I would love to hear a reasonable explanation by some elected official for how they could stop things like this from happening (they can't, but I want to hear them squirm):
Europol, the European Union’s (EU) police agency, operated a shadow data repository containing vast amounts of sensitive personal information and used it for years beyond its lawful scope, according to internal documents and whistleblower accounts.
I seriously doubt that there is any real level of accountability that can motivate people who have access to such data as this to actually be as paranoid as they should be about security.
Described by former officials as a “shadow IT environment”, the system lacked basic security or data protection safeguards required under EU law. It was used to store and analyse highly sensitive data – phone records, identity documents and geolocation information – including details of people who were not suspected of a crime...
in practice, the system became the agency’s primary environment for large-scale data analysis, despite lacking essential controls over who could access or modify the data.
Well, at least they finally caught it. Oopsie.
“Systems appear to have operated significantly beyond what is lawful and processed vast quantities of sensitive information, including information about innocent individuals, without proper scrutiny.”
Previously unseen evidence indicates that vast volumes of sensitive data were made available to Europol’s analysts via the CFN, a system with significant security and privacy flaws that did not fully log who accessed data, or whether it had been modified or deleted. For years, it operated without effective official scrutiny, even as it became central to the agency’s analytical work.
Which is to say: we have absolutely no idea who looked at this data, copied it, or edited it...buy we were using it to prosecute "criminals."
“We were really expected to step up at that point,” Europol’s then-director, Rob Wainwright, recalled last year. “That was the moment where we had to deliver.”
Well that's great: people who have positions of authority will break the law and throw out your rights if they are under enough pressure. Could there be better evidence for why we shouldn't five anyone this kind of power in the first place?
The most chilling part is the lack of logs. If you can’t see who accessed, modified, or deleted the data, you don't actually have a police database, you have a private intelligence playground.
If a private company did this they'd be fined into oblivion.
The main point being that just having a nice law that protects privacy means nothing much if you do not enforce it. But how are you going to enforce it? Maybe the EU can put spyware and backdoors on every device... oh wait
right, and then they can leave the access credentials to the backdoors on some unsecured endpoint so we can all check up on them.
Sounds like a great plan!
Meantime, I really need to learn the skills, and buy equipment, to build RISC-V chips. Good thing I know someone at ASML and that a stacker informed us the other day that BTC is going to 1M. Just need to save up 19999M sats more, and then we can build that shit sovereignly. On the moon. May need some railguns and nukes and an army of Optimus to protect against invading euro progressives that would be looking to subject us to their laws.
It’s the ultimate irony.
An agency tasked with fighting cybercrime and data breaches created one of the largest centralized security vulnerabilities in the EU.
keep paying taxes folks...