form of encryption to protect relevant evidence in the form of data and communications.
  • Recent developments also indicate that cybercriminals and terrorists overlap in their abuse of modern technology and online platforms to benefit their cause, remain anonymous, protect their data and communication and obfuscate their financial transactions.
  • This is facilitated by a professional, service-based underground economy that provides the technical skills, tools and services to cybercriminals, traditional organised crime groups and other actors, including terrorist organisations.
  • In response to successful law enforcement operations, we also witness that criminals and terrorists increase their operational security, making it increasingly harder for us to protect citizens and investigate criminal activity online.
  • These developments mean that our society is at a critical juncture where a pro-active and balanced response, considering all viewpoints, is necessary.
  • We are aware that there is no easy way out. Mechanisms that intentionally weaken technical protection mechanisms to support law enforcement will necessarily weaken the protection against criminals as well.
  • For law enforcement, the key aspect is to define the modalities of lawful access. It is not intended or desired to overrule fundamental freedoms or to engage in any sort of mass surveillance.
  • Privacy and anonymity should not be seen as separate rights but rather in the context of broader legal concepts such as freedom of speech; they are integral elements in multiple human rights.
  • One of law enforcement’s core duties is to protect these and other rights. This is based on a social contract, meaning that citizens should relinquish some of their individual powers and, within well-defined and regulated boundaries, give up some of their privacy in exchange for protection.
  • In the real world this means that people accept the imposition of reasonable controls on the way they drive, take flights, and conduct banking transactions.
  • So why should cyberspace be governed by different rules or be a domain in which rules do not apply at all? It should not, of course. We have to craft rules that will operate in a balanced way by providing the necessary controls while at the same time protecting privacy and anonymity rights.
  • So how can law enforcement agencies deal with a situation in which they are not able to gather the required evidence to fight crime and terrorism?
  • If there were an easy solution to this dilemma then it would have been found already, especially with the increased attention from law enforcement, national security services, the military, the private industry, civil society, and academia.
  • The new Europol Regulation foresees close cooperation with industry (private parties) for strategic purposes and we plan to build on the existing successful relationships with third parties in developing solutions to these challenges.
  • Last, but not the least, I would like to assure you that the fear that the “watchdog” remains unwatched is unfounded. We are proud to have implemented one of the most robust data protection regimes in the world of law enforcement. This allows Europol to effectively support and strengthen Member States’ action in preventing and combating serious crime and terrorism while duly respecting individuals’ right for privacy.
  • Internal and external data protection supervision is crucial to assure the respect of privacy and the protection of personal data in a democratic society. In this regard, the cooperation with the supervisory authority will help pave the way for a balanced approach between security, justice and other fundamental freedoms.
  • This two-day conference provides a unique opportunity to have an open, inclusive and transparent debate among viewholders from academia, private industry, NGOs, the Data Protection and law enforcement communities towards finding a way to strike the right balance between freedom and security online.
  • I wish you very fruitful and productive discussions and hope that you also find the time to enjoy the beauty of The Hague.