- The EU’s HLG (high -level group) is now considering VPNs among “key challenges” for investigative work.
- End-to-end encryption is also mentioned in the final report as the biggest technical challenge
- Experts call for restraint and consideration of the measures, fearing that civilians will carry “state spyware in their pockets”
For the first time, an EU expert group has explicitly mentioned VPN services as “important challenges” for the investigative organization work together with encrypted devices, apps and new communications operators.
The group’s final report also refers to end-to-end encryption as “the biggest technical challenge.”
Known as the High-Level Group (HLG), the expert group was assigned the task of the EU Council in June 2023 to develop a strategic plan “on access to data for effective law enforcement.”
Legal Data Access by Design
HLG’s first set of recommendations leaked to the public last June. The goal was simple – make the digital devices we use every day, from smartphones and smart houses to IoT devices and even cars that are legal and technically monitorable at all times of law enforcement organs.
In a comment on this plan, Mullvad told VPN CEO Jan Jonsson to Techradar at the time: “That would mean total surveillance and that Europe’s inhabitants carry state spyware in their pockets.”
The last wording in the LHG report from March 13, 2025 shows that not much has changed from the original ethos. Nevertheless, the recommendations for achieving “Legal Data Processing by Design” look more refined.
As mentioned, experts are now considering including VPN services among the most important challenges for studies.
Previously, concerns were mostly reserved for messaging -apps or secure E email software using encryption to crawl users’ content into an ulcerous form, de facto, making it difficult (if not impossible) for authorities to successfully decrypt desired information.
Law enforcement authorities from the EU, North America and Australia continue their work to gain future legal access to private communication within the EU initiative that is dark. We also note that VPNs are mentioned under “key challenges” .https: //t.co/ktu9hlzre0March 18, 2025
To expand the target of VPN services seems to adapt to the experts’ views on metadata access as “important to identify suspects.”
Metadata refers to data that does not relate to the content, such as who sends the message receiving it, at what time and from where. VPNs are working on masking IP addresses that provide the details of our location when we have access to the Internet.
For experts, however, EU legislators need to find solutions to force service providers to maintain some necessary metadata for a minimum period. Fortunately, the need for a “harmonized and consistent” legal framework for data storage is among the latest LHG suggestions.
However, the introduction of new obligations to collect users’ identifiable metadata would collide with the technical infrastructure and policies of many privacy -focused services. This is especially true for non-log-VPNs, as the name suggests, never collects information that can connect users with their online activities.
Safety CONNOVER ROOM
Despite emphasis on the need for authorities to access people’s data to conduct studies, LHG experts acknowledge that “this must not be at the expense of fundamental rights or cybersecurity of systems and products.”
In particular, the report highlights more than one apartment, how encryption is also important for people’s security, protection against data theft, state -sponsored espionage and other forms of unauthorized data approach.
Did you know?
The demand for salt Typhoon attacks triggered a scream from the authorities for all citizens to switch to signal-like messaging apps to improve their online security.
It is back to see how the EU legislators will find a balance between the will of accessing people’s data – whether encrypted – and to maintain information security.
On their side, cryptographers and other tech experts have long claimed that encryption either acts as intended or is broken for everyone.
By commenting on the ongoing push for encryption back doors, Proton CEO Andy Yen recently said, “Encryption is math – it either adds or it doesn’t. You are not able to create a back door that will maintain encryption. It is simply not possible.”
