Is client-side scanning a good alternative for a prohibition on end-to-end encryption?

Is client-side scanning a good alternative for a prohibition on end-to-end encryption?

Next week, the Lower House in the Netherlands will be briefed on client-side scanning in preparation for an upcoming European law. This will be done through a roundtable discussion in which several professors will speak.

The Dutch government will be informed next week about the technique of client-side scanning and its impact and effectiveness. This emerged from the list of participants for the roundtable discussion before the Standing Committee on Digital Affairs.

The technology is relevant to politics now that the European Commission wants to require communication platforms to introduce client-side scanning. It involves software that automatically scans the chat messages and photos of application users on child pornography. All suspicious cases will be automatically reported to the police.

Better than the Online Safety Bill?

A similar law was recently passed in the United Kingdom. The Online Safety Bill, as the law is officially called, restricts the end-to-end encryption communication platforms use for securing instant messages from third parties who want to read along. The bill provoked much comment because of the potential security problems that backdoors in end-to-end encryption can create.

Client-side scanning should eliminate those problems by scanning the chats and photos before the content is encrypted. The privacy problem, which is also a problem in the Online Safety Bill, will remain even with client-side scanning. This is because the technology allows any chat message or photo from your phone to reach an agency through, for example, hypersensitivity in scanning suspicious content that causes any message with the term “child” or “young” to be forwarded.

Moreover, the EU has restricted quite a bit of end-to-end encryption by introducing the Digital Markets Act (DMA). Under the DMA, applications from large tech companies must provide interoperability with smaller, competing applications, and it will be extremely difficult or even impossible to ensure security when messages are sent to an external application. For messages sent within the platform to other users, however, encryption can remain without backdoors.

Also read: Google now offers client-side encryption for Gmail and Calendar