On Friday 11 January 2013 the European Cyber Crime Centre, EC3, officially opened its doors at Europol in The Hague. If something shone through from the speeches of the panel participants, it is that there are tight budget restraints and a strong wish to cooperate with the U.S., the Interpol centre in Singapore and Russia. Let me share my thoughts on expectations.
The official program
What I liked about the opening, was that it was modest. Nothing beyond this is who we are and this is what we try to achieve in the near future. And practical. On stage a Memorandum of Understanding on cooperation was signed with the US counterpart.
The following focal points were chosen by EC3 to start its work on fighting cyber crime :
1. That (is) committed by organised groups to generate large criminal profits such as online fraud;
2. That … causes serious harm to the victim such as online child sexual exploitation;
3. That … affects critical infrastructure and information systems in the EU.
Next to that “the Centre will also facilitate research and development and ensure capacity building among law enforcement, judges and prosecutors and will produce threat assessments, including trend analyses, forecasts and early warnings”.
In this EC3 has made clear choices on what it will pursue. Choices that are well defensible, as online child sexual exploitation is a major concern for society as a whole, that always has the interest of the public eye. While major fraud and online incidents involving critical infrastructure are destabilising for the economy and the (trust in the) Internet itself. Next to financially hurting those that were attacked, phished, hacked or misled.
To start “small” is not a disadvantage. Expectations, although they are high for EC3, are tempered somewhat. When the centre proves it merit with first successes in 2013, interest grows. People like to be associated with success, so a grow in budget may well become possible soon after.
From the sideline I see a few challenges for EC3. It needs the best data available in order to pursue its goals. What are the chances to engage with industry in order to receive data from multiple sources? Will EC3 be able to participate in some way in the botnet mitigation centres that have been and will be erected around Europe (and perhaps beyond) over the coming years? Will the relevant organisations in the Member States and beyond be willing to share relevant data with EC3? In what way are the new privacy rules of the EU a hindrance to successful cooperation? Concerns on this topic are regularly uttered, especially from the U.S. (a close partner, as we have seen!).
Will Member States allow EC3 some forms of cooperation or/and coordination between organisations from the Member States? This seems pivotal to me in order to tackle cross-border cases, which nearly all Internet crimes are.
Questions that are to be answered over the coming months and years, but will determine whether EC3 is able to really make a difference. Whether it will live up to its potential.
CERTs and EC3 are already working on a program run by ENISA to establish forms of cooperation. How about cooperation with other law enforcement agencies around the EU? Whether telecommunication, privacy, consumer, customs, anti-spam and malware, etc., all have complementary powers to the police. Having an overview of these powers could actually bring a broader spectrum of enforcement powers to the fore.
The police is there to arrest criminals, but this does not stop all perpetrations on the Internet. There is a world to win if the police world recognises other powers on hand and learns to exchange data with other entities if the police is not the first or perhaps not the best equipped party to act.
The EC3 could play this role in recognising other entities available to cooperate with, whether industry initiatives such as botnet centres and self-regulatory initiatives, national online threat or security centres and other law enforcement capabilities. From this a better overview of opportunities becomes available, capacity building is broadened and the overall exchange of meta data grows, enlarging the analysing and enforcement capabilities of all concerned.
The EC3 has opened and many challenges lay in front of it. It is a good thing the Centre has opened and an important step towards the much needed cross-border cooperation that is very much in demand to fight cyber crime in all its facets successfully. I wish EC3 the best of luck and many successes!
Wout de Natris, De Natris Consult
Leiderdorp, 15 January 2012