A controversial European Union legislative proposal to scan the private messages of citizens in a bid to detect child sexual abuse material (CSAM) is a risk to the future of web security, Meredith Whittaker warned in a public blog post Monday. She’s the president of the not-for-profit foundation behind the end-to-end encrypted (E2EE) messaging app Signal.

“There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe,” she wrote.

The most recent European Council proposal, which was put forward in May under the Belgian presidency, includes a requirement that “providers of interpersonal communications services” (aka messaging apps) install and operate what the draft text describes as “technologies for upload moderation”, per a text published by Netzpolitik.

Last month, Euractiv reported that the revised proposal would require users of E2EE messaging apps to consent to scanning to detect CSAM. Users who did not consent would be prevented from using features that involve the sending of visual content or URLs it also reported — essentially downgrading their messaging experience to basic text and audio.

The EU’s own data protection supervisor has also voiced concern. Last year, it warned that the plan poses a direct threat to democratic values in a free and open society.

Pressure on governments to force E2EE apps to scan private messages, meanwhile, is likely coming from law enforcement.

Back in April European police chiefs put out a joint statement calling for platforms to design security systems in such a way that they can still identify illegal activity and send reports on message content to law enforcement. Their call for “technical solutions” to ensure “lawful access” to encrypted data did not specify how platforms should achieve this sleight of hand

  • boredsquirrel@slrpnk.net
    link
    fedilink
    arrow-up
    35
    ·
    5 months ago

    Thanks Meredith for raising your voice over and over again.

    Also thanks to Patrick Breuer for the info about the shit that is going on.

  • Frisbeedude@sopuli.xyz
    link
    fedilink
    arrow-up
    10
    ·
    5 months ago

    There is no “if”, only “when”. Zensursula von der Leyen worked hard to get this done and she is the de-facto commision head for the new cycle. Signal knows they can close their app when this legislation passes. Their main userbase are privacy-concerned nerds and journalists who know how to find or create a new de-centralized technology.

    So do creeps btw. They will find ways to counter this.

    • sunzu@kbin.run
      link
      fedilink
      arrow-up
      9
      ·
      5 months ago

      They know this… they don’t want normies catching on because that’s when they lose control.

      • Serinus@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        5 months ago

        Are you saying the point isn’t to catch CSAM because 95% of the CSAM people will find a workaround within a week?

        Then what would be the point?

        • sunzu@kbin.run
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          5 months ago

          If they won’t do jack shit about childre. abused by Catholic church… Other religions degenerates… Police and teacher…

          If they won’t bother cleaning up twitter insta and discord from child abuse content…

          I am sure they will finally fix the issue by scanning dicpiks I sent my partner. Pinky promise bro