The European Commission, the executive arm of the European Union, has proposed a scanning obligation for messaging providers to combat the spreading of child sexual abuse material (CSAM).
The proposal states that, at the request of a government agency, “Providers of hosting services and providers of interpersonal communication services that have received a detection order shall execute it by installing and operating technologies to detect” CSAM.
We obtained a copy of the proposal for you here.
The document further says that companies should use CSAM detection technology that is reliable, effective and state of the art. The technology should also be “the least intrusive” as it is not supposed to “be able to extract any other information from the relevant communications than the information strictly necessary to detect.”
The proposal raises concerns about the future of end-to-end encryption. It does not “incentivize or disincentivize” any technology, including end-to-end encryption, provided the requirements of the law are met.
The proposal acknowledges the importance of end-to-end encryption in guaranteeing, “the security and confidentiality of the communications of users, including those of children.” It continues to insist that “providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than” flagging CSAM.
The proposal also requires tech companies to conduct risk assessments and the “reasonable mitigation measures” for these risks in a targeted and proportionate manner.
The proposal makes the safety of children supreme over all other rights.
“The proposal takes into account the fact that in all actions relating to children, whether taken by public authorities or private institutions, the child’s best interests must be a primary consideration,” the proposal reads.
Adding lip-service, it adds that,“whilst of great importance, none of [the fundamental rights to respect for privacy, protection of personal data and to freedom of expression and information are] absolute, and they must be considered in relation to their function in society.”
The proposal has been criticized by privacy advocates.
“This document is the most terrifying thing I’ve ever seen,” said cryptography professor Matthew Green. “It describes the most sophisticated mass surveillance machinery ever deployed outside of China and the USSR. Not an exaggeration.”