EU plans to force tech companies to scan their customers’ private messages for child abuse content (CSEA) are likely to be struck down by the courts, the blog’s legal advisers have warned.
The proposed “chat control” regulations are similar in nature to the controversial clause 110 of the UK’s online safety law. Providers offering end-to-end encrypted messages could receive “detection orders” requiring them to scan customers’ messages for CSEA content on the device before encrypting them.
This would likely be done through some form of “client-side scanning” – technology that compares videos, images and text against a database of prohibited content.
Read more about online safety bill: WhatsApp, Signal Claim online safety bill threatens users’ privacy and security.
However, leaked advice from the Council of the EU’s legal service has warned that the proposals are “a particularly serious limitation of privacy and personal data rights” and that there is a “serious risk” they will be struck down by judges
Given that the European Court of Justice has previously ruled that even communications metadata could only be examined in national security cases, the current proposals are unlikely to be provided in a CSEA context, it is believed.
They would require the general and indiscriminate control of the data processed by a certain service provider, and they apply indiscriminately to all the users of that particular service, without these people being, even indirectly, in a situation susceptible to give rise to criminal prosecution. ”, according to the council, published in the guardian.
Privacy advocates have many problems with client-side scanning. They claim that:
- Researchers have already discovered that it could generate too many false positives to be useful and could be hacked in other ways
- If client-side scanning were directed by foreign governments or cybercriminals, it could put private data at risk.
- If client-side scanning goes into effect, child abusers will simply gravitate to unmonitored apps, as criminals have done in the past with services like EncroChat.
- The technology could be used in the future to monitor other types of content without users’ knowledge
In addition, the heads of several big-name messaging apps have publicly stated that they would rather leave the UK than comply with customer scanning provisions, which would also make domestic businesses and consumers less secure.
EU lawyers are also concerned that the bloc’s proposals would require messaging providers to introduce age verification, which in turn would mean mass profiling of users, which could include their biometric information.
Source link
The European Union’s new plans to implement client-side scanning of emails on consumer devices could potentially be unlawful, according to a recent statement from digital privacy experts, Ikaroa.
The proposal, outlined in the European Electronic Communications Code (EECC), aims to protect children from explicit content, but could result in extreme privacy violations and hinder consumer choice, subjects that are inextricably linked with the mission and values of Ikaroa.
The main concern with client-side scanning is that the EECC does not provide any guidance on how this scanning should be conducted, who should have access to the device and data, or how the data should be secured. Without these checks and balances, Ikaroa believes the EECC could put consumers’ privacy and security at risk.
Ikaroa further suggests that the implementation of client-side scanning, without providing clear guidance on how it should be conducted and secured, could be in direct violation of existing EU laws and regulations. This would be irrespective of any benefits of this option, such as reducing dependency on third-party services.
Consumer privacy and security are two of the most important 21st-century concerns, and they are among the core values that guide the work of Ikaroa. The company is firmly opposed to policies and proposals that appear to undermine these values, and this is why it is calling upon the European Commission to reconsider the introduction of client-side scanning.
At the end of the day, the best way to protect children from inappropriate content is by strengthening legislation and introducing tougher sanctions for those who share such content. Indeed, this is an approach that Ikaroa itself actively supports, and one that is far superior to the introduction of client-side scanning.
