CDT Joins Statement on Dangers of the EU’s Proposed Regulation for Fighting Child Sexual Abuse Online

CDT joins dozens of other organizations, companies, and cybersecurity experts in signing onto the following statement in response to the Regulation on Child Sexual Abuse (CSA) that the European Commission proposed on 11 May 2022:

Child sexual abuse is a serious crime that must be addressed by Member states and by other countries around the world. We are concerned, though, that the approach taken by the Commission in this proposed Regulation would have devastating impacts on the security of communications and on user privacy.

The Commission’s legislation would enable Member States to compel online platforms, including those offering end-to-end encrypted messaging, to scan users’ content and metadata for CSA images and for “grooming” conversations and behavior, and where appropriate, report them to public authorities and delete them from their platforms. Such a requirement is fundamentally incompatible with end-to-end encrypted messaging because platforms that offer such service cannot access communications content. This has been confirmed by experts around the world who produced an analysis of how any form of scanning breaks end-to-end encrypted systems in addition to a detailed report on the multiple ways in which client-side scanning, in particular, “can fail, can be evaded, and can be abused.”

Instead of mandating measures that are inconsistent with end-to-end encryption and would diminish the security of everyone, regulators should incentivize measures that address CSA and protect communications security. Among these measures are facilitating user reporting of CSA material.

Read the full letter + list of signatories on the Global Encryption Coalition’s website.