EU plans to require backdoor to encrypted messages for child protection

Posted:
in General Discussion
A leaked European Union proposal shows plans to mandate CSAM scanning for child protection in all encrypted messaging services.

Credit: Alexandre Lallemand/Unsplash
Credit: Alexandre Lallemand/Unsplash


In 2021, Apple eventually backed down over its own plans to introduce scanning for child sexual abuse material (CSAM), and agreed to postpone it following severe criticism of its dangers to all privacy. Notably, the UK government backed Apple's plans, albeit after Apple had withdrawn them, and chiefly as part of its own wish to get backdoors into end-to-end encryption.

Now it appears that many of the UK's former fellow EU member countries have been planning their own CSAM measures. These plans have been such that the EU intends to impose a single pan-European solution, both to standardize the measures, and because it says that voluntary ones have not been sufficient.

Security consultant Alec Muffett has tweeted a copy of a draft EU proposal about "laying down rules to prevent and combat child sexual abuse."

Well, this is some interesting reading for the afternoon.https://t.co/1z96uE1REx pic.twitter.com/X8Fybvv4fj

— Alec Muffett (@AlecMuffett)


"Despite the important contribution made by certain providers," says the proposal, "voluntary action has thus proven insufficient to address the misuse of online services for the purposes of child sexual abuse."

"As a consequence, several Member States have started preparing and adopting national rules to fight against online child sexual abuse," it continues.

The proposal reports that "divergent national requirements" over CSAM would also lead "to an increase in the fragmentation of the Digital Single Market for services."

European Union regulators therefore propose imposing rules in order "to guarantee children's fundamental rights," but also "to establish a fair balance" over the right of privacy for users in general.

The plan is for an "EU Center," which would "create, maintain and operate databases of indicators of online child sexual abuse that providers will be required to use."

Breaking end to end encryption

No specific services are mentioned in the proposal's more than 55,000 words of detail, but it does state that these "measures should be taken regardless of the technologies used by the providers concerned in connection to the provision of their services."

"That includes the use of end-to-end encryption technology," continues the proposal, "which is an important tool to guarantee the security and confidentiality of the communications of users, including those of children."

"When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation," says the proposal, "nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users."

The plan appears to propose that end-to-end encryption be broken by messaging service providers, in order to scan messages for CSAM.

This is the main issue that security experts had against Apple's CSAM system. They argue that once scanning for CSAM is allowed, governments would be able to require scanning for any other information they desire.

Matthew Green, cryptography teacher at Johns Hopkins University, has described the leaked plans as "the most terrifying thing I've ever seen."

This document is the most terrifying thing I've ever seen. It is proposing a new mass surveillance system that will read private text messages, not to detect CSAM, but to detect "grooming". Read for yourself. pic.twitter.com/iYkRccq9ZP

— Matthew Green (@matthew_d_green)


The leaked EU proposal has no date, but its appendices include a potential timetable that would see the plans introduced from 2022 to 2027.



Read on AppleInsider
«1

Comments

  • Reply 1 of 27
    GabyGaby Posts: 184member
    And people complained about Apples system… I have to say that I am against any weakening of encryptions or privacy protections but in terms of which method is the lesser of two evils Apple’s solution is the less intrusive. The language in this Bill truly is terrifying. I have to say that considering that the police constantly complain that they don’t have the resources to deal with crimes as it is I find it farcical that more and more legislation continues to be added. Not to downplay the significance of sexual abuse in any way but one has to be pragmatic and decide whether the the attack on privacy is justified. It seems to me police forces do less and less detection and real crime fighting and are becoming merely administrative in their roles. 
    bshankchadbagmagman1979watto_cobrajony0
  • Reply 2 of 27
    DAalsethDAalseth Posts: 2,564member
    Murderous regimes around the world are salivating at this proposal. 
    bshankbeowulfschmidtbyronlchadbagmike1georgie01dewmemagman1979watto_cobrajony0
  • Reply 3 of 27
    kelemorkelemor Posts: 22member
    Be really funny when the same people that put this in effect get arrested…..oh wait yeah their phones will be exempt for some unknown reason. 


    byronlgeorgie01rezwitsmagman1979watto_cobrajony0
  • Reply 4 of 27
    rob53rob53 Posts: 3,087member
    I said they'd do this a long time ago. This is why they're going after Apple, to force the ability to create back doors. It's not just for what they're saying, it's for everything. What these idiots don't realize is once there's a back door, there's no way to keep it closed even for their own government systems. Nothing will be secure, everything will be open. Yes, it's open for a small group of people right now but allow the back doors and it will be extremely easy for everyone to break into anyone's computer system. Apple needs to continue to fight this fight, which is obviously being backed in the US by our three letter agencies. It's the same around the world. 
    bshankbyronlmagman1979watto_cobra
  • Reply 5 of 27
    People flipped out over Apple's proposed on-device scanning and it was essentially hash scanning of the exact same files that would have been scanned in iCloud anyway AND users were in total control of whether or not they used iCloud and which applications would have files uploaded if they did choose to use it. It didn't actually change anything when it came to privacy. 
    bshanktdknoxigorskytechconcAlex1Nmagman1979watto_cobrajony0
  • Reply 6 of 27
    flydogflydog Posts: 1,097member
    Gaby said:
    And people complained about Apples system… I have to say that I am against any weakening of encryptions or privacy protections but in terms of which method is the lesser of two evils Apple’s solution is the less intrusive. The language in this Bill truly is terrifying. I have to say that considering that the police constantly complain that they don’t have the resources to deal with crimes as it is I find it farcical that more and more legislation continues to be added. Not to downplay the significance of sexual abuse in any way but one has to be pragmatic and decide whether the the attack on privacy is justified. It seems to me police forces do less and less detection and real crime fighting and are becoming merely administrative in their roles. 
    Apple’s method is not less intrusive because Apple would be scanning all communications. The EU proposal requires a court order, and affords affected individuals the right to challenge the order.  

    The language is only “terrifying” if you rely on headlines, and don’t both to read the actual bill. 
    williamlondonbyronl
  • Reply 7 of 27
    byronlbyronl Posts: 256member
    the great reset is coming yall 
    Japheywatto_cobra
  • Reply 8 of 27
    rob53rob53 Posts: 3,087member
    byronl said:
    the great reset is coming yall 
    As in global dictatorship? I can see it coming too. All that matters is for rich people to be even richer while everyone else becomes their serfs. 
    byronlentropysgeorgie01DAalsethdewmeAlex1NJapheymagman1979watto_cobratht
  • Reply 9 of 27
    DaRevDaRev Posts: 28member
    First, they said we need these laws to Stop Terrorists, when that failed they pivoted to something people couldn't be against "Save The Children".  All this legislation would do is embolden criminals, terrorists, and despotic regimes who will have an easier time targeting political dissidents.
    entropysAlex1Nmagman1979watto_cobrajony0
  • Reply 10 of 27
    NDWNDW Posts: 3member
    flydog said:
    Gaby said:
    And people complained about Apples system… I have to say that I am against any weakening of encryptions or privacy protections but in terms of which method is the lesser of two evils Apple’s solution is the less intrusive. The language in this Bill truly is terrifying. I have to say that considering that the police constantly complain that they don’t have the resources to deal with crimes as it is I find it farcical that more and more legislation continues to be added. Not to downplay the significance of sexual abuse in any way but one has to be pragmatic and decide whether the the attack on privacy is justified. It seems to me police forces do less and less detection and real crime fighting and are becoming merely administrative in their roles. 
    Apple’s method is not less intrusive because Apple would be scanning all communications. The EU proposal requires a court order, and affords affected individuals the right to challenge the order.  

    The language is only “terrifying” if you rely on headlines, and don’t both to read the actual bill. 
    You don’t understand why this is terrifying. It’s because there will be a back door to encrypted messages regardless if you send CASM or not. The break in encryption could be exploited by anyone if the backdoor method or encryption keys is discovered by any bad actor. Imagine organised crime discovering the backdoor  so they can read all emails sent. For example it would enable them to get banking details, personal identification details and all they need to get into someone’s bank account and clear it out. 

    And, of course, the worlds police and secret services have never taken advantage of any weakness in security for their own means, whether they are allowed to or not, have they?

    Finally when, not if, a dictatorship or authoritarian regime gets hold of the encryption keys they will have unfettered access to all messages sent within the EU including yours (if your are an EU citizen or send a message to the EU) and all government correspondence. Imagine if Putin’s government could read all messages in the EU. Nothing bad could happen there, could it?
    edited May 2022 chadbagtdknoxbshankJanNLwilliamlondonentropystechconcmike1georgie01zigzaglens
  • Reply 11 of 27
    So in other words, rich corrupt politicians kept Apple from designing a system that would have actually put a dent into the sharing of images of child abuse. And now they’re proposing something that won’t be effective but will ensure that eventually Russian/Chinese/North Korean/Americans eventually get access to my messages and then gain access to my saved passwords and steal all my money. 

    These idiots don’t realize that if this back door is created they only have a few years before this becomes a total mess. 
    bshankJanNLwatto_cobra
  • Reply 12 of 27
    igorskyigorsky Posts: 661member
    flydog said:
    Gaby said:
    And people complained about Apples system… I have to say that I am against any weakening of encryptions or privacy protections but in terms of which method is the lesser of two evils Apple’s solution is the less intrusive. The language in this Bill truly is terrifying. I have to say that considering that the police constantly complain that they don’t have the resources to deal with crimes as it is I find it farcical that more and more legislation continues to be added. Not to downplay the significance of sexual abuse in any way but one has to be pragmatic and decide whether the the attack on privacy is justified. It seems to me police forces do less and less detection and real crime fighting and are becoming merely administrative in their roles. 
    Apple’s method is not less intrusive because Apple would be scanning all communications. 
    Sounds like you don't understand how Apple system would've worked.  They were going to scan for hashes common to the general CSAM database; it's not what you're implying at all.
    bshanktechconczigzaglens9secondkox2Alex1NDogpersonmagman1979watto_cobra
  • Reply 13 of 27
    JapheyJaphey Posts: 1,460member
    For the children. 
    entropys9secondkox2watto_cobra
  • Reply 14 of 27
    lkrupplkrupp Posts: 10,323member
    igorsky said:
    flydog said:
    Gaby said:
    And people complained about Apples system… I have to say that I am against any weakening of encryptions or privacy protections but in terms of which method is the lesser of two evils Apple’s solution is the less intrusive. The language in this Bill truly is terrifying. I have to say that considering that the police constantly complain that they don’t have the resources to deal with crimes as it is I find it farcical that more and more legislation continues to be added. Not to downplay the significance of sexual abuse in any way but one has to be pragmatic and decide whether the the attack on privacy is justified. It seems to me police forces do less and less detection and real crime fighting and are becoming merely administrative in their roles. 
    Apple’s method is not less intrusive because Apple would be scanning all communications. 
    Sounds like you don't understand how Apple system would've worked.  They were going to scan for hashes common to the general CSAM database; it's not what you're implying at all.
    There is so much misinformation and flat out disinformation about this on tech blogs by tongue wagging idiots. Whatever comes they will gnash their teeth and...submit.
    magman1979watto_cobrajony0
  • Reply 15 of 27
    entropysentropys Posts: 3,788member
    kelemor said:
    Be really funny when the same people that put this in effect get arrested…..oh wait yeah their phones will be exempt for some unknown reason. 


    Only to be used on political enemies. And a few rock spiders to give the legislation a smear of legitimacy.
    edited May 2022 watto_cobra
  • Reply 16 of 27
    techconctechconc Posts: 245member

    Notably, the UK government backed Apple's plans, albeit after Apple had withdrawn them, and chiefly as part of its own wish to get backdoors into end-to-end encryption.

    This comment makes no sense as Apple's solution would NOT have provided a backdoor to end-to-end encryption.

    The plan appears to propose that end-to-end encryption be broken by messaging service providers, in order to scan messages for CSAM.
    That will fail.  You can't ban math.  There will be work-arounds and I'm sure this would be fought legally.  Unfortunately, you have technically illiterate beurocrats pushing for solutions they don't fully understand. 
    zigzaglensAlex1Nwatto_cobrajony0
  • Reply 17 of 27
    georgie01georgie01 Posts: 424member
    I’m glad more and more people are waking up to the lies of our governments, but there are still too many people with their head in the sand.

    Their reasons have little to do with CSAM other than to use it to gain public support as one step toward something the majority of people would currently reject—routine surveillance of all our communications. This is what (poor) leaders do, they inch their authoritarian policies onto a gullible public by lying about their reasons, and a public with shockingly short term memories refuse to think independently.

    People really need to wake up. What’s happening in western countries right now is exactly what the US founders were trying to escape.
    edited May 2022 9secondkox2Alex1NJapheywatto_cobra
  • Reply 18 of 27
    9secondkox29secondkox2 Posts: 1,571member
    Hmmm…

    ”how can we get people to give up their freedom and privacy without a fuss? Say it’s for the children! That will get ‘em!”
    Japheywatto_cobra
  • Reply 19 of 27
    9secondkox29secondkox2 Posts: 1,571member
    georgie01 said:
    I’m glad more and more people are waking up to the lies of our governments, but there are still too many people with their head in the sand.

    Their reasons have little to do with CSAM other than to use it to gain public support as one step toward something the majority of people would currently reject—routine surveillance of all our communications. This is what (poor) leaders do, they inch their authoritarian policies onto a gullible public by lying about their reasons, and a public with shockingly short term memories refuse to think independently.

    People really need to wake up. What’s happening in western countries right now is exactly what the US founders were trying to escape.
    1000x this. 
    watto_cobra
  • Reply 20 of 27
    9secondkox29secondkox2 Posts: 1,571member
    The same groups wanting to kill children a month after being born, the same groups that advocate for minors making irreversible life altering gender sex surgery decisions, and the same groups pushing class based on the new racism are the ones saying “this is for the kids.” Riiiight… 

    a back door is a back door is a back door. Regardless of what the purported ideology is. 
    lkruppwatto_cobra
Sign In or Register to comment.