Cybersecurity tools and challenges of international cooperation

“Not a day goes by without my investigators being in contact with their foreign counterparts. In cyberspace, cases are solved when we play together,” says General Marc Boget, the commander of the Gendarmerie Nationale in cyberspace – the ComCyberGend. In this digital world, which is now the target or vector of more than 80% of the crimes committed in France today, borders do not exist. Moreover, evidence is much more fragile and volatile than in the physical world. For cyber-investigators, the traceability and preservation of digital data, as well as the speed of action, are a real challenge, as explained by squadron leader Matthieu Audibert, head of the partnerships and cooperation department within ComCyberGend: “Either the evidence is stored within the European Union, but on a medium that may be possible to alter, or it is stored outside. In this case, the offence must be characterized in the law of the State concerned, and its authorities must allow us to access it.

Europol, the historical hub of police cooperation within the European Union, was created in 1998 in The Hague, the Netherlands, and has dedicated 80 investigators to cybercrime. There will soon be a hundred of them, with capabilities that are constantly being strengthened, starting with the processing of mass data. Thanks to them, in the spring of 2021, some thirty investigators were able to sift through 500 million digital messages in record time to dismantle a vast criminal network operating between the United States and Europe, called Sky ECC, named after the encrypted software that was deemed unbreakable and used by its members to communicate. Europol’s mission is threefold, says police commander Emmanuel Kessler, who is in charge of prevention and awareness within the European Cybercrime Centre: to support national operations, to organize the exchange of information between services and to provide them with expertise; “Unlike the FBI, which takes over investigations, Europol’s role is to support the work of Member States. For example, we are able to bring together some 50 experts from different countries for several weeks in order to facilitate cooperation in a complex case.”

Europe is the driving force behind international cooperation in this field. As early as 2001, the Council of Europe (46 members) adopted the first specific treaty: the Budapest Convention on Computer-related Crime, a base text ratified by 66 States, including Canada, the United States and Israel. This instrument, which lays the foundations for information sharing and digital evidence, has been the subject of two additional amendments or protocols, the last of which dates from the fall of 2021. The next step, however, threatens to drag on expanding its scope through a convention at the UN. “The difficulty with this process, initiated at the request of Russia, is that it requires negotiations with each of the 193 member states,” says Joanneke Balfoort, director of security and defense policy at the European External Action Service (EEAS). “The war in Ukraine has weakened this long process of harmonizing rights and procedures, with the risk of blocking other multilateral progress.” The Dutch diplomat is nevertheless pleased to note that the Covid 19 crisis and the Ukrainian conflict have contributed to reviving cooperation between Europe and its major partners, such as the “Five Eyes” club – the United States, Canada, Great Britain, New Zealand and Australia – and even India, a key player in Asia.

The harmonization desired by Europe is based on the application of the rules of international law applicable to cyberspace, says Brussels. Aware of the philosophical differences in the conception of digital governance, the Old Continent is also aware that this evolution comes up against the sovereignty of States, which today includes the control of digital data. In addition to this political impediment, the development of cooperation also comes up against a series of technical obstacles. Data retention policies are multiple, while data can travel instantly from one state to another, and criminals are increasingly using technologies to anonymize connections. With the giant private hosts that are the Gafams, the balance of power is uneven. “If it’s a question of obtaining connection information, it goes pretty well and quickly, but if we ask them for content, our request systematically ends up on the desk of an American judge. The time required for judicial cooperation is incompatible with the time required for digital evidence,” says an expert.

On the other hand, the development of training appears to be a promising vector for international cooperation. In order to be effective, it is necessary to share the same level of technical skills. One of the challenges of cooperation concerns the dissemination of procedures (such as requisition models) and reference “digital investigation techniques”. France is a leader in this segment. As a historic player in the fight against cybercrime, and at the forefront of global innovation, the Gendarmerie Nationale is called upon by many foreign services to train their investigators, confirms squadron leader Matthieu Audibert: “Without going into detail, I can tell you that we are capable today of infiltrating information systems to capture data, analyzing sophisticated viruses or even tracing transactions via the crypto-asset blockchain.

The “strategic compass” adopted in March under the French Presidency of the Council of the European Union (FPEU) should consolidate Europe’s position as a leader in global cooperation on cybercrime. The Member States are finally in agreement on the main security threats and challenges. In terms of cyber, this groundbreaking text calls for new legislation on digital resilience, a hardened cyber posture and intelligence capabilities, and the creation of a Joint Cyber Unit. In other words, Kessler says, “Europeans are expressing the need and the will to have harmonized procedures and operating methods.”