EuroISPA hosts expert roundtable on privacy and encryption

On Thursday, 23rd of March 2023, EuroISPA hosted an in-person expert roundtable on privacy and encryption, organised in the context of the European Commission’s proposal for a Regulation to prevent and combat child sexual abuse.

The event gathered a distinguished expert panel comprised of Mr Matthew Green, Associate Professor at the Johns Hopkins University and expert on applied cryptography and cryptographic engineering, Ms Arda Gerkens, CEO and founder of EOKM, as well as Ms Ella Jakubowska, Senior Policy Advisor at EDRi.

EuroISPA’s Board member, Thomas Bihlmayer (eco), moderated the discussion and introduced EuroISPA’s views from its position as a constructive contributor to child protection and privacy debates, thanks to its diverse membership (hotlines, ISPs of all sizes, platforms, cloud infrastructure services, etc.) that is at the forefront of the efforts to protect children online.

He highlighted EuroISPA’s commitment with the Commission’s objective to prevent and combat child sexual abuse and noted concerns over several aspects of the proposal. He focused on the operability of the regulation and on the dangers of breaking encryption, which will have a direct impact on the technical Internet infrastructure and impede efforts to create an Internet which enhances trust, user privacy, and freedom of expression.

Professor Matthew Green expressed concerns about the lack of understanding of the technical implications of the Commission’s proposal, and the possible harm that could bring to the security of global communications systems. During his intervention, he stressed the technical limitations of such proposed measures and the issue of over-relying on them, considering encryption is a very young area. For him, the proposal would benefit from an in-depth evaluation by scientists and researchers in Europe, which in his view should be seen as a pre-condition for mandating new technologies. (He shared his intervention in a more extensive version on his blog).

Representing the Dutch hotline, Arda Gerkens highlighted the issues of weakening encryption, compromising the security both for children and adults. She also noted the potential positive points, especially when it comes to the creation of a EU Centre as a centre for knowledge and support in the EU. She further explained how the approach of the Netherlands to fight child sexual abuse is working, noting some of the main elements that could be brought to EU level.

Finally, Ella Jakubowska raised the perspective of civil society. She explained why the proposed measures will lead to unreliable client-side scanning practices, undermining end-to-end encryption and making our devices more vulnerable to attacks from malicious actors, all without addressing the core issues or finding the right solutions to tackle child sexual abuse.

The panel discussion was followed by a Q&A session were participants had the opportunity to exchange about the compatibility of these measures with privacy legislation, the potential for improvement of scanning technologies as well as other solutions to allow fighting child sexual abuse without hindering privacy safeguards and fundamental rights.

This session is one of the different actions that EuroISPA is taking around encryption, privacy and the Commission proposal to fight Child Sexual Abuse Material online.

If you would like to know more about EuroISPA’s work on the topic, you can contact [email protected].

To read our Position Paper on the proposed CSAM Regulation, click on the button below.