31 October 2022
Negotiations are proceedings on the EU's proposed Regulation laying down rules to prevent and combat child sexual abuse, which will oblige communications service providers to undermine encryption and use unproven automated detection technologies in the hope of detecting online child abuse imagery. In mid-October, the Czech Presidency of the Council circulated compromise proposals on Chapter III, dealing with supervision, enforcement and cooperation. Two weeks later, proposals on Chapter I (general provisions) followed. They are published here.
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
Image: Derek Bruff, CC BY-NC 2.0
See: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down rules to prevent and combat child sexual abuse - Presidency compromise texts (Council doc. 13514/22, LIMITE, 12 October 2022, pdf):
"Delegations will find in the Annex Presidency compromise texts on the above proposal. Changes to document 9068/22 are marked in bold underline and strikethrough underline.
Compromise texts in Articles 25 to 39 are based on the discussions during the LEWP meeting of 22 September 2022 and delegations’ written comments."
And the corrigendum (pdf): "The numbering of articles in document ST 13514/22 should be from Article 25 to Article 39, instead of Article 1 to Article 15.2
See: Presidency compromise texts (Council doc. 14008/22, LIMITE, 26 October 2022, pdf):
"Delegations will find in the Annex Presidency compromise texts on the above proposal. Changes to document 9068/22 are marked in bold and strikethrough. Changes to document 12354/22 are marked in bold underline and strikethrough underline.
Compromise texts in Articles 1 and 2 are based on the discussions during the LEWP meeting of 22 September 2022 and delegations’ written comments."
Undermining encryption, threatening privacy
The Commission's original proposal is available here.
When the proposal was published, Statewatch joined dozens of other organisations calling for it to be withdrawn due to the threat it poses to secure digital communications, which are - amongst other things - vital for protecting freedom of expression and the activities of journalists, whistleblowers, lawyers, medical professionals and others.
The statement noted:
"The proposed CSA Regulation has made a political decision to consider scanning and surveillance technologies safe despite widespread expert opinion to the contrary. If passed, this law will turn the internet into a space that is dangerous for everyone’s privacy, security and free expression. This includes the very children that this legislation aims to protect."
In July, the European Data Protection Supervisor and European Data Protection Board issued a joint opinion (pdf) condemning numerous aspects of the proposal as unecessary and disproportionate.
Statewatch has joined 72 other civil society organisations and professional bodies to demand in an open letter that the European Commission withdraw the proposed Child Sexual Abuse (CSA) Regulation, and replace it with an approach that upholds fundamental rights. The proposal would fundamentally undermine how the internet works, making it less safe for everyone.
A police "operational action plan" on preventing child sexual abuse includes a requirement for almost 30 states and EU agencies to gather five case studies, each intended to contribute to EU "policy development" on preventing and combating sexual abuse. While few would disagree with the ends, it is likely that one of the proposed means will be to undermine encryption, threatening the privacy and safety of all users of digital communications technologies.
A high-level conference organised by the Slovenian Presidency of the Council of the EU will commit participating states to finding "appropriate solutions regarding data retention, encryption, e-evidence and the darknet," in the name of combating child sexual abuse.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.