On Wednesday, the European Commission proposed a new regulation that would require technology companies to scan child sexual abuse (CSAM) and care behavior, raising concerns that it could undermine end-to-end encryption (E2EE).
To this end, ISPs, including hosting services and communication applications, should proactively scan their platforms for CSAM, and report, delete, and disable access to such illegal content.
While instant messaging services such as WhatsApp already to hope in hashed versions of known CSAM to automatically block new downloads of images or videos corresponding to them, the new plan requires such platforms to identify and tag new instances of CSAM.
“Detection technologies should only be used to detect child sexual abuse,” the regulator said. said. “Suppliers will have to deploy technologies that least violate privacy in line with modern industry technologies and that limit the number of false positives as much as possible.”
The new EU Center for Child Sexual Violence, which will be set up to enforce the measures, is tasked with maintaining a database of digital “indicators” of child sexual abuse, as well as processing and forwarding legal messages to law enforcement.
In addition, the rules require app stores to ensure that children do not download apps that “may put them at high risk of extorting children”.
Controversial proposal to stop the spread of sexual violence materials appeared a few days after the draft version of the regulations leak earlier this weekthat prompted Johns Hopkins University security researcher Matthew Green state that “It’s Apple again.”
The tech giant, which last year announced plans to scan and detect CSAM on its devices, has since are delayed deployment to “pick up extra time in the coming months to gather input and make improvements.”
The goal also has postponed his plans to support E2EE in all of his messaging services, WhatsApp, Messenger and Instagram, until sometime in 2023, stating that it takes time to “figure it out correctly”.
Primary privacy and security concerns technology can weaken privacy by creating backdoors to defeat E2EE protection and facilitate large-scale surveillance.
It will also require constant access to users ’personal messages in plain text, which actually makes E2EE incompatible and undermines the security and privacy of communications.
“The idea that all the hundreds of millions of people in the EU will have intimate private conversations, where they have reasonable expectations that it is private, instead will be as if indiscriminately and generally scanned 24/7, is unprecedented,” – Ella Jakubowska , political adviser at European Digital Rights (EDRi), Politico reported.
But the privacy provided by encryption is also proving to be a double-edged sword, and governments are increasingly battling fears that encrypted platforms are being used by malicious entities for terrorism, cybercrime and child abuse.
“Encryption is an important tool for protecting cybersecurity and privacy of communications,” the commission said. said. “At the same time, its use as a safe channel can be abused by criminals to hide their actions, which hinders efforts to bring to justice those responsible for sexual abuse of children.”
The development underscores Big Tech’s ongoing struggle to balance privacy and security, while drawing attention to the need to assist law enforcement in their search for access to criminal data.
“The new proposal is overly broad, disproportionate and detrimental to everyone’s privacy and security,” the Electronic Frontier Foundation (EFF) said. said. “Scanning requirements are subject to protection, but they are not strong enough to prevent actions that violate the privacy that platforms will have to comply with.”