{"id":5250,"date":"2022-05-12T16:35:29","date_gmt":"2022-05-12T14:35:29","guid":{"rendered":"https:\/\/pr.gagadget.com\/as-feared-eu-csam-scanning-law-could-outlaw-end-to-end-encryption-of-messages\/"},"modified":"2022-05-12T16:35:29","modified_gmt":"2022-05-12T14:35:29","slug":"as-feared-eu-csam-scanning-law-could-outlaw-end-to-end-encryption-of-messages","status":"publish","type":"post","link":"https:\/\/pr.gagadget.com\/en\/as-feared-eu-csam-scanning-law-could-outlaw-end-to-end-encryption-of-messages\/","title":{"rendered":"As feared, EU CSAM scanning law could outlaw end-to-end encryption of messages"},"content":{"rendered":"
As feared, EU CSAM scanning law could outlaw end-to-end encryption of messages<\/div>\n
\n
\n

We learned yesterday that a proposed new EU CSAM scanning law for tech giants would force Apple to revisit its own plans for detecting child sexual abuse materials. The company had quietly set these aside in response to a huge amount of controversy over its proposed approach. <\/p>\n

Many had feared that the proposed law would involve yet another assault on end-to-end encrypted messaging, and this has now been confirmed by wording in the document \u2026<\/p>\n

<\/span>\n\t\t<\/p>\n

Background<\/h2>\n

There\u2019s no question that there is a large-scale problem with child sexual abuse materials. The National Center for Missing & Exploited Children (NCMEC) said that it last year received 29.3M reports<\/a>, almost all of which came from ISPs and cloud companies as a result of CSAM scanning on their servers.<\/p>\n

The question is how best to tackle this, without invading the privacy of innocent users. Apple last year thought it had solved this problem. It\u00a0announced plans for on-device scanning\u00a0in a way that meant only confirmed matches would ever be viewed by a human moderator.<\/p>\n

However, experts and privacy campaigners quickly pointed out four problems with Apple\u2019s approach. The company found a solution to one of these \u2013 accidental false positives \u2013 by setting a threshold of 30+ images for a report to be filed. The three other problems remain.<\/p>\n

Proposed EU CSAM scanning law<\/h2>\n

The European Union yesterday published the draft of a new law that would require tech giants to conduct CSAM scanning. This requirement extends not just to detecting CSAM images but also grooming attempts, which would require scanning of text.<\/p>\n

This is not currently possible with iMessage, nor other apps like WhatsApp, which use end-to-end encryption.<\/p>\n

Wired<\/a><\/em> reports.<\/p>\n

\n

All of your WhatsApp photos, iMessage texts, and Snapchat videos could be scanned to check for child sexual abuse images and videos under newly proposed European rules. The plans, experts warn, may undermine the end-to-end encryption that protects billions of messages sent every day and hamper people\u2019s online privacy [\u2026]<\/p>\n

Under the plans, tech companies\u2014ranging from web hosting services to messaging platforms\u2014can be ordered to \u201cdetect\u201d both new and previously discovered CSAM, as well as potential instances of \u201cgrooming.\u201d The detection could take place in chat messages, files uploaded to online services, or on websites that host abusive material [\u2026]<\/p>\n

The European proposal to scan people\u2019s messages has been met with frustration from civil rights groups and security experts, who say it\u2019s likely to undermine the end-to-end encryption that\u2019s become the default on messaging apps such as\u00a0iMessage,\u00a0WhatsApp, and\u00a0Signal.<\/p>\n

\u201cIncredibly disappointing to see a proposed EU regulation on the internet fail to protect end-to-end encryption,\u201d WhatsApp head Will Cathcart\u00a0tweeted<\/a>. \u201cThis proposal would force companies to scan every person\u2019s messages and put EU citizens\u2019 privacy and security at serious risk.\u201d Any system that weakens end-to-end encryption could be abused or expanded to look for other types of content,\u00a0researchers say<\/a>.<\/p>\n<\/blockquote>\n

Legislators have persisted in calling for backdoors into E2E encrypted messages, consistently failing to understand that it\u2019s a technological impossibility. As University of Surrey cybersecurity professor Alan Woodward puts it: \u201cYou either have E2EE or you don\u2019t.\u201d<\/p>\n

Woodward does note that there is a possible workaround: on-device scanning, after the message has been decrypted. But that it precisely the same approach Apple proposed to use for CSAM scanning, and which led to such a furore about the potential for abuse by repressive governments.<\/p>\n

Photo:\u00a0Ali Abdul Rahman<\/a>\/Unsplash<\/a><\/em><\/p>\n

\n

\n\t\t\t\t\t<\/div>\n