Stop playing games with online security, Signal president warns EU lawmakers
A controversial European Union legislative proposal to scan the private messages of citizens in a bid to detect child sexual abuse material (CSAM) is a risk to the future of web security, Meredith Whittaker warned in a public blog post Monday. Sheâs the president of the not-for-profit foundation behind the end-to-end encrypted (E2EE) messaging app Signal.
âThere is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe,â she wrote.
The European Commission presented the original proposal for mass scanning of private messaging apps to counter the spread of CSAM online back in May 2022. Since then, Members of the European Parliament have united in rejecting the approach. They also suggested an alternative route last fall, which would have excluded E2EE apps from scanning. However the European Council, the legislative body made up of representatives of Member States governments, continues to push for strongly encrypted platforms to remain in scope of the scanning law.
The most recent Council proposal, which was put forward in May under the Belgian presidency, includes a requirement that âproviders of interpersonal communications servicesâ (aka messaging apps) install and operate what the draft text describes as âtechnologies for upload moderationâ, per a text published by Netzpolitik.
Article 10a, which contains the upload moderation plan, states that these technologies would be expected âto detect, prior to transmission, the dissemination of known child sexual abuse material or of new child sexual abuse material.â
Last month, Euractiv reported that the revised proposal would require users of E2EE messaging apps to consent to scanning to detect CSAM. Users who did not consent would be prevented from using features that involve the sending of visual content or URLs it also reported â essentially downgrading their messaging experience to basic text and audio.
Whittakerâs statement skewers the Councilâs plan as an attempt to use ârhetorical gamesâ to try to rebrand client-side scanning, the controversial technology which security and privacy experts argue is incompatible with the strong encryption that supports confidential communications.
â[M]andating mass scanning of private communications fundamentally undermines encryption. Full stop,â she emphasized. âWhether this happens via tampering with, for instance, an encryption algorithmâs random number generation, or by implementing a key escrow system, or by forcing communications to pass through a surveillance system before theyâre encrypted.â
âWe can call it a backdoor, a front door, or âupload moderationâ. But whatever we call it, each one of these approaches creates a vulnerability that can be exploited by hackers and hostile nation states, removing the protection of unbreakable math and putting in its place a high-value vulnerability.â
Also hitting out at the revised Council proposal in a statement last month, Pirate Party MEP Patrick Breyer â who has opposed the Commissionâs controversial message-scanning plan from the start â warned: âThe Belgian proposal means that the essence of the EU Commissionâs extreme and unprecedented initial chat control proposal would be implemented unchanged. Using messenger services purely for texting is not an option in the 21st century.â
The EUâs own data protection supervisor has also voiced concern. Last year, it warned that the plan poses a direct threat to democratic values in a free and open society.
Pressure on governments to force E2EE apps to scan private messages, meanwhile, is likely coming from law enforcement.
Back in April European police chiefs put out a joint statement calling for platforms to design security systems in such a way that they can still identify illegal activity and send reports on message content to law enforcement. Their call for âtechnical solutionsâ to ensure âlawful accessâ to encrypted data did not specify how platforms should achieve this sleight of hand. But, as we reported at the time, the lobbying was for some form of client-side scanning. It looks no accident, therefore, that just a few weeks later the Council produced its proposal for âupload moderationâ.
The draft text does contain a few statements that seek to pop a proverbial figleaf atop the gigantic security and privacy black hole that âupload moderationâ implies â including a line that states âwithout prejudice to Article 10a, this Regulation shall not prohibit or make impossible end-to-end encryptionâ; as well as a claim that service providers will not be required to decrypt or provide access to E2EE data; a clause saying they should not introduce cybersecurity risks âfor which it is not possible to take any effective measures to mitigate such riskâ; and another line stating service providers should not be able to âdeduce the substance of the content of the communicationsâ.
âThese are all nice sentiments, and they make of the proposal a self negating paradox,â Whittaker told TechCrunch when we sought her response to these provisos. âBecause what is proposed â bolting mandatory scanning onto end-to-end encrypted communications â would undermine encryption and create a significant vulnerability.â
The Commission and the Belgian presidency of the Council were contacted for a response to her concerns but at press time neither had provided a response.
EU lawmaking is typically a three-way affair â so it remains to be seen where the bloc will finally end up on CSAM scanning. Once the Council agrees its position, so-called trilogue talks kick off with the parliament and Commission to seek a final compromise. But itâs also worth noting that the make-up of the parliament has changed since MEPs agreed their negotiating mandate last year following the recent EU elections.