As feared, EU CSAM scanning law could outlaw end-to-end encryption of messages

As feared, EU CSAM scanning law could outlaw end-to-end encryption of messages

May 12, 2022 0 By Ben Lovejoy



We learned yesterday that a proposed new EU CSAM scanning law for tech giants would force Apple to revisit its own plans for detecting child sexual abuse materials. The company had quietly set these aside in response to a huge amount of controversy over its proposed approach.

Many had feared that the proposed law would involve yet another assault on end-to-end encrypted messaging, and this has now been confirmed by wording in the document …


There’s no question that there is a large-scale problem with child sexual abuse materials. The National Center for Missing & Exploited Children (NCMEC) said that it last year received 29.3M reports, almost all of which came from ISPs and cloud companies as a result of CSAM scanning on their servers.

The question is how best to tackle this, without invading the privacy of innocent users. Apple last year thought it had solved this problem. It announced plans for on-device scanning in a way that meant only confirmed matches would ever be viewed by a human moderator.

However, experts and privacy campaigners quickly pointed out four problems with Apple’s approach. The company found a solution to one of these – accidental false positives – by setting a threshold of 30+ images for a report to be filed. The three other problems remain.

Proposed EU CSAM scanning law

The European Union yesterday published the draft of a new law that would require tech giants to conduct CSAM scanning. This requirement extends not just to detecting CSAM images but also grooming attempts, which would require scanning of text.

This is not currently possible with iMessage, nor other apps like WhatsApp, which use end-to-end encryption.

Wired reports.

All of your WhatsApp photos, iMessage texts, and Snapchat videos could be scanned to check for child sexual abuse images and videos under newly proposed European rules. The plans, experts warn, may undermine the end-to-end encryption that protects billions of messages sent every day and hamper people’s online privacy […]

Under the plans, tech companies—ranging from web hosting services to messaging platforms—can be ordered to “detect” both new and previously discovered CSAM, as well as potential instances of “grooming.” The detection could take place in chat messages, files uploaded to online services, or on websites that host abusive material […]

The European proposal to scan people’s messages has been met with frustration from civil rights groups and security experts, who say it’s likely to undermine the end-to-end encryption that’s become the default on messaging apps such as iMessage, WhatsApp, and Signal.

“Incredibly disappointing to see a proposed EU regulation on the internet fail to protect end-to-end encryption,” WhatsApp head Will Cathcart tweeted. “This proposal would force companies to scan every person’s messages and put EU citizens’ privacy and security at serious risk.” Any system that weakens end-to-end encryption could be abused or expanded to look for other types of content, researchers say.

Legislators have persisted in calling for backdoors into E2E encrypted messages, consistently failing to understand that it’s a technological impossibility. As University of Surrey cybersecurity professor Alan Woodward puts it: “You either have E2EE or you don’t.”

Woodward does note that there is a possible workaround: on-device scanning, after the message has been decrypted. But that it precisely the same approach Apple proposed to use for CSAM scanning, and which led to such a furore about the potential for abuse by repressive governments.

Photo: Ali Abdul Rahman/Unsplash

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy’s favorite gear

You can read the original article here —> [ Read More ]

Sponsored Posts

February 6, 2022 0

NordLayer — more than a business VPN

By Sponsored

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no...


Don't miss a beat!!

We’d love to keep you updated with the latest tech news from across the internet!

Don't worry, we don’t spam!