Bill to detect online child sexual abuse material stalls again – Euractiv

The Child Sexual Abuse Online Material Detection and Removal (CSAM) Act was removed from the agenda of Thursday’s session (20 June), at the meeting of the Committee of Permanent Representatives (Coreper), which was due to vote on it.

The vote was probably removed from the agenda because there were differences of opinion over the regulation, which would probably not have found a sufficient majority for its adoption.

While several more meetings are planned before next month, the regulation is unlikely to reach Coreper again before Hungary takes over the rotating EU Council presidency on July 1, people familiar with the matter said.

The dossier is not expected to be a priority during the Hungarian Presidency and it remains unclear whether Budapest will address it at a political or technical level.

A stuck file

The regulation, which aims to create a system for detecting and reporting online child sexual abuse materials (CSAM), has been criticized for potentially allowing judicial authorities to request review of private messages on platforms such as WhatsApp or Gmail.

Due to resistance from Paris and Berlin, the dossier was stuck in the Council for several months.

The dispute revolves primarily around the provisions for end-to-end encryption, a method of secure communication that prevents third parties from accessing the data exchanged between users and even keeps it secret from the platform provider such as WhatsApp or Signal.

Some consider interventions in encryption to be an important measure to protect minors, while others protest that this step would compromise data protection.

As Euractiv reported at the end of May, Belgium, which currently holds the EU Council presidency, had sent a version of the text to Coreper, which is made up of 27 EU ambassadors, for approval. At the time, it seemed that the dossier could finally be resolved.

Nobody was happy

Child protection organisations and data protection officers usually disagree on the file, especially when it comes to encryption. This time, however, neither was happy that it was forwarded to Coreper, albeit for different reasons.

The umbrella organization ECLAG (Ending Child Sexual Abuse Online), consisting of non-governmental organizations for children’s rights, had sent a note dated June 17 to the EU ambassadors before the meeting on Thursday.

The organisation is concerned that the draft law “does not effectively protect children from all forms of sexual abuse on the Internet,” said Susie Hargreaves, spokesperson for ECLAG and executive director of the Internet Watch Foundation, in an email to Euractiv.

“Unless all information submitted by service providers to coordinating authorities can be acted on and there is no strengthened process for voluntary action, the Council proposal risks setting child online safety back 15 years,” she said.

Bart Preneel, a professor at the University of Leuven, wrote in a LinkedIn post ahead of the expected vote that “the content review will result in a large number of false positives (leading to numerous human tragedies for innocent citizens) and can easily be circumvented by its ultimate target, the disseminators of child sexual abuse images.”

He also published an open letter signed by academics against the bill.

Amnesty Tech also warned: “It is impossible to create a technical system that can scan the content of private electronic communications while respecting the right to privacy.”

Andy Yen, founder and CEO of Proton, the company behind the end-to-end encrypted email service ProtonMail and Proton VPN, said that “the proposal was untenable from the outset”.

“Not only would the law likely have been rejected in court for lack of proportionality, it would also not have been technically feasible without endangering European citizens.”

uncertainty

The previous day, the vote in Coreper was already marked by uncertainty.

While six member states were in favour, Germany was against it, as it was very critical of the plan. Italy was undecided and France did not have a clear position, sources familiar with the process told Euractiv. Others, such as the Czech Republic, planned to abstain from the vote.

The latest version of the law, which Euractiv has seen and reported on, excludes text communications and clarifies that detection orders only apply to visual content such as images and video components or GIFs and stickers.

(Edited by Zoran Radosavljevic)

Read more at Euractiv