The European Union is inching ever closer to adopting a new law proposal that could see every digital message sent on iPhone and beyond in the territory scanned in the name of detecting child sexual abuse material (CSAM).
As reported by The Verge on Thursday, “The European Union is getting closer to passing new rules that would mandate the bulk scanning of digital messages — including encrypted ones.”
A vote on the proposals, first unveiled in 2022, has been set for Thursday. As noted by privacy advocate Patrick Breyer, many EU countries are on the fence about the new proposals. Belgium looks set to back the laws, and only Germany, Luxembourg, the Netherlands, Austria, and Poland are “relatively clear that they will not support the proposal.”
EU message scanning proposals
The EU is proposing a technology dubbed “upload monitoring” as part of its plans to stop the proliferation of CSAM content within the territory. The compromise was proposed in May by Belgium in order to try and get the legislation, which has been bogged down because of its far-reaching privacy consequences, over the line. As Euronews explains: “The new amendment would compel encrypted messaging services, such as WhatsApp, Messenger, Signal, or Telegram, to integrate scanning technology into their systems to monitor photos, videos, and URLs. These scanners would analyze content to detect child sexual abuse imagery and report it to authorities.” Users will reportedly have to consent to the scanning, but refusing would see them prevented from ending pictures, videos, or URLs over popular messaging services including WhatsApp, Messenger, Signal, and iMessage. While messages would technically remain encrypted once sent, the upload monitoring technology would ensure they’re scanned before they’re encrypted.
While the EU has tiptoed around the issue of encryption, comments made at the European Data Protection Supervisor (EDPS) 20th anniversary summit could give more light. Reported early Thursday, EU Commissioner for Justice Vera Jourova reportedly stated that the EC proposal for regulation would break encryption. As reported on X: "EU Commissioner for Justice Vera Jourova has said the EC proposal for the #CSARegulation would break encryption, and that this is right because of the need to protect children. This is the first time I've *ever* heard the EU Commission admit on record that their CSAR proposal would break encryption. Complete 180° reversal from the repeated claim over the last 3 years from Home Affairs Commissioner Ylva Johansson that the proposal does not break encryption."
The President of Signal, Meredith Whittaker, has recently slammed the proposals, claiming that “there is no way to implement” the mass scanning of everyone’s private communications against a government-curated database without “fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe.”
“Mandating mass scanning of private communications fundamentally undermines encryption. Full stop,” Whittaker wrote. The strong backlash against the move is reminiscent of Apple’s own plans to adopt CSAM scanning technology on iPhone a few years ago. While Apple’s Child Safety features do include a warning system that can detect when a child is sent an explicit message, more ambitious plans to scan the hashes of photos uploaded to iCloud against a database of known CSAM material were met with fervent pushback, and quietly dropped a few months after they were announced.