CDT and Allies Decry False Compromise Proposal on EU CSAM

CDT and dozens of other organizations, companies, and cybersecurity experts released a joint letter that points to the threat posed to encryption by the latest “compromise” proposal from the EU presidency on the proposed EU Regulation on Child Sexual Abuse. Members of the Global Encryption Coalition organized the letter, which explains that the proposal’s mandate for mass “upload moderation” is just a warmed-over version of the client-side scanning approach that characterized earlier iterations of this EU Child Sexual Abuse Regulation. Detection of child sexual abuse material (CSAM) images would require scanning images and videos that users upload. 

As we stress in the joint letter, compelled scanning at the upload point, combined with compelled reporting of suspected CSAM to authorities, defeats the promise of privacy in end-to-end encrypted services, will not stop the online spread of CSAM, and will create cybersecurity vulnerabilities that bad actors can exploit. Users would be required to consent to such scanning as a condition of using online services to upload images and video, which would mean that consent would not be freely given as is required by EU law. We called on Ministers in the Council of the European Union to reject this flawed compromise proposal.

In addition to the joint letter, CDT Europe also released a detailed briefing document on this proposal from the EU presidency on the proposed CSAM regulation.