A controversial bill that risks putting the crittografia end-to-end in the European Union is one step away from becoming reality. Today the governments of the EU member states are called upon to draw up a document that formalizes their position on a proposal that would oblige messaging platforms such as WhatsApp and Telegram to implement an automatic anti-CSAM filter, acronym for child sexual abuse material.
In other words: platforms should automatically scan their users’ messages – texts, photos and videos and also links -, identifying any child pornography content. If successful, the content of the message would be forwarded to the platform moderators and, therefore, to the authorities.
“The road to hell is paved with good intentions,” went the old adage. It is not the first time that EU institutions have discussed a crackdown on child pornography that would involve an automated moderation system. Previous proposals had fallen by the wayside, buried by strong concerns about user privacy and security.
Yes, because a system like the one described by the EU would inevitably be implemented at a heavy price: the end-to-end encryption that today protects all WhatsApp users’ communications, Signal and (limited to secret chats) Telegram could no longer be guaranteed.
As we said, so far the proposals that went in this direction had not found a consensus, but this time things could go differently. If the majority of governments were to vote in favor of the proposal today, the ball would pass to Parliament and the Commission, with a fair chance of it being approved. In May, Wired UK had obtained a rather alarming confidential document: the majority of governments – we read in the Council’s informal survey aimed at gathering the preliminary positions of the Member States – are in favor of some form of limitation of end-end encryption to-end.
The most emblematic case is that of the Spanish government, which even proposes to ban it completely. At the beginning of 2024, theEuropol had declared that encryption poses a serious obstacle to investigative activities: not only child pornography, but also the fight against scams and terrorism.
The draft law provides that users can prevent the scan their messages, too bad that by doing so they would also lose the ability to share attachments (including links) with their contacts. On the topic of end-to-end encryption, the Commission seems to have a disturbingly ambiguous position: in one passage the E2E encryption it is defined as “a fundamental tool for protecting citizens’ rights”, but immediately afterwards we also read that “it can inadvertently create gray areas, where child sexual abuse material can be shared or disseminated”.
EU institutions defend this supposed encryption safeguard by claiming that users’ messages would be automatically scanned by the filter before being encrypted and, therefore, sent to the recipient.
The main messaging applications – together with privacy organizations – have never made a secret of their strong opposition to the proposal. On the subject, the strongest statements come from the president of Signal, Meredith Whittakerwhich has already said that if the law passed, its app would stop working in all EU states:
The proposal irreparably undermines encryption. We can call it backdoor, front door or upload moderation. Regardless, all of these approaches end up creating a vulnerability that can be exploited by hackers and hostile nation states.
Also strongly opposed are theElectronic Frontier Foundationthe Center for Democracy & Technology and the Mozilla foundation: together with other non-profit organizations, they have already signed a tough joint stance inviting the EU and MEPs to reject the bill.