EU watchdog questions secrecy around lawmakers’ encryption-breaking CSAM scanning proposal | TechCrunch

The European Commission has once again been urged to fully disclose its dealings with private technology companies and other stakeholders. Controversial part of technical policy This could lead to legislation mandating the scanning of private messages of EU citizens to detect child sexual abuse material (CSAM).

This issue deserves attention as concerns have been raised about lobbying by the tech industry influencing the drafting of the Commission’s controversial CSAM-scanning proposal. Some of the information withheld relates to correspondence between the EU and private companies that may be potential suppliers of CSAM-scanning technology – meaning they stand to commercially benefit from any pan-EU legislation mandating message scanning. Stand to do.

A preliminary investigation into maladministration by EU ombudsman Emily O’Reilly was opened and made public on Friday. Website Tomorrow. back in january, the Ombudsman reached a similar conclusion – inviting the Commission to respond to its concerns. Its latest findings take into account the reactions of the EU executive and invite the Commission to respond to its recommendations with a “detailed opinion” by 26 July – so the saga is not over yet.

Meanwhile, draft CSAM-scanning legislation remains on the table with EU co-legislators – despite warnings The council’s own legal service says the proposed approach is unlawful, The European data protection watchdog and civil society groups have also warned that the proposal represents A turning point for democratic rights In the European Union. Whereas, back in October, European Parliament MPs who are also opposed to the Commission’s direction of travel, proposed a significantly revised draft that aims to place limits on the scope of scanning. But the ball is in the Council’s court as member state governments have not yet settled on their negotiating position for the file.

Despite growing concern and opposition across many EU institutions, the Commission has stood behind the controversial CSAM detection mandates – ignoring critics’ warnings that the law could force platforms to deploy client-side scanning, which could compromise the European web. Can have serious impact on users. ‘Privacy and Security.

The continued lack of transparency in the EU executive’s decision-making process when drafting controversial legislation hardly helps – fueling concerns that some self-interested commercial interests may have played a role in shaping the original proposal. Can.

Since December, the EU’s ombudsman has been considering a complaint by a journalist who sought access to documents related to the CSAM Regulation and the EU’s “related decision-making process”.

The ombudsman is largely unimpressed by the level of transparency on show, with its defense for non-disclosure, including review of information withheld by the Commission.

The Commission released some data following a journalist’s request for public access, but withheld 28 documents in their entirety and, in the case of another five, partially redacted the information – including public interest in relation to public security. Cited multiple exemptions to refuse disclosure; The need to protect personal data; The need to protect business interests; The need to secure legal advice; And its decision making needs security.

According to information released by the ombudsman, the five documents attached to the complaint relate to “exchanges with interest representatives of the technology industry”. It did not list which companies were in correspondence with the commission, but US-based Thorn, a maker of AI-based child safety technology, was linked to lobbying on the file in an investigative report. BalkanInsights last September.

Other documents in the bundle that were either withheld or modified by the Commission include drafts of its impact assessment while it was preparing the law; and comments from its legal service.

When it comes to information relating to the EU’s correspondence with tech companies, the ombudsman questions many of the Commission’s justifications for withholding data – for example, in the case of one of these documents, the EU’s ability to modify the details of While the decision to disclose information exchanged between law enforcement and several unnamed companies may be justified on public security grounds, there is no obvious reason to conceal the names of the companies.

“It is clearly not clear how disclosure of the names of the companies concerned could undermine public safety if the information exchanged between the companies and law enforcement is redacted,” the ombudsman wrote.

In another example, the Ombudsman took issue with the Commission’s apparently selective release of information in relation to input from representatives of the technology industry, writing that: “The Commission takes issue with the very general reasons for non-disclosure provided in its confirmatory decision. From, it is not clear why it is considered stopped ‘Starting Option’ “Being more sensitive than what he had decided to disclose to the complainant.”

The Ombudsman’s conclusion on this point of the investigation reiterates its earlier finding of mismanagement at the Commission for refusing to grant “wide public access” to 33 documents. In his recommendation, O’Reilly also writes: “The European Commission should reconsider its position on access requests with a view to granting significantly increased access, taking into account the Ombudsman’s views shared in this recommendation. Should be considered.”

The Commission was contacted about the Ombudsman’s latest findings on the complaint but had not responded at press time.