A recently published report – jointly produced and released by Europol and Eurojust – offers an update on a relevant and interesting subject for all SIMARGL stakeholders. The second report of the Observatory Function on Encryption is aimed at law enforcement, judiciaries and policy makers as a reference source on the latest technical and legislative developments around encryption.

This paper builds on the objectives of the first report, released in Jan 2019, to provide an overview of the state of play on encryption from the perspective of the law enforcement and judicial communities. The current environment in which criminals are able to exploit encryption and other security vulnerabilities remains challenging for the judicial and law enforcement authorities of EU Member States, the report authors emphasise.

Europol report on encryption
Figure 1: Europol report on encryption

The latest report provides an overview of Member States’ specific legal provisions for access to encrypted data. The handing over of personal information to law enforcement, such as passwords, or data in unencrypted formats, continues to be a contentious issue. Cases brought before the courts reveal a lack of cross-border consensus on the rights of a person to remain silent, or to, perhaps, inadvertently incriminate themselves. Law enforcement throughout the EU continue to find this a challenging situation.

From a technological perspective, companies remain resilient to changes in access rights to data while newer developments further complicate this issue. A comprehensive synopsis of the challenges presented to law enforcement via a developing market is examined. For example, Steganography, DoH (DNS-over-HTTPS), DoT (DNS over TLS) and 5G, provide stronger encryption on the one hand, and a greater dilemma for the law, on the other.

In addition, the part governance plays, in the form of new policies and decisions made by technology companies, and the implications for law enforcement and the judiciary is considered. These may affect the ongoing approach to gaining access to user data for the purposes of criminal investigations.

An identified challenge with a potentially important impact, and highly relevant for the SIMARGL project, is that of Steganography. The role of SIMARGL partner, CUING, together with Europol’s European Cybercrime Centre (EC3) is highlighted here. The report provides an overview of some of the latest developments in recent years in the following areas:

  • Mobile Magic Mirror: A progression to embedded information that can be hidden within, or disguised as, social media activities (as opposed to information hidden in the content). This makes intercommunication much harder to detect.
  • Perfectly deniable steganographic disk encryption: A technology that can mask the presence of an encrypted drive on a machine. There is no visible incriminating software and no indication of communications that may raise the suspicions of law enforcement.
  • Fingerprints and steganography: A technique that embeds the secret message in the ridge endings and bifurcations of the fingerprint image. It masks the presence of a message due to the polarity of the image and, additionally, appears to be robust against current statistical methods of detecting hidden messages.
  • Neural networks and steganography: A recent development involving AI (Artificial Intelligence) where a machine learning agent hid information for later use while transforming aerial images into street maps and back to aerial images. A group of Stanford and Google researchers trained a neural network, CycleGAN, an algorithm for performing image-to-image translation, to learn the mapping between an input image and an output image. CycleGAN translates images from a source domain X to a target domain Y without needing paired examples. The researchers observed that the reconstructed aerial maps showed features that they expected to be suppressed during the process. CycleGAN had learned to hide, or embed, information for later use. This can be misused by replacing the embedded data with other information or modelled to collect personal data.

The report also highlights a development that may be of benefit to law enforcement – watermarking. The author suggests that hiding watermarks on crime photos, using steganographic techniques, might help to detect signs of digital tampering.

Criminal usage of encrypted communication mobile devices continues to be difficult for law enforcement to circumvent with new challenges presented by the latest developments in encryption techniques. The advice from the report is for more collaborative efforts from stakeholders in raising awareness in the law enforcement community of future developments in encryption and the latest threat trends. Improved training can help law enforcement to face the challenges and mitigate against gaps in their knowledge.

For the SIMARGL project, this report is very much on topic. One of the major aims of the project is to provide targeted training for LEAs on encryption, as developed by CUING. SIMARGL is directed towards mitigating the challenges LEAs face with a focus on training courses that reduce knowledge gaps in the community and support improved knowledge on the latest threats and developments.