Leaked EU files suggest Spain supports end-to-end encryption ban

23 May 2023

Image: © Goodpics/Stock.adobe.com

The leaked documents suggest many EU countries – including Ireland – support some form of end-to-end encryption monitoring to tackle CSAM.

Leaked documents suggest many EU countries are in favour of scanning encrypted messages to prevent the spread of child sexual abuse material (CSAM), with Spain supporting a ban on end-to-end encryption.

The alleged documents – shared by Wired – regard an EU proposal to create new rules in preventing the spread of CSAM. These rules would force tech companies to scan user content for CSAM, according to a Wired report last year.

The leaked document contains responses from 20 EU countries – including Ireland – about the proposed rules. This includes a question on whether the regulation should contain wording that excludes the weakening of end-to-end encryption.

Ireland’s response suggests it supports a detection order and claimed end-to-end encryption (or E2EE) is being used to “facilitate” child sexual abuse.

“Taken in conjunction with plans by major service providers to expand the use of E2EE, means that to exclude encrypted services from the regulation would be to effectively turn our back on many cases of child sexual abuse and its victims,” Ireland said in its statement.

Ireland also said it agrees with the principle that end-to-end encryption should not be “prohibited or weakened”, but is opposed to any wording that could “restrict the effectiveness of the regulation”.

The 20 countries all shared suggestions for specific aspects of the proposed regulation, but the most extreme proposal appears to be from Spain.

In its statement, Spain said it would be “desirable” to prevent EU-based service providers from implementing end-to-end encryption.

“Law enforcement authorities must have the means to be able to continue to fulfil their legal obligations now that many criminals have moved to the virtual world,” Spain said in the document.

“It is imperative that we have access to the data – for which they must be retained – and it is equally imperative that we have the capacity to analyse them, no matter how large the volume.”

The end-to-endless encryption debate

End-to-end encryption has been seen by privacy advocates as a step towards better privacy and security for users, with services such as Signal adopting this form of encryption. But concerns have been raised by governments for years about how to regulate encrypted content.

In 2020, a leaked memo from the Council of the European Union raised concerns from privacy activists that the EU was moving towards banning end-to-end encryption or introducing a backdoor.

The UK’s proposed Online Safety Bill has been criticised for the threat it poses to end-to-end encryption. Last month, representatives from several Big Tech companies including Meta, Signal, Threema and Viber called on the UK government to “urgently rethink” this bill. WhatsApp previously said it would support being banned in the UK to save encryption.

At the end of 2022, Apple revealed plans to add end-to-end encryption to iCloud backups to protect user data from hackers. But concerns were raised that these updates could spark tensions with law enforcement groups, as the data would also not be accessible to law enforcement even with a warrant.

In 2020, Apple reportedly had plans to implement a similar security update for iCloud backups but stopped after complaints from the FBI, six sources told Reuters.

The tech giant had also been working on a safety feature for years that would scan images sent to and from children, in order to detect CSAM. These measures faced backlash from critics, with Apple opting to abandon its efforts last year.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic