Sunday, November 17, 2024

Will EU agree to scan all your images to combat child sexual abuse?

Must read

European ambassadors are set to wrangle over the inclusion of new scanning technology that would monitor content in a draft Child Sexual Abuse Material regulation introduced by the Belgian presidency of the EU Council.

ADVERTISEMENT

Ambassadors meeting in Brussels today (20 June) could agree wording of a regulation to protect children online which would compel encrypted messaging services such as WhatsApp and Messenger to include surveillance technology that would scan all users’ images.

The technology – known as ‘upload monitoring’ – is part of a compromise aiming to break a deadlock in protracted negotiations over the Child Sexual Abuse (CSAM) regulation. Negotiations over the draft regulation, originally proposed in 2022, has been dogged by divisions between countries and the European Parliament over how much the solution might circumvent end-to-end encryption communications – a technology in which only the sender and the receiver can read the messages – amid concerns that the proposal might flout civil liberties and enable mass surveillance.

‘Upload moderation’ was tabled in May by the Belgian EU presidency and is the latest attempt to find a compromise solution. We consider what the compromise solution offers, and where the parties stand.

Photos, videos and URLs monitored?

The new amendment would compel encrypted messaging services, such as WhatsApp, Messenger, Signal, or Telegram, to integrate scanning technology into their systems to monitor photos, videos, and URLs. These scanners would analyse content to detect child sexual abuse imagery and report it to authorities. 

Users would be presented with a pop-up enabling them to consent to the scanning, but if they refuse then service would be curtailed: text messages could still be sent, but no pictures, videos, or URLs. 

Why was the amendment introduced?

The amendment was put forward by the Belgian presidency on May 28 to break the deadlock in negotiations over the child sexual abuse regulation. Debates among diplomats of the 27 Member States have been polarised between privacy advocates and those prioritising security, stalling progress for months as a blocking majority resisted compromising encryption. 

Read more on encryption and the oppositions within the Council here.  

The Belgians proposed upload moderation as a compromise because it technically wouldn’t affect encryption, content would be scanned before it is sent, meaning that the message itself would remain encrypted. Several countries including France opposed any proposal that would impinge on encryption, and the amendment allowed negotiations to move forward. 

Why is upload moderation controversial?

Critics warn of a potential slide towards mass surveillance. “We’re on the brink of a surveillance regime as extreme as we witness anywhere in the free world. Not even Russia and China have managed to implement bugs in our pocket the way the EU is intending to,” according to Patrick Breyer, a German Pirate Party MEP. 

Callum Voge, a privacy advocate with the Internet Society, agrees, telling Euronews that the “the proposed compromise language… will still open the door to unlawful mass surveillance and undermine the value of end-to-end encryption as a security and privacy tool.” The EU Council’s own legal service has even expressed doubts about whether the proposed text is compatible with human rights laws prohibiting general monitoring.  

Trade associations have also raised questions about how workable the proposal is in practice. “The flawed Belgian proposal risks generating a high number of false positives and over-blocking innocent users. It could also overwhelm law enforcement’s reporting systems,” warned Claudia Canelles Quaroni, Senior Policy Manager at CCIA, the major trade association representing communications and technology firms. 

Ella Jakubowska, head of policy with EDRi, European Digital Rights, an international advocacy group, described the technology as “widely dismissed by experts as amounting to spyware – essentially building a backdoor into every person’s device, which hackers, abusers, and other malicious actors can exploit.” 

In a letter from its president, Meredith Whittaker, the messaging app Signal voiced its opposition to upload moderation, arguing that it would “create a vulnerability that can be exploited by hackers and hostile nation-states, removing the protection of unbreakable math and putting in its place a high-value vulnerability.” Whittaker also threatened to halt Signal’s operations in the EU if the rule were enforced. 

When will upload moderation be adopted?

If ambassadors agree at today’s meeting, it will pave the way for the start of negotiations between the European Parliament, Commission, and Council, known as a ‘trilogue’.  The formal adoption is unlikely to come before autumn 2024, as the new Parliament needs to be installed, and the Hungarian presidency of the Council – Hungary replaces Belgium in the role from the beginning of July – will need to organise trilogue meetings. 

Hungary pledged “to work on developing a long-term legislative solution to prevent and combat online child sexual abuse, and on the revision of the directive against sexual exploitation of children”, when presenting its presidency priorities yesterday (18 June). 

Ongoing discussions are expected to be intense, given that the Parliament has ruled out any bypassing of end-to-end encryption. 

 Member States and the Parliament have until April 2026 to reach an agreement. After that, an exemption allowing social networks to self-moderate content will expire, potentially leaving no barriers to the sharing of sensitive images. 

Latest article