Europol prepares its digital Big Brother: it will be able to process data from anyone |  Technology

The European Union has decided to significantly expand the powers of Europol, its police agency. The Council of the EU, in which the interior ministers of the 27 sit, approved on Tuesday a reform of the agency that introduces two major novelties. The first is that Europol gains the power to request data on citizens from private companies, mainly internet operators and platforms, which it will be able to collate to identify which member states could open investigations against related crimes. Until now, it was fed exclusively by information provided by the security forces and other public authorities. The second, the one that most worries privacy activists, is that it will be able to request data on people who do not fall into any of the five categories allowed so far: alleged perpetrators of a crime, alleged accomplices, previously convicted persons, witnesses or victims.

The reform comes just four months after the European Data Protection Supervisor (EDPS), the independent office that watches over the digital rights of EU citizens, ordered Europol to delete the information from its databases. of data about innocent citizens. After two years of investigation, the EDPS decided that it was disproportionate to keep indefinitely sensitive data about people who could not be proven to be linked to crimes.

The reinforced mandate approved this week not only nullifies this request, but also legalizes this type of practice. The draft regulation, whose drafting and negotiation has been directed by the Spanish MEP Javier Zarzalejos (European People’s Party), was approved with a comfortable majority three weeks ago in the European Parliament. On Tuesday it received the approval of the Council of the EU, the last legal procedure that remained to be formalized. The text will enter into force in June.

However, the reform raises great objections. Also within the community institutional framework itself. The European Data Protection Supervisor expressed in February his reservations regarding the project that has ended up going ahead. “The processing of large databases will be allowed without providing sufficient guarantees to limit its impact on those affected and without the EDPS being able to evaluate it,” said the head of the office, Wojciech Wiewiórowski.

The Pole complains that his recommendation is not taken into account: limiting this data processing to “certain limited exceptions”, instead of making it a general rule. “I note with surprise that the extension of Europol’s powers is not accompanied by increased scrutiny of its actions,” remarks the euro bureaucrat, who already reprimanded Europol at the beginning of the year.

Zarzalejos believes, however, that the reform does have the necessary safeguards to guarantee European privacy standards. “Europol’s advantage is that it is subject to very close control by the European Data Protection Supervisor,” explained to EL PAÍS who was one of former president José María Aznar’s emissaries in 1999 to start talks with ETA. The text of the reform also provides for the agency to create a new position, that of the person responsible for fundamental rights, who must ensure that data collection is not disproportionate.

The European data supervisor does not consider it a sufficient measure. When asked by this newspaper if they will take action in this regard, a spokesman for Wiewiórowski’s office points out that “they will act in accordance with the regulation once it comes into force.”

As for Europol’s new ability to request data from private companies, the new mandate limits it to “crisis situations on-line”, that is, when there is massive dissemination of terrorist content or child sexual abuse content.

21st century research

In 2020, the French and Dutch police they hacked an encrypted messaging system, EncroChat, which worked on modified phones (EncroPhones) and was very popular with drug traffickers and other criminal organizations. The operation, which made dozens of arrests possible, was the fruit of at least three years of work and the analysis of at least 100 million messages from 60,000 users. The case sent a warning: the security forces needed to get their act together in the technological field.

The Commission considers that 80% of police investigations require some form of digital support, usually information on the use of mobile phones or computers. “Today what police cooperation requires is handling and processing huge amounts of data. Organized crime is using more and more technical means, both with sophisticated money laundering processes and with encrypted communications”, says Zarzalejos. This data includes practically anything that can be digitized: message content, location, metadata about times and places of connection, IP numbers (identifiers) of devices, photos, videos, biometric data…

Europol is a cooperation network of the EU security forces. It cannot initiate investigations: basically it serves for the police of the Member States to share information that helps them to solve cases. Among its main tasks is to help fight against terrorism, cybercrime and organized crime. “Europol does not have executive powers, but with the reform it gains the ability to claim and receive data, and that is at the limit of what the treaties say,” objects Chlóe Bérthélemy, security analyst at European Digital Rights (EDRi), a Brussels-based NGO very active in the defense of digital rights.

Another novelty introduced by the reform is that Europol will be able to use all this data to train artificial intelligence (AI) algorithms that allow it to develop “tools to combat crime.” An element that a priori, collides with the declaration of the European Parliament to withdraw AI from police activities. This technology was used, for example, to analyze the 100 million EncroChat communications.

“We need AI to develop new research tools. And the quality of AI is directly proportional to the quantity and quality of data available to feed the algorithms”, says Zarzalejos. “The novelty is that Europol, under certain circumstances, will be able to use duly anonymized personal data in order to train these algorithms and make them more effective.”

For Bérthélemy, these practices are a decisive step in the construction of a European Big Brother. “The reform promotes a dangerous model of policing in which massive data collection and predictive tools look set to become the norm. Even if you are completely innocent and have nothing to hide, your data may end up at Europol. And once they get into the system, they don’t get out of it.”

You can follow THE COUNTRY TECHNOLOGY in Facebook Y Twitter or sign up here to receive our weekly newsletter.

Exclusive content for subscribers

read without limits