Client-side scanning of devices and chats for child abuse material does not undermine end-to-end encryption, but is only proportional when it comes to images and not text. That says the Dutch outgoing Minister of Justice Yesilgöz.
Outgoing Minister Dilan Yeşilgöz-Zegerius of Justice and Security says in an answer to parliamentary questions that the Netherlands 'does not support proposals that make end-to-end encryption impossible'. In doing so, she repeats previous statements by herself and her predecessors and confirms what has already been laid down in a motion. The minister responds to questions posed by the CDA. They were about a possible departure of Signal and WhatsApp from the United Kingdom if that country weakened encryption.
Plans are also being made in the European Union to weaken encryption to make it possible to combat child abuse material, although policymakers try to emphasize that encryption will not be weakened. Yesilgöz is also looking for that balance and therefore advocates so-called client-side scanning .
"Client-side scanning allows messages sent within the relevant interpersonal communication services to be analyzed on the sender's device for child sexual abuse material before this material is encrypted and transmitted," the minister writes. "The end-to-end encryption of the message during transport to the recipient remains untouched, so that the message cannot be intercepted by third parties." In this way, the starting point remains that 'respect for fundamental rights, data protection legislation and maintenance of security' remains.
According to the minister, the cabinet should look at the proportionality of such measures. "For example, the cabinet does not consider it proportional if this tool is used to scan text messages, but it is if it is only scanned on existing image material." The minister emphasizes the latter aspect in particular. The most common method used to detect child abuse material is to hash seized images and share those hashes with makers of mass image scanning tools. For example, Microsoft has a large database of such hashes, which it processes in the PhotoDNA tool. Other companies such as Reddit and Facebook can then use PhotoDNA to track down known and flagged child abuse material.. Incidentally, just last month the minister reported that text messages should also be made available to investigative services under certain conditions, but that discussion was not about child abuse but about general investigation.
In her letter, Minister Yesilgöz does not discuss the technical aspects of this method of client-side scanning. She mentions it as a possible option, but leaves it to companies and services to give substance to it. However, she says: "Client-side scanning seems to be the only way the measures in the regulation regarding interpersonal communication services can be implemented without making end-to-end encryption impossible."
:strip_exif()/i/2005763768.jpeg?f=meta)
tweakers.net
