“EU Proposal to Scan Private Messages for Illegal Content Sparks Controversy over Online Privacy and Encryption”

In response to an EU proposal that private messages be scanned by governments for illegal material, country officials said “it is essential that we have access to the data”.

A Acquired by WIRED according to a confidential document, EU member states strongly support access to private messages, which was first an idea from Spain.

The document includes a Council of Europe survey of member states’ views on encryption regulations, and behind-the-scenes views from officials on how to draft a highly controversial law to stop the spread of child sexual abuse material (CSAM) across Europe. The proposed law would require tech companies to scan their platforms for illegal material, including users’ private messages. But the proposal by EU Home Affairs Commissioner Ylva Johansson has drawn ire from cryptographers, technologists and privacy advocates over its potential impact on end-to-end encryption.

EU member states have been debating for years whether end-to-end encrypted communication platforms, such as WhatsApp, Messenger and Signal, should be reviewed. Experts who reviewed the document at WIRED’s request say it’s terrifying that governments are deliberating on scrapping encryption and reshaping the future of online privacy.

The majority of the 20 EU countries included in the document support some form of vetting of encrypted messages.

“It’s shocking to me that Spain outright claims that EU service providers should be banned from using end-to-end encryption” said Riana Pfefferkorn, a researcher at the Internet Observatory at Stanford University in California, who reviewed the document.

End-to-end encryption would become redundant

End-to-end encryption is designed so that only the sender and receiver of communications, such as messages, can see their contents. This excludes all other parties, from fraudsters to the police to the company providing the digital platform. Law enforcement advocates often propose creating technical mechanisms to circumvent end-to-end encryption during investigations, but cryptographers and other technologists have long argued that this would introduce weaknesses that undermine end-to-end encryption in the first place and compromise users’ privacy.

“Cracking end-to-end encryption for everyone would not only be disproportionate, but also ineffective in achieving the goal of protecting children” – said Iverna McGowan, general secretary of the European division of the Center for Democracy and Technology, a non-profit organization dealing with digital rights.

The document shows that the countries strongly support Johansson’s proposal, according to which end-to-end encrypted, private communications should be investigated for illegal content. 15 of the 20 countries in the document supported the idea of ​​vetting end-to-end encrypted communications. Many have argued that this is a vital tool that would allow the authorities to win the fight against child abuse.

Denmark and Ireland have expressed support for scanning encrypted messengers, while also supporting the inclusion of language in the law that protects end-to-end encryption from other third parties. Achieving this would depend on inventing technology that can scan encrypted messages for illegal content without altering or breaking the security features provided by encryption — something cryptographers and cybersecurity experts say is technically impossible.

However, the Netherlands stated that this would be possible a “with in-device scanning”before the illegal material is encrypted and sent to the recipient. “There are technologies that can enable automatic detection of CSAM while leaving end-to-end encryption intact” – the country’s representatives say in the document.

Hungary proposes new wiretapping methods

Spain said that “it is absolutely necessary to access the data”, and suggests that encrypted communications can be decrypted. Spain’s interior minister, Fernando Grande-Marlaska, has spoken openly about what he thinks is the danger of encryption.

For example, comments from Cyprus stated that it is “necessary” for law enforcement authorities to access encrypted communications when investigating online sexual abuse crimes and that “the effect of the decree is significant because it sets a precedent for other sectors in the future”. According to Hungary “new data interception and access methods are needed” to assist law enforcement.

Security experts have long said that potential loopholes in encrypted communications or ways to decrypt services would undermine the overall security of encryption. If law enforcement officials have the means to decrypt messages, hackers or those working on behalf of governments can take advantage of the same opportunities.

Italy called the proposal for the new system disproportionate. “It would mean general control over all encrypted correspondence sent over the World Wide Web” – said the representatives of the country. Estonia has warned that if the EU mandates end-to-end scanning of encrypted messages, companies are likely to either redesign their systems to be able to decode the data or shut down in the EU.

The representatives of Germany strongly opposed the proposal. The right to privacy is an inseparable foundation of vibrant, innovative democracies. The Orwellian draft would affect all members of society because of the actions of aberrant woke criminals, represented by an insignificantly low percentage. Not to mention the fact that wherever the State has the opportunity to abuse its power, the State will abuse it, this has been proven countless times over the centuries. Are you sure that the China-type observer state should be the new model of Europe’s (semi)democracies?