- Europol’s 2025 Internet Organized Crime Amenaics Evaluation (IOCTA) Indicates E2EE applications (end -to -end encrypted) as an obstacle to research
- The report also requires better rules on the collection and monitoring of metadata.
- This occurs when the EU Commission has presented a new plan to create a road map for legal and effective access to data for the application of the law.
Criminals are exploiting more and more end -to -end applications to prevent police investigations, according to the evaluation of organized crime threats of Europol Internet crime in 2025 (Ioct).
The report also warns that current metadata collection practices are too limited, which further complicates the work of the application of the law. This is the reason why Europol highlights the need to establish legal access due to design to encrypted communications, together with EU standards for specific retention and access to metadata.
Europol recommendations echo the EU Commission’s plan to create an encryption back door for the application of the law, something that experts are said to be “deeply worried.”
The encryption enigma
Online services, such as the best VPN, email, messaging applications and other applications, use end -to -end encryption (E2EE) to ensure that their communications remain private between the sender and the receiver: from end to extreme.
“Technically, E2EE prevents service suppliers from accessing communication content, which makes legal access orders not to be reserved within the EU. This creates a lack of visibility and the ability to investigate, criminal activity,” says the EuroPolt Ioct report.
This is not the first time that Europol has expressed its concerns about the use of encrypted technologies. Speaking with the Financial Times in January, the group’s head, Bolle Catherine, said that anonymity is not a fundamental right and that the police should be able to decipher encrypted messages to fight against crime.
However, technologists, cryptographers and other experts have argued for a long time against the risks of undermining encryption protections. According to the industry, an encryption back door for the police will inevitably compromise everyone’s safety.
Recent cyber attacks have demonstrated the need for strong encryption protections. For example, Salt Typhoon incident last year aimed at all the main telecommunications of the United States led US authorities who warned all citizens who changed to encryption.
This may be one of the reasons why the proposed laws that seek to undermine the encryption continues to fail. More recently, France rejected a new willingness to return to the back door in March, with Florida doing the same in May. EU legislators also disagree on Chat’s control proposal, after three years of trying.
“When the content is blocked by E2EE, the metadata become essential to map networks and identify the suspects. However, the current legislative panorama lacks harmonized rules, and this results in fragmented national policies,” says the Europol Ioct report.
Metadata refer to all information pieces that are not content. This includes IP addresses, location, telephone numbers, who has spoken with and when, but also the size of its data packages, the patterns to which they move, time marks, etc.
Thanks also to the tools with AI, the monitoring of metadata is allowing the police (or any other third with the necessary skills) to obtain a fairly precise image of the online behaviors of the people even without accessing the encrypted content.
The authorities know it, and that is why they are pressing so that new data retention obligations are applied. “Crucial metadata, such as subscriber information or IP records, are often subject to short or inconsistent retention periods,” said the Europol evaluation, which advocates by clear standards “for specific retention and/or accelerated access to essential metadata.”
Once again, that is something that technologists have warned for a long time, and that could make VPN’s work impossible without registration and other privacy software.
As mentioned, Europol is not the only group that presses for greater access to user data and their identities.
The EU is also working on legal and effective access to data for the application of the law, the so -called protection strategy, which seems to follow the recommendations collected as part of the EU Going Dark initiative.
The plan includes a roadmap for encryption along with an evaluation to expand data retention obligations for service providers. Until now, experts have criticized said plan and asked to play a key role in this debate.
While they adopt a different approach against the rear encryption doors, Switzerland is also considering amending their surveillance law to force online service providers to retain the metadata of certain users. This has opened a country debate about the need for anonymity online, with the tastes of Proton and NYMVPN promising to leave Switzerland if the new rules pass.
