- E2EE (IOCTA) applications in 2025 Internet internet indicate that E2EE (end -to -end) applications are an obstacle to surveys
- The report also provides better rules on the collection and monitoring of metadata
- This occurs while the EU Commission has unveiled a new plan to create a roadmap for lawful and effective access to data for the application of laws
The criminals are increasingly exploiting encrypted applications from start to finish to hinder police investigations, according to the evaluation of the threat of the crime organized in 2025 from Europol in 2025 (IOCTA).
The report also warns that current metadata collection practices are too limited, further complicating the work of the police. This is why Europol highlights the need to establish lawful access by design to encrypted communications, in parallel with EU standards for targeted retention and access to metadata.
Europol’s recommendations echo the EU Commission plan to create a stolen encryption door for the police – something that experts would be “deeply concerned”.
The encryption enigma
Online services, such as the best VPN, emails, messaging applications and other applications, use end -to -end encryption (E2EE) to ensure that your communications remain deprived between the sender and the receiver – from start to finish.
“Technically, E2EE prevents service providers from accessing communication content, making mandates for unusable lawful access within the EU. This creates a lack of visibility and ability to investigate criminal activity,” reads the IOCTA report of Europol.
This is not the first time that Europol has expressed its concerns about the use of encrypted technologies. By discussing the Financial Times in January, the group’s leader, Catherine de Bolle, said that anonymity was not a fundamental right and that the police should be able to decipher the quantified messages to combat crime.
However, technologists, cryptographers and other experts have long been competing for the risks of undermining encryption protections. According to the industry, a stolen door of encryption for the application of the law inevitably compromises everyone’s safety.
Recent cyber attacks have demonstrated the need for strong encryption protections. For example, the incident of the Salt typhoon of last year targeting all the main American telecommunications led the American authorities to warn all citizens to move to encryption.
This can be one of the reasons why the proposed legislation seeking to undermine encryption continue to fail. More recently, France has rejected a new provision of the stolen door of encryption in March, Florida doing the same in May. EU legislators are in disagreement on the cat’s proposal for control, after three years of testing.
“When the content is blocked by E2EE, the metadata becomes essential to map the networks and identify the suspects. However, the current legislative landscape lacks harmonized rules, which results in fragmented national policies”, reads the IOCTA report of Europol.
The metadata refers to all the information that is not the content. This includes IP addresses, location, phone numbers, with whom you talked and when, but also the size of your data packages, the models to which they move, horodatages, etc.
Thanks also to the tools fueled by AI, the monitoring of metadata allows the police (or any other third party with the necessary skills) to obtain a fairly precise image of the online behavior of people even without accessing the encrypted content.
The authorities know this, and that is why they are pressure for new data retention obligations to be applied. “Crucial metadata, such as information on subscribers or intellectual property newspapers, is often subject to short or inconsistent retention periods,” said Europol evaluation, arguing for clear standards “for targeted retention and / or accelerated access to essential metadata.”
Again, this is something that technologists have warned for a long time, which could make VPN work and other confidentiality software impossible.
As mentioned, Europol is not the only group that pushes better access to the encrypted data from users and their identity.
The EU also works on lawful and effective access to data for the application of laws – the so -called Protectuu strategy, which seems to follow the recommendations collected as part of the Dark Got Dark initiative.
The plan includes a roadmap to encrypt in parallel with an assessment to extend data preservation obligations for service providers. So far, experts have criticized such a plan and have asked to play a key role in this debate.
While adopting a different approach to encryption deadlines, Switzerland also plans to modify its surveillance law to force online service providers to keep the metadata of certain users. This has opened a debate in the country on the need for online anonymity, with Proton and NYMVPN promising to leave Switzerland if the new rules adopt.
