The EU isn’t exactly in favour of end-to-end encryption, but while some countries may be fine simply scanning private messages for illegal content, Spain’s going in with a bit of a harsher stance stating that end-to-end encryption should be banned altogether.
The revelation comes after Wired found a leaked document — a European Council survey of member countries’ views on encryption regulation that originally aimed to give officials’ opinions on how to craft a law to stop the spread of child sexual abuse material (CSAM) in the continent.
The leaked document also contains the position of members of the police Law Enforcement Working Party, a group of the Council of the European Union that deals with law enforcement views on legislation. It’s dated April 12, 2023, and contains the 20 countries’ views on a series of questions including whether or not end-to-end encryption is a hindrance to their work when it comes to dealing with CSAM.
Out of the 20 member states represented in the leaked document, 15 were in favour of some sort of scanning of encrypted messages, with Spain’s position being the most extreme. “Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” is what the Spanish representative had to say.
Poland shared a similar but slightly lenient stance that end-to-end encryption might be lifted by court order and that parents should have the power to decrypt their children’s communications. The Netherlands wants “on-device” scanning before the illegal material is ever encrypted and sent to the recipient. Apple tried to implement a similar measure in the US in the form of Client-Side-Scanning (CSS) but faced a lot of scrutiny.
Wired reached out to the 20 countries mentioned in the document for comment. No one denied the presence or accuracy of the document, with Estonia even confirming that its position was determined by experts working within related fields in various ministries. Denmark and Ireland were in favour of scanning messages but also supported the idea of inclusion of working in the law that protects end-to-end encryption from being weakened.
The proposed law requires tech companies operating messaging platforms to scan private messages for incriminating material. However, as you’d expect, the proposal has drawn quite a lot of criticism from privacy advocates for its impact on how end-to-end encryption works. Besides, it’s been stated time and again that introducing technical gateways into end-to-end encryption for accessing messages for law enforcement purposes will weaken the entire protocol for everyone involved.
In the News: Samsung shows off a display that rolls like a scroll