The European Union (EU) is considering a proposal that would require messaging platforms to scan citizens’ private communications for child sexual abuse material (CSAM). This proposal has sparked widespread concern among security and privacy experts, who argue that it is technically flawed, will lead to millions of false positives per day, and will undermine encryption and privacy protections.
In an open letter signed by over 270 experts, including well-known security experts such as professor Bruce Schneier of Harvard Kennedy School and Dr. Matthew D. Green of Johns Hopkins University, the experts warn that the proposal is “deeply flawed and vulnerable to attacks”. They argue that the detection technologies that the proposal hinges on are not capable of distinguishing between CSAM and other types of content, and that they would lead to a significant weakening of the vital protections provided by end-to-end encrypted (E2EE) communications.
The experts also point out that the proposal would create “unprecedented capabilities for surveillance and control of Internet users” and would “undermine… a secure digital future for our society and can have enormous consequences for democratic processes in Europe and beyond.”
Despite these concerns, the EU is moving forward with the proposal, which is expected to be discussed further in a working party meeting on May 8. If the proposal is adopted, it would have a significant impact on the way that messaging platforms are used in the EU. It could also set a dangerous precedent for internet filtering and surveillance around the world.
In addition to the concerns raised by security and privacy experts, the proposal has also been criticized by law enforcement officials. In a joint statement, police chiefs across Europe have called for platforms to design their security systems in such a way that they can still identify illegal activity and send reports on message content to law enforcement. However, the police chiefs have denied that they are calling for encryption to be backdoored.
The EU’s proposal is a complex and controversial issue. It is important to consider the concerns raised by both security and privacy experts and law enforcement officials before making a decision on whether or not to adopt the proposal.
