{"id":8566,"date":"2023-04-13T15:32:52","date_gmt":"2023-04-13T13:32:52","guid":{"rendered":"https:\/\/eulawenforcement.com\/?p=8566"},"modified":"2023-07-16T12:19:47","modified_gmt":"2023-07-16T10:19:47","slug":"hacking-for-justice-how-europol-walks-the-tightrope-between-fighting-crime-and-protecting-fundamental-rights-draft","status":"publish","type":"post","link":"https:\/\/eulawenforcement.com\/?p=8566","title":{"rendered":"Hacking for Justice: How Europol Walks the Tightrope Between Fighting Crime and Protecting Fundamental Rights"},"content":{"rendered":"\n

By An Nhien, Iman, Liudmila, Timothy and Alice<\/p>\n

\"\"<\/p>\n

National Security vs. Privacy<\/a><\/p>\n

By An Nhien, Iman, Liudmila, Timothy and Alice<\/p>\n

In the ever-evolving battle against serious and organized crime, law enforcement agencies (LEAs) are turning to a new weapon: lawful hacking<\/a>. But as the supporting role of using hacking techniques by the and other agencies becomes more prevalent, questions are being raised about the impact on fundamental rights, particularly the right to privacy. With events like the high-profile EncroChat<\/a> case and a landmark decision<\/a> of the Court of Justice of the European Union (\u2018CJEU\u2019), the legality and implications of hacking techniques in general, and the supporting role of Europol in facilitating lawful hacking in particular, are under intense scrutiny. Join us as we delve into the legal limbo and decode the delicate balance between privacy and public safety in the realm of facilitating lawful hacking by Europol.<\/p>\n

What is Lawful Hacking?<\/u><\/strong><\/p>\n

There is no singular definition at the EU level. Similar terms such as \u201clawful hacking\u201d, \u201claw enforcement hacking\u201d<\/a>, \u201cgovernment hacking\u201d<\/a>, or \u201cnetwork investigative techniques\u201d<\/a> are often used interchangeably. However, Liguori argued that \u201clawful hacking\u201d<\/a> could be the most appropriate term as it broadly implies both the technical means of this investigative method and the lawful nature of the activity. Hence, he defines \u201clawful hacking\u201d<\/a> as the use of hacking techniques by LEAs to gain access to computer systems and networks for the purpose of investigating criminal activity. Simply put, LEAs would exploit the vulnerabilities of software, hardware, or firmware, to gain access to technical devices and then extract data and evidence from such devices. For instance, LEAs can conduct a forensic examination of seized smartphones after using algorithms to find the password of such smartphones.<\/p>\n

\"\"<\/p>\n

Europol has declared the need to use lawful hacking due to the strong encryption on electronic devices that undermines the investigation and prosecution of organized crimes as the data is unavailable or unidentifiable<\/a>. The use of encryption has increased the number of serious crimes, which has been identified by Europol as a threat to public order and safety<\/a>, the efficiency of the criminal justice system, and the rule of law. On the contrary, the use of lawful hacking itself can also pose risks to the protection of fundamental rights. Indeed, the application of this method can, for instance, potentially interfere with individuals\u2019 privacy if LEAs excessively access personal data without sufficient valid reasons or legitimate aims. As such, LEAs\u2019 use of lawful hacking has become a contentious issue in the European Union (EU), raising questions about the balance between LEAs\u2019 needs and individual privacy rights. The landmark is a stark example of the potential impact of lawful hacking by Europol and national LEAs on fundamental rights, particularly the right to privacy. Keep reading as we uncover the ramifications of lawful hacking, considering the EncroChat case.<\/p>\n

EncroChat\u2019s Downfall: Privacy at Stake.<\/u><\/strong><\/p>\n

In the world of encrypted communication networks, EncroChat <\/a>was the king of security \u2013 until its downfall. EncroChat<\/a>, an encrypted communication network advertised as a secure means of communication with complete anonymity, was dismantled by a French-Dutch joint investigation team<\/a> in July 2020. Specifically, in the Encrochat case, LEAs hacked into a secure messaging platform that has been believed to be exploited by criminals, gaining access to private conversations and gathering evidence and leading to the arrest of several suspects across Europe. While the investigative method of lawful hacking helped in capturing criminals, does it also negatively impact the privacy of other normal users like us?<\/p>\n

Article 8 of the European Convention on Human Rights (ECHR) guarantees our privacy rights. However, the EncroChat operation involved the development and distribution of malware disguised as an update, raising questions about the legality of the evidence obtained and the right to privacy. The lack of transparency in the methods used has caused uproar in legal circles, with debates about the potential misuse of lawful hacking<\/a>. This means that while LEAs might have legitimate aims when they broke into the EncroChat system, they should do this very carefully because of the complex legal issues<\/a> that arise alongside them, especially those related to privacy protection. In short, before deciding to apply or assisting the lawful hacking application, LEAs must take into account whether and to what extent this method can interfere with the individual\u2019s privacy.<\/p>\n

Legal Limbo: Hacking Techniques Challenged by European Parliament and CJEU.<\/u><\/strong><\/p>\n

In a report<\/a> published by the European Parliament\u2019s Committee on Civil Liberties, Justice and Home Affairs (LIBE) in 2017, even before the EncroChat case, concerns about the legality of lawful hacking activities conducted or supported by LEAs were raised. According to the report, there is a risk that the use of hacking techniques may infringe on fundamental rights. These concerns have been further amplified by the CJEU\u2019s decision in the case of Accordingly, the CJEU ruled that the UK\u2019s regime for public authorities\u2019 retention and access to communications data, including LEAs, was inconsistent with EU law. The Court held that communications data\u2019s retention on a general and indiscriminate basis, without any differentiation, limitation, or exception for the objective of fighting crime, was impermissible.<\/p>\n

Privacy vs. Public Safety: Decoding Lawful Hacking by Europol<\/u><\/strong><\/p>\n

Although there are concerns about the possible violation of privacy rights by lawful hacking, it should be noted that this right is not absolute<\/a> as it can be restricted under certain circumstances. Simply put, your privacy is only respected if it does not hamper<\/a> the protection of the fundamental rights of other individuals or, on a larger scale, the interests of public safety\/national security. If your privacy affects the latter, it is justified for you to \u201ccompromise\u201d<\/em> your interests for that of public security when you are legally requested, for instance, to provide access to your personal information by LEAs. It is, therefore, a matter of balancing<\/a> different (and perhaps opposing) fundamental rights and interests of different parties involved. Concerning the use of lawful hacking for investigation purposes, one of the most important tasks of LEAs<\/a> is to balance individuals\u2019 right to privacy and national security, public safety and\/or other individuals\u2019 fundamental rights. To do this, Europol must refer to the Charter of Fundamental Rights of the EU<\/a> (The Charter) and the ECHR <\/a>since these legal documents protect and balance fundamental rights within the EU.<\/p>\n

For instance, Article 8(2)<\/a> ECHR states that a public authority cannot restrict privacy right unless it adheres to the law and is necessary to protect national security\/public safety, etc. This interpretation was confirmed by the Court in Malone v. UK,<\/a> ruling that a method allowing communications interception to support investigations by LEAs was essential if it met conditions provided by Article 8(2). Three main conditions for a lawful interception by LEAs include:<\/p>\n

    \n
  1. such interference\/interception is provided by the law;<\/li>\n
  2. it is necessary and proportionate, and<\/li>\n
  3. it aims to pursue legitimate aims such as the protection of public safety or national security or the prevention of crime\/disorder<\/li>\n<\/ol>\n

    Since lawful hacking is one example of lawful interception, it is also subjected to these requirements. As long as the three conditions are met, the role of Europol in supporting lawful hacking does not violate the right to privacy enshrined in the ECHR and the Charter. Europol, in the joint Eurojust-Europol annual report on encryption in 2021<\/a>, emphasizes it would follow such requirements by stating that their technologies must be accompanied by suitable protections, such as standards of necessity and proportionality to ensure the admissibility of collected electronic evidence in court.\u00a0So, don\u2019t worry whenever the LEAs are hacking your devices because they will respect and protect your privacy while doing so.<\/p>\n

    \u00a0\"\"<\/p>\n

    Safety and privacy<\/a><\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n

    \u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

    By An Nhien, Iman, Liudmila, Timothy and Alice National Security vs. Privacy By An Nhien, Iman, Liudmila, Timothy and Alice In the ever-evolving battle against serious and organized crime, law enforcement agencies (LEAs) are turning to a new weapon: lawful hacking. But as the supporting role of using hacking techniques by the and other agencies … Continue reading “Hacking for Justice: How Europol Walks the Tightrope Between Fighting Crime and Protecting Fundamental Rights”<\/span><\/a><\/p>\n","protected":false},"author":94,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8566","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts\/8566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8566"}],"version-history":[{"count":3,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts\/8566\/revisions"}],"predecessor-version":[{"id":8660,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts\/8566\/revisions\/8660"}],"wp:attachment":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}