On April 23, the German politician Patrick Breyer uploaded a meme to his Mastodon account. “Big Sister is Watching You”, it warned in big white letters, written behind a smiling photograph of Ylva Johansson, the EU commissioner in charge of home affairs. Within the bureaucratic confines of Brussels, it’s rare for a politician to evoke enough anger to feature on a meme—let alone be labeled as the modern incarnation of author George Orwell’s Big Brother by her colleagues.
But Johansson has become a divisive figure in Europe. The Swedish politician has positioned herself in the midst of a vitriolic debate over online child sexual abuse material (CSAM), one that pits individual privacy against the safety of vulnerable young people. The EU Home Affairs Commissioner is the architect of a deeply controversial new bill that proposes ways to force tech companies, including those with encrypted platforms, to scan their users’ private messages in an attempt to wipe both CSAM and grooming attempts off the internet. This is a personal crusade for the Swedish Johansson, a straight talker with a penchant for brightly colored blazers. Both supporters and opponents describe the commissioner as the passionate and stubborn driving force behind the bill, which she regularly describes as “my proposal.”
Arrayed against her is a fierce coalition of privacy advocates, American YouTubers, German soccer fans, and tech executives who argue that the proposal would severely impact online privacy. They call it the “chat control” bill and warn that it would open dangerous backdoors into encrypted apps. Because Johansson has made herself the face of this bill, criticism is lobbed at her personally. “Either she’s stupid or she’s evil,” says Jan Jonsson, CEO of Swedish VPN service Mullvad. In February, she was given a dubious “prize” at the Dutch Big Brother Awards, an event organized by digital rights group Bits of Freedom, which identifies heroes and villains in the fight for privacy. Johansson was firmly in the latter category, winning a public vote for the individual who has most threatened individual privacy.
The award ceremony took place on Johansson’s birthday. But she still attended—virtually, at least—and gave an acceptance speech. She says she doesn’t care about the criticism. “I think I have a moral obligation to act,” she told WIRED in March. “If I don’t, who am I? I will be a little mouse. I will be nothing.”
Child sexual abuse is not a crime that can be blamed on technology. But the internet has created a global market for its dissemination. In 2022, US charity The National Center for Missing and Exploited Children (NCMEC) received 32 million reports of suspected online CSAM. And Europe bears some responsibility for that market. Last year, more than 60 percent of all known child sexual abuse material was being hosted on EU servers, according to British nonprofit the Internet Watch Foundation (IWF).
This is not news to tech giants. The world’s largest social media platforms already have established systems to try and root out such content. Facebook, for example, uses photo-matching technology that compares photos and videos posted to the platform against a database of known CSAM content so replicas can be automatically pulled down. The company also uses AI to detect previously unidentified CSAM content. When the AI finds it, this content is sent to the NCMEC, which over the years has evolved into a clearing house for some of the most disturbing content on the internet. Once the NCMEC receives content, its staff decides what to do next: whether to report the material to the police or try to rescue the child shown in the video.