A group of European experts has plenty to criticize when it comes to the European Union’s client-side scanning proposal. This is according to a report from a recent seminar on the subject by the umbrella European privacy regulator EDPS.
The EU wants to eventually implement client-side scanning of citizens’ social media accounts. This involves the checking of all social media messages for possible illegal content, including child pornography.
In the EDPS seminar “The point of no return,” the assembled experts from the European privacy regulators noted that the introduction of this client-side scanning involves too many risks, including in terms of privacy and feasibility.
According to the experts, the proposal is not only a threat to privacy. It would also undermine Internet use as a whole and the communication model we know today. Client-side scanning would therefore not be a solution to addressing abuse.
More specifically, European privacy experts indicate that the proposed client-side scanning could, for example, also affect the private communications of individuals who have nothing to do with child abuse. In addition, a large number of images identified as abuse material are simply self-produced images of minors shared with consent.
This could lead to people being falsely accused of distributing abuse material or people being falsely labeled as abuse victims by applying the control mechanism.
Another raised objection to the potential law is that the technology for detecting unknown abusive material and grooming is currently inadequate. This leads to the general monitoring of private messages, which ultimately cannot be the intention.
Client-side scanning also undermines the use of end-to-end encryption, experts claim. This is important for services like WhatsApp and Signal to ensure security.
Too much focus on private chats
Furthermore, the experts note in the report that the EU plan focuses too much on private chats, while child pornography is often found on image hosting websites.
Finally, there is a risk that the amount of images reported as suspicious by client-side scanning will overwhelm the systems of the relevant investigative agencies. This actually complicates policy.
It is not known whether the EU has yet responded to the findings of the joint European privacy regulators.