1. Introduction.
2. What is ENFOPOL? - How long has it existed?
3. ENFOPOL vs. Echelon/Carnivore.
4. The European Parliament's politics and point of view.
5. Legal issues, privacy concerns.
6. Technical and security issues.
7. Conclusion - Future prospects of ENFOPOL.
8. The ENFOPOL papers and ENFOPOL websites.

1. Introduction

This report's purpose is to enlighten as many people as possible about the European Union's surveillance system ENFOPOL. The report is made as a small project for the "Privacy Commission", located at privacycom.net. The CyberArmy website is located at cyberarmy.net. This report is written by zion1459 (currently 2nd Lieutenant at CyberArmy), a newcomer to the Policy Group of the CyberArmy Privacy Commission. Hopefully many other projects concerning ENFOPOL will spring from an interest in this report.

All information in this report comes from reliable Internet sources (such as Internet newspapers), and the EU's own ENFOPOL papers. Even so, don't take what you read in this report for granted. ENFOPOL is a very badly covered subject and there's still a lot of work to be done to clarify it properly.
If you have any questions or suggestions to this report then email me at zion1459@hotmail.com

2. What is ENFOPOL? - How long has it existed?

ENFOPOL was formed in secrecy in 1993 at an International Law Enforcement Telecommunications Seminar (ILETS). It was a co-operation between the countries of the European Union planning the start of a surveillance system for lawful interception of telecommunication. In 1995 the first document on "lawful interception of telecommunications" was adopted into the European Union. All other papers since then have just been technical changes to the original 1995 Council Resolution.
ENFOPOL has been developed with help from the FBI, and it's pretty obvious that the idea for the system is inspired by Echelon and Carnivore. Echelon was started back in the eighties.

ENFOPOL is a product of the "secret" co-operations within ILETS. As the name International Law Enforcement Telecommunications Seminar implies, ILETS is an international get together between people with power discussing shady business. This collaboration was first heard of when the journalist Duncan Campbell mentioned it to the European Parliament in his report about Echelon (among other things). According to Duncan Campbell, ENFOPOL was initiated by the American National Security Agency (NSA), which controls the Echelon project. But since the NSA's work is about as secret as it gets, the FBI is leading the way. Since 1993 the FBI has been active in ILETS, where representatives of police- and intelligence services from the USA, Canada, and several European countries are present as well. The meeting in 1993, where ENFOPOL was formed, took place on an FBI base in America, and since then there have been several other ILETS meetings.

During the meetings, issues such as common standards for telecommunication equipment have been discussed in order to make surveillance easier. ENFOPOL started as an ILETS project. Within ILETS it bears the cryptic title "IUR 1.0". This all means that when you look at the big picture, it's ultimately the NSA who's behind the ENFOPOL resolution.

3. ENFOPOL vs. Echelon/Carnivore:

The capabilities of ENFOPOL are still not fully known but from the information available on the subject it seems to be a mixture between Echelon and Carnivore.
NSA's Echelon is a big shot surveillance system which is capable of gathering 70-90percent of all electronic information in the world. The purpose of Echelon is to check all this information for keywords that might indicate that an act of terrorism or another national threat is about to occur. Somewhere, massive super computers, with the sole purpose of searching for these keywords, are stashed away. If enough keywords are found in e.g. an email, the mail gets sent to an Echelon employer for a perusal.

The FBI's Carnivore system is a computer system using a lot of special designed surveillance software (data sniffers, etc.). The Carnivore system is inserted into e.g. the computer network of a major corporation thus giving the FBI the capability to monitor the activities of a single - or many users. Before a Carnivore system may be used, the FBI must obtain a court order. This means that only suspected criminals are spied on.

Now... ENFOPOL is more or less like the systems mentioned above, but at the same time something entirely new. The ENFOPOL system isn't just ONE system, but more a co-operation between many different, such as Internet Service Providers (ISP). ENFOPOL doesn't work outside the EU, it's simply a law enforcement unit with the capability to operate within the entire European Union (just like the FBI does it in the USA). Perhaps in the future a special ENFOPOL police force will be made. Or perhaps ENFOPOL will be co-operating closely with the police forces of the different EU countries. The gathering of information is done by each ISP co-operating within ENFOPOL.

All the information is then stored securely, and if a country's police force/intelligence service needs information about a suspect, the ISP will transfer all the information about the person immediately. Now, the big question which is still being heavily discussed is: for how long should this information be stored? Like in the case of Carnivore the police needs a court order before they're allowed look into possible evidence, and everything they do has to be documented.
Of course it isn't just ISPs that are influenced by ENFOPOL...

It's everything! Satellite communication, phones/mobile phones, credit card information, everything! And every little system involved must be capable of gathering the information themselves, and make sure that it is available in a standard format which enables the police to retrieve and read it fast and easily. Also if the information is encrypted for security reasons the ISP must supply encryption keys, and software, when asked.

4. The European Parliament's politics and point of view:

The major question in the EU is: for how long should the ENFOPOL information be allowed to be stored? Some of the really big players in the ENFOPOL discussions are Great Britain, France, and Germany, with Great Britain fighting for the right to store the data for up to seven years! At the moment the agreement allows the data to be stored for about a month. Countries like France and Germany have already started discussing how to change their own laws in order for ENFOPOL politics to fit in. And since ENFOPOL violates the constitution of nearly every country in the EU, changes would be inevitable. It has never been legal to spy on innocent civilians, and that is what the ENFOPOL project does.

This is probably why the entire project has been kept under wraps; they needed as much time as possible to figure out the legal issues (of course this is only a theory and shouldn't be taken as fact). What they're actually discussing at the more or less secret meetings in the EU, no one really knows. We're left to believe what the politicians are willing to reveal about it. But it seems that all the countries of the EU like the idea of a big surveillance system like ENFOPOL, because it will help us catch major criminals. But at what cost? Our privacy?

5. Legal issues, privacy concerns:

Concerns about our privacy are most certainly understandable. Just imagine what would happen if ENFOPOL had permission to run uncontrolled, or even worse if it was controlled by big corporations! Of course, at present this sounds ridiculous, but who knows where we'll be in merely ten years. It's fact that firms like ISPs will be working with ENFOPOL to assure them their information as fast as possible. Wouldn't these ISPs be able to use the information for their own purposes? Yes they would! With a system like ENFOPOL it becomes "legal" to spy on innocent people, and since this task might be carried out by an ISP, it could abuse the knowledge. Certainly if it's not under government surveillance.

We all have a right for privacy. If you send a letter in the mail, it should arrive at the recipient exactly as it was when you posted it. If the letter has been opened, then the law has been broken, and it's your right to take legal actions.
Now, if you send an email to a friend, you have absolutely no guarantee that it hasn't been read by some sort of surveillance system. Your only option would be to encrypt your message.

If some person snatches your message, this person breaks the law, and could be facing jail time. But what if it's not some person, but instead some government which snatched your email? What right would they have to read your private mail? Any privacy activist would claim NONE! But, I'm afraid that isn't entirely true. If you're a criminal suspect, a police force might get a court order giving them permission to put you under strict surveillance. Most likely they would be allowed to use a system like ENFOPOL if available. You may think ... Hmmm... Well, that's fine with me. Because, if they think I'm a criminal, they must have good reason for it.

True, but the only problem is that they are spying on you whether you're a suspect or not. They intercept your messages no matter what, they just don't read them! Returning to the letter sent by post example. Let's say that I find your letter, x-ray scan it thus getting all the information from it, and then put it back in the mail. You'll never notice it, and I'll not read what I've scanned, unless it becomes necessary. Would you call this fair? No, probably not. But this is what ENFOPOL is doing with the electronic e-mail. And do not forget that it monitors things like phones too!

But, say that it's only a government-selected comity (or something like that) which has the sole right to handle any of this information. Then it wouldn't be that terrible, because you should be able to trust any real democratic government. Now, this is where the security issues step in. Can we be sure that only the government has access to this information?

6. Technical and security issues:

The world is inhabited by quite a few "bad people", and some of them have computers, and are very good at using them. This exclusive selection of nasty buggers use their computers as tools for breaking the law. These people are crackers. Thieves and hooligans of the Internet. What would you do if a cracker hacked successfully into an ISP's main computer and had full access to all your Internet data? Or even worse, if a cracker got access to the ENFOPOL mainframe! The cracker wouldn't just have all your Internet information but ALL your personal information, he could access everything. He might even be able to empty your bank account!

The above might seem like fiction, but the first electronical bank robberies have already happened. Nothing connected to the Internet is secure. No security system is unbreakable. Even if a system was the best ever seen, and nobody were able to find any errors in it, sooner or later it would be broken. Because humans make mistakes; and some day the system's supervisor will make one too. Perhaps a new Einstein is born, and he breaks the system. Someone, just a little smarter than the rest.
As we've all seen or heard through the media, computer crimes happen very often. The only way to protect ENFOPOL's information would be never to record it!

About a year ago crackers hijacked an American satellite. Usually the American government controlled this satellite! If their computer's security system can be overwritten then who be as stupid as to believe ENFOPOL's can't?
The technical information concerning ENFOPOL isn't that different from Echelon's and Carnivore's. It's simply a huge network of "sniffers" collecting all the interesting information. How these systems will work, and which security measures will be taken, will probably never be revealed. But, some things we already know.

The new mobile phone net called GSM1800 has a backdoor installed... Yes this is true! A backdoor made to make it possible to spy on the users. To grab their conversations and to locate them within seconds. It would be all right if nobody but the ENFOPOL administrators could access this information. But, how long do you think, it will take for someone outside the government to find this backdoor and abuse it?

7. Future prospects of ENFOPOL:

If Great Britain convinces the EU, then we would be looking at total communication surveillance with a seven-year buffer. This is of course against many laws. Still, laws can be changed or modified. The system could probably be up and running at full speed tomorrow. Possibly it's running already... We can only hope that it's not, and make sure that we do everything possible to protect our privacy.

All Europeans live in a democracy, and it's unthinkable that something as big as ENFOPOL would be allowed without asking the public for their opinion. This is why we must start taking action now and stay up to date with the future developments of the project. We must make sure that we will always have what is rightfully ours: Privacy and Freedom of Speech!

8. The ENFOPOL papers and ENFOPOL websites:

The EU's different reports, etc. about ENFOPOL are just name "ENFOPOL" followed by a number or a subtitle. The papers read in order to write this report can be found at: http://www.zion1459.dreamwater.org along with other interesting material, and valuable links.
Report finished the 5th November 2001. Special thanks to Iscariot for correcting typos and other errors.