Mass surveillance to protect children? Opposition to new EU private messaging upload filter plans
The EU Commission wants to legalise the mass screening and surveillance of all private electronic communications in search of possible ‘child pornography’, which is currently only practised by some US services such as GMail, Facebook Messenger and outlook.com. Next year, it intends to make the use of upload filters mandatory for all e-mail, messaging and chat providers, including those that so far rely on securely encrypted communications (e.g. Whatsapp, Signal). The project is increasingly coming under criticism, most recently from a victim of child sexual abuse.
Alexander Hanff, who suffered himself from sexual abuse as a child, criticises the mass surveillance of private messages in an emotional blog post with the words:
“It WILL NOT stop children from being abused, it will simply push the abuse further underground, make it more and more difficult to detect.”
According to the European Data Protection Supervisor (EDPS), the European Commission has failed to demonstrate the necessity and proportionality of the proposed legislation. The civil liberties organisation Access Now criticises that the fight against serious crime, including the exploitation of children or terrorist content, cannot be delegated to private actors. 
The “Global Encryption Coalition”, an association of scientists, warns that the surveillance of encrypted communications as envisaged by the EU Commission would be the end of secure encryption and result in the installation of backdoors.
“Insecure communications make users more vulnerable to the crimes we are trying to prevent together. These requirements would force service providers to undermine the security of their encrypted end-to-end services, putting at risk the security of billions of people who depend on these services every day. Put simply, there is no way to break encryption without making everyone, including children, more vulnerable.” 
On Monday, Member of the European Parliament Patrick Breyer (Pirate Party) requested on behalf of his Greens/EFA group that the European Parliament reject the project, or at least limit the screening to the communications of suspects with a judicial warrant:
“As the steadily increasing number of reports from US companies demonstrates, mass surveillance and mass reports to law enforcement fail to contain the circulation of illegal material, but at best push it further underground to encrypted channels, which makes enforcing the law more difficult or impossible.
A dangerous mechanism for mass surveillance and a denunciation machinery of unprecedented proportions are being created, which will inevitably result in calls for expanding the system. Will our electronic mail eventually be screened for copyright infringements, defamation and legal content that intelligence services are interested in? The same technology is already being used in China to detect dissidents. Should the postal service resume opening our letters in a ‘black chamber’ to examine the legality of their contents? Will ‘smart’ bugging devices be installed in all homes to alert the police in case they detect alleged signs of violence?
Even today the denunciation machinery of US corporations routinely accuses innocent users, for example those who receive unsolicited unlawful content. Anyone who gains access to an e-mail account can expose, or threaten to expose its user to the false suspicion of sending ‘child pornography’. According to the Swiss Federal Police, 90% of the content reported by US companies is not criminal, for example holiday photos taken on the beach. And in Germany, 40% of the investigations for possession of ‘child pornography’ target minors.
The confidentiality of our digital correspondence is at stake. Under permanent surveillance, unbiased communications, on which for example children and victims of abuse also depend, will no longer be possible. We need to prevent this from happening.”
According to the case-law of the European Court of Justice, the permanent automated analysis of private communications is proportionate only if limited to suspects. Breyer has therefore filed a complaint against the US companies Facebook and Google before the State Data Protection Centre of Schleswig-Holstein for breach of the General Data Protection Regulation. Last week, data protection commissioner Marit Hansen referred the complaint to Hamburg’s data protection commissioner, where the German offices of Facebook and Google are located, and expressed clear criticism: “Against this background, a sectoral exception for such services, which have virtually only just been brought within the scope, outside the relevant legislation (ePrivacy Directive) is in my view problematic. It must be ensured that the protection of the secrecy of communications is not undermined”.
The European Parliament is expected to adopt its position in a fast-track procedure at the beginning of December.