The Danish Presidency is proposing to reinsert controversial mandatory detection orders – forcing the scanning of encrypted messages – into the Child Sexual Abuse Material Regulation (CSAM), according to a compromise text obtained by Euractiv.
Detection orders were part of the Commission’s initial CSAM proposal, allowing authorities to mandate that even end-to-end encrypted (E2EE) messaging services scan communications for traces of illegal material.
But the provisions have been subject to huge controversy as they raise privacy and cybersecurity concerns for E2EE services.
E2EE encodes communications in order to prevent access from persons other than the sender and receiver of the messages. It offers a high level of privacy and strong cybersecurity, but – law enforcement authorities contend – has also become a breeding ground for criminals.
The prior Polish Presidency, which led discussions on the CSAM file until the end of June, had replaced mandatory detection with voluntary measures that tech companies could apply to tackle CSAM. However, with the Danes now taking over discussions, scanning orders are back on the table.
The Danes’ compromise text states that detection orders should be carried out using technologies “approved by the Commission”.
For E2EE services, the text also specifies that the technologies used should detect CSAM “prior to its transmission” – suggesting the Danes are pushing for the use of so-called client-side scanning, a controversial new technique to circumvent encryption that has privacy and security experts up in arms.
The Danes do not engage with the critique; their document instead states that applying EU-approved scanning technologies prior to the transmission of E2EE messages will have no consequences for privacy or cybersecurity.
The Danish Presidency has also revived an earlier proposal requiring users to provide explicit consent to the scanning via the messaging service’s terms and conditions. Users that refuse consent would still be able to use a service – but visual elements and the sharing of URLs would be disabled as these are the means through which most CSAM is supposedly shared.
The Danes’ text will be discussed by country delegations in their 11 July meeting.
(nl)
