According to a hastily passed EU ePrivacy Derogation, our entire electronic communication will be searched for indications of paedophilia in the future. The EU Commission believes it has every right to carry out such an Orwellian invasion of privacy – because it is (supposedly) about child protection. This is not only grossly disproportionate, but actually achieves the opposite, as even self-help organisation of survivors emphasise. The infamous censorship debate is back.

„hey sweetie, y not send me a pic“

This text message could mean: “How do you do at the pony farm?”, “Did you buy the shoes?” or “Is the new flat bright enough?“. But it might as well be about grooming, a sexual solicitation of minors by adults.

Written in a letter, we would consider this sentence a private matter. But an unencrypted email or text message is not a letter, not even a postcard. It is a folded piece of paper that we entrust to various hands for forwarding, like we did back in our school days.

Self-proclaimed child protectionists now want to assume the right to automatically sift through everything we send to each other electronically. And if a sentence or a picture is ambiguous, the police and private helpers should automatically receive a copy in order to take a closer look at whether this should be classified as a sexual assault against a child.

The German self-help organisation MOGiS e.V. (“Abuse victims against internet blocking”) is campaigning against such total surveillance. And other affected activists are also highly critical of the plans, such as the Anti-stalking Project. Alexander Hanff, himself a victim of abuse, activist and entrepreneur in the field of privacy, does not have a good word to say about the plans:

„As an abuse survivor, I (and millions of other survivors around the world) rely on confidential communication to find support and report the crimes against us. (…) The proposed solution does not meet the requirements of proportionality. (…) The proposal is so poorly written that it leaves the door open for abuse of power, for false reporting and for large-scale surveillance of all our private communications. Moreover, there is no evidence that such measures would be effective at all, and many critics believe (myself included) that such activities would simply be pushed underground, making them much harder to detect.“

I didn’t want to believe it myself, so once again for the record:

The EU Commission and the LIBE Committee (Civil Liberties, Justice and Home Affairs) have introduced and already passed a proposal, the so-called “ePrivacy Derogation” (repeal of the ePrivacy Directive, (1)), which suspends several fundamental rights of the EU Charter of Fundamental Rights (namely Articles 7 and 8) as a blanket data retention and for all people. Providers and networks would be obliged to carry out the corresponding data scan. Any encryption would have to be weakened for this purpose. The background to this is the recent strengthening of user rights through an EU directive and the fear that this would make it too easy for child porn rings.

Important reasons for this initiative are probably, on the one hand, the technical feasibility (2) and the high savings potential compared to more suitable investigation methods in this area. And on the other hand, the high acceptance of surveillance measures on the topic of paedophilia – where everyone is outraged and thinks they have “nothing to hide”.

But is the law really suitable and isn’t the baby being thrown out with the bathwater? Privacy activists such as EDRI, Netzpolitik.org or the Pirate’s Party in the European Parliament strongly oppose the bill. The European Data Protection Supervisor has also expressed considerable concerns. And the doubts of civil rights activists are more than justified.
.

Things look different at second glance

  • In the automated recognition of relevant material, an error rate of 90 percent is still considered good enough. Thus, masses of “innocent” text and image material come under the critical eyes of the authorities and the organisations involved. These can be photos of adults, family beach photos, photos that minors send to each other in confidence, pictures that outrage puritans, satirical illustrations, … Our entire communication is placed under general suspicion and pre-censored in the shape of self censorship. But this is just the beginning.

  • A lot of new material is accumulated, which is now put into the context of paedophile sexuality. The recipients of the copies are cleaners, i.e. professional employees of social networks who decide every second what is to be classified and how. The material is also to be made available to voluntary NGOs. Besides, this makes them an attractive target for hackers or perpetrators and the misuse or theft of the accumulated convolutions is only a matter of time. (Police officers and “helpers” are also repeatedly conspicuous for their careless handling or even “private use” of relevant material, for example here, here or here).

  • Images of real crimes (as well as false alarms) are kept, e.g. to train algorithms. The victims of the crimes, however, want the images of their trauma to be deleted at some point and not to resurface at some point, e.g. through leaks and breaches. The right to one’s own image is thus grossly disregarded in a particularly sensitive case.

  • Legal, yet explicit material is collected as a “by-catch” – also from politicians, secret bearers or celebrities. The door is opened to blackmail. Professional secrecy carriers (journalists, clergy, lawyers, …) are supposed to be exempt from searches – but how is that supposed to work in practice?

  • Misjudgements and unfounded criminal charges can destroy entire livelihoods. A house search on suspicion (which may be false, but of course cannot be refuted) can mean the professional or social ruin for someone.

  • The fight against sexual abuse is only seemingly being advanced. Sophisticated perpetrators know how to protect themselves, of course. Once again, the saying applies: “When privacy becomes criminal, only criminals have privacy”. Effective encryption, the Darknet and Tor browsers are still no match. Fortunately, one has to say. Because apart from drug dealers and child porn rings (which also existed before the internet), whistleblowers and journalists also benefit from this technology, or activists and opposition voices in totalitarian states.

  • There is a fixation on electronically documented cases. Christian Bahrs of MOGiS e.V. had thoroughly examined figures from 2009 and came to the conclusion that so-called child pornographic material is produced only in the fewest cases of abuse. Nevertheless, it is to be expected that more effective search approaches will fall by the wayside. Not least – it’s bitter to say – because they are not worth the expense to the state. In the major cases of abuse that have come to light in recent times, it could always be observed that there had been indications and omissions at hand of the youth welfare offices and the police. The naïve conception of electronic miracles doesn’t work.

  • The implementation of the legislative initiative would be tantamount to a censorship infrastructure. Such a massive weakening of our privacy (which is, after all, a human right) can only be described as totalitarian. And it would set a precedent, because in all experience, once people get used to it, the regulation will be inevitably extended to other offences (“mission creep“). Secret services also have a freer hand as soon as encryption is affected.
    .

“Child abuse” – a perfect catchword to make politics

Sexual violence against children triggers us – and rightly so. Hardly any other offence is met with such unanimous indignation. Even in prison, paedophile sex offenders are the pariahs among the inmates. And no other topic can cause such a scandal – just one accusation or suspicion can put entire livelihoods at stake.

The outrage is justified. What sexual violence does to the soul of its victims is only roughly described by terms such as depression, anxiety disorder, diminished self-esteem, relationship problems and professional difficulties as well as disturbed sexuality. Many of the victims have massive problems coping later in life. Whereas in the 1980s paedophilia was still mentioned in the same breath as the emancipation of gays and lesbians, today it is rightly a no-go. Churches and other institutions that have systematically covered up sexual violence are increasingly coming under fire.

The impression that sexual abuse of children is constantly on the rise cannot be substantiated, because the statistics only refer to cases that have become known. What used to be swept under a carpet of shame, complicity and secrecy is now the subject of open debate. People finally dare to come out with their story – 20, 30 years after the acts.

At the same time – this must also be said – the topic attracts neurotics of various kinds. Invented accusations are not uncommon, because being a victim attracts attention. Right-wing conservative puritans go to the extent of of accusations against a sexualised society, accusing educational initiatives of “early sexualisation” of children. Not to mention the QAnon hysteria about alleged torture.

In summary: The topic is sheer horror. And that is precisely why it can easily be instrumentalised as a moral crowbar.
.

Why does the proposal receive so little attention – and what happens next?

„According to the case law of the European Court of Justice, permanent automated analysis of communications is only proportionate if it is limited to suspects (Case C-511/18). This condition is not met by the proposal.“

Patrick Breyer (MEP) authored this Position of the Piratenpartei / Greens fraction /EFA

For one thing: My impression is that civil society was a little absorbed in times of Corona, Brexit and the drama of the US elections. Those who are upset about the current Corona measures probably don’t have the nerve for such fundamental rights issues. And in some respects, things have actually been going quite well in the EU lately in terms of privacy:

  • With the proposal for a Digital Services and Digital Markets Act, the EU Commission has succeeded in making a considerable effort to put data hogs like Google, Facebook and others in their place.

  • The GDPR had set a new standard in consent to data collections.

  • And a planned ePrivacy Regulation promised privacy by default, i.e. as a required basic setting of software and devices.

But the latter has been put on the back burner in the meantime – and it is countered by massive attacks on encryption – and so now the ePrivacy Derogation. The bottom line is a rather contradictory play of forces in EU legislation.

So what we are facing – if we don’t make a lot of noise very quickly – is a swift push of the half-baked bill, virtually under the radar of the busy parliamentarians. Since no one wants to be accused of playing into the hands of child porn rings, they are under pressure. And after all, the current president of the EU Commission, Ursula von der Leyen, already caused a furore with precisely this topic in the censorship debate in 2009. What initially looked like a triumph for her at the time was later meekly shredded.

But little seems to have been learned from this. The conservative phrase “the internet must not be a lawless space” cannot be killed, despite better knowledge. Even in the electronic age, fantasies of omnipotence are rather signs of hubris than healthy politics – as they can’t even keep the police forces free of “lawless spaces”.

Alexander Hanff expresses his observation (here) that it’s “lobbyists with a vested interest – whether they be state level lobbyists seeking to extend their intrusive surveillance activities or technology companies which make 100s of millions of Euros from selling technology which can data mine our communications; and let’s be clear, these are the loudest voices pushing for this proposal from the EU Commission.” This could mean Microsoft with its PhotoDNA, for example.

The fact that the entire project, viewed rationally, can only fail before the European Court of Justice, continues an unfortunate practice that is becoming common practice among conservative politicians in this country: Laws are made and become valid until they are overturned by the Constitutional Court. Then they are surprised and make a few improvements, only to do it again in exactly the same way.
.

So, if not this – what could really work in the fight against sexualised violence?

I am not a criminologist and would honestly appreciate unbiased comments on how to effectively combat grooming and child pornography.

„It’s a matter of fact: Sexual abuse by relatives, friends and caregivers is very common, and very few cases of abuse are even documented. Hardly ever can victims of child sexual abuse be helped by investigations into child pornography. In order to protect children from abuse, completely different measures are needed, such as nationwide prevention, detection and drop-out programmes. But these have been scandalously underfunded for years.“

Patrick Breyer

What I know for sure is that blanket total surveillance cannot be the proportionate and right thing to do. But what is it then?

  • As far as I know, classical criminal police work that penetrates perpetrator networks, collects evidence and identifies persons is the more successful means compared to the technically well-equipped child porn rings. One-time effects such as the recording of crypto-cell phones, which comes as a surprise to the perpetrators, may be an exception. But such zero-day-exploits cannot be used as a basis for a long-term strategy.

  • Tips must finally be followed up consistently. This is tedious and sometimes expensive work, for which too few resources are available in the underfunded practice of our police. Just imagine: In Germany, many police officers have to bring their own equipment to work in order not to fall hopelessly behind technically. The responsibility for this lies precisely with those ministers of the interior (from Zimmermann to Schily to Seehofer) who are always talking about an expansion of electronic surveillance.

  • Apart from the high-profile exposure, however, another type of work is taking place: Prevention. Of course, working with people is more time-consuming than a digital magic wand. But it has the advantage that it really works. In daycare centres and schools, children are sensitively made aware of the topic. Self-defence in the digital as well as the analogue world is a must. Initiatives such as the prevention network Kein Täter werden (Don’t Become a Perpetrator) or the offer Bevor was passiert , which is aimed at potential perpetrators, are obviously only a start.

By the way: Let’s not forget that such initiatives also depend on confidential communication in order to be able to follow up on tips and reports from those affected. This shows once again that total surveillance of our electronic communication is a harmful delusion.

With this in mind, let us conclude with an impressive quote from Alexander Hanff:

“I struggled with my thoughts on child abuse in my young adult life; when I was writing my dissertation in 1997 I really struggled to remain objective. It was my Psychology Professor who gave me clarity. He said to me “If you see a child drowning in the river, what would you do?” To which I obviously answered I would jump in and try to save the child. He then asked “What if when you rescue the child you see more children, more than you can possibly rescue, coming from upstream and drowning?”. This frustrated me, obviously I wanted to save all the children but it was impossible – there would be too many. He then asked “Do you not think it would be better to investigate upstream as to why so many children are falling in to the river in the first place?”

“Of course, we need to catch those who are committing the abuse and we need to try to stop those proverbial children from drowning in the river – but to date, research into WHY people seek to abuse children in the first place – what causes that behaviour and what can we do to change it; is still woefully lacking and underfunded and until we take steps to figure out the underlying problem rather than trying to deal with the consequences only – it will always be a negative sum situation for the victims and society as a whole.”

Alexander Hanff: Why I don’t support privacy invasive measures to tackle child abuse.

//


Remarks

(1) Not to be confused with the not fully developed, higher-ranking e-Privacy Regulation, which would of course also be restricted by this

(2) If we adopt the logic of ePrivacy Derrogation, the new smart speakers in our homes would have to scan our conversations for indications of domestic violence. Then security cameras would have to evaluate our behaviour and immediately forward suspicious facts to the police. Sewage could be tested for drugs or our rubbish could be analysed as soon as the appropriate technology is available, and so on.

Weblinks from the debate about Ursula von der Leyen’s internet blocking proposal of 2009 in Germany

https://netzpolitik.org/2009/hintergrundtext-kinderpornographie-internet-sperren/

https://mogis.wordpress.com/2009/04/29/kern-der-debatte/