6 November 2023
In response to a request for documents pertaining to the decision-making behind the proposed CSAM regulation, the European Commission failed to disclose a list of companies who were consulted about the technical feasibility of detecting CSAM without undermining encryption. This list “clearly fell within the scope” of the Irish Council for Civil Liberties’ request.
The European Ombudsman has now held that the Commission’s failure to disclose the existence of this list constituted “maladministration”.
The technical feasibility question is a major sticking point in the EU negotiations around this file.
Numerous experts have warned that it is not technically feasible. Public interest technologists and more than 450 academics have warned in public that “technology to detect CSAM in encrypted content is currently not mature and will not be mature in the next two to five years.”[1] This is in stark contrast to the views put forward by experts relied upon by the Commission, whose names the Commission is refusing to reveal.
In December 2022, ICCL filed complaints with the European Ombudsman against the European Commission’s refusal to provide a list of experts who helped the Commission draft the text related to potential solutions to detect child sexual abuse material in end-to-end encrypted communications.
After the Commission acknowledged to the EU Ombudsman that it, in fact, had such a list, but failed to disclose its existence to Dr Kris Shrishak, the Ombudsman held the Commission’s behaviour constituted “maladministration”.
The Ombudsman held: “[t]he Commission did not identify the list of experts as falling within the scope of the complainant’s request. This means that the complainant did not have the opportunity to challenge (the reasons for) the institution’s refusal to disclose the document. This constitutes maladministration.”
The proposed regulation on child sexual abuse material has been hugely controversial. In addition to concerns about mass surveillance and undermining encryption, further concerns have been raised about the incompatibility with existing EU laws which prohibit general and indiscriminate monitoring of people’s communications. These concerns have been raised by many bodies, including the European Council’s own legal service, the European Parliamentary Research Service, the United Nations High Commissioner for Human Rights; and the European Data Protection Board and Supervisor.
“In light of these concerns, the lack of transparency from the Commission regarding external experts is deeply worrying, more so considering alleged close links between the Commission and lobbyists in the preparation of the regulation”, said Dr Kris Shrishak, Senior Fellow at ICCL.
The Ombudsman’s decision can be read in full here.
[1] See 10:08:00 onwards in the presentation of Complementary impact assessment of CSAM proposal at Committee on Civil Liberties, Justice and Home Affairs. 13 April 2023. URL: https://multimedia.europarl.europa.eu/en/webstreaming/committee-on-civil-liberties-justice-and-home-affairs_20230413-0900-COMMITTEE-LIBE