A key body of European Union lawmakers remains stalled over a controversial legislative proposal that could see millions of users of messaging apps forced to agree to their photo and video uploads being scanned by AI to detect child sexual abuse material (CSAM).
Critics of the plan include tech industry messaging giants like WhatsApp; privacy-focused players like Signal and Proton; legal, security and data protection experts; civil society and digital rights groups; and a majority of lawmakers from across the political spectrum in the European Parliament. They warn that the proposal will break encryption, arguing it poses an existential threat to the bloc’s democratic freedoms and fundamental rights like privacy.
Opponents also contend the EU plan will fail at its claimed aim of protecting children, suggesting law enforcement will instead be swamped by millions of false positives as everyday app users’ messages are fed through flawed AI-based CSAM detection systems.
On Thursday, a meeting of ambassadors representing the bloc’s 27 member states’ governments had been expected to reach a position on the file to open negotiations with the European Parliament after the Belgian presidency put the item on an agenda for Thursday’s meeting. However, a spokesperson for Belgium’s permanent representative to the EU confirmed to TechCrunch the item was dropped after it became clear governments were still too divided to achieve a qualified majority on a negotiating mandate.
“We had the intention to reach a mandate at the meeting of the ambassadors today, but it was not clear yet whether we would have the required majority,” said Belgium’s spokesperson. “In the last hours before the meeting it … was clear that the required qualified majority could just not be met today so we decided to remove the item from the agenda and to continue the consultation between the Member States — to continue working on the text.”
This is important, as EU law tends to be a three-way affair, with the Commission proposing legislation and the Parliament and Council debating (and often amending) draft laws until a final compromise can be reached. But these so-called trilogue talks on the CSAM-scanning file can’t start until the Council adopts its position. So if member states remain divided, as they have been for some two years since the Commission introduced the CSAM-scanning proposal, the file will remain parked.
Earlier this week, Signal president Meredith Whittaker dialed up her attacks on the controversial EU proposal. “[M]andating mass scanning of private communications fundamentally undermines encryption. Full stop,” she warned, accusing regional lawmakers of attempting a cynical rebrand of client-side scanning to try to cloak a plan that amounts to mass surveillance of private communications.
Despite loud and growing alarm over the bloc’s apparent hard-pivot to digital surveillance, the European Commission and Council have continued to push for a framework that would require message platforms to bake in scanning of citizens’ private messages — including for end-to-end encrypted (E2EE) platforms like Signal — rather than supporting the more targeted searches and carve out for E2EE platforms proposed by MEPs in the European Parliament last year.
Last month, details of a revised CSAM proposal circulated by the Belgians for Member States’ governments’ consideration emerged via leaks, causing fresh consternation.
Pirate Party MEP Patrick Breyer, who has opposed the Commission’s CSAM-scanning plan from the start, argues that the Council’s revised proposal will require messaging app users in the EU to agree to scanning of all images and videos they sent to others, via a technical scheme the text couches as “upload moderation,” or else lose the ability to send imagery to others. “The leaked Belgian proposal means that the essence of the EU Commission’s extreme and unprecedented initial chat control proposal would be implemented unchanged,” he warned at the time.
Private messaging app makers, including Signal, have also warned they would leave the EU rather than be forced to comply with a mass surveillance law.
In a press email Thursday, Breyer welcomed the failure of enough EU ambassadors to agree on a way forward, but he cautioned that this is likely just a stay of execution, writing: “For now the surveillance extremists among the EU governments and Big Sister [home affairs commissioner] Ylva Johansson have failed to build a qualified majority. But they will not give up and could try again in the next few days. When will they finally learn from the EU Parliament that effective, court-proof and majority-capable child protection needs a new approach?”
Also responding to the Council’s setback in a statement, Proton founder Andy Yen made a similar point about the need to keep up the fight. “We must not rest on our laurels,” he wrote. “Anti-encryption proposals have been defeated before only to be repackaged and brought back into the political arena again and again and again. It’s vital that the defenders of privacy remain vigilant and don’t fall for the spin and window-dressing when the next attack on encryption is launched.”
It certainly looks like any celebration of the Council’s ongoing divisions on the file should be tempered with caution as member states’ governments appear to be a hair’s distance away from reaching the necessary qualified majority to kick off talks with MEPs, in which they would immediately be pressing parliamentarians to agree to legislate for mass scanning of citizens’ devices despite their own opposition. “We are extremely, extremely close to a qualified majority,” Belgium’s spokesperson told TechCrunch. “If just one country changes opinion we have a qualified majority and we have a mandate for the Council.”
The spokesperson also told us that a final Coreper meeting next week, the last before its six-month term ends, already has a full agenda, suggesting that talks to try to agree to the Council’s mandate will therefore fall to Hungary, which takes up the rotating Council presidency for six months starting on July 1.
“As far as we are concerned, as presidency, in the coming days — at the expert level — we continue to work and to see whether the Member States that were not happy or satisfied with the proposal we will continue to discuss how we can fine-tune it to make it viable for everyone,” the spokesperson added. “And then it will be up for the next presidency to discuss.
“As far as we understand, they are keen to continue working on the topic. The Commission is also willing to. And the parliament is waiting for us so we need to.”
Comment