Skip to main content

Europe and Australia both back down on CSAM scanning that would break encryption

Both the EU and Australia have backed down on separate proposals to force tech companies to carry out CSAM scanning within messaging apps, which would have meant breaking end-to-end encryption.

It’s the latest development in the ongoing battle between tech companies and politicians who don’t understand how encryption works

Europe drops CSAM scanning vote

A proposed EU regulation called for messaging companies to be required to scan outgoing messages for CSAM in the form of photos or links. But while there was support in some European countries, others opposed it on privacy grounds, as it would have meant breaking the end-to-end encryption (E2EE) used in apps like iMessage, Signal, and WhatsApp.

Politico reports that a vote on the proposal has now been dropped, after it became clear that it did not enough support to pass.

A vote scheduled today to amend a draft law that may require WhatsApp and Signal to scan people’s pictures and links for potential child sexual abuse material was removed from European Union countries’ agenda, according to three EU diplomats […]

Many EU countries including Germany, Austria, Poland, the Netherlands and the Czech Republic were expected to abstain or oppose the law over cybersecurity and privacy concerns.

“In the last hours, it appeared that the required qualified majority would just not be met,” said an EU diplomat from the Belgian presidency

Australia rules out breaking encryption

Australia’s online safety regulator, eSafety, had also proposed a similar requirement for tech companies to carry out CSAM scanning on both cloud and messaging services.

However, The Guardian reports that these plans have now been diluted, with the government explicitly ruling out requiring tech giants to break E2EE.

Tech companies and privacy advocates raised concern it would not protect end-to-end encryption. Apple warned it would leave the communications of everyone who uses the services vulnerable to mass surveillance […]

But in the finalised online safety standards lodged in parliament on Friday, the documents specifically state that companies will not be required to break encryption and will not be required to undertake measures not technically feasible or reasonably practical.

The UK previously backed down when challenged by Apple

The UK had also proposed to force companies to break E2EE. However, the government backed down after Apple said that it would withdraw iMessage from the UK rather than compromise user privacy.

Apple likewise abandoned its CSAM scanning plans

Even Apple, which did its best to come up with a privacy-protecting approach to CSAM scanning, eventually dropped these plans after many of us pointed out the potential for misuse by repressive governments.

Photo by Tommaso Scalera on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications