In recent interviews on Swedish media, the European Commissioner in charge of the Chat Control Bill, Ylva Johansson, has shown that she does not understand the bill, the consequences it will have, and technology in general.
In interviews, she has repeatedly claimed that it is possible to scan end-to-end encrypted communications for child sex abuse material without breaking the encryption.
Existing legislation makes it voluntary for digital services providers to perform searches for child sex abuse material. In an interview with Swedish Newspaper Svenska Dagbladet, Johansson said:
“Next summer, all the scanning taking place right now of child sex will be banned within the EU. That is, if we don’t have special legislation that allows it.”
She also said that the proposed law would have “restrictions on what you can and may scan.”
“Today they can scan almost anything anyway, if they’re looking for child sex material; in my Bill it will only be following a court order that permission can be obtained to scan and continue to scan for child sex material, so that we will continue to get the reports that facilitate the apprehension of perpetrators and that allow us to protect and save the children,” she added.
Johansson further somehow insisted that the bill is about “sniffing” for child sex abuse material, not proactively scanning for it.
“It’s about sniffing, checking out you could say. It’s not as if you read the communication; I mean, it’s like a police dog being able to smell if there’s something there.”
However, it is not clear how services can “sniff” end-to-end encryption without looking at the messages.
The commissioner went on to claim that the scanning technology has existed for about a decade and that “there are incredibly few cases where someone has been falsely reported when contacting their guardian or anyone else.”
In a transcript of the interview, provided by Mullvad, the journalist Andreas Ericson from the Svenska Dagbladet presses Johansson on her claims. It quickly becomes clear that Ylva Johansson doesn’t understand the technology at all.[Andreas Ericson] Can I just ask you one thing, Ylva. If that happens, under this Bill, would you and I be able to have contact in the future, if, for example, you feel that you want to blow the whistle on the European Commission and contact Svenska Dagbladet under source protection regulations? And, would we also be able to have encrypted contact that the authorities are unable to read, with this Bill? [Ylva Johansson] Yes, that goes without saying. [Andreas Ericson] But if that’s the case, won’t all pedophiles use the same encrypted contacts? And then what’s been gained? [Ylva Johansson] No, but the thing is – the only thing that, the thing that … sexual abuse of children, pictures of such, is always criminal. [Andreas Ericson] But if you and I will be able to encrypt our communications, then surely pedophiles will be able to encrypt theirs too? [Ylva Johansson] If that material is shared, it may be that it is detected, that material.
Andreas Ericson] But then, isn’t it encrypted?[Ylva Johansson] But it’s not as if you are able to read someone’s communication. And there are techniques to detect without breaking the encryption. I think it’s very important that we defend the possibility and the right to encrypted communication, but that does not mean that we should say that as long as we use encrypted communication, we will not take steps to apprehend child sexual abuse. [Andreas Ericson] I’m a technology idiot, Ylva. This is how I understand it: if you send me pictures in encrypted documents, the authorities will not be able to read them. But if pedophiles send abuse images to each other, the authorities will be able to read them because there are technological solutions for that. That’s how I understand it; have I understood you correctly? [Ylva Johansson] No, you haven’t. You can make a comparison. Because encrypted communication today is scanned by the companies. They scan all communications for viruses. So, if you’re on Signal, and you want to send me a link to an interesting Svenska Dagbladet article, when you start typing the address of the article, a picture of the article pops up, because they’re scanning it. And that’s to make sure you aren’t sending me any viruses. [Andreas Ericson] Okay, you can see the image but isn’t it encrypted? Karl Emil (opponent in the debate), would you like to come in here? [Karl Emil Nikka] That’s not even how Signal works. The way Signal works is that if you get a preview, it’s because your Signal client, from your device, is taking a picture of the website and including it in the message that’s being sent. Signal has no access to this information … [Ylva Johansson] But that’s not what I’m saying. [Karl Emil Nikka] You said that Signal works the way you said, which it doesn’t.