European Council may reach a final negotiating position on the proposed regulation this week.
Leaked document suggests users of E2EE messaging services could opt-out of "upload moderation" by not being able to send images or URLs.
Meredith Whittaker — president of the Signal Foundation criticized on Monday the latest European Union proposals for requiring messaging services to check if users were sharing child abuse material
(PDF URL)
According to the publicly available version, the Council acknowledges that E2EE is “a necessary means of protecting fundamental rights” but warns that services using it must not “inadvertently become secure zones where child sexual abuse material can be shared or disseminated without possible consequences.”
It proposes: “Therefore, child sexual abuse material should remain detectable in all interpersonal communications services through the application of vetted technologies, when uploaded, under the condition that the users give their explicit consent under the provider’s terms and conditions for a specific functionality being applied to such detection in the respective service.”
PDF leaked document
Similar legislation has been passed in the United Kingdom, where the Online Safety Act includes a provision that could require messaging platforms to use “accredited technology” to identify child abuse content if notified to do so by the communications regulator. Currently no such technology has been accredited.
https://therecord.media/online-safety-bill-uk-end-to-end-encryption
Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities
E2EE “providers are free to design and implement, in accordance with Union law, measures based on their existing practices to detect online child sexual abuse in their services,” the document states.
Whittaker argues: “There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe.”