Chat control: Why the EU is endangering your digital privacy

Imagine someone reading ALL of your messages soon before they're even sent.

Every photo, every link, every private conversation, everything would be screened, analyzed and scanned for suspicious content. Sounds like dystopian science fiction? Unfortunately not. This is precisely what threatens us with the so-called ‘chat control’, which is to be voted on in the EU Council of Ministers on 14 October.

In addition to one Last-Minute Petition on WeAct.org There is also a broad rejection of these plans in the digital society.

What is chat control anyway?

The The European Commission has presented a new draft regulation, which would create an unprecedented surveillance infrastructure under the official guise of ‘fight against child sexual abuse’.
The basic idea sounds comprehensible: They want to prevent child abuse material from being disseminated via messengers and social networks.

So far, so understandable! No one wants such crimes to happen. But the methods proposed for this are the absolute digital super-GAU.

Client-side scanning: The nice name for monitoring on your device

At the heart of chat control is client-side scanning, a term that sounds more harmless than it is. In plain language, this means: Even before your message is encrypted and sent, it is scanned directly on your smartphone or computer.

Do you use WhatsApp, Signal or Threema with end-to-end encryption? Super safe, isn't it? No more when chat control comes. After all, what's the best way to encrypt your messages if they're checked before they're encrypted? It's like buying a safe with steel walls, but the door is permanently open.

Backdoors that no one can control

The Chaos Computer Club (CCC) puts it in a nutshell: Client-side scanning is nothing more than an euphemistic paraphrase for direct monitoring on your device. And for this to work, security gaps, so-called backdoors or backdoors, must be intentionally built into the software.

Now, of course, you can think of what happens when you intentionally create security holes: They don't stay secret for long. Cybercriminals, hostile states, intelligence agencies, they would all stand in line to exploit these vulnerabilities. CCC spokeswoman Elina Eickstädt therefore quite rightly warns: “We open the door to attacks on secure communication infrastructure.”

A collection can be found at Netzpolitik.org: For years, hundreds of IT experts, jurists, Data protection, Digital organisations, Tech companies, messengers, UN Representatives, Child protection, Guardians of Internet Standards, worldwide the mouth against chat control fuzzy.

One Incredible width the Civil society rejects chat control, because it would become the largest and most dangerous surveillance machine in Europe.

Even secret services, International security experts, Scientists and Research advise against such measures. So if even the people professionally involved in cyber security say "do it better", should you listen?

The fake news disaster

But it becomes even more absurd. The chat control should not only search for known abuse material, but also for previously unknown representations. For this purpose, AI systems are to be used, systems that are notoriously error-prone.

What does this mean in concrete terms? Millions of fake news. Your holiday photo on the beach with your child? Could be flagged as suspicious. The funny meme you shared? Maybe so. A link to a completely harmless website? Who knows.

The investigative authorities would drown in a sea of false positives, while the real cases go down in the data garbage.
Even law enforcement agencies and child protection organizations criticize this approach as counterproductive. If the people who should actually benefit from the measure say ‘this does not work’, you might want to think again.

Europe Calling discusses the details in the latest webinar

The video with the title #238 “Chat control – child protection or mass surveillance?” is the recording of a webinar by Europe Calling, which is critical of the EU legislative project on Chat control dissecting. The main points of the webinar are:

Meaningful safety by design on platforms where children and adults otherwise encounter each other unprotected (e.g. gaming platforms) instead of occasionless mass surveillance of everyone!

Massive surveillance: The proposed law would introduce automatic, uninitiated mass surveillance and scanning of all private electronic communications (such as signal, WhatsApp, emails) in the EU, ostensibly to protect against child abuse.

Attack on fundamental rights and encryption: The experts describe this as an unprecedented attack on privacy, IT security, telecommunications secrecy and the presumption of innocence. The mandatory introduction of client-side scanning (monitoring on your own device before a message is sent) is considered as The existential threat criticised for encrypted services such as Signal and as ‘thought crimes’.

Error susceptibility and abuse: It warns that the system is extremely error-prone and would generate a flood of false positives (up to a billion potential cases), which would overburden law enforcement agencies. In addition, the monitoring infrastructure once created could easily be misused for other purposes.

Political urgency: It is stressed that after France's alleged change of position, Germany is the decisive country in the EU Council. The speakers call on citizens to urgently contact the German parliamentarians to demand a rejection of the law.

Alternative measures: Instead of mass surveillance, targeted, more effective measures are proposed, including:

Massive investment in social work, prevention and victim support.

Strengthening specialized police units and focusing on the darknet where criminal networks operate.

So much for the summary, the whole video can be found here:

Chilling effects: When self-censorship becomes normal

Imagine that you know that each of your messages is being scanned. Would you still be able to communicate freely? Probably not. This is precisely the infamous ‘chilling effect’, self-censorship for fear of surveillance.

This is not only true for Otto normal consumers. Whistleblowers who want to point out grievances? Can no longer communicate confidentially with journalists. Journalists themselves? Lose the source protection that is essential for investigative work. Activists in authoritarian regimes? They no longer have a secure means of communication.

And this is where it gets really dangerous:

Such a surveillance infrastructure would be a gift to autocratic states. If the EU shows how to implement client-side scanning, it won't be long before dictatorships around the world demand the same, just to suppress opposition and criticism.

What does Germany do?

It's becoming politically explosive. The German government has so far been silent on the German position. Neither the Ministry of the Interior, nor the Ministry of Justice or the Ministry of Digital Affairs have spoken out. This is particularly piquant because the coalition agreement between the CDU/CSU and the SPD states that they want to further guarantee the ‘confidentiality of private communication and anonymity on the net’.

The traffic light government was still against chat control. Now there is silence. NGOs such as the CCC, D64 and the Stop Chat Control Alliance raise the alarm and call on the federal government to stay on the no. A German veto could encourage other EU countries to vote against it.

The Federal Commissioner for Data Protection also warns

Particularly noteworthy: Even official bodies sound the alarm. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has taken an unequivocal position: “The screening of all private news content is not an option. The draft Commission Regulation in its original form must therefore not be implemented.’

The BfDI warns that the chat control “the entry into an eventless mass surveillance“ has been – and has been – since the law was first discussed. This is no small thing: If even the highest data protection authority of the federal government warns against a bill, all alarm bells should ring.

Digital law experts agree

The lawyer, judge, digital rights activist (and former MEP) Patrick Breyer is someone who which takes a clear position.

Additional hidden dangers

Chat control has other problematic aspects that often remain under the radar:

Network Locks and Surfing Behavior Monitoring: The draft regulation requires internet access providers to block individual URLs. The problem? In order to implement this, they would have to monitor the surfing behavior of all customers preventively. In addition, this does not work properly with encrypted connections (HTTPS), which are standard almost everywhere today and are expressly recommended by the Federal Office for Information Security.

Voluntary filtering for cloud services: Particularly perfidious: Hosting providers and cloud services such as Dropbox or Google Drive will initially carry out a ‘risk analysis’ themselves. Only if the authorities consider the measures to be inadequate will an official order be issued. This sounds harmless at first, but creates an enormous incentive for companies to use ‘voluntarily’ error-prone filter systems without the procedural guarantees that would apply to official orders. The GFF warns that in this way fundamental rights of the users completely fall under the table.

Entire IT professional world is against it: It is not just civil society that raises the alarm. The entire IT professional world, leading security researchers and scientists from all over the world vehemently reject chat control as a threat to democracy. If so many experts agree, you might want to listen.

Another aspect is often overlooked: In order to implement chat control, it would probably require mandatory age verification for all digital communication services. So you would have to prove how old you are before you can use WhatsApp, Signal or any other app.

The problem? All available age verification systems are according to European Digital Rights (EDRi) “a threat to freedom of expression, autonomy and privacy”. Either you would have to upload personal documents (which are then stored somewhere) or use biometric data such as facial scans. Anonymity on the Net? Once upon a time.

The Society for Civil Liberties (GFF) Also warns: Those who do not have identity documents or do not want to entrust their biometric data to any company are excluded from elementary communication technology. Whistleblowers, stalking victims, politically persecuted – all rely on anonymous communication. The chat control would deprive them of this possibility.

What would be the alternative?

The organizations rightly demand: Instead of relying on supposed technical miracle solutions, one should invest in real prevention and support those affected. More resources for investigative authorities, better care for victims, education and education! These are measures that have been proven to work.

This does not mean that child abuse should not be combated. On the contrary! But one cannot sacrifice the digital security of 500 million EU citizens for a measure that experts call ineffective and even counterproductive.

The GFF puts it in a nutshell: The draft regulation aims to combat sexual violence against children, which is essential for the protection of children and their rights. However, there are considerable doubts as to the effectiveness of the proposed measures. Chat control is simply not the right tool for this important concern.

What else can you do now?

The Stop Chat Control Alliance has published guidance, how to reach the relevant ministries, parliamentary groups and members of the Bundestag. Use them. It puts pressure on you. Share the topic on your social networks.

There is also an Last-Minute Petition on WeAct.org with which we as a digital society Our rejection of these plans They can signal.

The vote on October 14 is no small thing. It is about nothing less than the future of digital privacy in Europe. Fundamental rights should be non-negotiable, certainly not under the guise of child protection, if even child protection organisations reject the measure.

TL:DR

Chat control is a lesson in how well-intentioned intentions can lead to authoritarian nightmares. No one wants children to be abused. But the proposed measures are like burning down a house to kill a spider, except that in this house lives our entire digital infrastructure.

Encryption only works if it has no backdoors. Trust in digital communication only works if it is truly private.
And most importantly: Fundamental rights only work if they also apply in times of crisis.

Stay vigilant. Stay loud. And most importantly:
Don't let surveillance become the norm.

Sources & further links: