Mass surveillance is the wrong way

EU Commission plans automatic screening of your private communications by CSAM - or total surveillance in the name of child protection.

This would be the worst surveillance apparatus outside China and it would be totally disproportionate.

In the draft law on combating child sexual abuse, the EU Commission describes one of the most sophisticated mass surveillance apparatuses ever deployed outside China. Even if an AI scans private messages, it remains mass surveillance of everyone without cause. Once again, the EU Commission is using child protection as a pretext to introduce mass surveillance without any reason.

EU proposal for monitoring

In its proposal, the EU Commission plans to completely abolish online privacy. It proposes a new mass surveillance system that would read private text messages not only to detect CSAM (Child Sexual Abuse Material), but also to detect "grooming".

To detect "grooming," the AI would have to read all our private messages, all the time.

Cryptography professor Matthew Green said the EU proposal "describes the most sophisticated mass surveillance machinery ever deployed outside of China and the USSR. That is not an exaggeration."

What could possibly go wrong?

We have to think very carefully about what can go wrong with such far-reaching monitoring measures as the EU Commission has just proposed.

We all need to be aware that under the Commission's plans we are all to be secretly monitored - around the clock. The list of images and content to be searched for can be adjusted.

Once a law forces communications providers to implement client-side scanning, the tool that does so could theoretically scan for anything and everyone.

So the list can be expanded as needed. In the beginning, the laws will say that providers must look for child pornography - that's what politicians always claim when they need the broadest possible consensus for new surveillance capabilities. But in the next step, authorities will look for other things: terrorists, human traffickers, drug dealers, gang criminals.

And in some countries also for members of the opposition or journalists.

This list can be continued indefinitely.

"To protect the children"?

The EU Commission claims that this AI-based scanning is a balanced approach between protecting people's privacy and protecting children. In the German "Spiegel," EU Commissioner Dubravka ҆uica said that one in five children is a victim of sexual abuse and "often suffers for a lifetime from the traumatic experience."

However, publicly available data indicate that most supervision orders are issued in connection with drug offenses, not to protect children.

This data raises the question of whether the EU Commission's plan is only about protecting children or about introducing surveillance capabilities that, once established, can be used for other investigations.

Drug-related crimes at the top

In Germany, more than 47.3 percent of telecommunications interception measures were ordered under Section 100a of the Criminal Procedure Code (StPO) in 2019 to investigate suspects in connection with drug-related offenses. Only 0.1 percent of the orders - or 21(!) in total - were issued in connection with child pornography.

In most cases, surveillance of telecommunications was ordered for the prosecution of drug-related offenses. In no other area were so many surveillance measures ordered. In Germany, just under half of all telecommunications surveillance measures in recent years were carried out because of drug-related offenses. This is according to the annual statistics of the Federal Office of Justice (BfJ).

Backdoor only for the "good guys"

One important issue - and one that is completely neglected by the European Commission - is cybersecurity.

Ways are being found to hack the process of client-side scanning. For example, malicious attackers could inject images or documents onto the devices of people they want to discredit. Or malicious attackers could find a way to siphon off the data that is scanned on our devices and use it for cyberattacks.

Ultimately, it must be clear to all of us that a "back door only for the good guys" is not possible.