The EU Commission wants to roll out client-side scanning on consumers’ devices, but Germany is pushing back against the plan.
Client-side scanning is being touted by some companies and regulators as a way to “preserve” end-to-end encryption by scanning for illegal content on a person’s device. If such content is found, authorities will be notified. The idea is that since all the scanning occurs on a user’s device, communications between devices can remain end-to-end encrypted.
Germany, however, isn’t buying that argument and, at a recent hearing of the German Parliament’s Digital Committee, made clear it doesn’t agree with the EU’s proposal. Germany is basing its opinion on the many computer and security experts who have testified that the EU’s proposal will do far more harm than good.
“The draft regulation basically misses the goal of countering child abuse representations,” emphasized the Computer scientist and spokeswoman for the Chaos Computer Club, Elina Eickstädt (via computer translation). “The design is based on a gross overestimation of capabilities of technologies “, especially with regard to the detection of unknown material.
Client-side scanning also represents “an unprecedented surveillance infrastructure,“ added Eickstädt. She pointed out that even an error rate of one percent will lead to billions of false reports, warning that the technology could eventually become “censorship tools of equal value.”
Read more: EU Proposes Most Privacy-Invasive Measure Yet to Tackle Child Abuse
Interestingly, even the Head of the Central and Contact Point Cybercrime North Rhine-Westphalia, Chief Prosecutor Markus Hartmann, said the EU’s proposal goes too far. Instead, he said existing law enforcement agencies should be shored up to better utilize server-side scanning abilities and traditional investigative techniques, rather than the more invasive client-side scanning.
The EU Commission’s proposal is certainly one of the most privacy-invasive measures being pursued by a democracy. Even by the EU’s own admission, a client-side scanning “process would be the most intrusive one for users.”
The EU’s proposal is currently being negotiated, giving Germany a chance to make its case and have the client-side scanning clause dropped. Otherwise, should the bill become law, many experts believe it will never survive its first court challenge.
“Child protection is not served if the regulation later fails before the European Court of Justice,” said Felix Reda from the Society for Freedom Rights. “The damage to the privacy of all people would be immense “, he added. “The tamper-free surveillance violates the essence of the right to privacy and cannot therefore be justified by any fundamental rights assessment.”
Should the EU’s proposal go unchallenged, as Harvard cryptography professor Matthew Green says, the bloc will go down in history as creating “the most sophisticated mass surveillance machinery ever deployed outside of China and the USSR.”
