EU cyber-crime chief fears massive proliferation
Europe's new online crime centre faces an almost insurmountable task, its incoming chief Troels Oerting has said.
"There is no absolute security, it is a myth," Oerting, who is from January to run the European Cybecrime Centre - an offshoot of the EU's joint police body, Europol - told MEPs at a hearing in Brussels on Monday (17 September).
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
He noted that the anonymity of online crime is a major problem.
There are currently some 3.4 billion possible Internet Protocol (IP) addresses which assign numerical labels to computers and devices connected online and that number is set to increase exponentially.
"We will soon have 4.2 billion billion billion billion billion billion billion billion addresses. And the police need to find the owners of these [if there is an investigation]," Oerting said.
He added that more than 200 billion spam emails are being sent every day and that 46 new malicious codes aimed to steal online data are being created every second.
Foreign intelligence services are among the long list of culprits who increasingly use the Internet to steal data to gain inside advantages on trade. Activists, hackers and organised crime are also becoming more active.
Unlike conventional crimes such as cocaine smuggling, police are often unable to trace online crimes which are committed easily, quickly and invisibly. It can be hard to distinguish between a cyber attack by a "clever" teenager and one committed by a criminal or state organisation.
The way forward, said Oerting, is to create better legal norms and public awareness and to ensure that what is illegal in the "offline world" is also illegal in the online one.
He said his new centre will combat intrusion, fraud, and child sexual exploitation.
Child exploitation is also getting worse.
Oerting recently returned from one country which is unable to cope with the high number of cases in the field. He would not name the country, but said it has a two-year backlog.
The centre hopes to co-ordinate with member state authorities and other EU agencies to ensure they do not overlap on investigations.
It will post liaison officers to the European Commission and the European External Action Service as well as to EU agencies.
Oerting noted that funding remains a problem in some of the smaller EU member states where there is no budget to investigate online cross-border crimes.
"I hate to say it, but when we invite [people] to meetings about Europol investigations, half of the most critical countries don't come. They haven't got the money for travelling," he said.
Meanwhile, some Internet Service Providers (ISPs), even when faced with a court order, are now asking law enforcement agencies €25 for each IP address they help out with.
Oerting said child sexual abuse cases can entail thousands of IP addresses. "One country, again I won't tell which one, couldn't afford it. The host country didn't want to pay it themselves, we [Europol] paid it," he explained.
What about privacy?
For his part, Hiekle Hijmans, an official from the European Data Protection Supervisor (EDPS), a Brussels-based EU agency, noted that authorities must ensure data protection rights are respected while tackling the problem.
"The fight against cyber crime often takes place in a pro-active preventive manner by trying to link individuals who are not yet suspected of crime," he said on the scattergun methods used by some police forces.
He pointed out that ISPs cannot be asked to carry out general monitoring of the personal information they store: "Systemic monitoring of content by the providers is highly intrusive."
Some member states, like France, allow police to use a "legalised Trojan horse" to spy on potential cyber criminals, Myriam Quemener, a French magistrate and cyber crime expert, said at the EU parliament hearing.
She noted that French police officers attempt to reach out online anonymously to make contact with criminals.