Image: zaphad1, CC BY 2.0
The Commission argues that “the content is the crime”, and so access to the content of encrypted communications is necessary.
The CSAM proposal foresees a regime of “detection orders” that could be issued against providers of “interpersonal communication services” – for example, messaging services such as Signal and Whatsapp.
In a widely-reported leaked opinion (pdf), the Council Legal Service (CLS) argues that the regime of detection orders set out in the proposal is “not being sufficiently clear, precise and complete.”
Furthermore, it would either “[compromise] the essence of the above-mentioned fundamental rights in so far as it would permit generalised access to the content of interpersonal communications,” or fail to meet the proportionality requirement due to:
- requiring “the general and indiscriminate screening of the data processed by a specific service provider, and apply without distinction”;
- requiring access to the content of communications; and
- it “would pursue the general objective of fighting child sexual abuse crimes which, although they are serious crimes, do not constitute threats to national security.”
In a note (pdf) circulated in the Council on 16 May, the Commission sets out why it thinks otherwise:
“The Commission services are of the view that there are numerous elements that, especially when considered in their totality, likely justify the conclusion that the proposed system of detection orders is proportionate.”
The Commission seeks to use the same case law as the CLS to argue that the CSAM proposal would in fact be entirely legal.
The CLS opinion also notes that:
“…the providers would have to consider (i) abandoning effective end-to-end encryption or (ii) introducing some form of ‘back-door’ to access encrypted content or (iii) accessing the content on the device of the user before it is encrypted (so-called ‘client-side scanning’).”
As has been pointed out multiple times, this would fatally undermine the way the internet works, putting the privacy and security of all users at risk – but this point does not appear to be a deterrent to the Commission.
On the issue of undermining encryption – and thus the privacy and security of communication via the internet more generally – the Commission’s paper remains silent.
Documentation
- NOTE from: Commission services: Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse – Balancing the rights of children with users’ rights (Council doc. 9512/23, LIMITE, 16 May 2023
- Council Legal Service opinion: Proposal for a Regulation laying down rules to prevent and combat child sexual abuse – detection orders in interpersonal communications – Articles 7 and 8 of the Charter of Fundamental Rights – Right to privacy and protection of personal data – proportionality (Council doc. 8787/23, LIMITE, 26 April 2023, pdf)
