Bulletins

The EU's child safety plan is a privacy disaster in the making

The new proposal would force tech companies to proactively scan for child sexual abuse imagery and grooming and report it to authorities.

EU flags at the European Commission

The European Commission proposed a new child safety plan that could erode end-to-end encryption.

Image: Guillaume Périgois/Unsplash

The European Commission unveiled a new plan to combat child sexual abuse material Wednesday, and it's already drawing a backlash from privacy experts who say it would create a new and invasive surveillance regime in Europe.


The proposal would require tech companies in Europe to scan their platforms and products for CSAM and report their findings to law enforcement. Lots of tech companies already do some form of this, of course, using hashed versions of known CSAM to automatically block new uploads matching that content. But the European plan would take that work a step farther, allowing EU countries to ask the courts to require tech companies to seek out and report new instances of CSAM. The plan also proposes using AI to detect patterns of language associated with grooming.

“We are failing to protect children today,” EU commissioner for Home Affairs Ylva Johansson said at a press conference.

But critics argue these requirements would risk breaking end-to-end encryption and would force companies to peer into the personal communications of all users. "This document is the most terrifying thing I’ve ever seen," Matthew Green, an associate professor at Johns Hopkins' Information Security Institute, tweeted after a draft of the proposal leaked. "Once you open up 'machines reading your text messages' for any purpose, there are no limits."

"Today is the day that the European Union declares war upon end-to-end #encryption, and demands access to every persons private messages on any platform in the name of protecting children," tweeted Alec Muffett, a leading security expert and former Facebook software engineer.

What the EU is proposing bears some resemblance to Apple's child safety plan, which the company introduced last summer only to retract it a few months later. At the time, Apple said it would scan iMessages for users under 17 and warn them if they were about to send or receive what Apple's systems deemed to be "sexually explicit" imagery. If those kids were under 13 and opted into family plans, Apple would notify their parents or guardians too. Apple also proposed scanning iCloud content for known CSAM and alerting the National Center for Missing and Exploited Children, or NCMEC, when it detected above a certain threshold of content in a single account.

But Apple put the plan on pause following fierce opposition from privacy groups, as well as from advocates for LGBTQ+ youth, who said kids could be at even more risk if Apple were to out them to abusive authority figures.

"This is Apple all over again," Green tweeted.

There are some parts of the plan that may prove less controversial, like the creation of an EU version of NCMEC, which has become an important repository of known CSAM in the U.S. The need to combat CSAM is, after all, urgent and growing, and it's critical for companies to coordinate efforts.

It may be years before a final version of the proposal is approved by member states and European Parliament. Until then, tech giants and privacy groups are likely to fight it with everything they've got.

Latest Bulletins
David Hatfield has stepped down as co-CEO of cloud security vendor Lacework but will remain on the company's board of directors, Protocol has learned.
Keep Reading Show less

California’s new pay transparency law, SB 1162, promises to shake up compensation in the tech industry by requiring employers in the state to list pay scales in job ads and reveal pay information to both the state and to current employees. We spoke with Susan Alban, operating partner and chief people officer at Renegade Partners, and compensation consultant Ashish Raina to learn how.

Keep Reading Show less

Pour one out for the Lightning cable.

Keep Reading Show less

Carbon dioxide removal service buyers and sellers are focused on one metric: $100 per ton. It’s one of Frontier’s stated criteria that the fund uses to evaluate its advance purchases. In a survey of the long-duration carbon removal community, CarbonPlan found that stakeholders are focused on the $100 benchmark. The Department of Energy even announced that it would be investing in carbon removal research to bring the cost of the technology down to $100 per ton.

Keep Reading Show less

When Google announced the closure of its Stadia cloud gaming platform last week, the news was delivered at roughly the same time to employees, partners, and players on Thursday morning. Within hours, it had become clear that Stadia’s shutdown, planned for next January, would involve more than just refunding consumer purchases and quietly bowing out.

Now developers are scrambling to salvage planned projects, migrate players to other platforms, and figure out whether they’re still owed money from Google before the search giant puts Stadia out to pasture for good.

Keep Reading Show less

Trading of Twitter shares was briefly halted midday as CNBC and Bloomberg reported that Elon Musk now plans to go through with his deal to buy Twitter for $54.20 a share. The news was later confirmed.

Keep Reading Show less

The U.S. is set to unveil a fresh set of policies Thursday aimed at choking off China’s access to advanced chip manufacturing technology and the chips themselves, according to a person familiar with the matter.

Keep Reading Show less

Companies like Meta and Lyft have stopped hiring for the year, and that’s music to the ears of other tech companies that are still staffing up. Much of talent sourcing still takes place on LinkedIn, but many recruiters have found their own techniques to use the service more efficiently. We asked LinkedIn’s VP of talent acquisition and three outside recruiters for their best LinkedIn hacks for sourcing talent.

Keep Reading Show less

Kim Kardashian broke the internet, and according to the Securities and Exchange Commission, she also broke the securities laws.

Keep Reading Show less

On Thursday, California Gov. Gavin Newsom signed into law a bill that makes phone calls from California’s prisons free of charge. The new law places the cost of calls not on incarcerated people — or the people receiving calls from them — but on the state’s Department of Corrections and Rehabilitation.

California is the second state after Connecticut and the biggest state by far to institute such a law, which is a direct shot at the $1.4 billion prison telecom industry. For years prison telecom companies have maintained rates that “can be unjustly and unreasonably high, thereby impeding the ability of inmates and their loved ones to maintain vital connections,” the FCC said in 2020.

Prison reform advocates argue the new California law will have a hugely positive impact on the families of incarcerated people in California — and potentially other states that follow California's lead.

Keep Reading Show less

Rohit Chopra arrived as director of the Consumer Financial Protection Bureau one year ago today. True to his reputation as an aggressive watchdog from his time as an FTC commissioner and an earlier stint at the CFPB, he has pursued a busy agenda that’s setting up regulatory battles to come.

Keep Reading Show less
Tech salaries are about to get a lot more transparent. On Tuesday, Gov. Gavin Newsom signed a new law to require California employers to post salary ranges in job postings and report hourly pay data by employees’ race and sex to the state. We spoke with four employment lawyers and other pay transparency experts about what this means, and how to comply.
Keep Reading Show less

Microsoft said Friday it's "working on an accelerated timeline" to provide a patch for two newly disclosed vulnerabilities affecting Exchange email servers, which the company acknowledged have been used in attacks on customers.

Keep Reading Show less

Google is stepping up its push for open video formats: The company plans to force hardware manufacturers to support the AV1 video codec if they want to run Android 14 on their mobile devices, according to comments left in recent commits to the Android Open Source Project (AOSP) that were first spotted by Esper senior technical editor Mishaal Rahman.

Keep Reading Show less

A troubling new vulnerability affecting Microsoft Exchange email servers has been disclosed by researchers, though details are still emerging on the severity and exploitability of the flaw.

Keep Reading Show less

The gas-powered vehicle ban dominoes have begun to fall.

Keep Reading Show less

Tech industry groups are once again pleading with the 5th Circuit to block HB 20, Texas' on-again, off-again social media law, which the court recently allowed to take effect.

Keep Reading Show less

Sometimes a major "hack" isn't really a hack at all, such as with some breaches caused by the mishandling of APIs.

Keep Reading Show less

The neobank MoneyLion charged service members excessive fees for loans and often refused to cancel paid memberships, according to a lawsuit filed Thursday by the Consumer Financial Protection Bureau.

Keep Reading Show less

Google is shutting down its Stadia cloud gaming service, nearly three years after its launch and roughly 18 months since the company shut down its internal game development division.

Keep Reading Show less

Amazon announced pay raises and the rollout of new benefit programs to warehouse employees Wednesday. But one of those products may pose increased risks to the company’s most precarious workers: the expanded rollout of Amazon’s Anytime Pay Program.

Keep Reading Show less

More pay transparency is coming to California. The Golden State is joining New York City, Colorado, and Washington in requiring employers to disclose pay ranges in job ads.

Keep Reading Show less

Cost-cutting in tech is officially hitting the industry’s titans. After years of ruthless staffing up, both Meta and Google have told some employees to find new jobs within the company or leave, according to a report in The Wall Street Journal.

Keep Reading Show less

Calendly, the $3 billion scheduling startup that everyone likes to periodically fight about, has made its first acquisition: Prelude, a startup specializing in the hiring process. Prelude is specifically geared toward scheduling job interviews or other types of recruitment-related meetings.

Keep Reading Show less

Celsius Network CEO Alex Mashinsky resigned from the embattled cryptocurrency lender Tuesday morning. The lender is in the middle of bankruptcy proceedings after pausing withdrawals in June.

Keep Reading Show less
Bulletins