Global Encryption Coalition members have been closely monitoring the conversations happening in the European Union (EU) surrounding the Child Sexual Abuse Regulation. The Hungarian Presidency, responsible for leading negotiations on the file within the Council of the EU, has attempted numerous votes on the file during its sixth-month presidency. These votes have been unsuccessful, as a sufficient number of member states have, among other things, expressed their concerns over how the proposal may impact end-to-end encryption and privacy.
As their term approached its end, the Hungarian Presidency pushed for a final vote on December 12th, 2024, seeking to reach a “general approach.” EU member states that opposed the Hungarian proposal were required to state their reasons for opposition publicly.
The Center for Democracy & Technology, Global Partners Digital, the Internet Freedom Foundation, the Internet Society, and Mozilla, constituting the Steering Committee of the Global Encryption Coalition, express our support to the European Union Member States that opposed the Hungarian Presidency’s proposal.
As we have stated previously, scanning at the upload point defeats the end-to-end principle of strong encryption, could easily be circumvented, and would create new security vulnerabilities that third parties could exploit. The Hungarian proposal fails to solve the online spread of child sexual abuse material, and would introduce significant security risks for all citizens, companies, and governments.
We have included below quotes from EU Member States that opposed the Hungarian proposal. We support the efforts of these Member States to protect strong encryption, uphold fundamental rights including privacy, and prevent the creation of new security vulnerabilities to the benefit of Internet users within Europe.
- Luxembourg: “Luxembourg cannot agree to the current detection proposal as it stands. The legal reasons for that: the council legal services opinion believes that the detection regime rules would lead to a general indiscriminate surveillance that would apply to all users of these services that are the subject of detection order. As a result, the proportionality that is part of our charter of fundamental rights would not thus be respected and could null and void any detection order that could be a subsequent ruling to that effect by the Court of Justice therefore we have to be very careful in what we have in the way of European case of law.
There are also technical reasons: if you look at client side scanning that is used in interpersonal communications services protected by encryption technology, this is something that has been the subject of major criticism in the area of cybersecurity.” - Czech Republic: “Following this lengthy discussion also at national level, what we see, something that needs further discussion is the question of end to end encryption of communications.”
- Poland: “We have bad experiences in Poland regarding infringing on the privacy of correspondence and general scanning of correspondence could have major consequences because it could be abused for other purposes. We need a balance between the rights of children and the rights of users in general, that is absolutely crucial.”
- Austria: “I must flag some data protection concerns raised by the Austrian parliament and I therefore call for this proposal to be reworked to be in conformity with data protection and constitutional law.”
- Germany: “What we haven’t yet achieved, and I am not sure why we have not achieved it bc it’s only a small aspect. We have said from the start that chat controls and access to encrypted private communications, we have always rejected that, we believe that this is not the right approach, it puts millions of people under general suspicion and we need a specific cause to look into people’s private communications.”
- Slovenia: “On the detection order, the current solution still constitutes a form of surveillance of interpersonal communications of all users of a certain service , solely on the likelihood that a certain service can be used or misused to share material that constitutes sexual abuse of children which is a disproportionate interference into the right of privacy to communications. That this solution is problematic was also pointed out by ECLS during the negotiations, we need to find a solution that will withstand the scrutiny of the Court of Justice.”
- Netherlands: “We need to carefully assess all the implications, especially concerning fundamental rights and digital resilience and these concerns have not been taken away which is why the Dutch government cannot support the general approach.”