The “Encryption Challenge” faced by LEAs in Criminal Investigations

  • Panel
  • Orangerie
  • Friday 23.05 — 08:45 - 10:00

Organising Institution

CDSL

  • Academic 2
  • Business 2
  • Policy 2
In the recently published ProtectEU Internal Security Strategy, lawful access to encrypted data and communications is presented as one of the key challenges for law enforcement authorities. In the next months, the EC will present a "Technology Roadmap" on encryption to identify and assess "proportionate" solutions. In this context, the massive police data collection conducted in the ongoing SKY ECC case is illustrative of the fundamental rights implications of encryption workarounds, including on the right to privacy and on the right to a fair trial. An additional important issue is the one of the sanction of procedural irregularities in judicial criminal proceedings. The role of Europol in international data driven investigations should also be clarified. In our panel, the speakers will take into account the perspective of national jurisdictions in Belgium, the Netherlands, France, Austria, Italy and Germany. They will also discuss the judicial cooperation at stake: How are the European jurisdictions (ECJ/ECHR) and the EU data protection authorities reacting?

Questions to be answered

  1. Which are the fundamental rights implications of encryption workarounds? How to enable LEAs to access encrypted data in a lawful manner?
  2. Who controls the police data collection during and after data driven investigations? What is the role of Europol?
  3. Is the national judicial control on illegal police data collection effective within the EU?
  4. Is the European judicial/administrative control on illegal police data collection effective?

Moderator

Vagelis Papakonstantinou

Cyber & Data Security Lab, VUB - Greece

Vagelis Papakonstantinou is a Professor on Personal Data Protection Law at the Faculty of Law & Criminology of the Free University of Brussels (VUB, Vrije Universiteit Brussel), focusing also on Cybersecurity, Intellectual Property, and the broader topic of technology regulation. He is the director of VUB's Cyber and Data Security Lab (CDSL), as well as, a core member of VUB’s Research Group on Law Science Technology & Society (LSTS) and the Brussels Privacy Hub. Since the early 2000s Vagelis Papakonstantinou has participated in the law-making committees for the release of all major EU, Council of Europe and Greek laws and regulations on personal data protection (the Council Framework Decision 2008/977/JHA, the EU PNR Directive, Convention 108+, the GDPR, the Police and Criminal Justice Data Protection Directive, Greek law n.4624/2019). Since 2018, when the GDPR became applicable, he has participated either as a partner through VUB’s CDSL or as an external expert in EU-funded research projects of a total worth of more than 100m Euros. In addition to the above, through MPlegal, a niche technology law firm, Vagelis Papakonstantinou practices business law with a particular emphasis on technology start-ups and mid-size companies. For the period 2016-2021 he has been a member (alternate) of the Hellenic Data Protection Authority. For the period 2021-2024 he has been the Data Protection Officer (DPO) of Greece's centre-right (governing) political party Nea Demokratia - ND. Before these, he had been a member of the Board of Directors of the Hellenic Copyright Organisation (for two terms).

Speaker

Catherine Forget

Groupe de recherche en matière pénale et criminelle (GREPEC) - Belgium

Catherine Forget has been practicing criminal law on a daily basis since 2014. She advises and assists people during criminal investigations (hearings with the police or the examining magistrate) and also defends people's interests before the French and Dutch-speaking criminal courts. She practises her profession with the aim of offering everyone a quality defense and, if the situation allows, with a view to shaking things up from a human rights perspective. Catherine Forget is also an assistant in criminal law and procedure at USL-B and a member of the Groupe de recherche en matière pénale et criminelle (GREPEC). Her research focuses on criminal law in relation to the right to protection of personal data and the right to privacy. In this context, she has published in a number of legal journals (see below). Lastly, Catherine Forget is a member of the Human Rights League's pool of lawyers, and in this capacity has lodged several appeals before the Constitutional Court, some of which have been referred to the Court of Justice of the European Union.

Speaker

Grace Mulvey

Microsoft - Ireland

Grace Mulvey is a Senior Corporate Counsel at Microsoft, working as part of the Law Enforcement and National Security (LENS) team based in Dublin, Ireland. Prior to joining Microsoft, she worked across various sectors, including civil society organisations, private practice, and at a national data protection regulator. Grace is dual-legally qualified, in Ireland as a Barrister, and in the US as a New York Attorney. Her specialities include Data Protection and Privacy, European Law, International Law, and Criminal Law.

Speaker

Justus Coenraad Reisinger

Van Boom Advocaten - Netherlands

Justus Reisinger is an attorney-partner at Van Boom Advocaten. Mr. Reisinger assists defendants in all types of criminal proceedings, from court (or even the preliminary stage) to the Supreme Court. His work is particularly in large-scale investigations (murder, organized crime, money laundering, etc...) with special expertise in digital evidence and international aspects. He also regularly litigates in criminal cases at the European Court of Human Rights (in Strasbourg) and the Court of Justice of the European Union (in Luxembourg). As a result, Mr. Reisinger also has an international network of fellow lawyers with whom he also litigates in other countries, and with some of whom he forms the basis of the 'Joint Defense Team'. In addition, Justus Reisinger and Ruud van Boom also wrote about the “cybercrime” topic of cryptocommunications (PGP services) in the Lawyer's Journal, in particular this was about EncroChat and Sky ECC.

Speaker

Gilles Robine

European Commission, DG Home Affairs & Migration, Digital investigation - Europe

Mr. Gilles Robine joined the Commission in 2018 where he is an expert in digital investigation at the Directorate General "Home Affairs & Migration". He is notably responsible for policies related to the impact of new technologies on cyber investigation. In this capacity, Mr. Robine is involved in the activities of DG HOME related to the generalization of encryption and anonymization techniques, to the investigation of the dark web, to the illicit use of crypto assets, and to the development of Artificial Intelligence. Engineer and policeman, Gilles Robine has accompanied the development of technologies in the field of security for nearly 30 years, as head of an investigation group specializing in cybercrime, then for the private sector to develop an industrial offer for security services.