December 7, 2021 • 21 mins
In this episode, we look at the EXFILES project once again. We speak with project partner Renaud Feil from Synacktiv in Paris about developing methods to access locked phones. There is no easy solution but in EXFILES, partners across Europe have resolved to make inroads to this challenging aspect of cybersecurity.
The EXFILES project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 883156
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Intro (00:01):
This is a Technikon podcast.
Peter Balint (00:08):
How much does the data on your mobile phone say
about you? You might be astonished at the answer. We
store photos of bank information, context, private conversations and so
much more on these ubiquitous devices in the wrong hands,
this could be disaster. But don't panic. The good news
(00:30):
is that the manufacturer of your phone has been diligent
in protecting you. In fact, if encrypted with a password,
your phone is likely the most secure device you own.
And that's great for everyone, except for the law enforcement
agency trying to solve a crime, and the only evidence
they have in their hands is a locked telephone. I'm
(00:52):
Peter Balint from Technikon, and today we look at the
EXFILES project once again. This European project is developing methods
to access locked phones. This is a critical activity in
the forensic investigation toolbox. There is no easy solution, but
in EXFILES, partners across Europe have resolved to make inroads
(01:12):
to this challenging aspect of cybersecurity. Today, we speak with
project partner Renaud Feil from Synacktiv in Paris. Let's have
a listen. Welcome, Renaud, and thanks for coming on today.
Renaud Feil (01:28):
Thank you for inviting me
Peter Balint (01:30):
To start with. Tell us what The EXFILES project is
all about.
Renaud Feil (01:35):
Yes, of course. EXFILES is a project funded by the
European Union under the Horizon 2020 research and innovation program,
and the aim of this project is to provide law
enforcement of several European countries, France, Germany, Spain, Netherlands and Norway -
(01:59):
I hope I'm not forgetting anyone here - is to provide
the law enforcement of this country with new techniques and
tools to be able to access forensic evidence is on
mobile phones, which may have been confiscated from from criminals.
Of course, criminals like everyone are using mobile phones more
(02:20):
and more, especially during and after the COVID crisis. It's
less and less about piece of papers and face to
face conversation . They need to talk about the project,
share information, set up plans for the traffics in their crimes.
Most of the time, over the internet, sometime within a
(02:42):
small group, sometimes in a large group. And so you,
end up actually with a lot of critical evidences on
modern phones, which are, by the way, the most advanced
and secure piece of electronic equipment that everyone owns. It's
very secure, and most of the time, if you don't
have the pin code or the passphrase, you can't access
(03:05):
to data even if the phone is in your hand.
And of course, it's a good thing for privacy. If
someone steals your phone, but it's a big issue for
law enforcement in specific cases. And it's actually the same
for that time in transition or the communication themselves, they
are now protected by what's called end to end encryption or
(03:29):
the cryptographic techniques. You have, of course, regular people, but
also criminals, they use VPN to encrypt their traffic, they
hide their IP addresses on the internet and so on.
So just observing the traffic on the internet doesn't tell
you much about what's what's going on. And so more
and more, you need to access the data on the
(03:50):
mobile phones themselves because it's where the data is stored. So yeah,
police forces around the world are looking for new ways
to get access to what's stored on the suspects phone
and to help this criminal case. And that's the that's
the objective of this EXFILES project.
Peter Balint (04:09):
OK, and we'll talk a little bit more about the
technology later. So you come from Synacktiv , the company
is called Synacktiv . They're a partner in EXFILES. What can
you provide to contribute to the overall objectives in the project?
Renaud Feil (04:23):
Yeah, Synacktiv it's a company founded nearly 10 years ago
in Paris by Nicholas and myself. We both had a
background as security auditors, and Nicholas had a background in development,
but mostly we were doing, you know, consulting jobs, looking
for flaws and helping companies with securing the systems. And
(04:47):
now it's about 90 people in several French cities. And
so what do we do? We work on offensive security
by offensive security means that we master, or at least
we try to master the knowledge and the tools to
find vulnerabilities and flaws in IT systems. Our work is
(05:08):
to find security issues in many different systems. And on
this project, we're actually looking at mobile phones. We have
developed some skills on Android and iPhones and different phones
on the market. And so we have started working on
several European projects to help law enforcement on this technology.
(05:29):
We have a small team of experienced and smart experts
to find vulnerabilities and share them with trusted partners to
help Europe building capacity in this field.
Peter Balint (05:43):
So it sounds like your company is a perfect fit
for EXFILES, and that's a great thing for the consortium.
Renaud Feil (05:49):
Yeah, well, at least we try to. We try to
help on the very technical part - some parts of the
project are highly technical, and that's where we try to help.
Peter Balint (05:59):
Mm-Hmm. I was wondering also given the changing nature of
technology and increased complexity and not to mention tighter security.
Is this a realistic endeavor? I mean, what do you
see as an endpoint or result in EXFILES?
Renaud Feil (06:16):
That's a good question, and that's a real challenge. Everyone
in the field knows that it's getting more and more difficult.
The main phone manufacturers are just they are just doing
genuine efforts to make their systems more and more secure
that it's a good thing. And of course, everyone is
pushing back against any law that would make, you know,
(06:39):
compulsory legitimate access or what someone call what some people
call a backdoor. No one wants any backdoor on mobile
phone for police force on every mobile phone sold on
the market. So yes, you have some phone manufacturers that
are really increasing the security of the phone, and it's
(07:02):
getting more and more difficult. And so now the police
forces that are on their own with the phone in
their hands and their skills and the skills of their team,
and they need to find a way to to break
into a specific phone. So of course, from time to time,
you have very smart people in the team. They come
(07:23):
and tell me, Yeah, Renaud, it's just getting more and
more difficult. They have just added new security measures. I'm
afraid we won't be able to find or exploit vulnerabilities
one day and will fail, will stay in the dark
and frustrated and useless. And it's, of course, part of
our job to deal with this uncertainty and fear of
(07:44):
not keeping up with the pace of new technologies. But
of course, we have been doing that for a few
years from now and and we actually see that it's
still possible to find flaws and to help this investigation. So, yeah,
it's getting more complex now. More and more connected systems
are updated more and more frequently with new code and
(08:06):
new features. But I'm confident that there will still be
a number of ways to find bugs in systems. It
will just require more efforts and more security researchers. To
keep on with the pace of the better security that
we have.
Peter Balint (08:24):
Okay, and you mentioned bugs in systems, and maybe that's
a hint to my next question, which is how actually
do you do this? How do you seemingly bypass phone security?
Renaud Feil (08:36):
Oh, it's it's difficult to explain without going into technical details,
but basically it's about finding and exploiting vulnerabilities. Vulnerabilities is
an error. It's a mistake in a system sometimes in
the source code written by the developers, sometimes in the
(08:56):
configuration made by the IT staff or the user. And
there are a lot of techniques and tools to find
these issues, but to make it simple. Most of the time,
it's about extracting finding the software from a specific brand
of mobile phones and then understanding its internals, how it's working,
what it's doing. And we have some tools to actually
(09:20):
understand what's what's going on, how specific software interacts with
the hardware, how the data is processed and so on
and so on. Of course, it's it's a difficult task
because you're not the only one looking for issues. There
are actually many people today looking for flaws in mobile phones.
(09:41):
So you need to be smarter than the others, you need to
understand the source code better than the others and sometimes
even better than the developer who wrote the code, you
know himself. And it's also it's a science, but it's
also a kind of art because you need to read.
You can't just read all the code. It's made by
(10:03):
hundreds of developers, so you need some instinct to find
places which are likely to contain bugs. And most of
the time, it's quite good to focus on pieces of
code that are very complex, very hard to understand, complex
data parsing, memory management, interaction with hardware. So, yeah, we
(10:26):
do need to be actually willing to go into the
most difficult piece of code because that's usually where the
flaws are and you need to read a lot, train a
lot work a lot until you find an issue and
help with the investigation.
Peter Balint (10:42):
Well, this answers a big question. I think this is
the fact that you don't have hundreds of developers at
your disposal and the fact that you have to really
develop your instincts to know where their vulnerabilities are. I
think that's really an important point to mention. I think
also that this project is sort of surrounded in confidentiality
(11:05):
that's sort of understood. But what about ethical issues? How
do you deal with these ethical issues in EXFILES ?
Renaud Feil (11:11):
Ethical issues is is a key consideration in this project,
and we actually we actually do have some universities in
the consortium and they are part of the project to
actually think about the future of this kind of investigation
and what is good and what is bad from an
ethical perspective. Because on one hand, we need to provide
(11:34):
tools to law enforcement for the investigation. And on the
other hand, we need to make sure that these techniques
are not used against innocent people. It's not. It's not
a new subject. I don't believe it's a very difficult
subject to deal with. I mean, law enforcement, they have
(11:54):
privileges such as the legitimate use of violence to arrest
someone dangerous. And in many countries, especially democratic countries, you
have many laws to draw a line between what is
allowed and what is not allowed. And you need, of course,
strong overseeing bodies to make sure that these techniques are
(12:14):
just used in criminal cases and against, you know, a person
who have a significant likely or to be part of the criminal conspiracy.
So I won't pretend to close the subject of my
partners on on this side of the project, but it's
kind of to me, it's kind of important to remember
(12:35):
that it's not just about what we are doing, but
for whom we are doing it, and we need to
make sure that we are doing it for police forces
in countries with a proper regulation of their own law
enforcement capacities. And that's probably why the results are currently
shared with only a small group of trusted law enforcement
(12:57):
in Europe, and we have actually strong rules for dissemination
of our work. And I guess it's countries with a
strong history of democracy and control of their police forces
because as you know, there there is a real threat
today and there is a kind of distrust of some
(13:20):
citizens against their own government. It's everywhere in the world.
It's not only Europe. The main problem with this kind
of distrust is that you have you have some security
researcher will decide not to care anymore because they say,
after all, if you keep, democracy cannot be trusted more
than an authoritarian country. I can just work for anyone.
(13:44):
And if your main skill is offensive security and if
you're willing to make a living out of it, and
if you believe that all government are bad, then you
can just work for anyone. And of course, the issue
is that today some governments which are not democratic at all,
or at least they have a different approach to to
to justice and fair trial. I think it's it's really
(14:06):
good to remember that it's really about who you provide
these tools to and making sure that they are properly
used and overseen.
Peter Balint (14:17):
And from what I know about EXFILES , from what
I've read and what you could find on the website,
this is all very closely adhered to. Things are very
controlled and regulated.
Renaud Feil (14:27):
There is a strong policy when it comes to dissemination
and use of these sensitive tools.
Peter Balint (14:33):
Right? Let me ask you this
What effect would we see in the law enforcement community
Renaud Feil (14:43):
Law enforcement? They have a lot of challenges when it
comes to cybersecurity. You have a new wave of criminals.
They they commit crimes even on the internet itself. For example, ransomware,
everyone is talking today about ransomware. Everything happened over the internet.
The targeting of the victims, the attack itself. Even the
(15:04):
negotiation and the ransom. And even the payments using cryptocurrency.
So the game has moved significantly and law enforcement, they
need to be able to investigate any piece of electronic device,
mobile phone computers that they have, because that's today, that's
where the evidence is. And even for crimes that happened
(15:26):
in the real world. Communications, as I was mentioning previously
are now made using encrypted application, which are not easy to intercept.
So you actually need to be able to get the
information that is stored on the mobile itself and sometimes the
computers and yet to answer your question. I think that
if if we lose this battle, it will just become
(15:49):
more and more difficult for police to investigate modern crimes
and they will just be left in the dark, with a
very hard time finding evidences when it's stored on a
modern mobile phone.
Peter Balint (16:02):
And that's a scenario that just can't happen.
Renaud Feil (16:05):
It would be very difficult, I mean, on on large
crimes , which need to be solved.
Peter Balint (16:10):
Sure. Now let's look at the consortium for a moment.
This concept of cross-border cooperation is only as new as
the EU itself. In the past, individual states have operated autonomously.
And I'm wondering, how is this cooperation working in a
project like this?
Renaud Feil (16:31):
Yeah, you're right. In the past, cybersecurity was, in my opinion,
seen as a sovereign power of each countries and especially
when it comes to offensive capacity. Every country just wanted
its own tools and techniques. Most of them, by the way,
just failed to build any significant capacity on their own.
(16:54):
But those who did succeed never wanted to share it
with someone else, probably because how could you be sure
that this country wouldn't use your own tool to spy
on you? So, but anyway, given the challenges of today,
I mean the growing difficulties to gain access to secret information,
(17:15):
it's obvious that cooperation is necessary. In many cases, you
need to share not only information on ongoing investigations, but
also technical information. We, we I've said it before. It
gets more difficult from a technical perspective, so you need
to share your knowledge. The specific country may have a
(17:35):
technical solution for part of the problem, another country for
other part of the same problem. And sometimes the solution
is just to merge the two parts and solve the puzzle.
All the criminal case that is behind this technical puzzle.
So yeah, it's really fantastic today to be able to
to share information with a trusted a number of partners
(18:00):
and even to actually welcome them in Paris when they
can travel. So it's really it's really good. And of course,
I'm not into geopolitics, but we need to make sure
that these capacities are used for a common good for
the interest of Europe and to protect the citizens and
not just for the interest of specific countries. And these
(18:22):
are well known challenges of any cooperation between different entities,
and it's a challenge that Europe will continue to address.
Peter Balint (18:31):
Right, and it sounds like in many of these H2020 projects,
this is exactly the case that these countries are coming
together for a common good, for sure. And I wonder
when we look at EXFILES , how would you say
that this project would advance these cybersecurity efforts that are
happening in the EU right now?
Renaud Feil (18:51):
Yeah, ultimately, it's about knowing if Europe wants to improve
its capacity to investigate crimes, modern crimes on its own
or if we are happy to rely on technology mastered
only by some foreign countries. Of course, today you have
competitors doing mobile phone forensic, especially Israel and the US. They
(19:15):
are willing sometimes to sell their tools to law enforcement
in Europe, or at least some of their capacity. Not all.
But it's it's very expensive. You don't always control the
data in specific cases you had, actually, you were actually
requested to send the phone abroad. We sold the data
(19:35):
for the investigation and so on, and especially one day
they may decide to stop providing specific tools and capacities,
maybe a little bit like the facemask at the peak
of the COVID crisis. You know, it's the kind of
critical capacity that maybe one day too sensitive to be
shared with other countries. And in that case, you know,
(19:57):
Europe would be left without any tools to investigate a
modern smartphone. So I think it's really a key issue
for for the future.
Peter Balint (20:06):
OK, and it sounds like then that EXFILES is a
project that will sort of ensure the autonomy of the
EU when solving crimes that happen within our borders. So
this is an interesting project, and we look forward to
finding out more about it as time goes on. But
thank you for your insights today and we appreciate the information.
Renaud Feil (20:27):
Thank you, Peter, for having me.
Peter Balint (20:33):
For more information about EXFILES , go to exfiles.eu .
The EXFILES project has received funding from the European Union's
Horizon 2020 research and innovation program under the grant agreement number
883156 .
This is a Technikon podcast.
Peter Balint (00:08):
How much does the data on your mobile phone say
about you? You might be astonished at the answer. We
store photos of bank information, context, private conversations and so
much more on these ubiquitous devices in the wrong hands,
this could be disaster. But don't panic. The good news
(00:30):
is that the manufacturer of your phone has been diligent
in protecting you. In fact, if encrypted with a password,
your phone is likely the most secure device you own.
And that's great for everyone, except for the law enforcement
agency trying to solve a crime, and the only evidence
they have in their hands is a locked telephone. I'm
(00:52):
Peter Balint from Technikon, and today we look at the
EXFILES project once again. This European project is developing methods
to access locked phones. This is a critical activity in
the forensic investigation toolbox. There is no easy solution, but
in EXFILES, partners across Europe have resolved to make inroads
(01:12):
to this challenging aspect of cybersecurity. Today, we speak with
project partner Renaud Feil from Synacktiv in Paris. Let's have
a listen. Welcome, Renaud, and thanks for coming on today.
Renaud Feil (01:28):
Thank you for inviting me
Peter Balint (01:30):
To start with. Tell us what The EXFILES project is
all about.
Renaud Feil (01:35):
Yes, of course. EXFILES is a project funded by the
European Union under the Horizon 2020 research and innovation program,
and the aim of this project is to provide law
enforcement of several European countries, France, Germany, Spain, Netherlands and Norway -
(01:59):
I hope I'm not forgetting anyone here - is to provide
the law enforcement of this country with new techniques and
tools to be able to access forensic evidence is on
mobile phones, which may have been confiscated from from criminals.
Of course, criminals like everyone are using mobile phones more
(02:20):
and more, especially during and after the COVID crisis. It's
less and less about piece of papers and face to
face conversation . They need to talk about the project,
share information, set up plans for the traffics in their crimes.
Most of the time, over the internet, sometime within a
(02:42):
small group, sometimes in a large group. And so you,
end up actually with a lot of critical evidences on
modern phones, which are, by the way, the most advanced
and secure piece of electronic equipment that everyone owns. It's
very secure, and most of the time, if you don't
have the pin code or the passphrase, you can't access
(03:05):
to data even if the phone is in your hand.
And of course, it's a good thing for privacy. If
someone steals your phone, but it's a big issue for
law enforcement in specific cases. And it's actually the same
for that time in transition or the communication themselves, they
are now protected by what's called end to end encryption or
(03:29):
the cryptographic techniques. You have, of course, regular people, but
also criminals, they use VPN to encrypt their traffic, they
hide their IP addresses on the internet and so on.
So just observing the traffic on the internet doesn't tell
you much about what's what's going on. And so more
and more, you need to access the data on the
(03:50):
mobile phones themselves because it's where the data is stored. So yeah,
police forces around the world are looking for new ways
to get access to what's stored on the suspects phone
and to help this criminal case. And that's the that's
the objective of this EXFILES project.
Peter Balint (04:09):
OK, and we'll talk a little bit more about the
technology later. So you come from Synacktiv , the company
is called Synacktiv . They're a partner in EXFILES. What can
you provide to contribute to the overall objectives in the project?
Renaud Feil (04:23):
Yeah, Synacktiv it's a company founded nearly 10 years ago
in Paris by Nicholas and myself. We both had a
background as security auditors, and Nicholas had a background in development,
but mostly we were doing, you know, consulting jobs, looking
for flaws and helping companies with securing the systems. And
(04:47):
now it's about 90 people in several French cities. And
so what do we do? We work on offensive security
by offensive security means that we master, or at least
we try to master the knowledge and the tools to
find vulnerabilities and flaws in IT systems. Our work is
(05:08):
to find security issues in many different systems. And on
this project, we're actually looking at mobile phones. We have
developed some skills on Android and iPhones and different phones
on the market. And so we have started working on
several European projects to help law enforcement on this technology.
(05:29):
We have a small team of experienced and smart experts
to find vulnerabilities and share them with trusted partners to
help Europe building capacity in this field.
Peter Balint (05:43):
So it sounds like your company is a perfect fit
for EXFILES, and that's a great thing for the consortium.
Renaud Feil (05:49):
Yeah, well, at least we try to. We try to
help on the very technical part - some parts of the
project are highly technical, and that's where we try to help.
Peter Balint (05:59):
Mm-Hmm. I was wondering also given the changing nature of
technology and increased complexity and not to mention tighter security.
Is this a realistic endeavor? I mean, what do you
see as an endpoint or result in EXFILES?
Renaud Feil (06:16):
That's a good question, and that's a real challenge. Everyone
in the field knows that it's getting more and more difficult.
The main phone manufacturers are just they are just doing
genuine efforts to make their systems more and more secure
that it's a good thing. And of course, everyone is
pushing back against any law that would make, you know,
(06:39):
compulsory legitimate access or what someone call what some people
call a backdoor. No one wants any backdoor on mobile
phone for police force on every mobile phone sold on
the market. So yes, you have some phone manufacturers that
are really increasing the security of the phone, and it's
(07:02):
getting more and more difficult. And so now the police
forces that are on their own with the phone in
their hands and their skills and the skills of their team,
and they need to find a way to to break
into a specific phone. So of course, from time to time,
you have very smart people in the team. They come
(07:23):
and tell me, Yeah, Renaud, it's just getting more and
more difficult. They have just added new security measures. I'm
afraid we won't be able to find or exploit vulnerabilities
one day and will fail, will stay in the dark
and frustrated and useless. And it's, of course, part of
our job to deal with this uncertainty and fear of
(07:44):
not keeping up with the pace of new technologies. But
of course, we have been doing that for a few
years from now and and we actually see that it's
still possible to find flaws and to help this investigation. So, yeah,
it's getting more complex now. More and more connected systems
are updated more and more frequently with new code and
(08:06):
new features. But I'm confident that there will still be
a number of ways to find bugs in systems. It
will just require more efforts and more security researchers. To
keep on with the pace of the better security that
we have.
Peter Balint (08:24):
Okay, and you mentioned bugs in systems, and maybe that's
a hint to my next question, which is how actually
do you do this? How do you seemingly bypass phone security?
Renaud Feil (08:36):
Oh, it's it's difficult to explain without going into technical details,
but basically it's about finding and exploiting vulnerabilities. Vulnerabilities is
an error. It's a mistake in a system sometimes in
the source code written by the developers, sometimes in the
(08:56):
configuration made by the IT staff or the user. And
there are a lot of techniques and tools to find
these issues, but to make it simple. Most of the time,
it's about extracting finding the software from a specific brand
of mobile phones and then understanding its internals, how it's working,
what it's doing. And we have some tools to actually
(09:20):
understand what's what's going on, how specific software interacts with
the hardware, how the data is processed and so on
and so on. Of course, it's it's a difficult task
because you're not the only one looking for issues. There
are actually many people today looking for flaws in mobile phones.
(09:41):
So you need to be smarter than the others, you need to
understand the source code better than the others and sometimes
even better than the developer who wrote the code, you
know himself. And it's also it's a science, but it's
also a kind of art because you need to read.
You can't just read all the code. It's made by
(10:03):
hundreds of developers, so you need some instinct to find
places which are likely to contain bugs. And most of
the time, it's quite good to focus on pieces of
code that are very complex, very hard to understand, complex
data parsing, memory management, interaction with hardware. So, yeah, we
(10:26):
do need to be actually willing to go into the
most difficult piece of code because that's usually where the
flaws are and you need to read a lot, train a
lot work a lot until you find an issue and
help with the investigation.
Peter Balint (10:42):
Well, this answers a big question. I think this is
the fact that you don't have hundreds of developers at
your disposal and the fact that you have to really
develop your instincts to know where their vulnerabilities are. I
think that's really an important point to mention. I think
also that this project is sort of surrounded in confidentiality
(11:05):
that's sort of understood. But what about ethical issues? How
do you deal with these ethical issues in EXFILES ?
Renaud Feil (11:11):
Ethical issues is is a key consideration in this project,
and we actually we actually do have some universities in
the consortium and they are part of the project to
actually think about the future of this kind of investigation
and what is good and what is bad from an
ethical perspective. Because on one hand, we need to provide
(11:34):
tools to law enforcement for the investigation. And on the
other hand, we need to make sure that these techniques
are not used against innocent people. It's not. It's not
a new subject. I don't believe it's a very difficult
subject to deal with. I mean, law enforcement, they have
(11:54):
privileges such as the legitimate use of violence to arrest
someone dangerous. And in many countries, especially democratic countries, you
have many laws to draw a line between what is
allowed and what is not allowed. And you need, of course,
strong overseeing bodies to make sure that these techniques are
(12:14):
just used in criminal cases and against, you know, a person
who have a significant likely or to be part of the criminal conspiracy.
So I won't pretend to close the subject of my
partners on on this side of the project, but it's
kind of to me, it's kind of important to remember
(12:35):
that it's not just about what we are doing, but
for whom we are doing it, and we need to
make sure that we are doing it for police forces
in countries with a proper regulation of their own law
enforcement capacities. And that's probably why the results are currently
shared with only a small group of trusted law enforcement
(12:57):
in Europe, and we have actually strong rules for dissemination
of our work. And I guess it's countries with a
strong history of democracy and control of their police forces
because as you know, there there is a real threat
today and there is a kind of distrust of some
(13:20):
citizens against their own government. It's everywhere in the world.
It's not only Europe. The main problem with this kind
of distrust is that you have you have some security
researcher will decide not to care anymore because they say,
after all, if you keep, democracy cannot be trusted more
than an authoritarian country. I can just work for anyone.
(13:44):
And if your main skill is offensive security and if
you're willing to make a living out of it, and
if you believe that all government are bad, then you
can just work for anyone. And of course, the issue
is that today some governments which are not democratic at all,
or at least they have a different approach to to
to justice and fair trial. I think it's it's really
(14:06):
good to remember that it's really about who you provide
these tools to and making sure that they are properly
used and overseen.
Peter Balint (14:17):
And from what I know about EXFILES , from what
I've read and what you could find on the website,
this is all very closely adhered to. Things are very
controlled and regulated.
Renaud Feil (14:27):
There is a strong policy when it comes to dissemination
and use of these sensitive tools.
Peter Balint (14:33):
Right? Let me ask you this
What effect would we see in the law enforcement community
Renaud Feil (14:43):
Law enforcement? They have a lot of challenges when it
comes to cybersecurity. You have a new wave of criminals.
They they commit crimes even on the internet itself. For example, ransomware,
everyone is talking today about ransomware. Everything happened over the internet.
The targeting of the victims, the attack itself. Even the
(15:04):
negotiation and the ransom. And even the payments using cryptocurrency.
So the game has moved significantly and law enforcement, they
need to be able to investigate any piece of electronic device,
mobile phone computers that they have, because that's today, that's
where the evidence is. And even for crimes that happened
(15:26):
in the real world. Communications, as I was mentioning previously
are now made using encrypted application, which are not easy to intercept.
So you actually need to be able to get the
information that is stored on the mobile itself and sometimes the
computers and yet to answer your question. I think that
if if we lose this battle, it will just become
(15:49):
more and more difficult for police to investigate modern crimes
and they will just be left in the dark, with a
very hard time finding evidences when it's stored on a
modern mobile phone.
Peter Balint (16:02):
And that's a scenario that just can't happen.
Renaud Feil (16:05):
It would be very difficult, I mean, on on large
crimes , which need to be solved.
Peter Balint (16:10):
Sure. Now let's look at the consortium for a moment.
This concept of cross-border cooperation is only as new as
the EU itself. In the past, individual states have operated autonomously.
And I'm wondering, how is this cooperation working in a
project like this?
Renaud Feil (16:31):
Yeah, you're right. In the past, cybersecurity was, in my opinion,
seen as a sovereign power of each countries and especially
when it comes to offensive capacity. Every country just wanted
its own tools and techniques. Most of them, by the way,
just failed to build any significant capacity on their own.
(16:54):
But those who did succeed never wanted to share it
with someone else, probably because how could you be sure
that this country wouldn't use your own tool to spy
on you? So, but anyway, given the challenges of today,
I mean the growing difficulties to gain access to secret information,
(17:15):
it's obvious that cooperation is necessary. In many cases, you
need to share not only information on ongoing investigations, but
also technical information. We, we I've said it before. It
gets more difficult from a technical perspective, so you need
to share your knowledge. The specific country may have a
(17:35):
technical solution for part of the problem, another country for
other part of the same problem. And sometimes the solution
is just to merge the two parts and solve the puzzle.
All the criminal case that is behind this technical puzzle.
So yeah, it's really fantastic today to be able to
to share information with a trusted a number of partners
(18:00):
and even to actually welcome them in Paris when they
can travel. So it's really it's really good. And of course,
I'm not into geopolitics, but we need to make sure
that these capacities are used for a common good for
the interest of Europe and to protect the citizens and
not just for the interest of specific countries. And these
(18:22):
are well known challenges of any cooperation between different entities,
and it's a challenge that Europe will continue to address.
Peter Balint (18:31):
Right, and it sounds like in many of these H2020 projects,
this is exactly the case that these countries are coming
together for a common good, for sure. And I wonder
when we look at EXFILES , how would you say
that this project would advance these cybersecurity efforts that are
happening in the EU right now?
Renaud Feil (18:51):
Yeah, ultimately, it's about knowing if Europe wants to improve
its capacity to investigate crimes, modern crimes on its own
or if we are happy to rely on technology mastered
only by some foreign countries. Of course, today you have
competitors doing mobile phone forensic, especially Israel and the US. They
(19:15):
are willing sometimes to sell their tools to law enforcement
in Europe, or at least some of their capacity. Not all.
But it's it's very expensive. You don't always control the
data in specific cases you had, actually, you were actually
requested to send the phone abroad. We sold the data
(19:35):
for the investigation and so on, and especially one day
they may decide to stop providing specific tools and capacities,
maybe a little bit like the facemask at the peak
of the COVID crisis. You know, it's the kind of
critical capacity that maybe one day too sensitive to be
shared with other countries. And in that case, you know,
(19:57):
Europe would be left without any tools to investigate a
modern smartphone. So I think it's really a key issue
for for the future.
Peter Balint (20:06):
OK, and it sounds like then that EXFILES is a
project that will sort of ensure the autonomy of the
EU when solving crimes that happen within our borders. So
this is an interesting project, and we look forward to
finding out more about it as time goes on. But
thank you for your insights today and we appreciate the information.
Renaud Feil (20:27):
Thank you, Peter, for having me.
Peter Balint (20:33):
For more information about EXFILES , go to exfiles.eu .
The EXFILES project has received funding from the European Union's
Horizon 2020 research and innovation program under the grant agreement number
883156 .
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.