Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content.
Thank you for reading this post, don’t forget to subscribe!
The document, a European Council survey of member countries’ views on encryption regulation, offered officials’ behind-the-scenes opinions on how to craft a highly controversial law to stop the spread of child sexual abuse material (CSAM) in Europe. The proposed law would require tech companies to scan their platforms, including users’ private messages, to find illegal material. However, the proposal from Ylva Johansson, the EU commissioner in charge of home affairs, has drawn ire from cryptographers, technologists, and privacy advocates for its potential impact on end-to-end encryption.
For years, EU states have debated whether end-to-end encrypted communication platforms, such as WhatsApp and Signal, should be protected as a way for Europeans to exercise a fundamental right to privacy—or weakened to keep criminals from being able to communicate outside the reach of law enforcement. Experts who reviewed the document at WIRED’s request say it provides important insight into which EU countries plan to support a proposal that threatens to reshape encryption and the future of online privacy.
Of the 20 EU countries represented in the document leaked to WIRED, the majority said they are in favor of some form of scanning of encrypted messages, with Spain’s position emerging as the most extreme. “Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” Spanish representatives said in the document.
The source of the document
“It is shocking to me to see Spain state outright that there should be legislation prohibiting EU-based service providers from implementing end-to-end encryption,” says Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory in California who reviewed the document at WIRED’s request. “This document has many of the hallmarks of the eternal debate over encryption.”
End-to-end encryption is designed so only the sender and receiver of communications like messages can see their contents. This boxes out all other parties, from scammers to police and even the company providing the digital platform. Law enforcement advocates often propose creating technical mechanisms through which end-to-end encryption can be bypassed for investigations, but cryptographers and other technologists have long argued that this would introduce weaknesses that inherently undermine end-to-end encryption, putting users’ privacy at risk. Furthermore, they have repeatedly concluded that this expanded exposure would ultimately hurt the digital safety and security of vulnerable groups, including children, rather than defend them.
“Encryption for everyone would not only be disproportionate, it would be ineffective of achieving the goal to protect children,” says Iverna McGowan, the secretary general of the European branch of the Centre for Democracy and Technology, a digital rights nonprofit organization, who reviewed the document at WIRED’s request.
The leaked document contains the position of members of the police Law Enforcement Working Party, a group of the Council of the European Union that deals with law enforcement views on legislation. Dated April 12, 2023, the document contains 20 countries’ views on a series of questions, including whether they see end-to-end encryption as a hindrance to their work dealing with child sexual abuse and whether they would favor adding wording to the law to stipulate that encryption shouldn’t be weakened. The questions were first posed in January.
WIRED asked all 20 member states whose views are included in the document for comment. None denied its veracity, and Estonia confirmed that its position was compiled by experts working within related fields and at various ministries.
The document reveals strong support for Johansson’s proposal to scan private end-to-end encrypted communications for illegal content. Of the 20 countries included in the document, 15 expressed support for the idea of scanning end-to-end encrypted communications for CSAM. Many framed this type of scanning as a vital tool that would enable authorities to win the fight against child abuse.
“It is of utmost importance to provide clear wording in the CSA Regulation that end-to-end encryption is not a reason not to report CSA material,” Croatia’s representatives said in the document. “Detection orders must necessarily also apply to encrypted networks,” Slovenia said. “We don’t want E2EE encryption to become a ‘safe haven’ for malicious actors,” Romania added.
take from: https://www.wired.com/