First to speak was Patrick Breyer MEP, from the German Pirate Party, who highlighted that the European Commission's plans could make the indiscriminate scanning of messages—perhaps even encrypted messages—mandatory for platforms operating in the European Union. This cannot be reconciled with the ruling in the La Quadrature du Net case of the Court of Justice of the European Union, which affirmed that state authorities are not allowed to intercept personal data in bulk.
But even if scanning was not made mandatory, Dr Breyer raised concerns about how scanning for evidence of child sexual abuse can misfire. He stated that about 40% of child pornography or CSAM investigations in Germany are targeted at minors. Platforms used for sexting do not clearly disclose that private communications might be scanned. When scanning results in a suspected match, private images can end up in the hands of tech company employees, where they don't belong and are not safe.
Rather than increasing our reliance on indiscriminate scanning, Dr Breyer recommended that more priority should be given to targeted investigations of existing abuse reports, of which there is a significant backlog, as well as to prevention efforts and assistance to victims.
Christian Dawson, who spoke next, outlined the three alternative broad proposals for legislation that the European Commission had laid out. First would be a continuation and strengthening of the existing voluntary regime for CSAM scanning and reporting. This option was favored by the Internet Infrastructure Coalition, and was thought to be the only feasible alternative for providers of cloud services.
The second proposal would make scanning for existing CSAM mandatory, while authorizing platforms to also voluntarily use AI algorithms to attempt to identify new, never-before-seen CSAM images, and instances of attempted grooming of children for sexual purposes. The third proposal would make it mandatory to scan for all three of these types of content.
Dawson explained why neither of these proposals were technically feasible for cloud service providers. They do not have access to much of the content that would be required to be scanned and reported—especially not over encrypted services—and even if they did, the use of AI algorithms is not scalable to the level that would be required to scan all European Internet communications.
He also mentioned that one of the obstacles to the use of AI to identify new CSAM images is that it is illegal for platforms to retain possession of such images for the purpose of training these systems. Under current technology, the only reliable and scalable method available for identifying CSAM is reference to databases of hashes (digital fingerprints) of already identified illegal images.
Crystal Mundy, who spoke next, addressed a separate topic raised by the consultation: apart from changes to the CSAM scanning regime, Europe is also considering establishing a new European center to counter child sexual abuse, which could have a role in promoting the prevention of CSA and in providing services to victims.
She pointed out the success of prevention programs depends upon understanding that there are important differences between people who offend, and that there is an overlap between offenders and victims. For example, she stressed that not all CSA offenders have pedophilia, and that assuming otherwise can impede us from preventing offending by those who don't have a sexual motivation for doing so.
She explained that a public health approach involves identifying risk factors and protective factors, and working to minimize the former while strengthening the latter. A common trap is to approach prevention in a way that stigmatizes either survivors or those who offend or are at risk of doing so: doing this simply means that people who are at risk won’t engage with support services. As such, organizations that provide stigma-free support to at-risk populations play an important role.
On the other hand, there are some popular approaches to dealing with child sexual abuse that we know don't work. Sex offense registries, and probation conditions that limit the ability of those who have offended to maintain residency and employment, are examples of these misplaced approaches. Such approaches actually make it more likely that people will offend again.
She acknowledged the difficulty of convincing the public that rehabilitation and prevention efforts are worthwhile. Even so, she stressed that a heavy focus on the sexuality of people who may offend drives them away, and stated that we have to see these people as human and support their mental wellbeing, if we truly wish to minimize the risk factors that drive offending. Listening to experts is an important first step for the European Commission before it can move on to the wide implementation of prevention strategies.
Prostasia's Jeremy Malcolm concluded the session (slides here) by giving some background to the push for Internet platforms to use artificial intelligence algorithms to attempt to identify new CSAM images and grooming. A notable signal of this was the inclusion of recommendations that platforms use these technologies, in a set of recommendations issued by the Five Eyes governments in March 2020. The current European Commission consultation could see these voluntary recommendations hardening into law.
As Jeremy pointed out however, AI technologies are far from ready to be used as a standard tool in CSAM elimination, due to their poor accuracy and the fact that when they misfire, this lands most heavily on marginalized groups. As such, Prostasia Foundation recommends that if CSAM scanning is to be legalized by the European Union, this should be limited to known CSAM images only, and the system should be made more accountable and transparent.
Prostasia also recommends that more attention be given to the prevention mission of the proposed new European center, and that if this is to happen, it will be careful to guard against its capture by law enforcement interests. Reducing the stigma that surrounds the topic of child sexual abuse and its prevention will be a key component of delivering on the potential of the European center to help prevent abuse and support survivors.
Submissions to the European Commission consultation remain open until April 15.