The European Commissioner for Home Affairs Ylva Johansson has presented legislation that would require online service providers to automatically and indiscriminately monitor digital communications and data for potential child sexual exploitation material and automatically report suspicious users to law enforcement authorities.
The Council of European Professional Societies (CEPIS), while commending and fully supporting the European Commission’s efforts to combat child abuse online, would like to point out that the proposed measures are not the best way to achieve the desired results. This legislation would potentially subject private communications of European citizens to mass surveillance, while perpetrators could continue to use tools such as closed forums, self-hosted platforms and P2P networks without risking detection.
Such plans for mass monitoring of communication content could greatly reduce people’s trust in the security of online communication.
Over 30 organizations, including CEPIS, criticize the plan in an open letter.
This legislation could significantly interfere with the fundamental rights of the entire European population and establish a potentially very damaging surveillance infrastructure. It might mean a de facto end to electronic secrecy of correspondence and telecommunications, since these measures could only be implemented by building a comprehensive technical infrastructure that is prone to errors and abuse.
CEPIS proposes that, instead of relying on a technical solution that would enable surveillance on a massive scale, the European Commission should focus on measures such as prevention and victim protection.
Byron Nicolaides, CEPIS President, said: “We all consider the safety, both online and offline, of our children, of utmost importance. However, the potential damage to Europe’s trust in digital communications outweighs the possibility of success of surveillance measures in combatting child abuse online, since criminals are very adept at finding ways to evade surveillance. Furthermore, protected communication for children and the surveillance of chat content cannot be technically reconciled. Only effective end-to-end encryption effectively protects the confidentiality of communications.”
After the draft regulation on combating child abuse became known, CEPIS and its member societies already expressed strong concerns about its implementation in March. Among other things, the proposal would require communications and hosting providers to screen all content of all users for suspicious material and forward suspected cases to a central office. This would mean, for example, that messenger services such as WhatsApp or Signal would have to search the private chats of all users.
End-to-end encrypted communication is explicitly not excluded in the proposed regulation. However, screening encrypted communications is technically only possible if the encryption as a whole is broken or undermined, for example by using one’s own device for surveillance by means of technologies such as client-side scanning. CEPIS fears that the resulting loss of trust in electronic communications will substantially jeopardize the necessary digitization of the European economy, society and administration. Thus, this open letter resolutely opposes the planned “chat control” and calls on those with political responsibility to refrain from these plans. CEPIS, however, would like to express its absolute readiness to support any other European Commission’s initiative to combat child abuse, provided that it does not infringe upon the people’s democratic right to privacy.