Spain wants to scrap end-to-end encryption

According to a leaked EU document, there is significant appetite from some EU member states to allow private messages to be scanned in order to curb the spread of child sexual abuse material.

Andrew Wooden

May 23, 2023

4 Min Read
Encryption your data. Binary code and digital Lock. Hacker attack and data breach. Big data with encrypted computer code.
Encryption your data. Binary code and digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration

According to a leaked EU document, there is significant appetite from some EU member states to allow private messages to be scanned in order to curb the spread of child sexual abuse material.

The document in question, first leaked to Wired, is a survey carried out by the European Council of 20 member states’ views on message encryption regulation, in relation to a proposed law which is supposed to make it easier to find and combat the spread child sexual abuse material (CSAM) in Europe, by requiring messaging platforms to scan users’ private messages for illegal content.

It contained questions around the desired scope of encryption and privacy rules, and therefore serves as something of a bellwether for support for measures limiting the ultimate privacy of messaging apps in the pursuit of curbing CSAM.

That support seems to be fairly significant – of the surveyed countries the majority said they are in favour of some form of scanning of encrypted messages, reports Wired. Spain even seems to advocate scrapping end-to-end encryption entirely: “Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” Spanish representatives are quoted as saying.

Other countries, such as Germany, appear to be more opposed to anything that would circumvent encryption, and there are sentiments elsewhere expressed that the states would like to keep encryption but also have the ability to scan messages where CSAM is concerned.

Wired apparently showed Ella Jakubowska, a senior policy advisor at European Digital Rights (EDRI) the document and by way of analysis of the 67 page document quotes her as saying: “They want to keep the security of encryption whilst being able to circumvent it…They want privacy but they also want to indiscriminately scan encrypted communications… Cyprus, Hungary, and Spain very clearly see this law as their opportunity to get inside encryption to undermine encrypted communications, and that to me is huge… They are seeing this law is going far beyond what DG home is claiming that it’s there for.”

Over in the UK similar debates have been happening in response to the Online Safety Bill, which also would erode the efficacy of encryption and therefore privacy in the purported pursuit of curbing harm to children, but which has been criticised not least of which for being too vague.

Earlier this year it prompted an open letter from messaging apps such as WhatsApp and Signal, urging the UK government to rethink. It read: “As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.”

While it should go without saying everyone is aligned on the idea that stopping harm to children or the spread of CSAM materials is vital, the notion that you can chip away at encryption a little bit – even for the noblest causes – may be flawed.

Wanting to defend the privacy of the citizens from state surveillance while also pursuing measures that would build in exceptions may be like trying to have your cake and eat it too. It’s certainly arguable – and it appears to be the point made in the aforementioned open letter – that end-to-end encryption either exists or it doesn’t, and building in backdoors could provide openings for other bad actors.

Furthermore, there is always the risk of mission creep which it comes to any extension of state power or curb on a population’s freedoms. Some would argue such measures could end up being a thin end of the wedge for more wide-reaching surveillance, leading to unforeseen consequences down the road. Other might argue this is a price worth paying for the protection of children.

In other words, it’s a philosophical debate as well as a legal one – where does the proper calibration point between safety and freedom lie? What compromises are you willing to make and what are the consequences of doing too much or too little? There are no clear answers of course, and opinions will vary wildly. But unlike abstract ponderings of this nature, legislation doesn’t have the luxury of being vague.

 

Get the latest news straight to your inbox. Register for the Telecoms.com newsletter here.

About the Author

Andrew Wooden

Andrew joins Telecoms.com on the back of an extensive career in tech journalism and content strategy.

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like