EU proposal for messaging platform surveillance met with expert criticism

European Union lawmakers are facing significant pushback from over 270 security and privacy experts regarding a proposal to require messaging platforms to scan private communications for child sexual abuse material (CSAM).

The proposal, initially put forward by the EU Commission two years ago, has attracted criticism from various quarters, including independent experts, lawmakers within the European Parliament, and even the bloc’s own Data Protection Supervisor.

The EU proposal not only mandates messaging platforms to scan for known CSAM when ordered but also requires the use of unspecified detection scanning technologies to identify unknown CSAM and grooming activity.

In their open letter, the experts argue that the proposal is technically unfeasible and will not effectively protect children from abuse. Instead, they contend that it will compromise internet security and user privacy by enforcing blanket surveillance on all users through unproven technologies like client-side scanning.

“The protection given by end-to-end encryption implies that no one other than the intended recipient of a communication should be able to learn any information about the content of such communication. Enabling detection capabilities, whether for encrypted data or data before it is encrypted, violates the very definition of confidentiality provided by end-to-end encryption,” the letter read.

Despite these concerns, the EU appears determined to proceed with the proposal.

The letter also addresses recent amendments to the draft noting that they don't address fundamental flaws in the plan.

Some of the proposed amendments include:

• Limit scanning to individuals and groups suspected of child sexual abuse

• Only scan for known and unknown CSAM

• Remove the requirement to scan for grooming

The experts pointed out that the proposed detection methods are likely to result in millions of false alarms, considering the sheer volume of messages exchanged daily on platforms like WhatsApp.

They also criticized another proposal to limit detection orders to messaging apps deemed "high-risk," arguing that this would still affect a massive number of users.

The letter concludes with a stark warning about the potential consequences of the EU's current course of action. It suggests that if the proposal is enacted, it will set a dangerous precedent for internet filtering, infringe on individuals' right to privacy, and negatively impact democracies worldwide.