The European Union is considering a law that would allow scanning private messages of its residents to detect materials indicating child sexual abuse. After months of controversy and complaints, the European Parliament decided in late October to drop the telecoms surveillance aspect from the proposal. Yet a leaked document released last Tuesday by Netzpolitik reveals member states intend to push a measure critics say could spell the end of privacy across the continent.
Without attracting much attention, the Belgian presidency of the Council of the EU has presented a plan to make orders to detect child abuse content more specific and proportionate. Still, the revised text could still place messaging services relying on end-to-end encryption under scrutiny, including WhatsApp, Signal, and Telegram. The change is that it now suggests evaluating the tracking technologies used to measure effectiveness, their impact on fundamental rights, and their cybersecurity risks.
This Monday, the 27 interior ministers will meet in Brussels to debate the regulation’s modification. According to Netzpolitik, delegations from several European countries have asked to include encrypted services, arguing that excluding them would weaken the fight against what some call pornography of children. Others worry about the proposal’s impact on privacy.
For now, it is unclear what position Spain has taken regarding the proposal. A document leaked by Wired in May suggested the government sought to weaken end-to-end encryption to speed up police work. Madrid denied the report. Asked by El Periódico, the Interior Ministry said it would not share possible updates until after the Monday meeting ends.
In mid-February, the European Data Protection Board issued a warning about the lack of defined criteria in the proposed law for deciding who should be identified. It warned that the Parliament’s stance could still allow broad, indiscriminate orders to detect potential abuse.
Defending encryption
Also in mid-February, the European Court of Human Rights ruled that undermining end-to-end encryption is unacceptable and reaffirmed that encryption protects privacy. It upholds the right to freedom of expression and appears to help both people and businesses defend against harms like hacking, personal data theft, or fraud.
The court’s ruling states that direct access by security services to stored data without proper safeguards against abuse and without a requirement to decrypt encrypted communications cannot be justified in a democratic society, citing a case involving the Russian security service pressing Telegram to decrypt a user’s messages.
The German Green Party member of the European Parliament and privacy advocate Patrick Breyer criticized the proposal, warning that its passage would destroy digital privacy. He argued that alarmist attitudes from law enforcement do not justify deploying unreliable surveillance machines to monitor private communications of millions of law-abiding people.
In summary, the debate centers on balancing the need to detect and deter child exploitation with the protection of privacy, encryption, and user safety. The conversations reflect a broader tension between security aims and civil liberties, a debate playing out across EU institutions and member states.