TLDR
- The revised proposal from the EU Commission suggests introducing 'upload moderation' for encrypted messaging platforms to identify child sexual abuse material before such messages are sent.
- Meredith Whittaker from Signal points out that 'upload moderation' is nothing but a new name for client-side scanning, significantly compromising end-to-end encryption (E2EE) by inserting weaknesses that could be exploited by cybercriminals and adversarial nations.
- This updated plan would necessitate E2EE messaging app users to agree to scanning for detecting child sexual abuse material, and if they choose not to, they would be unable to send images or links, affecting their overall messaging capabilities.
- Even though the EU Parliament initially ruled out mass surveillance for E2EE apps under the proposed Chat Control regulations, some nations within Europe continue to advocate for lesser encryption standards.
- Whittaker points out that enforcing widespread scanning of private messages gravely diminishes encryption, no matter the language used and urges policymakers to cease using 'word games' regarding such severe matters.
In a scathing blog post on Monday Signal's head, Meredith Whittaker, critiques the EU's latest Chat Control plan aimed at combating child sexual abuse content online, arguing the revision is a thinly-veiled effort to dismantle end-to-end encryption (E2EE) under the guise of 'rhetorical maneuvers.'
In mid-2022, the EU Commission initially pitched the Chat Control initiative, proposing that messaging services create a loophole in their E2EE protocols to identify child sexual abuse material.
While the EU Parliament first resisted widespread probing of encrypted conversations, the revised version of the law now advocates 'upload moderation' as an alternative technique for mass monitoring.
Whittaker argues that 'upload moderation' is just another name for client-side scanning, a contested approach that experts on security and privacy believe conflicts with robust encryption.
The revised plan demands consent from users of E2EE messaging platforms for message scanning to spot child sexual abuse material, and non-consent would restrict them from sending visual data and URLs, essentially diminishing their messaging experience.
\"Mandating extensive monitoring of personal exchanges seriously erodes encryption. Full stop,\" emphasizes Whittaker, critiquing methods like altering encryption algorithms or reinforcing a key escrow system to intercept communications prior to encryption.
Whittaker highlights that any strategy which involves creating a breach in E2EE is vulnerable to exploitation by cybercriminals and antagonistic states, removing the impenetrability of strong encryption and making it a target for attacks.
Her critique comes amidst European law enforcement and a few EU nations pushing for 'technical strategies' to secure 'authorized access' to encrypted data, despite cautionary notes from privacy campaigners and the EU’s data protection watchdog on the threat such actions pose to democratic principles.
Whittaker commends the EU Parliament for initially exempting E2EE services from mass oversight under the Chat Control legislation, in response to a broad expert agreement that mass scanning, guided by government-endorsed databases or AI, of private communications poses substantial threats.
Yet, she points out certain European countries persist in using 'language games', rebranding client-side scanning to 'upload moderation' attempting to convince those less informed that the new proposal lacks the earlier plan’s drawbacks, which could compromise E2EE.
Whittaker urges politicians to end semantic plays on such an important matter, stressing that the stakes are too important for engaging in 'disgraceful marketing efforts' which fail to convince the expert community.
\"Either end-to-end encryption maintains security and privacy for all, or it’s compromised for everyone,\"
Whittaker said.
\"And compromising end-to-end encryption, particularly during such geopolitically unstable times, is an ill-advised proposition.\"
As discussions on the Chat Control legislation continue in the EU, proponents of privacy and security remain unwavering against any strategies that could jeopardize the integrity of E2EE.
