Skip to Content

The EU Child Sexual Abuse Regulation: LIBE Committee Takes Step in Right Direction

(BRUSSELS)–The European Parliament’s LIBE committee vote in favour of introducing important rights-protecting safeguards to the proposed law on child sexual abuse has been cautiously welcomed by the Centre for Democracy & Technology, Europe (CDT Europe).

CDT Europe has been critical of the European Commission’s original draft of the law due to its failure to factor in safeguards for the most vulnerable children, its over-reliance on unreliable technologies, its threat to break end-to-end encryption, and its undermining of the right to presumption of innocence.

The LIBE committee position does much to address these concerns, but some points will still need to be addressed before the final negotiations are concluded. 

CDT Europe’s Secretary General Iverna McGowan said:

With today’s vote, the Committee has chosen to reject the notion that mass surveillance is either necessary or is an effective way to protect children from abuse. They have recognised correctly that the right to communicate securely is a keystone of our democracies that can only be interfered with in cases of actual suspicion of wrongdoing, and subject to judicial oversight.

The Committee has been clear that end-to-end encryption is essential in a democracy and to protect the most vulnerable children’s rights. However, the ambiguity in the text regarding guarantees on encryption for hosting services – such as all of our iCloud photo albums – must be clarified in the upcoming negotiations. 

At the same time, some serious risks to rights remain, including that the consensual sharing of intimate photos between young people remains in the scope of the law. This means such images could be scanned and potentially flagged for law enforcement if shared on an unencrypted channel. Given that many messaging channels that teens use are unencrypted, this is a genuine risk. This could have a devastating impact, particularly on LGBTIQ youths. This will have to be altered before the final law is agreed. 

The separation of the newly proposed EU Centre from Europol, is an essential and correct step. Yet, the Centre is still being mandated to develop indicators for grooming and previously unknown images. To create such indicators, the Centre would need to scrape the web at scale on non-encrypted platforms and channels and use those innocent images of children to train algorithms without the consent of those children nor their parents. It would also need to collect actual images of abuse, and it is not clear where those would come from, nor how it could possibly train AI on images of child abuse legally. The outstanding concerns about the accuracy and feasibility of such uses of technology remain.” 

Further Background

  • The LIBE Committee has proposed changes to the ‘detection orders’ under Art. 7 including: adding clarity that end-to-end encrypted messaging services such as Signal or WhatsApp would not be subject to detection orders; limiting detection orders to people or individuals who are actual suspects (thought there is problematic language on having an indirect link to a crime which needs to be clarified); ensuring that a judicial authority has oversight of detection orders including monitoring their specific purposes and scope. 
  • The Committee has introduced clear language under Art. 7 on detection orders in relation to end-to-end encryption. This means that private interpersonal communication channels would be out of scope. This certainly is linked to Art. 7 and detection orders. Articles 7 through 11 related to the derogations under e-Privacy. However, in Art. 1 It is clear that hosting services are in scope of the regulation, hosting services are not covered by Art. 7. The language on encryption in Art.3 is not robust enough to preclude client-side scanning. Therefore there is a risk that the Regulation, if not altered, could allow for law enforcement to scan hosting services including cloud photo albums. 

###

The Center for Democracy & Technology (CDT) is the leading nonpartisan, nonprofit organization fighting to advance civil rights and civil liberties in the digital age. We shape technology policy, governance, and design with a focus on equity and democratic values. Established in 1994, CDT has been a trusted advocate for digital rights since the earliest days of the internet. The organization is headquartered in Washington, D.C., and has a Europe Office in Brussels, Belgium.