EU plans to force social media companies to detect child sexual abuse material are facing resistance from within the Oireachtas, with a key committee warning it would “significantly undermine” the security of online communications.
An internal document drawn up by the Oireachtas Committee on Justice also warns that the proposals could place a “particular burden” on Irish national authorities due to the number of tech giants headquartered here.
Last year, the EU published a plan to replace a current system where online service providers voluntarily use technology to detect, report and remove child sexual abuse material on their services.
The new rules will oblige companies to do this, as well as assessing and mitigating the risk of misuse of their services.
Critics of the approach say it potentially opens up a scenario where encrypted communications could be undermined by being open to “scanning”, including those of entirely innocent people.
The document drawn up by the justice committee reflects these concerns, criticising the intended approach as being “unprecedented in requiring indiscriminate scanning of digital communications and cloud storage, threatening the safety, privacy and freedom of expression of every citizen”.
European Commission figures suggest that 85 million images and videos depicting child sexual abuse were reported globally in 2021. The report by the justice committee outlines that TDs and Senators agree “that this issue is of grave importance” and welcomes moves to combat it at EU level.
“However, the committee expresses its concerns regarding several elements of the proposal as currently formulated.”
The committee is concerned that the legislation, which is at an early stage in the EU process, will enforce the “scanning”, warning that this technique is “already leading many people to be pulled into a net of suspicion for the worst kind of crime even though they have done nothing wrong”.
It outlines that the proposed legislation would “significantly undermine the security of our communications and online services by requiring firms to either remove end-to-end encryption or introduce backdoors into apps or other local software”.
The committee’s report was sent to Minister for Justice Simon Harris, as well as the European Commission and European Parliament, which is considering next steps. A spokesman for the Department of Justice said the Government “overall” welcomes the proposal and that “it is clear a more robust approach is required and merited, including a move from voluntary reporting of child sexual abuse material to an obligatory approach”. He said the department was examining the proposal “including where there is scope for disproportionate administrative burden to be placed on national authorities”.
It is also facing opposition from privacy and civil liberties campaigners, who warn that it would effectively make all encrypted messaging services open to inspection by companies and national authorities. In a statement to The Irish Times the Irish Council for Civil Liberties’ surveillance and human rights policy officer Olga Cronin welcomed the intervention from the justice committee and argued that “mandating the mass scanning of the messages and emails of almost 500 million people in the EU to combat a deeply complex social problem is disproportionate”.