On 7 March, EIF organised a debate hosted by Ivan Stefanec MEP on how to guarantee child safety online, taking into account the European Commission proposal on Child Sexual Abuse Material (CSAM). The MEP was joined by the following guest speakers:
Caterina Molinari, Policy Officer - Fight against cybercrime and child sexual abuse, DG Home, European Commission
Alexandra Koch-Skiba representing EuroISPA; Head of Complaints Office, eco (Association of the Internet Industry)
Jean-Christophe Le Toquin, Coordinator of Encryption Europe
Tomas Krissak, Expert in information security
MEP Ivan Stefanec, in his opening remarks, stressed the dangers of the Internet for children, and provided three important figures. First, over one third of children have been asked to do something sexually explicit online. Second, the National Center for Missing and Exploited Children captures more than 25 million images of child pornography annually. Third, up to 83% of children do not tell anyone about sexual abuse. Mr. Stefanec emphasised the importance of a harmonised regulatory framework, education, speedy detection and removal of harmful content as solutions to this issue. Additionally, he mentioned the European Commission’s proposal, and in particular the establishment of the EU Centre to enable the implementation of the new regulation. He closed his speech by underlining the importance of the coordination with national authorities.
The European Commission representative, Caterina Molinari, defined the Regulation proposal on Child Sexual Abuse Material as a response to this growing online phenomenon. One of the main components of such proposal is the imposition of obligations for online providers. Online providers should acknowledge the problem, assess it on their service, and adopt safety measures. She stressed that obligation of detection in the proposal is not framed as a rule, but as a last resort measure when mitigation is insufficient to reduce the risk of online child sexual abuse. Another important component of the proposal is the establishment of the EU Centre on Child Sexual Abuse as a decentralised agency responding to the EU laws and giving feedback to providers on the accuracy of their detection. For the time being, the point of reference is the NCMEC, a US-body. In the end, Ms. Molinari pointed out that the proposal would not set child protection against privacy or data protection, but in full respect of the rights of all users.
Alexandra Koch-Skiba, representing EuroISPA, mentioned two ways for service providers to gain knowledge of child abuse content: third-party reporting and voluntary detection measures. On the one hand, she highlighted the effectiveness of third-party reporting through hotlines, law enforcement, national authorities, and users. Hotlines can be the point of contact for anonymous users reporting of websites and specific URLs. On the other hand, voluntary detection measures are usually relevant for larger companies, platforms, and ICS providers. However, these measures depend on the service: it is important to differentiate between non material and non-CSAM and grooming activities. According to Ms. Koch-Skiba, the proposed regulation does not adequately take into account the importance of these approaches. She recommended that the proposed EU Centre should collaborate with hotlines and law enforcement and that providers should be allowed to use metadata. Finally, she suggested limiting detection measures to known CSAM only and excluding grooming activities from detection orders.
Jean-Christophe Le Toquin, representing Encryption Europe, emphasized the difficulty in applying the obligation of detection that the European Commission proposed. It is important to defocus from the question of encrypting or not private communications. According to him, a change of mindset would be crucial in protecting children, although he wondered if this should imply the access to and the scan of private communications. Underlining his two roles in fighting cybercrime and defending privacy and encryption, Mr. Le Toquin reiterated that a change of mindset in favor of children victims of sexual abuse is crucial. Therefore, he recognised that the Commission proposal should be supported together with a cultural shift in terms of protecting children from sexual abuse. He declared that the end-to-end encryption of private communications is compatible with this cultural shift, although privacy of communication needs to be respected.
Tomas Krissak, as expert in information security, acknowledged the importance of creating the technological means to have situational awareness of what happens in different online platforms. To start with, he provided a purely technological perspective on how technology can be used to tackle issues related to information security, such as preventing the spread of toxic content. Some technological means to stop the spread of toxic content are already available in Europe. Then, he provided a more personal perspective. As an activist, he has been traveling to Slovak schools to talk about issues regarding information security, such as rising extremism, disinformation, grooming, and stalking incidents. Children are becoming more vulnerable to these incidents, both online and in physical spaces. According to Mr. Krissak, one of the ways to tackle this issue is through gamification programs that create a safe way to train people in being more resilient towards negative online incidents.