Friday, April 17, 2015

Case Study: Automated Detection of Organized Crime

Automated Detection of Organized Crime (ADOC)

Europol’s 2013 Organised Crime Threat Assessment (OCTA), published April 2013, reveals that organised crime is becoming increasingly diverse in its methods, group structures, and impact on society. A new criminal landscape is emerging, marked increasingly by highly mobile and flexible groups operating in multiple jurisdictions and criminal sectors.
Organised crime is a multi–billion euro business in Europe and it is growing. The ex- pansion of Internet and mobile technologies, the proliferation of illicit trafficking routes as well as opportunities offered by the global economic crisis, have all contributed to the development of a more potent threat from organised crime 
says Rob Wainwright, Director of Europol.

Tools supporting the systematic environmental scanning for weak signals, searching / fusing / interpreting data from different sources such as databases with personal information and public web sites exist and are increasingly being used by intelligence services. Such systems typically have access to many large personal databases.

EU Data Protection

The most important instruments governing data privacy in Europe (which the HEAT architecture will fully comply with) include
- the Council of Europe (CoE) Convention on Human Rights and Fundamental Freedom (ECHR) – namely art. 8;
- the Charter of Fundamental Rights of the European Union (CFREU) – namely art. 7 and 8;
- the CoE Convention No. 108 on the protection of individuals with regard to automatic processing
of personal data (Convention No. 108) and;
- the Recommendation No. R (87) 15 of the committee of ministers to member states regulating the use of personal data in the police sector.

On one side, the disrespect of these constraints not only exposes police investigators and other OC fighter to legal sanctions and understandable public protest, but also may jeopardise legal cases against members of OC, who often benefit from excellent legal assistance.
On the other side, law enforcement forces need the detection of weak OC signals resulting from environmental scanning to effectively fight existing and emerging OC.
Therefore the abovementioned legal instruments protecting data privacy severely handicap investigators in their attempt to anticipate, detect and fight OC, which in affects threatens personal freedom. The protection of citizen rights makes it more difficult to protect citizen rights.

Solving the Problem with an FHE-based Architecture

The basic principle consists in using FHE/SHE to encrypt databases while enabling data aggrega- tion in the Cloud for authorized users. Authorized users of the ADOC system are law enforcement entities (EU police forces, financial/tax authorities, etc.). A trusted authority (a.k.a a ”judge”) owns a master private key sk and performs on-demand decryptions. The architecture supports the following high-level functionalities:
Database enrollment. a user detaining a number of databases containing personal data encrypts these databases under a system-wide FHE public key pk and publishes the encrypted databases in the Cloud.
Data aggregation. a user performs a data aggregation algorithm homomorphically, possibly across multiple encrypted databases, and gets an encrypted result.
Authorized decryptions. the trusted authority is sollicited by the user to decrypt the aggregation result. Prior to decryption, evidence is provided by the user that the performed aggregation is authorized, e.g. by providing a verifiable transcript of the computation. The trusted authority may provide the necessary material for the user to verify that the decryption was performed correctly.

No comments:

Post a Comment