Tag: Cybercrime
CyAN’s Position on the Recommendations of the High-Level Group on Access to Data for Effective Law Enforcement
The Cybersecurity Advisors Network (CyAN) opposes recommendations made by the European Commission’s High-Level Group on Access to Data for Effective Law Enforcement (HLG) that we view as incompatible with European rights and values.
Overview
The HLG, often referred to as “Going Dark” / #EUGoingDark was established in 2023 in order to develop ways for law enforcement to more effectively identify, track, and investigate international crime. Its current recommendations can be found here (PDF).
The High-Level Group has some laudable goals, including reducing crime, enhancing cooperation between law enforcement agencies, and improving efficiencies. The Cybersecurity Advisors Network opposes several components of the HLG recommendations, and encourages our members, partners, and stakeholders to do the same.
European Digital Rights (EDRi) published an article about HLG and many of the issues with its composition, its objectives, and the many issues associated with HLG’s activities in June 2024. Former Member of the European Parliament (MEP) for the German Pirate Party Patrick Breyer wrote a series of extensive posts on the problematic nature of the HLG; a good introduction can be found here.
In short, objections to the HLG, as well as to its goals and its decision-making process, include the group’s undemocratic lack of transparency and accountability, the excessive influence that law enforcement and national security entities have on EU policymaking through the group, its regular re-hashing of repeatedly defeated and debunked schemes to undermine the security of information through legally mandated weakening of encryption and other mechanisms which currently ensure citizens’ rights and safety online, and its willingness to consider measures that will damage fundamental European constitutional rights in the pursuit of illusory civic and national security.
The Proposed ProtectEU Security Strategy
The HLG is also involved in crafting the European Commission’s related ProtectEU Internal Security Strategy (full text here) which includes a push for mandatory encryption backdoors (“to identify and assess technological solutions that would enable law enforcement authorities to access encrypted data in a lawful manner”). Politico has a good summary of some of the logic driving these problematic items in the EU’s proposed strategy. CyAN has signed the Global Encryption Coalition’s joint letter pushing back against ProtectEU, affirming our commitment to strong encryption and democratic safeguards.
Our Concerns About the HLG’s Recommendations on Access to Data for Effective Law Enforcement
The HLG’s recommendations bear the strong potential for a mass surveillance structure. While CyAN strongly supports the fight against online ills such as child sexual abuse materials (CSAM), cybercrime, fraud, terrorist / violent extremist content (TVEC), and image-based sexual abuse (IBSA), we insist that undercutting the freedoms of citizens runs counter to the liberal democratic values that are a cornerstone of European society. There are more effective and less damaging ways to achieve these aims.
Notably, the HLG explicitly advocates for the introduction of compulsory encryption backdoors, something CyAN has consistently opposed and actively campaigned against across multiple jurisdictions. Backdoors irreparably undermine encryption, and are detrimental to privacy, individual rights, economic prosperity, and democratic stability. CyAN has published numerous articles and position papers opposing such proposed laws in jurisdictions including Australia, Sweden, the US, and Japan, Ukraine, France and Sweden, the United Kingdom, and the European Union. Our members strongly advocate for the urgent need for viable end-to-end encryption [1] [2], free of backdoors [1] [2], especially in the face of quantum encryption, not least as a vital tool for protecting vulnerable populations,
Significantly, while the Copenhagen Criteria for membership in the European Union include democracy and transparency, the rule of law, human rights, and respect for minorities, the EU’s 27 member states have occasionally diverged from both these core values, and from each other’s interpretation thereof. While the EU is currently a stable system with strong safeguards for citizens’ rights, neither liberty nor democracy can be taken for granted. The past two decades have provided several examples of how quickly formerly free societies can revert towards authoritarianism. Technological and legal protections for anonymity, data security and integrity, and freedom of expression should be strengthened, not undermined.
CyAN’s Position
CyAN objects to the following components of the HLG’s proposed framework in its current form (May 2025):
- The requirement for online service providers to archive all online activities (27), as well as mandatory identification and data retention: clicks, messages, connections – under individuals’ legal names. This risks creating an online panopticon, and bears the risk of turning citizens into potential suspects. This will also dramatically subvert the utility of VPNs and other anonymity tools, that provide safety to users (27.v).
- Encryption backdoors: providers must supply data “in an intelligible way”, forcing them to weaken or bypass end-to-end encryption whenever asked (27.iii).
- Backdoors by design: hardware and software makers are ordered to bake permanent law-enforcement access points into phones, laptops, cars, and IoT devices (10, 22, 25, 26).
- Criminalisation of non-compliance: services or developers who refuse to spy on their users face fines, market bans, or prison (33, 34, 35, 37).
- Universality: the rules cover every “electronic communication service”, from open-source chat servers to encrypted messengers to vehicle comms systems (17, 18, 27.ii).
- Subversion of member-state national sovereignty: law enforcement may intercept data under another member state’s jurisdiction “without going through a cross-border cooperation instrument”. Not all EU members have equal levels of respect for freedom of expression, privacy, confidentiality, and similar concepts, and eroding a member state’s ability to protect its own citizens is a dangerous path to pursue (39).
The recommendations repeatedly mention a desire to prevent abuse, ensure citizens’ rights, and ensure that expanded surveillance and investigative powers are only used in a lawful, responsible manner – without specifics of what mechanisms would ensure such respect for Europeans’ basic human rights. It amounts to “trust us, we have your best interests in mind”.
Make Your Voice Heard
The Commission’s feedback period on the HLG’s recommendations is open until 18 June 2025, midnight Brussels time. In addition to supporting the GEC’s arguments against ProtectEU by signing the joint letter, CyAN will provide our own comments to the Commission on Access to Data for Effective Law Enforcement. We strongly encourage our members to do the same, and to contact their MEP in order to oppose surveillance overreach.
European Commission feedback form:
Global Encryption Coalition Joint Letter on ProtectEU:
A list of Members of the European Parliament by constituency:
https://www.europarl.europa.eu/meps/en/home
A sample text to send to your MEP:
Dear <…>
I am writing to you as an information security professional, in order to voice my opposition to the European Commission High Level Group on Access to Data for Effective Law Enforcement (HLG) current recommendations.
As a European citizen, I firmly believe that several of the HLG’s proposals are highly damaging to European fundamental liberties, to the security and integrity of online commerce, and to the trustworthiness of online discourse and democratic mechanisms.
These include, but are not limited to:
- The requirement for online service providers to archive all online activities (27), as well as mandatory identification and data retention (27.v)
- Encryption backdoors (27.iii)
- Backdoors by design (10, 22, 25, 26)
- Criminalisation of non-compliance (33, 34, 35, 37)
- Universality (17, 18, 27.ii)
- Subversion of member-state national sovereignty (39)
I support the HLG’s objectives of fighting cybercrime, terrorism, and abuse online, but the means advocated by the group are not the right way to strengthen our society.
I urge you to help ensure that the European Parliament, European Commission, and all other elements of the European Union’s legislative, executive, and judicial mechanisms continue to respect the rights of Europeans to privacy, trust, safety, anonymity, freedom of expression, and security online, and to not allow the undermining of the technological mechanisms that ensure these in the interests of a surveillance state which will damage our freedom and prosperity.
With best regards,
&c.
Hack the Planet? No. Just Hack the Tap: What exposed water systems tell us about the state of cybersecurity around the world
Final thought About the Author: Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions. She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
Board Member Spotlight: Adj. Prof. Dr. Greg Dzsinich, LLM, CIPP/E
Member of the CyAN Board (Paris) | Adjunct Professor at EMLYON Business School (Lyon) | Co-Managing Partner at Eversheds Sutherland (Budapest)
Adj. Prof. Dr. Greg Dzsinich is a legal expert with a strong academic foundation and an unwavering dedication to international cybersecurity and digital trust. His leadership across sectors and his ability to move between practice and policy make him a valued voice within the CyAN community.
Greg’s decision to join the CyAN Board was influenced by the association’s unique identity as a multidisciplinary, global trust network. His long-standing friendship with Jean-Christophe Le Toquin, CyAN’s President, also played a key role. Greg has always admired Jean-Christophe’s pure dedication and saw in CyAN a platform that aligns both professionally and personally with his values. For Greg, joining CyAN was not only a professional step. It was also a human one, grounded in shared purpose and collaboration.
Serving on the Board gives Greg the opportunity to engage with cybersecurity issues on a global scale while continuing his role as co-managing partner at Eversheds Sutherland in Budapest. He values the ability to combine strategy, legal insight, and international cooperation to help build a safer digital environment. Personally, he finds fulfillment in contributing to a network of experts who share a commitment to trust, integrity, and meaningful impact.
Greg believes that CyAN’s greatest contribution to the global cyber community is its ability to bring together experts from legal, technical, policy, and academic backgrounds. This diversity of expertise is essential for tackling the complex and evolving nature of digital threats. Within this trusted environment, members can exchange ideas openly, build knowledge collectively, and offer informed proposals to decision-makers around the world. In Greg’s view, CyAN functions both as a think tank and as a resource for capacity building, helping to raise standards and strengthen resilience across sectors and borders.
His passion lies at the intersection of law, ethics, and technology. With a background in criminal investigations, cybercrime, data protection, and privacy, Greg is particularly invested in ensuring that legal frameworks evolve responsibly alongside innovation. He is especially interested in how artificial intelligence, when guided properly, can coexist with human rights, ethical design, and democratic safeguards.
Looking to the future, Greg encourages CyAN to focus on expanding its policy influence and increasing its contributions to emerging challenges. He sees a need for stronger guidance on issues such as AI governance and international data flows. He also identifies potential risks related to AI-driven cybercrime and disinformation. As CyAN grows, he believes it must continue to build trust, respond quickly to technological shifts, and ensure that its not-for-profit mission remains well supported and well resourced.
Among the changes he has observed in the cybersecurity landscape, Greg is particularly concerned by the widespread use of disinformation as a weapon. He views this as a societal threat that is exacerbated by technology. At the same time, he feels encouraged by the growing public understanding that cybersecurity and data protection are not niche concerns. They are strategic priorities. This increasing awareness supports the kind of holistic and forward-thinking approaches that CyAN promotes.
Outside of his leadership roles, Greg is committed to education and bridging the gap between theory and practice. He teaches at Emlyon Business School and frequently participates as a guest lecturer or judge at international events, including the WhiteHat Conference at Boston University and the Northeastern Security Symposium in New Jersey. He enjoys the exchange of ideas that happens when academic research is tested against real-world challenges and when practical insights are brought into the classroom. This feedback loop shapes his work and helps him stay grounded in both rigor and relevance.
Beyond his professional and academic commitments, Greg finds balance in his personal passions. He is an avid cook and a competition sailor. Both pursuits reflect his appreciation for creativity, discipline, and teamwork.
What keeps him motivated is the potential to make a meaningful impact. He is energized by the intellectual challenges that come with blending law, technology, and policy. He also draws strength from the collaborative spirit within CyAN. For Greg, working alongside others who are just as passionate about protecting democratic institutions and advancing privacy rights is both inspiring and rewarding. His commitment is anchored in a belief that a secure and trustworthy digital future is possible, and that CyAN plays a crucial role in making it happen.
One idea that continues to guide his leadership comes from his time at Microsoft. When he joined the company in 2008, he was struck by a powerful metaphor. If we sit in one boat, we must not only row well. We must also remain in rhythm if we want to win as a team. This mindset has stayed with him. It reflects his belief that individual effort only becomes meaningful when it supports a shared goal and that true leadership involves listening, aligning, and moving forward together.
“What happens to Heroes?” EPISODE #6: The Unsung Heroes of the digital world by Didier Annet
The Psychological Impacts of Cyberattacks What I will call the “Heroes” Let’s Rewrite the Story of a Cyberattack – Alternate History of a winning scenario Excerpt From the Interview Typical identification factor: “Right reflexes, right roles — from click to crisis” About the Author Didier …
CyAN Mentorship Wrap-Up – 2025-1
CyAN is nearing the end of its spring 2025 mentorship programme. We extend a sincere thank you to our members who have agreed to contribute to the development of new talent entering the information security sector: Saba Bahgeri (Australia), Mohammed Shakil Khan (UAE), Mathew Nicho …
