Categories
News

Joint Statement on the dangers of the May 2024 Council of the EU compromise proposal on EU CSAM

Child sexual abuse and its distribution online is a serious crime that can only be effectively addressed if EU member states take a measured approach that is informed by expert evidence. We are concerned by developments in the Council of the EU where the Belgian Presidency continues to advocate using scanning technologies for encrypted messaging services, without addressing the security and rights concerns raised by experts.

Read the full statement below and join the Global Encryption Coalition Steering Committee (The Center for Democracy & TechnologyGlobal Partners Digital, the Internet Freedom Foundation, the Internet Society, and Mozilla), in calling on Ministers in the Council of the EU to reject all scanning proposals that are inconsistent with the principle of end-to-end encryption, including client-side scanning and upload moderation, and to guarantee the protection of digital rights throughout the proposal.”

FULL STATEMENT

28 May 2024

The undersigned organizations, companies, and cybersecurity experts, many of whom are members of the Global Encryption Coalition, issue the following statement in response to news of the Belgian Presidency’s latest compromise proposal, dated May 2024, on the Regulation on Child Sexual Abuse (CSA).

Child sexual abuse and its distribution online is a serious crime that can only be effectively addressed if EU member states take a measured approach that is informed by expert evidence. The EU Parliament has already done this by adopting language that excludes end-to-end encrypted services from the scope of the regulation. We praise this step towards recognising the importance of encryption in ensuring security and guaranteeing human rights and fundamental freedoms. We welcome this positive approach by the EU Parliament, as end-to-end encryption is a vital technology that protects adults, children, businesses, and governments from becoming the victims of malicious actors.

We are concerned that the Council of the EU is not following the same path. The Belgian Presidency continues to advocate for the use of scanning technologies for encrypted messaging services, as well other disproportionate limitations on digital rights. Content detection has been a contentious issue for a number of EU member states who have until now opposed client-side scanning technologies, because they rightly understand that it creates serious security and privacy risks, permitting general monitoring, and undermining human rights. We thank Ministers in the Council for their recognition of the importance of encryption and efforts to protect it

In an effort to find a solution, the Belgian presidency has now rebranded this approach using the term “upload moderation”. This is a mere cosmetic change, as it still fails to address the security and rights concerns raised by experts with regard to client-side scanning. Scanning at the upload point defeats the end-to-end principle of strong encryption, could easily be circumvented, and would create new security vulnerabilities that third parties could exploit. In short, it will not solve the problem of the online spread of child sexual abuse material, but will introduce significant security risks for all citizens, companies, and governments.

The Belgian Presidency’s latest compromise text has sought to find consensus by proposing that: 

  1. Client-side scanning only be applied to visual content (photos and videos) and URLs; and 
  2. Users of communication services would need to give their consent to scanning, otherwise they would not be permitted to upload or share photos and videos using the service. 

In today’s digital societies, the exchange of photos and videos is a standard activity. If the user has no real choice, feels compelled to consent, or would defacto be barred from the service if they do not consent, then the consent given will not be freely given. Coerced consent is not freely given consent. Moreover, the proposal is unfit for purpose, and can easily be circumvented, simply by embedding photos or videos on a different type of file, like a text document, or a presentation.

We call on Ministers in the Council of the EU to reject all scanning proposals that are inconsistent with the principle of end-to-end encryption, including client-side scanning and upload moderation, and to guarantee the protection of digital rights throughout the proposal. These intrusive techniques would only jeopardize the security and the rights of Internet users.

Any questions in relation to this statement can be directed to the Global Encryption Coalition Steering Committee at [email protected].

Signatories as of 31 May 2024
Organizations

Internet Society

Center for Democracy & Technology

Internet Freedom Foundation

Mozilla

Global Partners Digital

Signal

Access Now

Aspiration

Privacy International

Article 19

Tuta

SecureCrypt

Privacy & Access Council of Canada

Big Brother Watch

The Centre for Democracy and Technology Europe

Sjard Braun

epicenter.works – for digital rights

Elektronisk Forpost Norge (EFN)

JCA-NET(Japan)

INSPIRIT Creatives NGO

Privacy First

The Commoners

ISOC Germany 

Open Privacy Tech Foundation 

Alternatif Bilisim (Alternative Informatics Association)

Danes je nov dan

Defend Democracy

Defend Digital Me

Deutsche Vereinigung für Datenschutz e.V. (DVD)

Digital Rights Ireland

Irish Council for Civil Liberties

ISOC Switzerland Chapter

ISOC.DE e.V.

Iuridicum Remedium

Majal.org

Proton

SimpleX Chat

Surfshark

Edvina AB

Law and Technology Research Institute of Recife – IP.rec

Dataföreningen väst

Bits of Freedom

D3 – Defesa dos Direitos Digitais

fairkom

ISOC Portugal

ISOC UK 

Cybersecurity Advisors Network (CyAN)

ApTI

Gate 15

Electronic Frontier Foundation (EFF)

Daniel Törmänen

Državljan D (Citizen D)

Politiscope

European Digital Rights (EDRi)

Global Partners Digital

Aivivid AB

Privacy International (PI)

Irene Promussas, Chairwoman Lobby4kids

IT-Pol Denmark

Electronic Frontiers Australia

ISOC-CAT Catalan Internet Society Chapter

U-YOGA UGANDA

eco – Association of the Internet Industry

Electronic Frontier Finland – Effi ry

OpenMedia

Studio Legale Fabiano – Fabiano Law Firm

Individuals

José Legatheaux,      Faculty of Sciences and Technology – New University of Lisbon

Jordi Domingo,      Universitat Politècnica de Catalunya (UPC BarcelonaTECH)

Simon Müller

Peter Green 

Tanguy Fardet

Jennifer Alba     

Jorge Sanchez Llorens          

El Haych 

Arthur  LE GUENNEC

S.C. Pol 

Aleksandras    Beinaras            

Sebastian          Ulreich                

Igor        Maciejewski   

Leonardo Wassilie, Salmonberry Tribal Associates

Shadrach Ankrah, Connect Rurals

Jon Callas Zatik Security

Kacper Stachnio Polish

Walter Ruggeri 

        

Stefan Otto     

Kye Giles    

Kaiah   Gene    Contributor

Rubem Passos                

Paul O’Nolan             

Juan Martinez            

Alexis Riquelme          

Norbert Morawski

Mario   Martínez            

Duncan               Robertson        

Elias     Gasparis           

Louis    Rokitta                

Jim         beam  

Julian   Kranz

Bart Preneel, University of Leuven

David Schinazi,              Internet Architecture Board

Karl Emil Nikka, Nikka Systems

Christine Fröhlich 

Nuno Figueiredo

Henrik Alexandersson, 5:th of July Foundation

Shantha Dalugamage,   Stichting Mission Lanka

Giacomo Menni 

James Ghigi    

Thaís Helena Aguiar, ISOC Brasil

Riana Pfefferkorn,       Stanford Internet Observatory

Wale Bakare,                  Webfala Digital Skills for all Initiative

Julian Mair, Phoenix R&D

Szabó Attila   

Krzysztof  Stańkowski     

Jorge Pinto    

Marjan Wijers 

Jan-Piet Mens   

Jan van der Meiden             

Jesse Neri       

Christine S             

 Digitale Gesellschaft e.V. (Germany)

Noklas Gerdin

Doeke Zanstra