Translated Article: EU-wide Surveillance Network Already in Set-up Phase
A Commission fund for this is ready and the first two pilot projects will be allocated to two interior ministries before the summer. The software tools for data mining were developed in funded Commission AI research projects. Series part three.
The forthcoming regulation against child abuse on the net has a far greater scope than has been assumed so far. Foreseen is a new EU authority in The Hague with about 100 employees called “EU Centre”. It is to set up and operate a new data network with nodes in all member states.
This process has already begun, because the Commission has set up a fund for network construction in the member states, although there is currently no legal basis for it. In this way, all providers – from Whatsapp to e-mail services – are to compare large parts of their data traffic with a central database. This and more is revealed in the documents accompanying the Commission’s draft.
Finished facts before the start
This network is a fait accompli, although the text has not even been presented to the EU Parliament yet. Some argue the construction is already necessary, since these databases must be ready as soon as the regulation enters force. This nonchalant handling of the Commission’s own legislation runs like a red thread through the text. “The EU centre will set up and operate databases with indicators of sexual abuse of children, which all providers must use in order to comply with a search warrant,” it says. These databases contain so-called hashes of images and videos, i.e. cross sums calculated according to uniform rules of every video or image known so far that contain depictions of child abuse.
All providers offering communication services in Europe must dock to this network and check large parts of their network traffic against these databases after they receive a search warrant called a “detection order”. The size of the data sets that a search warrant can request is nowhere even approximately specified, but it must be massive data sets in any case. As the name suggests, so-called “big data” applications, of which data mining is the most commonly known, require enormous data sets, at least in the double-digit gigabyte range.
A questionable cost estimate
Neither the Executive Summary nor the text of the Regulation make clear how the above sums are made up. With three billion in the first year and 1.5 billion euros in the following years for all providers of “interpersonal communication services” operating in Europe, the costs seem to be much too low. The major burden of this planned regulation will be borne by those providers who have secured their networks best and offer a possibility for secure end-to-end encryption. In the future, this will no longer be possible at all in the EU area.
For the operation of this network in the member states, costs of 825 million euros per year are to be expected, the addendum says, as the reports will increase significantly.
The draft also stipulates that these data volumes are to be screened for unknown videos or images, which would exponentially increase the number of “hits”. Most of these are so-called “false positives”, because the algorithms of the AI software only calculate probabilities that a certain video fulfils the criminal offence mentioned.
Carefully planned for years
What immediately strikes the eye are the ridiculously paltry sums assumed for start-up costs at the 27 national contact points – usually these will be the ministries of the interior. All the material delivered by the providers via the network ends up at these national contact points. They must also have the necessary software tools, as well as hardware and above all technical staff. The money for this comes from another pot, namely the Commission’s research funding. In recent years, about a dozen AI research projects for law enforcement have been funded with over 100 million euros.
These funds were used to develop Big Data analysis tools such as “Insikt”, which uses AI to search social networks for potential terrorists. Or the research projects “Infinity” and “Aida”, which are endowed with 14.5 million euros, the latter an “integrated, modular and flexible framework” that “identifies, analyses, combats and prevents cybercrime and terrorist activities”.
Currently, as part of a pilot project in at least two interior ministries in the EU area, such analysis tools are being unleashed on “real, large-scale data sets” in order to train the algorithms. So with these projects, the Commission has also created a fait accompli and has been doing so for years. Indeed, this regulation has been carefully planned for a long time.