As the EU grapples with a proposal to enforce message scanning, leaked information reveals Spain has advocated for a total ban on end-to-end encryption (E2EE).
The EU has proposed a bill that would force companies to scan the content on their platforms for illegal material, especially child sexual abuse material (CSAM). The bill would force companies to use on-device scanning, similar to what Apple considered voluntarily implementing before criticism forced it to backtrack. The EU’s bill is so controversial that the bloc’s lawyers have already warned it is likely illegal and would be overturned in court, and Germany has vehemently opposed the bill.
Despite the controversy, it appears Spain wants even more aggressive action taken. According to Wired, a leaked document details the position of some 20 EU member states, with Spain taking the most aggressive anti-encryption stance.
“Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” Spanish representatives said in the document.
“It is shocking to me to see Spain state outright that there should be legislation prohibiting EU-based service providers from implementing end-to-end encryption,” Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory in California, told Wired after reviewing the document. “This document has many of the hallmarks of the eternal debate over encryption.”
“Breaking end-to-end encryption for everyone would not only be disproportionate, it would be ineffective of achieving the goal to protect children,” Iverna McGowan, the secretary general of the European branch of the Centre for Democracy and Technology, told Wired.
McGowan’s statement echoes those of Germany’s critics of the bill.
“Child protection is not served if the regulation later fails before the European Court of Justice,” said Felix Reda from the Society for Freedom Rights. “The damage to the privacy of all people would be immense ,“ he added. “The tamper-free surveillance violates the essence of the right to privacy and cannot therefore be justified by any fundamental rights assessment.”
According to Wired, 15 of the 20 nations were in favor of scanning E2EE messages for CSAM. Germany has continued to object to the bill as it is currently worded, saying it must be changed to guarantee encryption will not be weakened or circumvented. Estonia remains opposed, and Finland has warned the bill could be at odds with the country’s constitution.
“The responses from countries such as Finland, Estonia, and Germany demonstrate a more comprehensive understanding of the stakes in the CSA regulation discussions,” Stanford’s Pfefferkorn says. “The regulation will not only affect criminal investigations for a specific set of offenses; it affects governments’ own data security, national security, and the privacy and data protection rights of their citizens, as well as innovation and economic development.”