Child abuse inquiries hampered by data laws
National Crime Agency says EU curbs on sharing of information may allow online criminals to hide
Child abuse investigations could be “significantly hampered” by new data protection laws, the National Crime Agency has claimed. It warned online criminals would be able to hide their identities because the EU’S GDPR legislation affects a vital database of website owners used to fight cyber crime. Police forces have seen access to the “Whois” registry curbed in recent weeks, making it harder for them to track down the owners of illegal websites.
INVESTIGATIONS into online child abuse risk being “significantly hampered” by the European Union’s data crackdown, the National Crime Agency (NCA) has warned.
The agency said online criminals would be able to hide their identity because new data protection laws affect a vital database of website owners used to fight cyber crime.
The “Whois” registry contains names and contact details for millions of website owners. However, police forces have seen access to the service sharply curbed in recent weeks, making it harder to track down the owners of illegal websites.
Some data providers are blocking access to the service across the EU because its GDPR legislation bans the sharing of personal data without an individual’s consent.
More than a month since the new law, Icann, the Los Angeles-based organisation that governs the system, has failed to reach an agreement with EU data regulators that would allow cyber crime units special access to the data.
The NCA, which attended a summit in Panama last week to push the organisation to solve the issue, warned that the standoff threatens cyber crime investigations.
“Access to all current Whois data is vital for National Crime Agency and wider law enforcement investigations,” a spokesman said.
“Without access to it, our ability to protect the UK from serious organised crime via investigations into data breaches, malware and DDOS [denial of service cyber] attacks, as well as into child sexual exploitation and abuse, will be significantly hampered.
“Government bodies are meant to enjoy a special status that gives them access to the database but this has so far not been agreed.”
The NCA said: “We have been [working] and continue to work with government, national and international law enforcement agencies, Icann and global registries [which provide the data] to agree on a solution that will allow us to access information we require, whilst adhering to the new regulations that are now in place.”
Several companies that offer access to the database have restricted the information in Europe in recent weeks,
‘Government bodies are meant to enjoy access to the database but this has so far not been agreed’
and some internet companies have allowed individuals to register new website names without having to provide their personal data.
Although the NCA said it had a system in place to access data in the most serious situations, John Carr, an internet security and safety expert, said some crime agencies had stopped requesting data since GDPR came into force on May 25.
Last week, a government panel that advises Icann urged the organisation to address the issue urgently and said it was “critical” that police and law enforcement organisations were able to access the database. Icann, which was previously run by the US government, has been criticised for failing to prepare for the new data protection laws.