A consortium of 250 scientists, researchers, and security experts is sounding the alarm over proposed European measures to weaken encryption in apps. The group contends that encryption cannot simply be compromised and expresses dissatisfaction with the lack of engagement from policymakers with expert opinion.
The letter has garnered signatures from over 250 academic professionals, scientists, researchers, and security firms. Noteworthy signatories include fourteen Dutch academics, such as Frederik Zuiderveen Borgesius, Herbert Bos, and Jaap-Henk Hoepman, as well as nineteen Belgian researchers from institutions like KU Leuven. The letter serves as a response to a recent legislative proposal from the European Commission aimed at combatting online child exploitation and enhancing child protection measures. Although the initial bill was rejected by the European Parliament, revised plans have emerged to introduce a diluted version of the legislation. Under this proposal, major tech firms could be compelled to identify and eliminate child exploitation content, even if it is disseminated via encrypted platforms.
The group of experts asserts in the open letter that the proposed legislation 'poses serious threats to communication and system security' from a technical standpoint. They criticize policymakers for neglecting to consult academic specialists and assert that the bill paves the way for 'unprecedented surveillance and control capabilities over internet users.' The scientists previously issued warnings and recommendations regarding similar measures.
Notably, one of the key modifications in the revised proposal allows investigative agencies to target suspects more precisely. The revised approach aims to focus on 'persons of interest,' specifically individuals repeatedly found accessing child exploitation content. However, the signatories argue that this method fails to address the underlying concerns raised before. They note challenges associated with the limited efficacy of automated detection technologies in identifying illicit material, leading to a significant number of false positives. Considering the vast volume of daily messages transmitted through platforms like WhatsApp and Facebook Messenger, the potential for high false positives is a pressing concern.
The experts also raise issues with the image recognition aspect in encrypted communication, positing that it compromises encryption security by its very nature. While the proposed bill mandates companies to maintain cybersecurity and encrypted data integrity through end-to-end encryption even in criminal investigations, the signatories view this requirement as contradictory. They argue that integrating detection technology for encrypted data before transmission conflicts with the privacy assurances of end-to-end encryption.
Furthermore, the experts highlight additional challenges within the legislation, such as the mandate for age verification for minors. They underscore the absence of proven, privacy-preserving technical solutions to enforce such measures.
English (US)