EU's plan to combat online child abuse may compromise people's online privacy, experts warn
Under proposed rules, tech firms could be asked to detect both new and previously identified child sexual abuse material by breaking encryption if necessary
The European Commission's proposals to crack down on online child abuse could damage end-to-end encryption, compromise people's online privacy, and usher in "mass surveillance" within the European Union, privacy advocates have warned.
The Commission on Wednesday unveiled long-awaited measures aimed at addressing the massive volumes of child sexual abuse material (CSAM) uploaded on the internet each year. The proposed measures call for further safeguards to protect children from online predators and harmful on the internet.
Under the proposed rules, tech firms might be asked to detect both new and previously identified CSAM, as well as potential instances of grooming.
The detection might occur in chat messages, data (files) sent to online services, or on websites hosting offensive content.
The service providers would be allowed to deploy any detection technology they prefer, basically scanning all private conversations and, if necessary, breaking end-to-end encryption for all users.
The regulations will be enforced by a new EU Centre on Child Sexual Abuse. The watchdog would keep track of digital "indicators" of child sexual abuse content through a database. These indicators will be compared to material on relevant online services.
The measures, if they become law, will apply to online hosting services and interpersonal communication services, such as messaging apps, internet service providers and app stores.
Apple tried something similar last year, proposing a feature to scan photos on people's iPhones for abusive content before it was uploaded to iCloud.
However, the company postponed the rollout of the feature after backlash.
Apple said that, based on the feedback from advocacy groups, researchers, customers and others, it decided to take additional time to make improvements before releasing the new child safety feature.
The European Commission says it is bringing forward the proposal because voluntary actions from tech firms are currently insufficient.
However, privacy advocates are concerned that the new measures may weaken end-to-end encryption used by various online services.
If passed, the proposal would be "a disaster for online privacy in the EU and throughout the world," the Electronic Frontier Foundation (EEF) said.
"In the name of fighting crimes against children, the EU Commission has suggested new rules that would compel a broad range of internet services, including hosting and messaging services, to search for, and report, child abuse material."
The EEF described EU's proposal as "over-broad, not proportionate, and hurts everyone's privacy and safety".
By compromising encryption, it may exacerbate rather than alleviate the problem of child protection for some kids, it added.
"Abused minors, as much as anyone, need private channels to report what is happening to them. The scanning requirements are subject to safeguards, but they aren't strong enough to prevent the privacy-intrusive actions that platforms will be required to undertake."
Supporters of the bill argue, however, that it is a critical step in ending online child abuse.
Brave Movement, a child safety advocacy group, believes the regulation will "ensure the safety of children, adolescents, and future generations."
"In the EU, digital spaces are in some cases completely unregulated - exposing children to the threat of horrific sexual violence and exploitation," Wibke Müller, co-founder of the Brave Movement told CNBC.
She added that tech firm already have the tools to detect online sexual violence materials and should prioritise child safety ahead of anything else.