According to the publicly available version, the Council acknowledges that E2EE is “a necessary means of protecting fundamental rights” but warns that services using it must not “inadvertently become secure zones where child sexual abuse material can be shared or disseminated without possible consequences.”
E2EE “providers are free to design and implement, in accordance with Union law, measures based on their existing practices to detect online child sexual abuse in their services,” the document states.
Whittaker argues: “There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe.”
Similar legislation has been passed in the United Kingdom, where the Online Safety Act includes a provision that could require messaging platforms to use “accredited technology” to identify child abuse content if notified to do so by the communications regulator. Currently no such technology has been accredited.
https://therecord.media/online-safety-bill-uk-end-to-end-encryption
It proposes: “Therefore, child sexual abuse material should remain detectable in all interpersonal communications services through the application of vetted technologies, when uploaded, under the condition that the users give their explicit consent under the provider’s terms and conditions for a specific functionality being applied to such detection in the respective service.”
PDF leaked document
https://share.counter.social/s/45f46e