Controversial Proposal and Heated Discussions
European ambassadors are set to debate a contentious proposal that would mandate the use of scanning technology to monitor all online images in an effort to combat child sexual abuse. The draft regulation, introduced by the Belgian presidency of the EU Council, could compel encrypted messaging services like WhatsApp and Messenger to include surveillance tools to scan users’ images.
What the Law Entails
The proposed regulation aims to detect and report child sexual abuse material (CSAM) by requiring messaging services to scan photos, videos, and URLs. This technology, known as ‘upload monitoring’, would check content before it is sent, ensuring the messages themselves remain encrypted. Users would need to consent to this scanning to continue using the full functionality of these services. If they refuse, they could still send text messages but would be unable to share images, videos, or URLs.
Background and Motivation
The amendment was proposed on May 28 by the Belgian EU presidency to break a deadlock in ongoing negotiations over the CSAM regulation. The discussions have been polarized, with privacy advocates clashing with those prioritizing security. Some countries, like France, opposed any measure that might weaken encryption, making ‘upload moderation’ a compromise that maintains encryption while scanning content before transmission.
Controversy and Criticism
Critics argue that this approach could lead to mass surveillance. German MEP Patrick Breyer warned, “We’re on the brink of a surveillance regime as extreme as anywhere in the free world.” Privacy advocates, including Callum Voge of the Internet Society, believe the proposal undermines the security and privacy that end-to-end encryption provides.
Trade associations and digital rights groups also raise concerns about the practical implications. Claudia Canelles Quaroni of the CCIA highlighted the risk of false positives and the potential strain on law enforcement from over-reporting. Ella Jakubowska from EDRi described the technology as akin to spyware, potentially opening devices to exploitation by malicious actors.
Messaging app Signal’s president, Meredith Whittaker, echoed these concerns, warning that such measures would create vulnerabilities exploitable by hackers and hostile states, and threatened to cease operations in the EU if the rule is enforced.
Next Steps and Timeline
If ambassadors reach an agreement, it would initiate negotiations between the European Parliament, Commission, and Council, a process known as a ‘trilogue’. However, formal adoption of the regulation is unlikely before autumn 2024 due to the need for a new Parliament and the Hungarian presidency to organize these talks.
Hungary, set to take over the Council presidency, has pledged to work on long-term solutions to prevent online child sexual abuse. Ongoing discussions are expected to be intense, especially given the Parliament’s stance against bypassing end-to-end encryption. A final agreement must be reached by April 2026, when current self-moderation exemptions for social networks expire, potentially leaving no barriers to sharing sensitive images.
Conclusion
The proposed EU regulation to combat child sexual abuse by scanning online images is a controversial topic that pits security concerns against privacy rights. As negotiations continue, the outcome will significantly impact the balance between protecting children and maintaining digital privacy across Europe.
