Guise of "Children's Rights" Weakens Internet Privacy Laws and Increases Mass Surveillance

Viktoria Tomova / Dec 13, 2023

New leaked police documents have shed light on the fact that law enforcement agencies in the United States, at the federal, state, and local levels, have been using a secretive government program to gain access to phone records of individuals who are not suspected of any crime. This program is part of a global trend towards normalizing surveillance and violating people's privacy. Lawmakers in both the European Union and the United States use "children's rights" as a way to disguise their mass surveillance plans.

This trend is concerning because policymakers and law enforcement agencies are increasingly aligning themselves with industry interests and using children's rights to influence public opinion on the legitimacy of law enforcement's ability to access encrypted communications. This raises important concerns about privacy and civil liberties. However, there are steps we can take to address these issues and protect our rights.

We all want to feel safe while using the internet to explore our identities, socialize, find love, and organize. This is especially true for young people who rely on their digital security to express themselves, build a network of support, and be politically active. However, a handful of self-interested people decide what the internet should look like for all of us. EU and US lawmakers must ensure that our digital security is protected from the prying eyes of tech corporations, and that law enforcement bodies do not treat us all like suspects.

Earlier this year, leaked notes from the EU-US Senior Officials Meeting on Justice and Home Affairs, held in Stockholm, revealed that the EU and US delegations jointly agreed on the need to promote in public discourse “law enforcement’s legitimacy to investigate” encrypted communications and on “the need to mirror privacy by design with lawful access by design”; technocratic speak for building backdoors into encrypted communications as standard practice. This indicates a clear intent to undermine people's privacy and confidentiality of communications.

European Commissioner Ylva Johansson, July 2023. Bogdan Hoyaux/European Commission. Wikimedia

More pieces of the puzzle have recently begun to fall into place as the EU debates a draft law proposed by European Commissioner Ylva Johansson to prevent and combat child sexual abuse (CSA Regulation), which has been heavily criticized for opening the door for mass surveillance.

Recently, the Balkan Investigative Reporting Network (BIRN) published an investigation that revealed that companies developing and deploying AI and some advocacy groups have been heavily funded and given a great amount of influence over the building of the EU's CSA Regulation. This led to creating a one-sided debate, sidelining other organizations. For instance, the registered charity organization Thorn, which has been a key supporter of the Commission's proposal, actually sells AI tools for scanning online child sexual abuse images. In the past, Thorn's partnership with Palantir and the provision of sophisticated surveillance tools to police have raised concerns over privacy violations.

Contrary to the claim made in the letter that key stakeholder groups were consulted during the drafting of the legislative proposal, the Commissioner rejected three attempts by EDRi, a leading coalition of digital rights organizations and experts, to meet with her to discuss the privacy concerns with the draft proposal. Therefore, it represents an important stakeholder that should be consulted in the drafting of the law.

As a result, we see that the proposed measures in the CSA Regulation require that private companies monitor potentially everyone’s private communications on behalf of the police. This has been heavily criticized by child protection experts, survivors of CSA, police, national governments, UN officials, companies, and NGOs as such actions could do more harm than good for the very children it is supposed to protect.

Nevertheless, the Commissioner has been pressuring EU policymakers to make a hasty decision, even if it increases the likelihood of the law being overturned. For example, Politico Europe recently reported that the European Commission has in recent weeks used prohibited micro-targeting of people based on their religious and political views in an attempt to manipulate public opinion in member states where governments opposed the CSA law proposal.

A recent WIRED investigation revealed that the Heat Initiative, a child safety group, launched a campaign in the US leveraging children's rights to contest the privacy protections that Apple offers to its customers. The investigation points out that some of the staff currently working at the Heat Initiative used to work for Thorn in the past. Most recently, Thorn, founded by the actor Ashton Kutcher, was mentioned in a report that highlighted how private corporate interests and law enforcement have influenced European encryption laws in the name of child safety.

While organizations like Thorn support efforts that attack encryption, law enforcement agencies are also taking advantage of opening the door to people's private communications by cooperating with the surveillance industry.

For instance, in the US, Thorn has reportedly collaborated with police to target sex workers using sophisticated surveillance tools to collect vast amounts of data about the consenting sex worker community from publicly posted ads and sex trade forums, often without their knowledge.

In the EU, the media outlet BIRN obtained documents released under a Freedom of Information request that show Europol officials requested unfiltered access to data collected through the mass scanning system proposed in the CSA Regulation, pushing for its use beyond detecting child sexual abuse material, and for other crimes as well. Shockingly, the European Commission did not reject the request.

Having policies that ensure everyone's safety online, especially that of children, is crucial. However, implementing sweeping surveillance measures is not the solution. Such laws only benefit entities like Thorn and law enforcement bodies like Europol that want a policy environment where it is possible to spy on every citizen.

Privacy is about creating a safe space where you can be yourself, find help, and connect with the ones you love without fear. Child rights experts, such as those at UNICEF and the UN, have emphasized that tools like encryption, which ensures children's privacy online, are essential means for learning, sharing, and participating in civic life.

It is essential that we fight back against all invasive and unlawful data collection and manipulation from companies and states. Legislators should make sure people are in control of what they see online and are not limited by tech corporations’ commercial choices nor by states’ drive for more access to private messages. Just now, at the end of November, the European Parliament approved its position on the CSA law, which ensures that encryption is protected and the European Commission's mass surveillance plans are stopped.

Instead of legalizing mass surveillance practices, policymakers must prioritize implementing sustainable measures like ensuring all platforms and services in the EU have a clear, accessible, child-friendly way for suspected abuse material to be reported, and that response teams are adequately resourced to be able to respond in a fast and effective manner.


Viktoria Tomova
Viktoria Tomova is a Communications and Media Specialist at European Digital Rights & a Public Voices Fellow on Technology in the Public Interest with The OpEd Project in partnership with The MacArthur Foundation.