The Commission’s gross violation of privacy — endangering encryption – POLITICO

Press play to listen to this article

Markéta Gregorová is a member of the European Parliament from the European Pirate Party.

Strong end-to-end encryption is an essential part of a secure and trustworthy Internet. It protects us every time we make an online transaction, when we share medical information or when we interact with friends and family.

Strong encryption also protects children — it allows them to communicate with trusted friends and family members in confidence, and allows others to report online abuse and harassment confidentially. It keeps our personal data personal, and our private conversations private. 

But now that fundamental technology is being threatened by the European Commission.

The European Union’s new regulation intending to fight child sexual abuse online will require Internet platforms — including end-to-end encrypted messaging apps like Signal and WhatsApp — to “detect, report and remove” images of child sexual abuse shared on their platforms. In order to do this, however, platforms would have to automatically scan every single message — a process known as “client-side scanning.”

But not only is this a gross violation of privacy, there’s no evidence that the technology exists to do this effectively and safely, without undermining the security provided by end-to-end encryption. And while the proposed regulation is well-intentioned, it will result in weakening encryption and making the Internet less secure.

Only two months ago, the New York Times reported that Google had flagged medical images that a man in San Francisco had taken of his son’s groin as child sexual abuse material. He had sent the images to his doctor seeking medical advice for his child, only to have his account shut down and become the subject of a police investigation. 

The current regulations would create such mandatory measures for platforms, enforcing them with significant fines of up to 6 percent of an offender’s global turnover — meaning tech companies would be forced to be overzealous for fear of falling foul of the rules. This greatly increases the possibility of such false-positives…