June 8, 2022
Statewatch has joined 72 other civil society and professional organizations in an open letter demanding the European Commission withdraw the proposed Child Sexual Abuse Regulation (CSA) and replace it with a fundamental rights approach. This proposal would fundamentally undermine the internet, making it less secure for everyone.
The European Commission’s proposed CSA Regulation is likely to do far more harm than good, warns a letter that coordinated European digital rights and remains open for signature. The proposed rules would apply to private messaging services (such as WhatsApp and Signal), web-based email, social media platforms, app stores, image hosting providers, and more. Under the proposal, all these services would be required to scan, filter and/or block content, including encrypted messages.
In the important fight against sexual abuse and exploitation of children, we support measures that are targeted, effective and proportionate. Many of us have spoken before about how to ensure that safeguards for children online are implemented in accordance with existing human rights, rule of law and due process frameworks. In our work, we have first-hand experience of how important such rules and principles are to support democracy, access to justice and the presumption of innocence.
Unfortunately, we believe that such measures are not contained in the proposed law. In fact, the proposal is based on technologies that are incapable of doing what the Regulation claims, and would instead attack encrypted communications, open internet spaces and online anonymity. That’s why we want the Commission to better address this critically important issue while respecting privacy, security, and freedom of expression.
The signatories to this letter are drawn from a wide range of human rights groups, including the digital rights of adults and youth; protection of journalists and media freedom; lawyers; whistleblowers; gender justice; democracy and peace; workers; and more.
We share a commitment to online privacy, safety and freedom of expression for everyone (including children) around the world. These rights allow us to do our jobs, raise our voices, and hold governments accountable without arbitrary interference, harassment, or repression. These rights are also important for providing confidential support to survivors, for developing our independence and sense of self, and for accessing and exercising almost all of our other human and civil rights.
The open letter is currently available in English, German and Romanian and remains open to other signatories.
The full text of the letter
Dear European Commissioners!
When you fundamentally undermine the internet, you make it less safe for everyone.
We are writing to you as 73 civil society organizations and professional (trade union) organizations working on human rights, media freedom, technology and democracy in the digital age. Together, we call on you to repeal the Child Sexual Abuse Regulation (CSA Regulation) and seek an alternative that is compatible with EU fundamental rights.
It is impossible to have private and secure communications, creating direct access for governments and companies. It will also open the door to all types of attackers. It is not possible to have a secure internet infrastructure that promotes freedom of expression and autonomy if internet users can be subject to general scanning and filtering, and deprived of anonymity.
The proposed CSA Regulation made a political decision to consider scanning and surveillance technologies safe, despite widespread expert opinion to the contrary. If passed, this law will turn the Internet into a space that is dangerous for privacy, security, and freedom of expression. This applies to the very children that this law is designed to protect.
These rules hold social media companies responsible for private messages shared by their users. This will force vendors to use risky and imprecise tools to monitor what we all type and share at any given time. The impact assessment accompanying the proposal encourages companies to deploy client-side scanning to monitor their users, even though service providers are reluctant to do so due to security concerns. This would be an unprecedented assault on our rights to privacy and the presumption of innocence.
It’s not just adults who rely on privacy and security. According to the United Nations and UNICEF, online privacy is vital to young people’s development and self-expression, and they should not be subject to general surveillance. The UK’s Royal College of Psychiatrists stresses that spying is harmful to children and that policies based on empowerment and education are more effective.
The CSA will cause serious harm in a number of ways:
- A victim of child abuse who wants to tell a trusted adult about their abuse can mark their message private, forward it to a social media official for review, and then to law enforcement for investigation. This can deprive victims of opportunities, encroach on their dignity and significantly deprive them of motivation to take steps to seek help at their own pace;
- Whistleblowers and sources who want to anonymously share stories of government corruption will no longer be able to trust online communication services because end-to-end encryption will be compromised. Efforts to hold the authorities accountable would become much more difficult;
- A seemingly young adult who legitimately sends intimate photos to their partner can mistakenly flag these highly personal images with AI tools, show them to a social media worker, and then turn them over to law enforcement;
- These inevitable false positives will overwhelm law enforcement agencies, which already lack the resources to handle existing cases. This would direct their limited capacity to analyze huge volumes of legitimate reports instead of removing abusive material and investigating suspects and criminals;
- Secure messaging services (such as Signal) will be forced to technically change their services and users will not be able to access secure alternatives. This would endanger all those who rely on them: lawyers, journalists, human rights defenders, NGO workers (including those helping victims), governments, etc. If the service wanted to ensure the security of its messages, it would be fined 6% of its global turnover; or will be forced to leave the EU market;
- By undermining the end-to-end encryption that journalists rely on to communicate securely with sources, the regulation would also seriously threaten the protection of sources, weaken digital security for journalists and have a serious negative impact on media freedom;
- Once this technology is implemented, governments around the world will be able to pass laws requiring companies to look for evidence of political opposition, activism, unions organizing, people seeking abortions in places where it is criminalized, or any other behavior that the government wants to suppress.
- These threats pose an even greater risk to disenfranchised, persecuted and marginalized groups around the world.
In recent years, the EU has struggled to become a beacon of human rights for privacy and data protection, setting global standards. But with the proposed CSA Regulation, the European Commission has signaled a turn towards authoritarianism, control and the destruction of freedom on the Internet. This would set a dangerous precedent for mass surveillance around the world.
To protect free speech, privacy, and safety on the Internet, we, the undersigned 73 organizations, call on you as a body of commissioners to repeal this Regulation.
Instead, we call for adaptive, effective, rights-compliant and technically feasible alternatives to address the serious problem of child abuse. Any such approaches must respect the European Digital Decade’s commitment to a “safe and secure” digital environment for all – including children.
1. Access is now international
2. Alternatif Bilisim (AiA-Alternative Informatics Association) – international
3. APADOR-CH – Romania
4. ApTI Romania – Romania
5. ARTICLE 19 – International
6. Aspiration – USA
7. Attac Austria – Austria
8. Aufstehn.at – Austria
9. Austrian Chamber of Labor – Austria
10. Big Brother Watch – Great Britain
11. Bits of Freedom – Netherlands
12. Center for civil rights and human rights (Poradnja) – Slovakia
13. Center for Democracy and Technologies – Europe
14. Chaos Computer Club – Germany
15. Centrum Cyfrowe – Europe
16. Citizen D / Državljan D – Slovenia
17. Union of civil liberties for Europe – EU
18. Committee for the Protection of Journalists – EU/International
19. COMMUNIA Association for the Public Domain – Europe
20. D64 – Zentrum für Digitalen Fortschritt – Germany
21. Dataskydd.net – Sweden
22. Defend Digital Me – Great Britain
23. Deutsche Vereinigung für Datenschutz (DVD) – Germany
24. DFRI – Sweden
25. Digitalcourage – Germany
26. Digitale Gesellschaft – Germany
27. Digitale Gesellschaft / Digital society – Switzerland
28. Digital Rights Ireland – Ireland
29. European Digital Rights (EDRi) – Europe
30. Electronic Frontier Finland – Finland
31. Elektronisk Forpost Norge (EFN) – Norway
32. Electronic Frontier Foundation (EFF) – International
33. Electronic Privacy Information Center (EPIC) – International
34. epicenter.works for digital rights – Austria
35. Equipo Decenio Afrodescentiente – Spain
36. Catalan Section of the Internet Society (ISOC-CAT) – Europe
37. Eticas Foundation – International
38. European Center for Non-Profit Law (ECNL) – Europe
39. European Federation of Journalists (EFJ) – Europe
40. Fitug eV – Germany
41. Foundation for Information Policy Research (FIPR) – UK/Europe
42. The Global Media Development Forum is international
43. Hermes Center for Transparency and Digital Human Rights – Italy
44. Homo Digitalis – Greece
45. House of Human Rights in Zagreb – Croatia
46. iNGO European Media Platform – Europe
47. International Press Institute (IPI) – international
48. Irish Council for Civil Liberties – Ireland
49. IT-Pol – Denmark
50. Iuridicum Remedium, zs – Czech Republic
51. La Quadrature du Net – France
52. Ligue des droits humains – Belgium
53. Lobby4kids – Kinderlobby – Austria
54. The Netherlands Helsinki Committee – The Netherlands
55. Nordic Privacy Center – Nordic countries
56. Norwegian branch of the Internet Society – Norway
57. Norwegian Unix User Group – Norway
58. Österreichischer Rechtsanwaltskammertag – Austria
59. Open Rights Group – Great Britain
60. quintessenz – Verein zur Wiederherstellung der Bürgerrechte im Informationszeitalter – Austria
61. Panopticon Foundation – Poland
62. Peace Institute – Slovenia
63. Presseclub Concordia – Austria
64. Privacy First – The Netherlands
65. Privacy International – international
66. The rating of digital rights is international
67. Statewatch – Europe
68. Vrijschrift.org – The Netherlands
69. Whistleblower-Netzwerk – Germany
70. Wikimedia – International
71. Women’s Link Worldwide – Europe
72. Worker Info Exchange – International
73. Xnet – Spain
You can still put your organization’s signature on the open letter by filling out this form.