The Dutch Minister of Justice and Security is considering to refuse to implement a motion from the House of Representatives. That's not only damaging for trust in the government, but also a major risk to the confidentiality of communications.
Except for the Christian parties, the House of Representatives was unanimous last year: the Dutch government needs to protect the confidentiality of communications. The Dutch government was instructed not to supportMotion on "keeping encryption intact" (NL) any European legislative proposal that would restrict the use of encryption. A clear instruction, but the Minister of Justice and Security opted for a play on wordsHere's the letter of the minister (NL). In response to the motion, she said: because client side device scanning happens before end-to-end encryption is applied, client side device scanning does not impact encryption. In other words, "We think letter secrecy is very important. We will never open the envelope of your letter. However, we will come to your home and look over your shoulder as you drafting the letter."
Every properly thinking person understands: in doing so, you would still undermine the confidentiality of communications. And so did the House of Representatives, which came up with a new motionThe motion on client side device scanning (NL): the government may not support proposals that would allow client side device scanning. The minister advised against this motion. It would make, she says, negotiating about the proposal impossible. And, quite unusual, less than 24 hours before the vote, she sent another dramatic letterThe Dutch minister of Justice in panic, read her letter here to parliament. The House of Representatives was unimpressed and adopted the motion regardless.
Minister ignoring parliament
As it is, the minister still seems to have no appetite for it. We know that the motion was discussed at a council of ministersHere are the high level minutes of that meeting. That is highly unusual. And we hear from the corridors that the minister may refuse to implement the instruction. A cabinet that disregards the will of the parliament is extremely problematic in itself. But it is also very dangerous. By allowing client side device scanning puts the confidentiality of communications at risk.
The Dutch have more allies than it thinks
The minister claims she would be alone in Brussels, with refusing client side device scanning. This is misleading because leaked documentsA (leaked) report from the Council's Law Enforcement Working Party show that governments other member states are also critical. For the German government, "it is necessary among other things to state in the draft text that no technologies will be used which disrupt, weaken, circumvent or modify encryption." Italy says it wants to maintain the current situation in which encryption is not restricted. Malta is concerned. And Poland, even Poland, has also now landed on a position where it wants encryption, and therefore the confidentiality of communications, protected.
The Netherlands would also ignore the Council's own legal expertsAll EU legislative institutions shoot European CSA-proposal down. Those experts say platforms can only monitor Internet users' communications if they limit the use of encryption, build in a backdoor or deploy client side device scanning. That would mean "de facto prohibiting, weakening or otherwise circumventing cybersecurity measures (in particular end-to-end encryption), to make such screening possible." Legal experts find that problematic. Legislators thus run the risk that European courts will make mincemeat of this measure in a few years. That won't help anyone, especially not the children they are trying to help.