In context: Thanks to home routing, internet service providers can continue managing users' communications while they are traveling abroad. Calls, messages, and data are processed through a user's home network rather than the local network of the country they are visiting.
Home routing is a useful technical solution for travelers interested in seamless internet access through their domestic provider. Users can also enjoy enhanced security if the provider has enabled Privacy Enhancing Technologies (PET) such as encryption. However, according to Europol, PET-enabled home routing is making its law enforcement duties much harder than they were before.
The law enforcement agency published a new paper on home routing, sounding the alarm about the challenge posed by PET and home routing for "lawful interception of information in the context of law enforcement and judicial investigations." Europol says it cannot carry out its duties anymore, as the agency's ability to protect European citizens and lead criminal investigations is significantly hindered.
When a suspect uses a foreign SIM card where home routing is deployed and PET is enabled, Europol explains, communications can no longer be intercepted and monitored. The problem occurs for both foreign citizens using their own SIM card in another country and citizens using a foreign SIM card in their own country.
When encryption is used at the service level, Europol explains, session-based encryption keys are exchanged between the service provider and the client within the user's home network. This way, the "visiting network" providing actual network access can no longer access these keys, and data cannot be retrieved.
Criminals are seemingly well aware of home routing and PET's ability to shield unlawful communications from Europol's watchful eye, the EU agency states. Cooperation between a service provider and a foreign (EU) nation could theoretically provide Europol with a way to intercept this traffic.
Enforcing national intercept orders is out of the question, as they cannot possibly work across borders. Meanwhile, a European Investigation Order can take up to 120 days to get a reply.
Europol's paper offers a couple of solutions that could preserve the agency's current level of investigative capabilities against digital and "afk" crimes. The first solution, which is both technically feasible and easy to implement, requires that domestic service providers be legally forced to disable PET technologies in their home routing connectivity offerings.
The provider would be forced to "execute an interception order for an individual using a SIM card from another country," Europol explains. No target information is exchanged with a foreign country. The second solution involves making interception of individuals possible across borders, with quickly processed eavesdropping requests to service providers. This solution would only work if a new, "structural implementation of cross-border standards" is implemented, Europol warns.