EU plans to require backdoor to encrypted messages for child protection
A leaked European Union proposal shows plans to mandate CSAM scanning for child protection in all encrypted messaging services.
Credit: Alexandre Lallemand/Unsplash
In 2021, Apple eventually backed down over its own plans to introduce scanning for child sexual abuse material (CSAM), and agreed to postpone it following severe criticism of its dangers to all privacy. Notably, the UK government backed Apple's plans, albeit after Apple had withdrawn them, and chiefly as part of its own wish to get backdoors into end-to-end encryption.
Now it appears that many of the UK's former fellow EU member countries have been planning their own CSAM measures. These plans have been such that the EU intends to impose a single pan-European solution, both to standardize the measures, and because it says that voluntary ones have not been sufficient.
Security consultant Alec Muffett has tweeted a copy of a draft EU proposal about "laying down rules to prevent and combat child sexual abuse."
"Despite the important contribution made by certain providers," says the proposal, "voluntary action has thus proven insufficient to address the misuse of online services for the purposes of child sexual abuse."
"As a consequence, several Member States have started preparing and adopting national rules to fight against online child sexual abuse," it continues.
The proposal reports that "divergent national requirements" over CSAM would also lead "to an increase in the fragmentation of the Digital Single Market for services."
European Union regulators therefore propose imposing rules in order "to guarantee children's fundamental rights," but also "to establish a fair balance" over the right of privacy for users in general.
The plan is for an "EU Center," which would "create, maintain and operate databases of indicators of online child sexual abuse that providers will be required to use."
"That includes the use of end-to-end encryption technology," continues the proposal, "which is an important tool to guarantee the security and confidentiality of the communications of users, including those of children."
"When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation," says the proposal, "nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users."
The plan appears to propose that end-to-end encryption be broken by messaging service providers, in order to scan messages for CSAM.
This is the main issue that security experts had against Apple's CSAM system. They argue that once scanning for CSAM is allowed, governments would be able to require scanning for any other information they desire.
Matthew Green, cryptography teacher at Johns Hopkins University, has described the leaked plans as "the most terrifying thing I've ever seen."
The leaked EU proposal has no date, but its appendices include a potential timetable that would see the plans introduced from 2022 to 2027.
Read on AppleInsider
Credit: Alexandre Lallemand/Unsplash
In 2021, Apple eventually backed down over its own plans to introduce scanning for child sexual abuse material (CSAM), and agreed to postpone it following severe criticism of its dangers to all privacy. Notably, the UK government backed Apple's plans, albeit after Apple had withdrawn them, and chiefly as part of its own wish to get backdoors into end-to-end encryption.
Now it appears that many of the UK's former fellow EU member countries have been planning their own CSAM measures. These plans have been such that the EU intends to impose a single pan-European solution, both to standardize the measures, and because it says that voluntary ones have not been sufficient.
Security consultant Alec Muffett has tweeted a copy of a draft EU proposal about "laying down rules to prevent and combat child sexual abuse."
Well, this is some interesting reading for the afternoon.https://t.co/1z96uE1REx pic.twitter.com/X8Fybvv4fj
— Alec Muffett (@AlecMuffett)
"Despite the important contribution made by certain providers," says the proposal, "voluntary action has thus proven insufficient to address the misuse of online services for the purposes of child sexual abuse."
"As a consequence, several Member States have started preparing and adopting national rules to fight against online child sexual abuse," it continues.
The proposal reports that "divergent national requirements" over CSAM would also lead "to an increase in the fragmentation of the Digital Single Market for services."
European Union regulators therefore propose imposing rules in order "to guarantee children's fundamental rights," but also "to establish a fair balance" over the right of privacy for users in general.
The plan is for an "EU Center," which would "create, maintain and operate databases of indicators of online child sexual abuse that providers will be required to use."
Breaking end to end encryption
No specific services are mentioned in the proposal's more than 55,000 words of detail, but it does state that these "measures should be taken regardless of the technologies used by the providers concerned in connection to the provision of their services.""That includes the use of end-to-end encryption technology," continues the proposal, "which is an important tool to guarantee the security and confidentiality of the communications of users, including those of children."
"When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation," says the proposal, "nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users."
The plan appears to propose that end-to-end encryption be broken by messaging service providers, in order to scan messages for CSAM.
This is the main issue that security experts had against Apple's CSAM system. They argue that once scanning for CSAM is allowed, governments would be able to require scanning for any other information they desire.
Matthew Green, cryptography teacher at Johns Hopkins University, has described the leaked plans as "the most terrifying thing I've ever seen."
This document is the most terrifying thing I've ever seen. It is proposing a new mass surveillance system that will read private text messages, not to detect CSAM, but to detect "grooming". Read for yourself. pic.twitter.com/iYkRccq9ZP
— Matthew Green (@matthew_d_green)
The leaked EU proposal has no date, but its appendices include a potential timetable that would see the plans introduced from 2022 to 2027.
Read on AppleInsider
Comments
Finally when, not if, a dictatorship or authoritarian regime gets hold of the encryption keys they will have unfettered access to all messages sent within the EU including yours (if your are an EU citizen or send a message to the EU) and all government correspondence. Imagine if Putin’s government could read all messages in the EU. Nothing bad could happen there, could it?
That will fail. You can't ban math. There will be work-arounds and I'm sure this would be fought legally. Unfortunately, you have technically illiterate beurocrats pushing for solutions they don't fully understand.
Their reasons have little to do with CSAM other than to use it to gain public support as one step toward something the majority of people would currently reject—routine surveillance of all our communications. This is what (poor) leaders do, they inch their authoritarian policies onto a gullible public by lying about their reasons, and a public with shockingly short term memories refuse to think independently.
People really need to wake up. What’s happening in western countries right now is exactly what the US founders were trying to escape.
”how can we get people to give up their freedom and privacy without a fuss? Say it’s for the children! That will get ‘em!”
a back door is a back door is a back door. Regardless of what the purported ideology is.