There is a very, very tense debate in Europe and its institutions. And the fact that the European Commission has presented the final proposal for a new regulation will, if approved, mark an important turning point in European privacy. Reason? Strengthen the fight against child sexual abuse content (CSAM), which is more than a defensible goal, but which still raises different interpretations, which will clearly be presented by both parties.

And this is how we can read in the proposal, if what is proposed in it is approved, something that still has to go through several stages and revisions that take time, Europe could begin to require technology companies to take an active part in the persecution of CSAM. Of course, this does not seem problematic, but when we see what the Commission is considering asking technology companies to do, we see measures that, once deployed, could end end-to-end encryption and give users absolute control over the contents of their devices.

The aim of the project is to create a new agency at European level, the legal form of which has yet to be determined and whose main task would be to cooperate with bodies such as Europol and police forces from different European countries, on the one hand, and with great technology which are those who have the ability to both set up systems to analyze their users’ files and set up some type of backdoor in communication systems that will allow flat access to them.

It’s no surprise Europe has long wanted to legislate in this sense, ie in the establishment of technological means necessary to circumvent the protection of privacy used by pedophiles to exchange the type of criminal material that this standard intends to monitor. The type of content that is known to have entered a golden age with the rise of the Internet, from which it has not yet emerged.

If Europe finally approves what we can read in the draft or similar proposal, the participation of technology companies in this type of event will no longer be voluntary, which is the current situation, and they will be required by law to provide the European institutions with all the assets required of them. And, contrary to what is happening today, with the initiative in this regard in the hands of technology companies, they will depend on the authorities, regardless of whether they decide to maintain their own initiatives in this regard or not.

To be clear, if there is a suspicion that any European citizen creates, owns, exchanges and / or sells CSAM content, technology companies in Europe will be required to provide the authorities with all the suspect’s digital assets, WhatsApp conversations, files they store in the cloud, etc. Including, as mentioned above, also those assets that are currently protected by end-to-end encryption.

Of course, the proposal reflects a relatively guaranteed civil rights frameworkand at the same time proposes the legal consistency of this potential new standard with standards that already exist in Europe, such as the GDPR. According to the legal text, this would not be a free barrier to citizens’ access to digital assets, always with the consent of regulators and with the necessary safeguards in place to prevent inappropriate use of this preferential access.

Even so, it is undeniable that the mere introduction of the necessary measures to ensure that authorities have access to the content of citizens in Europe With the level of privacy offered by end-to-end encryption services today, this is de facto coming to an endwhich, at least in their theoretical definition, provide absolute privacy and prevent third party access to them if they do not have the necessary decryption keys.

Easy establishment of this type of approach, although extremely limited, it is already a major security issue, which we can be sure will lead to many attempts to misuse it. From cybercriminals to governments and service companies, such as the increasingly controversial Pegasus, we can bet that implementing the back door, as Europe might demand from technology companies, will trigger a fox hunt we have never seen before.

If you remember the iPhone case in San Bernardino, you may remember Tim Cook’s statements at a time when Apple was under strong pressure from the FBI to provide a system to circumvent iPhone protection and / or encryption. its contents:

«Weakening security to support security simply doesn’t make sense, and weakening encryption or backdooring devices would allow you to exploit the vulnerabilities of “bad guys” who would seriously harm our society and our economy.»

And I quote Cook precisely because Apple was plunged into a major controversy just a few months ago for the action that Europe now intends to do. It was in August of last year that those in Cupertino announced Neural Hash, an intelligent AI-based system that would analyze images and videos that users upload to iCloud in search of CSAM. The mobilization against this announcement forced Apple to postpone, without a date, its launch.

So if a private initiative like Apple has already triggered so many alarms, this proposal, which has already begun its legal journey in Europe, will undoubtedly provoke a particularly lively debate in which those advocating persecution of the pederasty will confront all possible means against those. who consider that this type of regulation constitutes an unacceptable threat to privacy and that, although its initial application is solely as specified in the standard, any subsequent regulation in this regard may result in access to data and digital assets for other purposes.

The problem is that both positions make sense.Both the fight against the sexual exploitation of minors and the protection of privacy are the causes that many of us instinctively associate with. However, in cases such as the regulation that Europe is studying, the two clash. And although, first and foremost, the protection of minors carries much more weight, if we think for a moment about the consequences of the misuse of these tools, we see that we could face an absolute and permanent loss of our privacy.

The European Commission confirms that this proposal has the consent of all parties involved in the persecution of CSAM, but there are no references to the other party, to the entities and professionals who guard the privacy. We will certainly see a communication in this regard soon, and these are the voices that Europe should add to the debate and revision of this proposal before the steps to approve it begin.

What do you think? Do you think that Europe is doing the right thing by prioritizing the protection of minors, even if it means a commitment to privacy? Or do you think that other patterns should be sought to persecute pedophiles and their material, but that this should not be at the expense of privacy?