Advertisement

EU delays decision over scanning encrypted messages for CSAM

Critics say such a move would undermine encryption and be a 'terrifying mass surveillance measure.'

Reuters / Reuters

European Union officials have delayed talks over proposed legislation that could lead to messaging services having to scan photos and links to detect possible child sexual abuse material (CSAM). Were the proposal to become law, it may require the likes of WhatsApp, Messenger and Signal to scan all images that users upload — which would essentially force them to break encryption.

For the measure to pass, it would need to have the backing of at least 15 of the member states representing at least 65 percent of the bloc's entire population. However, countries including Germany, Austria, Poland, the Netherlands and the Czech Republic were expected to abstain from the vote or oppose the plan due to cybersecurity and privacy concerns, Politico reports. If EU members come to an agreement on a joint position, they'll have to hash out a final version of the law with the European Commission and European Parliament.

The legislation was first proposed in 2022 and it could result in messaging services having to scan all images and links with the aim of detecting CSAM and communications between minors and potential offenders. Under the proposal, users would be informed about the link and image scans in services' terms and conditions. If they refused, they would be blocked from sharing links and images on those platforms. However, as Politico notes, the draft proposal includes an exemption for “accounts used by the State for national security purposes."

EU Council leaders are said to have been trying for six months to break the impasse and move forward negotiations to finalize the law. Belgium's presidency of the Council is set to end on June 30, and it's unclear if the incoming leadership will continue to prioritize the proposal.

Patrick Breyer, a digital rights activist who was a member of the previous European Parliament before this month's elections, has argued that proponents of the so-called "chat control" plan aimed to take advantage of a power vacuum before the next parliament is constituted. Breyer says that the delay of the vote, prompted in part by campaigners, "should be celebrated," but warned that "surveillance extremists among the EU governments" could again attempt to advance chat control in the coming days.

Other critics and privacy advocates have slammed the proposal. Signal president Meredith Whittaker said in a statement that "mass scanning of private communications fundamentally undermines encryption," while Edward Snowden described it as a "terrifying mass surveillance measure."

Advocates, on the other hand, have suggested that breaking encryption would be acceptable in order to tackle CSAM. "The Commission proposed the method or the rule that even encrypted messaging can be broken for the sake of better protecting children," Vice President of the European Commission for Values and Transparency Věra Jourová said on Thursday, per EuroNews.

The EU is not the only entity to attempt such a move. In 2021, Apple revealed a plan to scan iCloud Photos for known CSAM. However, it scrapped that controversial effort following criticism from the likes of customers, advocacy groups and researchers.