Many online investigators feel that their work has become almost impossible ever since more and more forms of online communication are by default end-to-end encrypted, says the Executive Director of European Union policing agency Europol, Catherine De Bolle. She says: “Furthermore, the internet offers anonymous marketplaces on the Darknet, which are used by criminals to trade all sorts of illegal commodities. This often leaves us with little or no chance to tackle issues such as the sexual exploitation of children but also the investigation of other forms of serious crime and terrorism, which nowadays often have an online communication component.
“Another challenge for law enforcement is the difference between the various data retention regimes at national level. We are confronted with a situation in which we often have to prioritise our crime analysis based on the shortage of retention periods in a given Member State rather than on operational and crime connected consideration points.
“I fully understand the need for encryption technologies in our digital information age and the many circumstances in which the legitimate use is essential, for instance for those individuals who have to survive in oppressive regimes. However, law enforcement agencies also need the tools to investigate serious crime and terrorism. Access to retained data, based on an EU legal framework respecting our fundamental rights including the right to data protection, would be essential in this context.
“Having a legal background myself, I am convinced that as European law enforcement we do not advocate general or indiscriminate data retention. In fact, we are committed to identifying practical ways to meet the criteria established by the European Court of Justice is we can ensure a proportionate approach.”
Monday, January 28, is the 13th annual Data Privacy Day. At the UK regulator the ICO, Information Commissioner Elizabeth Denham said: “In these data-driven times, when public trust in how personal data is used is low, organisations must seize the opportunity to have a positive and direct impact on consumer and citizen trust.”
Kaspersky Lab’s principal security researcher, David Emm, reminded people of the huge amount of information about us online. “From email addresses and phone numbers, to places of work and dates of birth – online providers know a lot about us. And by losing control of our personal data – or not knowing who holds what data about us – we, as consumers, are vulnerable to cyber-attacks. Most people don’t know the risks they face online – or the value of their personal details.
“Research we conducted last year with 7,000 consumers across Europe showed that nearly two-thirds (64pc) of people did not know all the places where their personal data was stored on the web. Of somewhat more concern, 39 per cent of parents said they don’t know what information about their children is shared online. In addition, half (50pc) of people do not know how much their data is worth, though 88pc of respondents revealed they would care if their data was used unlawfully. However, many people have little idea of how to secure it – and only one in three (30pc) do not protect their devices with security software.”
Jesper Frederiksen, UK GM of the identity access management product company Okta called for an identity system to better ensure safety over our personal information. “Convenience over privacy has reduced our abilities to control our personal identities, especially with the daily threat of data breaches. Now a trip to the dark web can turn up the information many of us still hold precious: Social Security numbers, bank accounts, health insurance details, and whatever else a criminal may desire.
“To achieve this, blockchain technologies are emerging to help mitigate risk. Blockchain is built to ensure data exchanges cannot be erased or adapted without leaving a record, making it very difficult to hack. It is also excellent at controlling information and avoiding duplication, which is key in an area with such serious consequences. And while this idea of self-sovereign identities in the blockchain is promising, there’s still a lot to figure out to make it a workable backbone for identity management. As the technology develops and garners more understanding, Data Protection Day is here to remind us that we have a chance to make privacy a standard, not a thing of the past.”
