European Union Renews Push to Kill Encryption

​Every moral person agrees we must fight the sexual abuse of children online. But a renewed push by the Belgian Presidency within the European Union’s executive branch would force all consumers to accept software that would annihilate any semblance of communications privacy. This would be done with government technology that would break end-to-end encryption. (Hat tip to Joe Mullin of EFF.)
 
In the name of catching those who traffic in Child Sexual Abuse Materials (CSAM), the EU is poised to degrade the ability of anyone to privately communicate. Worse, it could enable illicit and dangerous surveillance by bad actors.
 
The EU had previously proposed scanning the full content of encrypted messages. In what is being sold as a new approach, the executive branch is now offering a tweaked but still problematic approach called “upload moderation.” This proposal would mandate the scanning of hyperlinks and images within encrypted messages. In theory, consumers could refuse to consent to this snooping, but they would be blocked from sharing any further photos or videos. Such coerced consent is, of course, no consent at all.
 
What is lost in this debate is that encryption is a major protector of personal security, human rights, and liberty. In an open letter to the EU, leading civil liberties organizations – including the Center for Democracy & Technology, Mozilla, and the Electronic Frontier Foundation – warn policymakers that such technology would be dangerous “bugs in our pockets.” Such “client-side scanning” pushes surveillance beyond what is shared on the cloud directly to the user’s device.
 
Some trolls already threaten journalists by sending them unwanted CSAM. Dictatorships could use Europe’s system to send innocuous images to dissidents that contain the correct parameters to trigger a CSAM alarm – and then use the results of that alarm to locate that person. Cartels and other criminal gangs could use it to locate witnesses.
 
Experts demonstrate that malevolent agents can manipulate the hash database of such a system to transform it into a risk for physically locating and surveilling individuals. Victims around the world could ironically include women and children hiding in safe houses from abusers and stalkers.
 
CSAM users are despicable criminals who deserve to be ferreted out and punished. But creating a system that eradicates all privacy in electronic communications is not the solution.