On March 1, the German Parliament held a hearing in the Digital Committee on the EU Commission’s draft law to fight child
sexual abuse online, also named ‘chat control’.
IT experts, civil libertarians, law enforcement officials and even child protectors agree: the EU’s proposal does not
protect children, but poses major risks to fundamental rights.

Germany against client-side scanning

While the UK is trying to undermine encryption with the Online Safety Bill, in Germany, the
reservations against breaking up encryption to allow client-side scanning are very high.

This has
been proven once again during the German Parliament’s Digital Committee hearing
on March 1st. While the German Parliament, however,
does not have a say on the EU Commission’s proposal to fight child sexual abuse material (CSAM) online, the
results of this hearing have been overwhelming:

All experts, including child protector organizations, agree that the EU proposal goes too far and that it would
undermine fundamental human rights protected by the EU Constitution.

So, what’s the point of passing a law that will be overturned again by the European Court of Justice (ECJ)?

While the German Parliament itself is not directly involved with the EU Commission’s proposal to make client-side scanning of encrypted communication
mandatory for online services, the hearing was still a great success for digital rights
groups and privacy activists.

The draft law itself is being negotiated between the EU Commission, the European Parliament and the member states in the Council of Ministers.
In this context, the German government can have a deciding influence in the Council of Ministers.

And, to the very least,
the German government wants the removal of client-side scanning, i.e. the examination of communications
content on end devices, from the proposal.

It has historical reasons that
Germany wants to become the encryption site number one.

Read here how the EU Commission lies to push for CSAM scanning.

What is the EU draft about

The EU Commission’s draft law to fight child
sexual abuse online, also named Chat control in Germany, wants to stop and prevent the sharing of sexual abuse
material (CSAM) online.

The EU proposal covers three types of sexualized abuse, such as depictions of abuse, previously unknown material, but
also so-called grooming, i.e. targeted contact with minors with the intention of abuse.

The draft law is currently in the European process of becoming a law. If passed in its current form, it would force
online service providers to scan all chat messages, emails, file upload, chats during games, video conferences etc. for child sexual abuse material. This
would undermine everybody’s right to privacy and weaken the level of security online for all EU citizens.

No prosecution at any cost

Client-side scanning would weaken encryption. This becomes a real threat to everyone depending on privacy like activists and whistleblowers.

During the hearing, one major voice came from Senior Public Prosecutor Markus Hartmann, Head of the Central and Contact Point Cybercrime North Rhine-Westphalia (ZAC NRW):

“There is no prosecution at any cost.” The state would also not place a camera in every bedroom.

Hartmann warned against weakening end-to-end encryption through client-based content scanning. “By doing so, the commission
is in effect undermining the most important digital protection tool,” the investigator said, “because compromised encryption is not encryption
in the end.” Even if two suspects were communicating in encrypted form, it was enough for investigators to identify one of them “in some other
way and find intelligence from him or her on the scene, he said. The much-publicized “going dark” scenario is “a bit overblown.”
The draft as a whole is disproportionate and “not conducive to law enforcement.”

The problem with AI supported client-side scanning is also its high error rate. 10-20 per cent of mistakenly flagged content
is to be expected.

Martin Steinebach of the Fraunhofer Institute for Secure
Information Technology (SIT) explained: “These
error rates, which are to be expected, mean that many millions of pieces of content have to be checked manually.”

This is an intolerable invasion of
privacy for millions of innocent EU citizens. In addition, there is the question of how this can be managed on a daily basis, given
that law enforcement have a limited number of personnel.

Experts criticize EU proposal

The spokeswoman Elina Eickstädt of the Chaos Computer Club says:

“What we are getting is the blueprint for a surveillance structure that is unprecedented.” The draft is based on a
“gross overestimation of the capabilities of technologies,” especially with regard to the recognition of unknown material.

The Chaos Computer Club (CCC) is a German organization of IT experts and people interested in digital technologies, who are known
for fighting for a better digital world, better security and the right to privacy. The Club regularly points out
better options for digital policies and also scrutinizes software for security weaknesses. For instance, the CCC
has published a formulation aid for the coalition agreement in 2021. The German government used large parts of the CCC’s formulations when
drafting their coalition agreement, which now includes the “right to encryption” – a huge success for the
digital rights activists.

Even the German Kinderschutzbund rejects the EU proposal. Confidential
communication is “a pillar of free expression and thus of democracy,” said board member Joachim Türk. Children should grow up free of fear, without the worry of
surveillance. Thus, “it impossible for us to
accept warrantless chat control as an option.”
In view of the enormous dark field in the close range of child abuse via family, associations, relatives or babysitters, prevention, close observation and
research are more important than automated Ai-based filters.

Felix Reda of the Society for Civil Liberties said: “The damage to everyone’s privacy would be immense.” He added that warrantless
surveillance violates the essence of the right to privacy and thus cannot be
justified by any fundamental rights balancing. Images of consensual sexting could also end up on the desks of EU officials
and law enforcement agencies.

Conclusion

There has rarely been a law proposed by the EU Commission that has met with such unison rejection from experts. It is time
for the EU Commission to stop pushing for undermining encryption and start respecting its citizens’ right to privacy.

In the current debate, there is one ray of hope: With resistance in Germany, Ireland, Austria and the Netherlands to the EU proposal,
a blocking minority is within reach.

Read More