After chasing the European Commission for over a week about what exactly it meant by police being able to perform "remote searches" of systems, one of the Commission spokespeople finally got back to me.
The EC very quietly slipped out a press release last week which gave news of the EU council of ministers voting to adopt the EC's cyber strategy, which includes police being able to perform "remote searches". I wanted to know the details -- would the EC be focusing on a type of "BundesTrojan" for the whole of Europe? Would police need a warrant, and how exactly would this proposal pass into law?
I've included both my questions, and the EC answers, obtained through an email exchange:
"1. Does 'remote searches' mean that police will be able to hack into suspect systems?
We have to assess carefully all legal and technical aspects. Specific arrangements will be decided also in line with national legislation.
2. Will the police need a warrant to perform a remote search?
These would depend to a large extent on the national law. It is premature to answer the question now before all legal and technical issues are clarified.
3. How will the EC cybercrime strategy be passed into law? Will it become part of a directive?
Some parts of the strategy may be appropriate for legislation to early to say what and in which form. Some would be appropriate for non-legislative measures/soft law. In any case soft-law would be as useful first step, opportunity to gather experience and prepare for legislative measures if needed.
4. How will "cyber-patrols" operate?
Law enforcement officials will monitor the cyberspace, in some instances they may be present in cyberspace as undercover. All these would depend on requirements/set by particular national legislations."
As you can see, the plans are pretty vague at the moment, but what the EC seems to be sanctioning is police hacking computer systems. This opens up very interesting questions about whether security companies would block any police attempts to hack individual computers, how complicit ISPs would be in allowing police to monitor customers, and just what kind of criminals the police would be hoping to catch. You would have thought that the serious and organised type of criminal would be savvy enough to encrypt all files and communications, anyway.