The EU Commission’s New Proposal Would Undermine Encryption And Scan Our Messages – EFF

Wealthlandnews June 2, 2022
Updated 2022/06/02 at 6:42 AM

The executive body of the European Union published today a legislative proposal (text) that, if it became law, would be a disaster for online privacy in the EU and throughout the world. In the name of fighting crimes against children, the EU Commission has suggested new rules that would compel a broad range of internet services, including hosting and messaging services, to search for, and report, child abuse material.
The Commission’s new demands would require regular plain-text access to users’ private messages, from email to texting to social media. Private companies would be tasked not just with finding and stopping distribution of known child abuse images, but could also be required to take action to prevent “grooming,” or suspected future child abuse. This would be a massive new surveillance system, because it would require the infrastructure for detailed analysis of user messages.

The new proposal is overbroad, not proportionate, and hurts everyone’s privacy and safety. By damaging encryption, it could actually make the problem of child safety worse, not better, for some minors. Abused minors, as much as anyone, need private channels to report what is happening to them. The scanning requirements are subject to safeguards, but they aren’t strong enough to prevent the privacy-intrusive actions that platforms will be required to undertake.
Unfortunately, this new attempt to mandate a backdoor into encrypted communications is part of a global pattern. In 2018, the Five Eyes—an alliance of the intelligence services of Canada, New Zealand, Australia, the United Kingdom, and the United States—warned that they will “pursue technological, enforcement, legislative or other measures to achieve lawful access solutions” if the companies didn’t voluntarily provide access to encrypted messages. With the urging of the Department of Justice, U.S. Congress tried to create backdoors to encryption through the EARN IT Act, in 2020 and again earlier this year. Last fall, government agencies pressured Apple to propose a system of software scanners on every device, constantly checking for child abuse images and reporting back to authorities. Fortunately, the Apple program appears to have been shelved for now, and EARN IT is still not law in the U.S.
The European Union prides itself on high standards for data protection and privacy, as demonstrated by the adoption of the General Data Protection Regulation, or GDPR. This new proposal suggests the EU may head in a dramatically different direction, giving up on privacy and instead seeking state-controlled scanning of all messages.
European civil society groups that deal with digital freedoms, including European Digital Rights (EDRi), Germany’s Society for Civil Rights, the Netherlands’ Bits of Freedom, and Austria’s have expressed grave concerns about this proposal as well.
Fortunately, the misguided proposal published today is far from the final word on this matter. The European Commission cannot make law on its own. We don’t think the EU wants to cancel everyday people’s privacy and security, and we are ready to work together with Members of the European Parliament and EU member states’ representatives to defend privacy and encryption.
SAN FRANCISCO—Community activists in Northern California today announced a settlement in their lawsuit against the County of Marin and Marin County Sheriff Robert Doyle, whose office illegally made the license plate and location information of local drivers, captured by a network of surveillance cameras, available to hundreds of federal…
2000 Mules is a movie which claims to expose election fraud with phone app location data. While these claims have already been thoroughly debunked, the movie also deserves condemnation for performing wildly invasive research on thousands of people’s location data without their consent or even knowledge….
Peru’s top two telecom operators Movistar (Telefónica) and Claro (América Móvil) continued to earn high marks for being transparent about government requests for user data, while competitors Bitel (Viettel) and Entel slightly improved practices promoting human rights, but in general lagged behind, according to a new report issued today
The U.S. Intelligence Community (IC) has released its Annual Statistical Transparency Report disclosing the use of national security surveillance laws for the year 2021—and to no one’s surprise it documents the wide-ranging overreach of intelligence agencies and the continued misuse of surveillance authorities to spy on millions of Americans….
Geofence and reverse keyword warrants are some of the most dangerous, civil-liberties-infringing and reviled tools in law enforcement agencies’ digital toolbox. It turns out that these warrants are so invasive of user privacy that big tech companies like Google, Microsoft, and Yahoo are willing to support banning…
The ad identifier – aka “IDFA” on iOS, or “AAID” on Android – is the key that enables most third-party tracking on mobile devices. Disabling it will make it substantially harder for advertisers and data brokers to track and profile you, and will limit the amount of your personal information…
The increasing risk that the Supreme Court will overturn federal constitutional abortion protections has refocused attention on the role digital service providers of all kinds play in facilitating access to health information, education, and care—and the data they collect in return.In a post-Roe world, service providers can expect a raft…
On Tuesday, Motherboard reported that data broker SafeGraph was selling location information “related to visits to clinics that provide abortions including Planned Parenthood facilities.” This included where people came from and where they went afterwards.In response, SafeGraph agreed to stop selling data about Planned Parenthood visitors. But it…
The European Union reached another milestone late last week in its journey to pass the Digital Services Act (DSA) and revamp regulation of digital platforms to address a myriad of problems users face—from overbroad content takedown rules to weak personal data privacy safeguards. There’s a lot to like in the…
Back to top

Share this Article