Dear Ministers,
The Center for Democracy & Technology, Global Partners Digital, the Internet Freedom Foundation, the Internet Society, and Mozilla, constituting the Steering Committee of the Global Encryption Coalition, write to express our concerns with the 9 September Hungarian Presidency compromise texts on the Child Sexual Abuse Regulation.
During the Belgian Presidency, the Global Encryption Coalition led a Joint Statement on the May 2024 compromise proposal that was signed by 60+ organizations and 50+ individuals. This Joint Statement emphasized the dangers of mandated scanning for end-to-end encrypted messaging services, pointing to the security and rights concerns raised by experts with regard to client-side scanning (so-called “upload moderation”).
The Hungarian Presidency’s 9 September compromise texts build upon the Belgian proposal by proposing:
- A reduced scope for detection obligations to known child sexual abuse material (CSAM), removing obligations for unknown CSAM and grooming content.
- A Commission-led evaluation of detection technologies for new CSAM and grooming content 5 years after the Regulation enters force.
- A requirement that service providers develop detection technologies for new CSAM and grooming content, reporting regularly to the EU Centre.
However, these changes fail to resolve the fundamental problem of the proposal. The new compromise text continues to mandate content detection for encrypted messaging services and therefore fails to address the concerns of the Council’s Legal Service, and the recommendations of the European Data Protection Supervisor to protect strong encryption. As we shared in our Joint Statement: scanning is still scanning, regardless of the type of content it seeks, including both known or unknown CSAM. Scanning at the upload point defeats the end-to-end principle of strong encryption, could easily be circumvented, and would create new security vulnerabilities that third parties could exploit. In short, it will not solve the problem of the online spread of child sexual abuse material, but will introduce significant security risks for all citizens, companies, and governments.
We call on Ministers in the Council of the EU to once again reject all scanning proposals that are inconsistent with the principle of end-to-end encryption, including client-side scanning and upload moderation, and to guarantee the protection of digital rights throughout the proposal. The insistent pursuit of intrusive scanning technologies in encrypted environments will only jeopardize the security and the rights of Internet users, compromise companies of all sizes and the security of European Member States.
Any questions in relation to this statement can be directed to the Global Encryption Coalition Steering Committee at [email protected].