EU Proposal to Scan Private Messages Faces Intense Backlash from Experts

A controversial proposal by the European Union to require messaging platforms to scan private communications for child sexual abuse material (CSAM) is facing widespread criticism from security and privacy experts. In an open letter, 270 experts from 33 countries warn that the plan could generate millions of false positives daily and severely undermine internet security and user privacy.

Why this matters: The proposal's potential to compromise online privacy and security could have far-reaching consequences for individuals and businesses alike, potentially undermining trust in digital communication platforms. Moreover, the implementation of such a measure could set a precedent for government surveillance and control of online activities, threatening the fundamental principles of a free and open internet.

The EU proposal, introduced two years ago, would mandate messaging platforms to scan for known CSAM and use unspecified detection technologies to identify unknown CSAM and grooming activity. Critics argue this approach is technologically impossible and would force platforms to deploy blanket surveillance of all users, using unproven and risky technologies like client-side scanning.

The experts' letter emphasizes the potential risks, millions of false positives. Even with a highly optimistic 0.1% false positive rate, WhatsApp's 140 billion daily messages would result in 1.4 million false positives every single day. The experts warn these false alarms could have severe consequences for individuals wrongly flagged by the system.

Another major issue highlighted in the letter is the incompatibility of client-side scanning with end-to-end encryption (E2EE). E2EE ensures that only the communicating parties can access the content of their messages, providing a vital security safeguard. The experts arguethe EU's proposal fails to address the fundamental concerns around scanning techniques and their impact on E2EE.

The open letter serves as a dire warning to EU lawmakers, urging them to reconsider the proposal and explore alternative solutions that balance the need to combat CSAM with the need to protect citizens' privacy and security. The experts recommendhalting the regulation until proper technical consultation is conducted to determine what is feasible while preserving secure communications.

Instead of relying on flawed detection technologies, the experts suggest investing in proven approaches such as education, reporting hotlines, and better moderation through prioritizing educational content in search rankings and platform partnerships. They stress that these methods have been effective in combating CSAM without compromising the security and privacy of all users.

The EU's proposal has faced growing opposition since its introduction, with independent experts, lawmakers, and the bloc's own data protection regulator expressing concerns. An earlier open letter signed by 465 academics warned that the detection technologies the legislative proposal depends on are deeply flawed and vulnerable to attack.

The debate continues, and the final shape of the law remains uncertain. The European Council's amended proposal is still under discussion, and experts warn the revisions are likely to lead to extraordinary possibilities for surveillance and control of internet users. The outcome of this contentious issue will have far-reaching implications for privacy, security, and the future of online communications in the European Union and beyond.

Key Takeaways

• EU proposal requires messaging platforms to scan private communications for CSAM, sparking privacy and security concerns.
• Experts warn of millions of daily false positives, undermining trust in digital platforms and threatening online privacy.
• Client-side scanning incompatible with end-to-end encryption, compromising user security.
• Alternative solutions proposed, including education, reporting hotlines, and better moderation.
• EU lawmakers urged to reconsider proposal, prioritize technical consultation, and protect citizens' privacy and security.