EU Commission concealed ‘expert list’ behind CSAM proposal

6 Nov 2023

Image: © rarrarorro/Stock.adobe.com

The proposed regulation involves using technology to detect CSAM through encryption, but concerns have been raised around privacy and the protection of personal data.

The European Commission has been accused of “maladministration” for not sharing a list of experts that helped draft proposed regulation around detecting child sexual abuse material (CSAM).

The issue relates to a proposal submitted last year by the Commission, which involves using technology to detect CSAM in encrypted content such as text messages.

The Irish Council for Civil Liberties (ICCL) made a request last year for public access to relevant documents around this proposal.

The organisation later filed a complaint with the European Ombudsman and claimed the Commission failed to share a list of experts who helped draft a text around the potential ways CSAM could be monitored in end-to-end encrypted communications.

The ICCL claims that “numerous experts” have warned that the proposal is not technically feasible, as the relevant technology won’t be mature enough in the next two to five years.

“This is in stark contrast to the views put forward by experts relied upon by the Commission, whose names the Commission is refusing to reveal,” the ICCL said in a statement today (6 November).

The Commission informed the Ombudsman that it has a list of consulted experts but failed to share it with the ICCL. The Ombudsman said this list fell within the ICCL’s requests for information and that the failure to share it “constitutes maladministration”.

In its assessment, the Ombudsman said the “most useful way forward” is for the Commission to register the ICCL’s request for the list as a new request and to deal with it “swiftly”.

A controversial proposal

The ICCL claims the proposed regulation is “hugely controversial” due to concerns around mass surveillance, undermining encryption and its incompatibility with existing EU laws.

“In light of these concerns, the lack of transparency from the Commission regarding external experts is deeply worrying, more so considering alleged close links between the Commission and lobbyists in the preparation of the regulation,” said ICCL senior fellow Dr Kris Shrishak.

The ICCL said concerns have been raised by “many bodies” around this proposed regulation. Last year, a joint opinion by the European Data Protection Supervisor and the European Data Protection Board said the proposal raised “serious concerns” such as limitations to the protection of privacy and personal data.

Last month, HIPPO AI Foundation founder Bart De Witte said on X that the European Commission’s proposed CSAM regulation would turn digital communication apps into “tools for mass surveillance”. He also said one major point of contention around the proposal is “the reliance on AI to detect criminal activity” on these apps.

“Critics argue that AI systems, while powerful, cannot reliably and accurately identify criminal behaviour in the complex and nuanced realm of human communication,” De Witte said. “As a result, they worry that the system would generate numerous false positives, wrongly labelling innocent citizens as suspects.”

Privacy concerns were raised about the UK’s Online Safety Bill, which entered into law last month. While supporters of this bill claimed it will bring in a new era of internet safety, critics raised concerns against parts of the bill that could compromise end-to-end encryption.

During the final stages of the bill passing through parliament, the UK government admitted that no technology is currently in operation that would allow the scanning for CSAM without infringing on people’s right to privacy and said that this measure in the bill would only be adopted when it was “technically feasible” to do so with more targeted tech.

Earlier this year, leaked EU documents suggest that many EU countries – including Ireland – support some form of end-to-end encryption monitoring to tackle CSAM, with Spain supporting a ban on end-to-end encryption.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com