Serious Discussion Minister: only client-side image scanning does not undermine e2e encryption

nicolaasjan

Level 4
Thread author
Verified
Well-known
May 29, 2023
180
Source (in Dutch):
Outgoing Justice and Security Minister Dilan Yesilgöz-Zegerius says in an answer to parliamentary questions that the Netherlands "does not support proposals that would make end-to-end encryption impossible. In doing so, she repeats earlier statements by herself and her predecessors and confirms what was also previously laid out in a motion. The minister is responding to questions raised by the CDA. Those were about a possible departure of Signal and WhatsApp from the United Kingdom if that country would weaken encryption.

Plans are also being made in the European Union to weaken encryption to enable fighting child abuse material, although policymakers are trying to emphasize that encryption will not be weakened. Yesilgöz, too, is looking for that balance and therefore advocates so-called client-side scanning.
(machine translated)
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,491

Minister: Only scanning images client-side does not undermine e2e encryption​

Client-side scanning of devices and chats for child abuse material does not undermine end-to-end encryption, but is only proportional when it comes to images and not text. That says the Dutch outgoing Minister of Justice Yesilgöz.

Outgoing Minister Dilan Yeşilgöz-Zegerius of Justice and Security says in an answer to parliamentary questions that the Netherlands 'does not support proposals that make end-to-end encryption impossible'. In doing so, she repeats previous statements by herself and her predecessors and confirms what has already been laid down in a motion. The minister responds to questions posed by the CDA. They were about a possible departure of Signal and WhatsApp from the United Kingdom if that country weakened encryption.

Plans are also being made in the European Union to weaken encryption to make it possible to combat child abuse material, although policymakers try to emphasize that encryption will not be weakened. Yesilgöz is also looking for that balance and therefore advocates so-called client-side scanning .

"Client-side scanning allows messages sent within the relevant interpersonal communication services to be analyzed on the sender's device for child sexual abuse material before this material is encrypted and transmitted," the minister writes. "The end-to-end encryption of the message during transport to the recipient remains untouched, so that the message cannot be intercepted by third parties." In this way, the starting point remains that 'respect for fundamental rights, data protection legislation and maintenance of security' remains.

According to the minister, the cabinet should look at the proportionality of such measures. "For example, the cabinet does not consider it proportional if this tool is used to scan text messages, but it is if it is only scanned on existing image material." The minister emphasizes the latter aspect in particular. The most common method used to detect child abuse material is to hash seized images and share those hashes with makers of mass image scanning tools. For example, Microsoft has a large database of such hashes, which it processes in the PhotoDNA tool. Other companies such as Reddit and Facebook can then use PhotoDNA to track down known and flagged child abuse material.. Incidentally, just last month the minister reported that text messages should also be made available to investigative services under certain conditions, but that discussion was not about child abuse but about general investigation.

In her letter, Minister Yesilgöz does not discuss the technical aspects of this method of client-side scanning. She mentions it as a possible option, but leaves it to companies and services to give substance to it. However, she says: "Client-side scanning seems to be the only way the measures in the regulation regarding interpersonal communication services can be implemented without making end-to-end encryption impossible."
Translated using Google
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top