RIO DE JANEIRO, BRAZIL – With a new law, the European Union wants to oblige companies like WhatsApp, Apple, Google, and others to screen encrypted chats for possible child abuse cases. Using a technology that experts have been warning about for some time.
The EU’s new law to require companies like WhatsApp, Apple, Google, and others to screen encrypted chats for possible child abuse cases is set to come as early as the end of March this year. The EU says it will help strengthen the fight against child abuse.
As ‘Der Spiegel’ reported on Saturday, it could require operating system providers such as Apple and Google, as well as app operators such as WhatsApp, Signal and Threema, to screen all of their users’ chats in advance for evidence of abused children.
Previously, the EU’s transitional e-privacy regulation relied on voluntary message scanning by companies. However, not much is known yet about the content of the new law that will replace the e-privacy transition regulation.
The EU Commission only hinted that it wants to make “relevant online service providers” responsible for identifying, reporting, and removing abusive material. As ‘Der Spiegel’ reports, however, it is unclear whether this definition includes only application providers or also operating system providers. It is also not yet known which technology will be used.
However, it is suspected that so-called “client-side scanning” could be used. With this technology, every chat message on a user’s device is first checked offline against a hash database before it is encrypted and sent.
This hash database does not consist of abuse material for direct comparison, but of digital fingerprints, so-called hash values, of already known illegal content, as ‘Der Spiegel’ further writes.
APPLE WITHDREW A SIMILAR SYSTEM IN 2021
There are many who strongly warn against this technology. Last Thursday, nearly 40 organizations spoke out against automated control of chats in an open letter. The law could lead to suspicionless mass surveillance of all Europeans, they fear. Among other things, the authors of the open letter point to the current communications in Russia and Ukraine.
“As the shocking events of the past three weeks have shown, privacy and security are rights that reinforce each other.”
That’s because, the letter’s initiators said, in times of war, people rely on communicating safely with media or organizing protection for their families. But even in peacetime, it is crucial for people’s freedom and rights to be able to communicate without unwarranted intrusion from third parties, the authors further write.
“We urge the Commission to ensure that citizens’ private communications do not become collateral damage of impending legislation.”
The organizations also point to a study that found it would be impossible to allow law enforcement agencies to access messages on an exceptional basis without criminals and repressive governments exploiting this vulnerability.
The technical infrastructure for pre-screening communications content on any smartphone could therefore instead become a threat to politicians, journalists and human rights activists.
According to Patrick Breyer, who represents the Pirate Party in the European Parliament, this technology is roughly like “the post office opening all letters and police officers searching millions of homes.” Speaking to Der Spiegel, the vehement opponent of the technology added:
“Already overburdened law enforcement agencies are unnecessarily burdened with sifting through this garbage reported by the millions.”
According to Breyer, targeted investigations of suspected abuse are more effective, and the decisive tips usually come from witnesses. Chat control would not help at all, the Pirate politician told Der Spiegel. And further:
“Child porn rings do not exchange information via Facebook Messenger or Gmail.”
And even if they did, the scanners would hardly be of any use, as they would not be able to do anything with a link to encrypted content that is common in the scene, Breyer continued.
As the news magazine continues, most reported cases are sent to the National Center for Missing and Exploited Children (NCMEC) in the United States.
From there, they would be forwarded to the authorities of the corresponding country based on the sender and recipient information. According to Breyer, a separate organization will now be set up in Europe to review the cases.
“Material that is interesting for governments”
But in his interview with Der Spiegel, the politician fears that not only could content be misinterpreted and, for example, harmless vacation photos of children on the beach be fished out – the regulation could also affect future EU decisions. Beyer told the news magazine:
“If the law is passed, it will set a precedent.”
The scanners could then be used to search for other material, Beyer fears.
“In countries like Turkey, Russia and China, you would have searches for completely different material that is interesting for the government.”
The Spiegel article also mentions the concerns of the German Bar Association (DAV). The latter does not think much of prior checking. Speaking to the news magazine, criminal defense lawyer David Albrecht criticized, among other things, that not only images in the form of hash values would be searched, but also messages in plain text would be scanned.
“I think that is very questionable,” Albrecht told Der Spiegel.
The fight against child abuse is important, but legal measures must always be proportionate, the lawyer added. He added that the planned regulation would not do justice to the freedoms that apply in Europe and would involve considerable interference in online communication.
According to Albrecht, the law will end up before the European Court of Justice (ECJ). “But of course that will take time,” the lawyer told Der Spiegel.
Even if the ECJ repeals the regulation, the “damage to fundamental rights” has already been done, because by then “there will have been widespread encroachments on the right to confidentiality of communications.”