Europol says mobile roaming tech is making its job too hard Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations – and it's not end-to-end encryption this time. Not exactly. Europol published a position paper today highlighting its concerns around SMS home routing – the technology that allows …
There's no way the suggestions are compatible with existing contracts or law where roaming is defined as using another network to provide the contracted services. Can't see the courts approving other jurisdictions being given permission to snoop on their citizens.
But that's not what they're asking for. They're saying if the person is in their jurisdiction they should be able to apply their laws on that person and that includes being able to intercept their telecommuncations. There preferred option is literally just to give the user in their country the same level of encryption and protection they'd get if they were in their own country. When it comes to law enforcement and their demands that seems pretty timid and reasonable.
A few words "thin end of the wedge", "slippery slope", "nothing to fear nothing to hide" - a LOT of ways this could be HEAVILY abused and of particular concern in the current political climate where the far right are on the rise again and many of them paradoxically Russophiles - critics of the current govt of the nation in question, pro choice activists, LGBTQIA+, Human rights activists, Jews and a 1001 other marginalised groups - those who forget their past are doomed to repeat it.
-- those who forget their past are doomed to repeat it. --
Correct, however, you seem to have forgotten that all to often its not the "far right" its the bloody left that's the problem. All done with the best of intentions to help everyone of course.
I think that "literally just to give the user in their country the same level of encryption and protection they'd get if they were in their own country" isn't quite correct, at least in a practical sense. Let me explain by example.
I am a citizen of country A. Let's say that default encryption in country A is OK. As I go about my business in my own country I do not fear that country B has any access to my information. This is good because I know that country B is an authoritarian state that really hates some attribute of who I am. All well and good.
Now - I have to got to country B on business. Not good but I know that I can keep that attribute that they hate under my hat and not be bothered. I can communicate freely using my phone because it has PET and that is keeping me safe from day-to-day snooping because it's encryption is OK and local, authoritarian snoops in country B have no access to those comms.
Strip away PET and in country B I suddenly lose that protection. I am not afforded the same level of protection as I was previously.
No, they're actually applying, either to be able to intercept commuinication in another jurisdiction, where with a warrant this would be possible; or to force a change in the way roaming is implemented which . Legal implications aside, the technical problems would be horrific and one of the reasons why everything is routed to the home network, ie. communication is not happening on the host network. Doing anything else would open all roaming connections to snooping in the host country. Don't forget this would be a technical change in the implementation and would work as well in China, Iran, Russia or the US as it would, say, in Switzerland. Good luck at getting all those countries to agree to the necessary changes in the standard.
But it's okay to impede secure comms a little bit - just enough to avoid either putting boots on the ground or, worse, more paperwork like, oh I don't know, a warrant ?
You want to hear what some suspect is saying ? Here's an idea : directional microphone. I hear they work very well.
Of course, that's less easy to put in place than clicking on a keyboard from a thousand kilometers away.
Fully agree,
They could do some actual policework and not rely on voice / text etc. intercepts being able to do their whole job for them - nobody said police work was supposed to be easy, and the well behaved majority should not lose their privacy rights just because it makes catching the odd crim easier.
Although it does not currently apply in European countries, a gay person in a country where homosexuality was a criminal offence would definitely want their calls home to their same sex partner to not be easily available in an unencrypted form.
"They could do some actual policework and not rely on voice / text etc. intercepts being able to do their whole job for them - nobody said police work was supposed to be easy, and the well behaved majority should not lose their privacy rights just because it makes catching the odd crim easier."
This! 1000 times, this! Unfortunately, the well behaved majority ARE well behaved, and aren't likely to kick up too much of a fuss, or take countermeasures, as their rights are whittled away. Nothing to hide, nothing to fear, right?
Oddly enough it can range from very difficult all the way up to impossible to get details from the authorities using those 'Freedom of Information' request processes as they manage to find any number of reasons why this bit or that bit is 'national security' or whatever today's buzzword is. As you suggest, who would hide things if they were doing nothing wrong?
"In addition, an optimal solution should not impede secure communications disproportionately"
Whne working out what might be disproportionate it should be presumed that most communications will be innocent as this is, indeed, the case.
"the only alternative ... is to issue a European Investigation Order but responses for these can take up to 120 days"
So the appropriate solution is to straighten out existing procedures.
Soon to be banned: encrypted snail mail.
It is a terrible sin to use end-to-end encrypted snail mail. The police everywhere are pulling out their hairs and holding their hands in the air because they cannot see the actual content and are unable to identify any written kiddie porn. The newly proposed legislation is to ban all automatic and manual OCR capabilities, including letter and pattern recognition, and a general ban on any and all manual cryptological transformative thoughts and operations.
Also, stamps will only be sold if you can show and prove that any and all content is readable by you nearest national and international secret service organisation.
>. stamps will only be sold if you can show and prove that any and all content is readable by you nearest national and international secret service organisation
And that shows how crazy they are with electronic communications, they should start by opening and resealing every letter and parcel being sent by post etc....
The problem there is that it's not "one in a trillion", it's "quite a few" bad guys. If I had to hazard a guess, I'd put it in the general order of 1 in a million to 1 in 10 million (ish) who would, if it weren't made "quite difficult", do bad things to air travellers. And the rewards for success if you are a bad guy are quite high - it's rare for a terrorist attack (e.g. a bomb) onboard a flight to result in anything but a very bad last day for all onboard, and it's very newsworthy. So it has to be really hard for the bad guys (and good guys who are idiots and c.b.a. to follow even basic rules), and since it's really really hard to separate the bad guys from everyone else, that means unfortunately it's hard for everyone else too.
Despite all the "security theatre" measures put into place, allegedly for "security", or "anti-terrorism" reasons, in first-world countries, I, and probably most of you, can easily think of ways around these measures.
I presume that mid-eastern terrorist group leaders (vs the frothing footsoldiers) are at least as intelligent and creative as Joe Q. Firstworld Public, and could, if they desired to, conceive and execute a plan which would cause major death, suffering, terror, economic loss, etc. in a first world city.
As yet, they have not. Why not?
It's because most of both mid-eastern terrorist group leaders, and first-world political leaders, are putting on performances for their own followers, and it's an implicit, mutual back-scratching mechanism.
The (made-up name) Red Sword Faction sends "The Underwear Bomber", who is quickly caught before he can do his dastardly deed. The first-world politicos point to the Underwear Bomber, and shout, "See?! See?! There is a terrorist threat! Give me/the government more money and power. I'll/we'll save you!" The Red Sword Faction leader points to the Underwear Bomber and shouts, "Behold! Our noble brother struck a mighty blow against the corrupt, un-Godly Unbelievers! Give me your strength (read as: "money") and I shall lead us to victory in our righteous jihad to cleanse the world of (additional pejorative descriptors)!"
Yeah, for the most part, it's about money and power.
There are a few terrorists who come out of left field - think Timothy McVeigh - but not even the most repressive nanny nation/police state will be able to correctly anticipate or stop them (but they'll claim they can). That McVeigh and his ilk can do so much damage is simply a consequence of the power available to inhabitants of this modern technical age.
I once took a 4-inch folding knife in my laptop bag onto a plane. I went right through TSA without them seeing it. When I got to my destination I was like, "WTF, how did these idiots not see this?" I would have gladly surrendered it; it was replicable!
So don't think you are safe. The people working airport security are morons. The fact they have not been hit is more luck than skill!
As "I could be a dog really" hinted at, check your math. With 8 billion people on earth, a "1 in a trillion" bad guy would mean one per 100+ generations. (And we've seen far more than that.) Even 1 in a billion isn't realistic (8 on the planet?); 1 in 10 million might be about right, but it's hard to be sure.
99.9999% works out to 1 in a million, so that's a lot closer.
I'm probably going to be hated... Anyway, time for some telecom pedantry.
Modern mobile neworks ( parse : that as 4G and 5G ) are encrypted through certificates from the mobile equipment ( the thing that has an IMEI and an IMSI, it can be a phone, a car, a computer, a tablet, a lift emergency button, a bycicle or even a housing call panel ) to the /home network/ both on the control plane and the user plane. The encryption is lower in 3G and 2G but still there from the mobile to hte core network )
Lawfull interception ( since that's technically the topic ) just send a copy of the unencrypted messages in the /home network/ to the relevant auhorities once the correct legal paperworks has been filled and approved.
The problem is when in roaming is that the *roaming network* handle one level of encryption between the mobile equipment and the *roaming network*... And then the /home network/ handle another layer of encryption from the moblie to the home network when PET is activated.
In this case it's not possible for authorities in the roaming country to gets anything in clear, and to get it they have to ask the /home country/ authorities to setup the lawfull interception. ( with all hte paperwork such things entails at international level )
When PET is not activated, the *roaming nework* handle the local level of encryption, the messages gets decrypted there, and are then sent, through a new encryption to the /home network/.
In that case it's possible for the roaming country authorities to setup a lawful interception locally without having to go through the international legal wrangles.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
