EU’s Proposed CSAM Bill Poses Hacking Risks

Members of a European Parliament committee heard Thursday an assessment warning them that a bill intended to fight child sexual abuse material would instead weaken online security.

See Also: Webinar | The Evolution of Network Architecture: What You Don’t Know Can Hurt You

The Child Sexual Abuse Material proposal unveiled by the European Commission in May 2022 faces a barrage of opposition from industry and civil liberty groups concerned that its mandate for digital communication services such as instant messenger apps to scan for CSAM is incompatible with end-to-end encryption.

Bart Preneel, a cryptography professor at Catholic University of Leuven in Belgium, told the Committee on Civil Liberties, Justice and Home Affairs, or LIBE, the only way mandatory scanning is compatible with end-to-end encryption by scanning for images on devices before they’re transmitted across the web. Preneel is co-author of an assessment of the CSAM proposal commissioned by the committee.

“The only way you could actually detect CSAM would be by scanning on the device of the user. You would have to insert additional software in the user device, and such a software will create new vulnerabilities that are open to attack and abuse,” he said.

Scanning communications would violate a right to confidential communications while client-side scanning “violates the essence of the right of protection…