Spain has advocated banning encryption for hundreds of millions of
people within the European Union, according to a leaked document
obtained by Wired that reveals strong support among EU member
states for proposals to scan private messages for illegal content.
The document, a European Council survey of member countries’ views
on encryption regulation, offered officials’ behind-the-scenes
opinions on how to craft a highly controversial law to stop the
spread of child sexual abuse material (CSAM) in Europe. The
proposed law would require tech companies to scan their platforms,
including users’ private messages, to find illegal material.
However, the proposal from Ylva Johansson, the EU commissioner in
charge of home affairs, has drawn ire from cryptographers,
technologists, and privacy advocates for its potential impact on
end-to-end encryption. [...]
Of the 20 EU countries represented in the document leaked to
WIRED, the majority said they are in favor of some form of
scanning of encrypted messages, with Spain’s position emerging as
the most extreme. “Ideally, in our view, it would be desirable to
legislatively prevent EU-based service providers from implementing
end-to-end encryption,” Spanish representatives said in the
If the EU goes ahead with this, I think it means the end of services like WhatsApp, Signal, and iMessage in the EU. There’s no way to architect a messaging system that uses E2EE in some regions and doesn’t in others. The only way to comply would be to rearchitect these systems to not use E2EE anywhere. Signal certainly wouldn’t do that. Apple wouldn’t either.
Denmark and Ireland expressed support for scanning encrypted
messengers for child sexual abuse material while also endorsing
the inclusion of wording in the law that protects end-to-end
encryption from being weakened. The ability to do this would rely
on the invention of technology that can scan encrypted messages
for illegal content without altering or breaking the security
features offered by encryption — a feat cryptographers and
cybersecurity experts have said is technically impossible.
It is technically impossible. There is no he-said/she-said debate here. The cryptographers are correct and the lawmakers are so ignorant that they’re proposing a fantasy. It’s a downwind effect of Arthur C. Clarke’s famous maxim that sufficiently advanced technology is indistinguishable from magic: the technology of E2EE is so far above the heads of lawmakers and law enforcement officials that they feel free to demand magic solutions. “Just nerd harder.”
The Netherlands, however, stated that this would be possible
through “on-device” scanning before the illegal material is
encrypted and sent to its recipient. “There are … technologies
which may allow for automatic detection of CSAM while at the same
time leaving end-to-end encryption intact,” the country’s
representatives stated in the document.
Somewhere in Cupertino, a head bangs against a desk.
★ Monday, 22 May 2023