A data ‘black hole’: Europol ordered to delete vast store of personal data

1/10/2022 4:39:00 PM
A data ‘black hole’: Europol ordered to delete vast store of personal data

A data ‘black hole’: Europol ordered to delete vast store of personal data

Surveillance, Privacy

A data ‘black hole’: Europol ordered to delete vast store of personal data

EU police body accused of unlawfully holding information and aspiring to become an NSA-style mass surveillance agency

Read more: Guardian news » ‘If not us, then who?’: inside the landmark push for reparations for Black Californians

‘If not us, then who?’: inside the landmark push for reparations for Black CaliforniansTaskforce including civil rights leaders and attorneys scrutinizes legacy of centuries of injustice Rather repatriation back to africa than reparations I’m a conservative and I’m not opposed to either giving back land taken from black families by eminent domain or monetary compensation for the land taken by the state government. Better get in the Q then.... Surely the indigenous population prior to the arrival of the white man should come first if dosh is dished out?

Covid: No need for a fourth jab yet, say UK advisers

Covid: No need for a fourth jab yet, say UK advisersThe booster third dose continues to give high protection to people 65 and over, data suggests. Why is natural immunity, from having had Covid, not being talked about, in any way at all? The number of people today, of all ages, must have it. Surely this can only be a good thing!

UK data watchdog seeks talks with Meta over child protection concerns

UK data watchdog seeks talks with Meta over child protection concernsCampaigners say lack of parental controls on Oculus Quest 2 virtual reality headset could breach children’s safety code For all those who are new to this working from home Bitcoin trading options Here's a little tip: Get a trusted Bitcoin expert and stick to him Arnoldnike93 Invest and play at similar times each day. Because : In times of chaos, your investment is your anchor to success⚖️ Perhaps UK should talk with parents who let their kids use internet and 'meta' unsupervised.

New data suggests pregnant women should get Covid vaccine 'as soon as possible'Pregnant women are being urged to get vaccinated as new stats reveal compelling evidence that the jab is important for expectant mothers

We must listen to South African scientists on omicron

We must listen to South African scientists on omicron🦠 'Legitimate questions are now being asked about why Britain was so dismissive of the evidence from South Africa, and whether Government scientific advisers are once again using fear as a method of control' | Writes gordonrayner gordonrayner sage predictions are crap

Mon 10 Jan 2022 12.failed to resolve for decades.About the data Ambulance queues When patients arrive at hospital by ambulance they should be handed over within 15 minutes.best interests of the child should be a primary consideration ” for online services likely to be accessed by a person under 18.

15 GMT Last modified on Mon 10 Jan 2022 12.49 GMT T he EU’s police agency, Europol, will be forced to delete much of a vast store of personal data that it has been found to have amassed unlawfully by the bloc’s data protection watchdog. “And if not us, then who?” The taskforce was formed in 2020 after the legislature and Gavin Newsom, California’s governor, approved a law requiring the study and development of reparations proposals. The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of points of information. As this is fast-turnaround data, the NHS says only minimal validation can be carried out but it is considered fit for purpose. Sensitive data in the ark has been drawn from crime reports, hacked from encrypted phone services and sampled from asylum seekers never involved in any crime. Read more The taskforce is undertaking this vast challenge with the knowledge that the historic injustices suffered by the descendants of slavery are deep, systemic and difficult to quantify. According to internal documents seen by the Guardian, Europol’s cache contains at least 4 petabytes – equivalent to 3m CD-Roms or a fifth of the entire contents of the US Library of Congress. A breach of the code could be punished by a fine of up to £17.

Data protection advocates say the volume of information held on Europol’s systems amounts to mass surveillance and is a step on its road to becoming a European counterpart to the US National Security Agency (NSA), the organisation whose clandestine online spying was revealed by whistleblower Edward Snowden . “We must be aggressive in our efforts to be honest and direct and to figure out what we need to do in California and be an example to the rest of the nation in how we begin to reckon with ourselves. This data shows the proportion of patients attending A&E who waited longer than four hours to be treated, discharged or admitted. Among the quadrillions of bytes held are sensitive data on at least a quarter of a million current or former terror and serious crime suspects and a multitude of other people with whom they came into contact. It has been accumulated from national police authorities over the last six years, in a series of data dumps from an unknown number of criminal investigations. Though California joined the union as a free state in 1850, 11 years before the civil war, many who took to the Sierra Nevada foothills during the Gold Rush in the years before statehood brought enslaved people with them. The watchdog ordered Europol to erase data held for more than six months and gave it a year to sort out what could be lawfully kept. Bed waits and occupancy If a patient at A&E needs to be admitted, the wait from decision to admit to being given a bed on a ward is recorded in England. The confrontation pits the EU data protection watchdog against a powerful security agency being primed to become the centre of machine learning and AI in policing. In one case that went all the way to the state supreme court, a slaveholder brought a man, Archie Lee, to California after statehood and after the fugitive slave law had lapsed . “The worries about the Oculus VR Headset demonstrate why we need to see ‘safety by design’ as a new norm in tech,” said Kidron.

The ruling also exposes deep political divisions among Europe’s decision-makerson the trade-offs between security and privacy. The eventual outcome of their face-off has implications for the future of privacy in Europe and beyond. Shirley Weber, now California’s secretary of state, wrote the law that formed the taskforce. Scotland and Northern Ireland do not publish bed wait or bed occupancy data. The European commissioner for home affairs, Ylva Johansson, has argued that Europol supports national police authorities with the ‘herculean task’ of analysing lawfully transmitted data. Photograph: Anadolu Agency/Getty Images The EU home affairs commissioner, Ylva Johansson appeared to defend Europol. They also testified about the Great Migration, when millions of Black Americans fled the south and Jim Crow to places like California, hoping for a better life, but found instead “structural barriers of exclusion” like restrictive housing covenants that forbade homeowners from selling to Black people, said Isabel Wilkerson, author of The Warmth of Other Suns: The Epic Story of America’s Great Migration. “Law enforcement authorities need the tools, resources and the time to analyse data that is lawfully transmitted to them,” she said. When you enter a postcode for a location in England you will be shown a list of NHS trusts in your area.” Burrows added that the CCDH research raised concerns about Zuckerberg’s plans for the “Metaverse”, a catch-all term for an immersive VR world in which people interact socially and professionally.

“In Europe, Europol is the platform that supports national police authorities with this herculean task. Black Californians also faced rampant racism in the communities where they tried to settle.” The commission says the legal concerns raised by the EDPS raise “a serious challenge” for Europol’s ability to fulfil its duties. Last year, it proposed sweeping changes to the regulation underpinning Europol’s powers. They prank-called them at all hours, threw rocks through their windows, burned a cross on their lawn and spray-painted on their garage: “Black Cancer Lives Here, Don’t Let It Spread”. Comparative data from two years ago is shown where available. If made law, the proposals could in effect retrospectively legalise the data cache and preserve its contents as a testing ground for new AI and machine learning tools. Europol denies any wrongdoing, and said the watchdog may be interpreting the current rules in an impractical way: “[The] Europol regulation was not intended by the legislator as a requirement which is impossible to be met by the data controller [ie Europol] in practice. Germany paid $89bn in restitution to Holocaust victims while the United States paid $20,000 each to the 82,219 Japanese Americans who were unlawfully incarcerated during the second world war. “We’re committed to meeting the obligations under the code, and to providing young people with age-appropriate experiences,” said the spokesperson, adding that the Oculus terms of service did not permit under-13s to create accounts or use the device.

” Europol had worked with the EDPS “to find a balance between keeping the EU secure and its citizens safe while adhering to the highest standards of data protection”, the agency said. Health Secretary Sajid Javid says he was concerned by rising Covid hospital admissions , particularly in older age groups in this Omicron wave. Founded as a coordinating body for national police forces in the EU and headquartered in The Hague, Europol has been pushed by some member states as a solution to terrorism concerns in the wake of the 2015 Bataclan attacks and encouraged to harvest data on multiple fronts.4m each – for the dozens of people taken hostage in Iran in 1979. Europol buildings in The Hague. Photograph: Jerry Lampen/ANP/AFP/Getty Images In theory, Europol is subject to tight regulation over what kinds of personal data it can store and for how long.5m." Alongside rising hospitalisations, Covid-related staff absences in England have risen sharply, with the number of workers off sick for Covid reasons having trebled from the beginning of December, the latest figures show . Incoming records are meant to be strictly categorised and only processed or retained when they have potential relevance to high-value work such as counter-terrorism.

But the full contents of what it holds are unknown, in part because of the haphazard way that EDPS found Europol to be treating data. Weber’s father was a sharecropper in Hope, Arkansas, who had to flee to California after he tried to organize for fairer wages. O nly a handful of Europeans have become aware that their own data is being stored and none is known to have been able to force disclosure. Have you been affected by the issues raised in this story? Share your experiences by emailing [email protected] Frank van der Linde, who was placed on a terror watchlist in his native Netherlands and later removed, is one of the rare visible threads in an otherwise unseen mesh. “You can’t quantify my father’s lack of education and the negative experience that he had just trying to survive for himself and his family,” Weber said. The political activist, whose only serious run-ins with police amount to breaking a window to gain entrance to a building and create a squat for homeless people, was removed from the Dutch watchlist by authorities in 2019. But a year prior to this removal he had moved to Berlin, which unknown to Van der Linde at the time prompted Dutch police to share his data with German counterparts and Europol.” The scale of the injustices under assessment by the committee is almost inconceivably vast. Please include a contact number if you are willing to speak to a BBC journalist.

The activist discovered his entanglement with Europol only when he saw a partially declassified file at Amsterdam city hall. To get his personal data removed from any international databases he turned to Europol. This robbery of family inheritance and generational wealth has created a wealth gap between Black and white Americans that say would take 228 years to close. He was surprised when in June 2020 it responded saying it had nothing he was “entitled to have access to”. The activist took his complaint to the EDPS. Photograph: Irfan Khan/AP For Dawn Basciano’s family, the loss was enormous. “I don’t know if they deleted the data after Dutch authorities updated them [that] they don’t consider me an extremist … Europol is a black box.

” “The ease of getting on such a list is horrific,” Van der Linde said. “What do reparations look like? There is so much,” Basciano said. “It’s shocking how easily police share information over borders, and it’s terrifying how difficult it is to manage to delete yourself from these lists.” C oncerns over Europol’s treatment of sensitive data prompted the watchdog to raise its own questions in 2019. It resonates with me. Its initial findings in September of that year showed that data sets shared with Europol were stored without the proper checks to verify whether people scooped up in them ought to be monitored or their data retained. Access to the ark is restricted to authorised personnel and a lot of its content has been examined, cleansed and used legally. These are the stories that have been told and retold, and it hurts.

When Europol failed to convincingly answer the watchdog’s concerns, the EDPS publicly admonished the police agency in September 2020 making clear what was at stake: “Data subjects run the risk of wrongfully being linked to a criminal activity across the EU, with all of the potential damage for their personal and family life, freedom of movement and occupation that this entails.” The tussle that followed is captured in a series of internal documents obtained under freedom of information laws. In September, Newsom signed a law that would return a lucrative beachfront property in Manhattan Beach, California, that had been taken from the Bruce family in the 1920s through eminent domain . They show Europol stalling for time and the watchdog telling them that they have failed to resolve “the legal breach”. The police agency appears to be holding out for new EU legislation to provide retrospective cover for what it has been doing without a legal basis for six years. Though any recommendations made by the taskforce will not be binding, Weber urged its members to be bold in their proposals, including universal preschool for all children to help address educational and childcare inequities. The European Commission’s nervousness over a public clash was enough to pull Monique Pariat, the EU’s director general for home affairs, into a meeting between the two agencies in December 2021.

Sources said the watchdog had been encouraged to “tone down” its public criticism of Europol. The taskforce will continue to meet in the new year. But the head of EDPS, Wojciech Wiewiórowski, told the Guardian that the meeting was “the last moment for Europol to add some information that wasn’t added in their last replies to our letter”. As the meeting did nothing to answer Wiewiórowski’s concerns on lawful retention of data “there was no other way to solve the problem, for us” he said, “than to issue a decision to erase the data which is over six months”. “This 400-year challenge is not going to be solved in 400 days,” Weber said. Niovi Vavoula, a legal expert at Queen Mary University of London, said: “The new legislation is actually an effort to game the system. Europol and the commission have been attempting an ex-post rectification of illegally retaining data for years.” Topics.

But putting new rules in place does not legally resolve previously illegal conduct. This is not how the rule of law works.” Experts’ concerns are not confined to Europol’s flouting of rules on data retention. They also see a law enforcement agency that aspires to conduct mass surveillance operations. Members of the civil liberties, justice and home affairs committee of the European parliament during a hearing in June 2021 compared the agency to the NSA.

Wiewiórowski surprised attenders by endorsing the comparison in relation to Europol’s practice of retaining data. He pointed out that Europol was using similar arguments to those used by the NSA to defend bulk data collection operations and mass surveillance as revealed by Snowden. “What the NSA said to Europeans after the Prism scandal started was that they are not processing the data, they are just collecting it and they will process it only in case it is necessary for the investigation they are doing,” . “This is something that doesn’t comply with the European approach to processing personal data.” Eric Topfer, a surveillance expert at the German Institute for Human Rights, has studied the proposed new Europol regulation and said it foresees the agency pulling in data directly from banks, airlines, private companies and emails.

“If Europol will only have to ask for certain kinds of information to have them served on a silver platter, then we are moving closer to having an NSA-like agency.” T he struggle with EDPS over data storage is the latest evidence of Europol favouring technosolutions to security concerns over privacy rights. Europol’s boss, previously Belgium’s top cop, co-wrote an in July 2021 which argued that the needs of law enforcement agencies to extract evidence from smartphones should trump privacy considerations. The article argues for a legal right to the keys to all encryption services. No mention was made of Pegasus spyware revelations that showed that many governments, including some in Europe, were actively attempting to intercept the communications of human rights defenders, journalists and lawyers for whom encryption offers their only protection.

Europol’s boss, Catherine de Bolle, has argued that the needs of law enforcement agencies to extract evidence from smart phones should trump privacy considerations. Photograph: Sem van der Wal/ANP/AFP/Getty Images In 2020, Europol trumpeted its involvement together with French and Dutch police in hacking the encrypted phone service EncroChat, unleashing a torrent of personal data into the ark. When the secret operation was revealed by Europol and its judicial counterpart, Eurojust, it was hailed as one of the biggest successes in battling organised crime in Europe’s history. In the UK alone, about 2,600 people were taken into custody by August 2021 and Nikki Holland, the director of investigations at the UK National Crime Agency, compared the hack to “having an inside person in every top organised crime group in the country ”. Europol copied the data extracted from 120m EncroChat messages and tens of millions of call recordings, pictures and notes, then parcelled it out to national police forces.

The flood of evidence of drug trafficking and other offences drowned out qualms about the implications of the operation. The hacking operation that turned EncroChat phones into mobile spies acting against their users has important similarities with surveillance malware such as Pegasus. Lawyers from Germany, France, Sweden, Ireland, the UK, Norway and the Netherlands, all representing clients caught up in the aftermath, met in Utrecht in November 2021. They found that cases were being built across Europe based on evidence of which authorities were unwilling to reveal the provenance. “Investigators and prosecutors were hiding or deforming the facts,” said the German attorney Christian Lödden.

“We all agree that these are not the best people in the world, but what are we ready to sacrifice in order to convict one more person?” Police officers during a raid in a business park in Weißensee, Germany, in October 2021 as part of an investigation into drug trafficking and arms dealing. The raid was triggered by decrypted data from the short message service Encrochat. Photograph: Paul Zinken/AP EncroChat clientele included non-criminals, people such as lawyers, journalists and business people. The Dutch attorney Haroon Raza was one of them and said he bought an EncroChat handset at a phone shop in Rotterdam. He demanded that his data be erased.

“As far as I could understand, a copy still lies in Europol’s databases where it could remain forever.” French lawyer Robin Binsard is convinced that the whole operation amounts to mass surveillance. He said: “Dismantling a whole communication system is like the police searching all the apartments in a block to find the proof of a crime: it violates privacy and it’s simply illegal.” Since 2016, Europol has also been running a mass screening programme in refugee camps in Italy and Greece, sweeping up data from tens of thousands of asylum seekers in search of alleged foreign fighters and terrorists. According to a partially declassified EDPS inspection report obtained under freedom of information laws, “routine checks” by Europol of migrants crossing EU borders “are not allowed” as there is “no legal basis” for such a programme.

The screening may have resulted in migrants’ personal data being stored on a criminal database regardless of any links being found to crime or terrorism. Europol has declined to reveal any operational details. I nternal documents make clear that by spring 2020 Europol was developing its own machine learning and AI programme, even as the EU data watchdog was snapping at its heels. Finding itself with a growing cache of data, the agency turned to algorithms to make sense of it all. A month after the data supervisor publicly admonished Europol, the agency came back with a question: if it wanted to train algorithms on the data it had already been admonished for retaining, could it start the data protection impact assessment process for this without EDPS oversight? The request makes it clear that the algorithms, which included facial recognition tools, would not be designed nor used to retrieve sensitive data such as health status, ethnic background, sexual or political orientation, even though, as Europol admitted, such data would inevitably be processed by the tools: “We recognise that the produced results will contain sensitive data and its processing will be in line with Europol Regulation.

” When the watchdog did not provide the green light, Europol decided in effect to sideline the EDPS and go ahead regardless, confirming as much in a January 2021 letter. (L-R) European commissioner for home affairs, Ylva Johansson, executive director of Europol, Catherine de Bolle, the French minister of interior, Gérald Darmanin, German MP Stephan Mayer, and the Belgian minister of the interior, Annelies Verlinden, on the sidelines of their meeting to discuss ways of preventing migrants crossing the Channel, in Calais, France on 28 November. Photograph: François Lo Presti/EPA The watchdog responded by saying it would open a formal monitoring procedure. By the end of February 2021, Europol pulled the brake on its machine learning programme. Europol told the Guardian that, to date, it “has not made use of own machine learning models for operational analysis and has also not carried out ‘training’ of machine learning.

” But there are clear signs that the brake will be released soon. Europol has already started a recruitment round for experts to help with the development of AI and data mining. The emerging shape of Europol is alarming some MEPs such as Belgium’s Saskia Bricmont. “In the name of the fight against criminality and terrorism we have an evolution of an agency, which performs very important missions, but they are not executed in the right manner. This will lead to problems,” she said.

Chloé Berthélémy, an expert with the European Digital Rights network of NGOs, said that while Europol lags behind the US in terms of technological capacity, it is on the same path as the NSA. “Europol’s capacity to hoover up huge amounts of data and accumulate it, in what could be called a big data ark, after which it is almost impossible to know what they are used for, makes it a black hole.” Reporting for this investigation was supported by a grant from the IJ4EU fund and in collaboration with Lighthouse Reports Topics .