back to article Europol says mobile roaming tech is making its job too hard

Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations – and it's not end-to-end encryption this time. Not exactly. Europol published a position paper today highlighting its concerns around SMS home routing – the technology that allows …

  1. Charlie Clark Silver badge
    FAIL

    Breaking the law for convenience is never a good idea

    There's no way the suggestions are compatible with existing contracts or law where roaming is defined as using another network to provide the contracted services. Can't see the courts approving other jurisdictions being given permission to snoop on their citizens.

    1. DaemonByte

      Re: Breaking the law for convenience is never a good idea

      But that's not what they're asking for. They're saying if the person is in their jurisdiction they should be able to apply their laws on that person and that includes being able to intercept their telecommuncations. There preferred option is literally just to give the user in their country the same level of encryption and protection they'd get if they were in their own country. When it comes to law enforcement and their demands that seems pretty timid and reasonable.

      1. CountCadaver Silver badge

        Re: Breaking the law for convenience is never a good idea

        A few words "thin end of the wedge", "slippery slope", "nothing to fear nothing to hide" - a LOT of ways this could be HEAVILY abused and of particular concern in the current political climate where the far right are on the rise again and many of them paradoxically Russophiles - critics of the current govt of the nation in question, pro choice activists, LGBTQIA+, Human rights activists, Jews and a 1001 other marginalised groups - those who forget their past are doomed to repeat it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Breaking the law for convenience is never a good idea

          The desire to control what people say, do and think is not the exclusive preserve of the far right. The far left are just as much of a dab hand at trying to eliminate freedom of thought and expression.

        2. LybsterRoy Silver badge

          Re: Breaking the law for convenience is never a good idea

          -- those who forget their past are doomed to repeat it. --

          Correct, however, you seem to have forgotten that all to often its not the "far right" its the bloody left that's the problem. All done with the best of intentions to help everyone of course.

      2. SsiethAnabuki

        Re: Breaking the law for convenience is never a good idea

        I think that "literally just to give the user in their country the same level of encryption and protection they'd get if they were in their own country" isn't quite correct, at least in a practical sense. Let me explain by example.

        I am a citizen of country A. Let's say that default encryption in country A is OK. As I go about my business in my own country I do not fear that country B has any access to my information. This is good because I know that country B is an authoritarian state that really hates some attribute of who I am. All well and good.

        Now - I have to got to country B on business. Not good but I know that I can keep that attribute that they hate under my hat and not be bothered. I can communicate freely using my phone because it has PET and that is keeping me safe from day-to-day snooping because it's encryption is OK and local, authoritarian snoops in country B have no access to those comms.

        Strip away PET and in country B I suddenly lose that protection. I am not afforded the same level of protection as I was previously.

      3. Charlie Clark Silver badge
        FAIL

        Re: Breaking the law for convenience is never a good idea

        No, they're actually applying, either to be able to intercept commuinication in another jurisdiction, where with a warrant this would be possible; or to force a change in the way roaming is implemented which . Legal implications aside, the technical problems would be horrific and one of the reasons why everything is routed to the home network, ie. communication is not happening on the host network. Doing anything else would open all roaming connections to snooping in the host country. Don't forget this would be a technical change in the implementation and would work as well in China, Iran, Russia or the US as it would, say, in Switzerland. Good luck at getting all those countries to agree to the necessary changes in the standard.

      4. Bbuckley

        Re: Breaking the law for convenience is never a good idea

        Europol is a moronic public-service communist entity. They deserve to be arrested and imprisoned themselves. Idiocy is not an excuse for corruption and failure.

        1. Hubert Cumberdale Silver badge

          Re: Breaking the law for convenience is never a good idea

          Idiocy is probably the only excuse for your comment.

  2. Yorick Hunt Silver badge
    Devil

    Anybody got a loupe?

    I'm sure I left that box of microscopic-sized violins here somewhere...

  3. Pascal Monett Silver badge

    "while not impeding secure communications disproportionately"

    But it's okay to impede secure comms a little bit - just enough to avoid either putting boots on the ground or, worse, more paperwork like, oh I don't know, a warrant ?

    You want to hear what some suspect is saying ? Here's an idea : directional microphone. I hear they work very well.

    Of course, that's less easy to put in place than clicking on a keyboard from a thousand kilometers away.

    1. tiggity Silver badge

      Re: "while not impeding secure communications disproportionately"

      Fully agree,

      They could do some actual policework and not rely on voice / text etc. intercepts being able to do their whole job for them - nobody said police work was supposed to be easy, and the well behaved majority should not lose their privacy rights just because it makes catching the odd crim easier.

      Although it does not currently apply in European countries, a gay person in a country where homosexuality was a criminal offence would definitely want their calls home to their same sex partner to not be easily available in an unencrypted form.

      1. CountCadaver Silver badge

        Re: "while not impeding secure communications disproportionately"

        Ditto someone who is pregnant or whose partner is accessing an abortion in their home state where it's legal

      2. TheMaskedMan Silver badge

        Re: "while not impeding secure communications disproportionately"

        "They could do some actual policework and not rely on voice / text etc. intercepts being able to do their whole job for them - nobody said police work was supposed to be easy, and the well behaved majority should not lose their privacy rights just because it makes catching the odd crim easier."

        This! 1000 times, this! Unfortunately, the well behaved majority ARE well behaved, and aren't likely to kick up too much of a fuss, or take countermeasures, as their rights are whittled away. Nothing to hide, nothing to fear, right?

        1. Kevin Johnston

          Re: "while not impeding secure communications disproportionately"

          Oddly enough it can range from very difficult all the way up to impossible to get details from the authorities using those 'Freedom of Information' request processes as they manage to find any number of reasons why this bit or that bit is 'national security' or whatever today's buzzword is. As you suggest, who would hide things if they were doing nothing wrong?

  4. Doctor Syntax Silver badge

    "In addition, an optimal solution should not impede secure communications disproportionately"

    Whne working out what might be disproportionate it should be presumed that most communications will be innocent as this is, indeed, the case.

    "the only alternative ... is to issue a European Investigation Order but responses for these can take up to 120 days"

    So the appropriate solution is to straighten out existing procedures.

  5. b0llchit Silver badge
    WTF?

    Snail mail

    Soon to be banned: encrypted snail mail.

    It is a terrible sin to use end-to-end encrypted snail mail. The police everywhere are pulling out their hairs and holding their hands in the air because they cannot see the actual content and are unable to identify any written kiddie porn. The newly proposed legislation is to ban all automatic and manual OCR capabilities, including letter and pattern recognition, and a general ban on any and all manual cryptological transformative thoughts and operations.

    Also, stamps will only be sold if you can show and prove that any and all content is readable by you nearest national and international secret service organisation.

    1. Strahd Ivarius Silver badge
      Devil

      Re: Snail mail

      And don't dare use counterfeit stamps!

    2. David Hicklin Silver badge

      Re: Snail mail

      >. stamps will only be sold if you can show and prove that any and all content is readable by you nearest national and international secret service organisation

      And that shows how crazy they are with electronic communications, they should start by opening and resealing every letter and parcel being sent by post etc....

  6. s. pam
    Facepalm

    Oh dear the Fourth Rei.....

    Looks like Nanny EU BiB's aren't happy for tech for crims working -- just when they're on hols they want it to work.

    Time for a big bowl of disco biscuits for the BiB's then as smarter folks use Signal &/or Telegraph further obfusicating tracking!

  7. Necrohamster Silver badge

    Note to Europol...

    Bad guys aren't plotting crimes over SMS

    OK, maybe some stupid bad guys are. But everyone else is using Signal/Telegram/Wickr/Tox/etc etc.

    Oh yeah now I remember why the UK gov have been wanting to ban end-to-end encryption for years

    1. theDeathOfRats
      Pint

      Re: Note to Europol...

      I agreed with your post and was going to upvote it.

      Then I saw your handle and had to.

      Edited to add: ------------------------->

      First round's on me.

      (and may I have a mop, please?)

    2. Anonymous Coward
      Anonymous Coward

      Re: Note to Europol...

      > OK, maybe some stupid bad guys are. But everyone else is using Signal/Telegram/Wickr/Tox/etc etc.

      Europod: <takes out note book> "Slow down, slow down. W-I-C-K-R..."

  8. MOH

    Won't somebody please...

    This is a fairly poor effort by Europol.

    They didn't even bother to make a "think of the children" argument.

    Surely they could have raised the spectre of roaming paedophiles to their case?

  9. Bbuckley

    It's like travel by airplane. The 'Europol' equivalent muppets make it a misery for the 99.9999% of completely innocent law-abiding travellers to catch the 1 in a trillion bad guy. Morons all of them.

    1. I could be a dog really Silver badge

      The problem there is that it's not "one in a trillion", it's "quite a few" bad guys. If I had to hazard a guess, I'd put it in the general order of 1 in a million to 1 in 10 million (ish) who would, if it weren't made "quite difficult", do bad things to air travellers. And the rewards for success if you are a bad guy are quite high - it's rare for a terrorist attack (e.g. a bomb) onboard a flight to result in anything but a very bad last day for all onboard, and it's very newsworthy. So it has to be really hard for the bad guys (and good guys who are idiots and c.b.a. to follow even basic rules), and since it's really really hard to separate the bad guys from everyone else, that means unfortunately it's hard for everyone else too.

      1. An_Old_Dog Silver badge

        Security Theatre

        Despite all the "security theatre" measures put into place, allegedly for "security", or "anti-terrorism" reasons, in first-world countries, I, and probably most of you, can easily think of ways around these measures.

        I presume that mid-eastern terrorist group leaders (vs the frothing footsoldiers) are at least as intelligent and creative as Joe Q. Firstworld Public, and could, if they desired to, conceive and execute a plan which would cause major death, suffering, terror, economic loss, etc. in a first world city.

        As yet, they have not. Why not?

        It's because most of both mid-eastern terrorist group leaders, and first-world political leaders, are putting on performances for their own followers, and it's an implicit, mutual back-scratching mechanism.

        The (made-up name) Red Sword Faction sends "The Underwear Bomber", who is quickly caught before he can do his dastardly deed. The first-world politicos point to the Underwear Bomber, and shout, "See?! See?! There is a terrorist threat! Give me/the government more money and power. I'll/we'll save you!" The Red Sword Faction leader points to the Underwear Bomber and shouts, "Behold! Our noble brother struck a mighty blow against the corrupt, un-Godly Unbelievers! Give me your strength (read as: "money") and I shall lead us to victory in our righteous jihad to cleanse the world of (additional pejorative descriptors)!"

        Yeah, for the most part, it's about money and power.

        There are a few terrorists who come out of left field - think Timothy McVeigh - but not even the most repressive nanny nation/police state will be able to correctly anticipate or stop them (but they'll claim they can). That McVeigh and his ilk can do so much damage is simply a consequence of the power available to inhabitants of this modern technical age.

      2. Anonymous Coward
        Anonymous Coward

        Yes, all the control measures when boarding a plane are so effective you can't bring a bottle of water but (in the USA at least) bringing aboard live ammunition gets undetected (see Turks & Caicos arresting USians for bring "by mistake" ammunition in their hand luggage)

        1. An_Old_Dog Silver badge

          "Accidentally"?!

          Any non-officer bringing guns or ammo in their airline carry-on bags deserves to be arrested. Even if they made a truly accidental mistake in doing so, they still deserve to be arrested, for being dangerously careless.

          1. BartyFartsLast Silver badge

            Re: "Accidentally"?!

            Exactly, anyone who's careless enough to not know where their guns/ammunition is does not deserve to posess either

        2. Cliffwilliams44 Silver badge

          I once took a 4-inch folding knife in my laptop bag onto a plane. I went right through TSA without them seeing it. When I got to my destination I was like, "WTF, how did these idiots not see this?" I would have gladly surrendered it; it was replicable!

          So don't think you are safe. The people working airport security are morons. The fact they have not been hit is more luck than skill!

      3. Roj Blake Silver badge

        So why do I have to take my shoes off in a US airport, but not in a UK or European one?

    2. Anonymous Coward
      Anonymous Coward

      As "I could be a dog really" hinted at, check your math. With 8 billion people on earth, a "1 in a trillion" bad guy would mean one per 100+ generations. (And we've seen far more than that.) Even 1 in a billion isn't realistic (8 on the planet?); 1 in 10 million might be about right, but it's hard to be sure.

      99.9999% works out to 1 in a million, so that's a lot closer.

  10. UCAP Silver badge
    Joke

    Those who can - do.

    Those who can't - become management.

    Those who cannot even make management grade [1] - join Europol.

    [1] A very, very low bar to get over.

  11. Xalran
    Headmaster

    technicalities

    I'm probably going to be hated... Anyway, time for some telecom pedantry.

    Modern mobile neworks ( parse : that as 4G and 5G ) are encrypted through certificates from the mobile equipment ( the thing that has an IMEI and an IMSI, it can be a phone, a car, a computer, a tablet, a lift emergency button, a bycicle or even a housing call panel ) to the /home network/ both on the control plane and the user plane. The encryption is lower in 3G and 2G but still there from the mobile to hte core network )

    Lawfull interception ( since that's technically the topic ) just send a copy of the unencrypted messages in the /home network/ to the relevant auhorities once the correct legal paperworks has been filled and approved.

    The problem is when in roaming is that the *roaming network* handle one level of encryption between the mobile equipment and the *roaming network*... And then the /home network/ handle another layer of encryption from the moblie to the home network when PET is activated.

    In this case it's not possible for authorities in the roaming country to gets anything in clear, and to get it they have to ask the /home country/ authorities to setup the lawfull interception. ( with all hte paperwork such things entails at international level )

    When PET is not activated, the *roaming nework* handle the local level of encryption, the messages gets decrypted there, and are then sent, through a new encryption to the /home network/.

    In that case it's possible for the roaming country authorities to setup a lawful interception locally without having to go through the international legal wrangles.

  12. T. F. M. Reader

    Out of curiosity...

    Do Europol also complain about E2E-encrypted WhatsApp, Telegram, Signal, etc.? None of the developers is even European. Why focus on SMS?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like