Against surveillance of digital communications in Europe
The Working Group on Data Protection and IT Security of the German Informatics Society (GI) firmly rejects the EU Commission's plan to oblige providers to monitor all communications content without any further ado.
With the planned regulation, the EU Commission violates the fundamental rights of citizens guaranteed in the European Charter of Fundamental Rights (CFR): in particular, Article 7 (respect for private and family life), Article 8 (protection of personal data) and Article 11 (freedom of expression and information) fundamentally guarantee confidential communications. Such surveillance also exposes the encrypted and unencrypted communications of companies, public authorities - as well as of media professionals and their informants.
Hartmut Pohl, spokesman for the Working Group: "Complete monitoring of digital communications without any reason is the wrong way to identify and combat serious crime. The Commission's pronouncements to date refer to all digital communications. If the EU Commission wants to do without built-in backdoors for this purpose, the only option according to the state of the art is the 'secret online search' - so-called 'client-side scanning' - of end devices, for example by state Trojans with the search of all memory contents of all clients and servers. However, this also violates fundamental European rights. There is no question that child abuse as a terrible crime must be fought with all available police investigation possibilities."
To protect against the spread of child pornography, the EU Commission plans to require providers of communication services (email, messaging, video conferencing, etc.) to promptly detect, remove and report illegal online content.
On July 6, 2021, the EU Parliament had already approved a 3-year regulation to combat child abuse on the Internet, allowing voluntary scanning of communications content. In the GI's view, this was already a watering down of the ePrivacy Directive (2002/58/EC), which has been in force since 2002, and violates the European Charter of Fundamental Rights (CFR), in particular Article 7 (respect for private and family life), Article 8 (protection of personal data) and Article 11 (freedom of expression and information): these guarantee confidential communications in principle. Nevertheless, the Commission would like to transform the temporary regime into a permanent one.
- Abelson, H.; Anderson, R.; Bellovin, S. M.; Benaloh, J.; Blaze, M.; Callas, J.; Diffie, W.; Landau, S.; Neumann, P. G.: Rivest, R. L. Schiller, J. I. Schneier, B.; Teague, V.; Troncoso; C.: Bugs in our Pockets: The Risks of Client-Side Scanning, https://arxiv.org/pdf/2110.07450.
- Colneric, N.: Legal Opinion commissioned by MEP Patrick Breyer. https://www.patrick-breyer.de/wp-content/uploads/2021/03/Legal-Opinion-Screening-for-child-pornography-2021-03-04.pdf
- Council of the European Union: Council Resolution on Encryption – Security through encryption and security despite encryption, https://data.consilium.europa.eu/doc/document/ST-13084-2020-REV-1/en/pdf.
- Europäische Kommission: EU-Strategie für eine wirksamere Bekämpfung des sexuellen Missbrauchs von Kindern. Mitteiliung der Kommission an das Europäische Parlament, den Rat, den Euroäischen Wirtschafts- und Sozialausschuss und den Ausschuss der Regionen. Brüssel, den 24.7.2020 COM(2020) 607 final Seite 3, 3. Absatz, https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=COM:2020:607:FIN.
- European Parliament and of the Council: Verordnung (EU) 2021/1232 des Europäischen Parlaments und des Rates, 14. Juli 2021.
- Internet Society: Client-Side Scanning. What it is and why it threatens trustworthy, private communications, https://www.internetsociety.org/wp-content/uploads/2020/04/Client-side-Scanning-Fact-Sheet-EN.pdf.
- Politico (Hrsg.): Technical solutions to detect child sexual abuse in end-to-end encrypted communications. Geleaktes Papier der CEC, https://www.politico.eu/wp-content/uploads/2020/09/SKM_C45820090717470-1_new.pdf.