Won’t somebody think about the CSAM?
A survey of views across the European Council shows a polarity of attitudes in different countries on the privacy of mobile messaging, ranging from scanning to banning. Asked what invasive measures would be acceptable in extreme circumstances, such as the search for child abuse content, representatives for Eire and the Netherlands might support scanning of messages. Recognising the infeasibility of that proposal the Hungarians have called for more technical invention. On the other extreme, reports ReclaimTheNet, Spain strongly supports banning end-to-end encryption, a measure that has been proposed to combat the spread of child sexual abuse material (CSAM), despite the fact that this would end privacy for every mobile user.
A proposed new law would force messaging services to scan encrypted communications, something tech experts have warned is not possible without breaking the encryption. According to the document, which was obtained by Wired magazine, Spain’s position in encryption is the most radical. “Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” representatives from Spain said in the survey. With end-to-end encryption only the sender and receiver can see the content of a message. Neither the mobile operator nor the messaging service provider would have access to the content. Despite their contrasting attitude to personal privacy, messaging companies as diverse as Facebook (owner of WhatsApp) to the likes of Proton, Element and Signal all offer privacy through end to end encryption.
Detection
However, the survey seemed to have persuaded a strong majority of countries in favour of sacrificing personal sovereignty, if the right circumstances can be created. Among the 20 member countries represented in the survey, 15 support the banning of end-to-end encrypted communications, according to the Wired report. Middle European countries seemingly had no problem with intervention. “It is of utmost importance to provide clear wording in the CSA Regulation that end-to-end encryption is not a reason not to report CSA material,” Croatia’s representatives said. Romania said it did not want E2EE encryption to become a ‘safe haven’ for malicious actors. Slovenia said, “Detection orders must apply to encrypted networks.”
Bend Encryption
However, Poland suggested a compromise involving an introduction of new measures. These would allow a court to lift encryption and for parents to be allowed to decrypt the communications of their children. Ireland and Denmark want messages to be scanned for CSAM without banning end-to-end encryption, although not is not possible with encrypted material. The Netherlands said that it was possible to scan content on a device before it is sent as encrypted to a recipient. “There are … technologies which may allow for automatic detection of CSAM while at the same time leaving end-to-end encryption intact,” the country’s reps said.
End Encryption
Italy, Germany, Finland, and Estonia also do not support end-to-end encryption. Italy said the proposal would “represent a generalized control on all the encrypted correspondence sent through the web.” Germany said it would not support a law that allows technologies that would circumvent, modify, or disrupt encryption. Finland told the EU Commission to find solutions to fight CSAM without undermining encryption. Estonia warned that forcing companies to scan encrypted messages would result in the companies exiting the European market.
Defend Encryption
Hungary and Cyprus supported the proposal, if it helped law enforcement. Hungary expressed reservations that more could be done: “Our problems are not a necessary consequence of technological progress. Rather, it is the result of the full end-to-end encryption used by online platforms, which makes classic data interception activities via electronic communication service providers impossible,” the Hungarians responded, “in this context, new methods of data interception and access are needed to maintain law enforcement capabilities, based on cooperation with major international online platforms and smart device manufacturers.”