Without a lot of fanfare, the European Union has been working on its Chat Control regulation aimed at preventing and combating Child Sexual Abuse Material (CSAM). It has been worked on for years, and most digital rights groups have been fighting against its perceived overreach.
Now, the Council of the EU has finally codified its common position and will enter negotiations with the European Parliament and Commission. In a win for privacy advocates, the codified version removes the most troubling detail - that there should be mandatory mass scanning of end-to-end encrypted messages.
The new version instead says scanning should be voluntary, but risk mitigation features should be mandatory. Despite the win for critics, they now argue that risk mitigation features are Trojan horses for surveillance and identity verification. Here is a look at the top five threats from the proposed Chat Control measures.
5. Unregulated voluntary scanning on unencrypted platforms
The proposed version of the surveillance plan extends voluntary content scanning, allowing providers to deploy private tools to detect illegal material on non-end-to-end encrypted services. While you may assume platforms won't go out of their way to deploy these tools voluntarily, they may actually do it if they feel pressured to perform mass-scanning to shield themselves from legal liability.
This lack of transparency and clear oversight could lead to a situation where platforms deploy private, unaccountable surveillance on a huge scale, especially when platforms are not using full encryption.
4. New barrier to whistleblowers and political dissidents
Another way that the revised Chat Control spells trouble is its impact on whistleblowers and political dissidents. Notably, the mandatory risk mitigation measures include provisions for age verification and age assessment for services considered high risk.
For activists, journalists, and whistleblowers who sometimes need anonymous accounts to share sensitive information or criticize dictatorships, requiring everyone to prove their identity or age via a government ID is a profound threat, especially when it limits apps like Signal or WhatsApp used for secure messaging.
3. The 'grooming' loophole: AI text analysis
Another troubling aspect of the revised Chat Control is that it introduces the possibility of using AI to scan text messages and private conversations for signs of grooming. You have probably heard by now that AI makes plenty of mistakes, so if it is used to scan messages, it could misinterpret innocent, personal, or even professional exchanges as criminal activity.
In regard to civil liberties, the scanning of conversational text for vague indicators or risk could create a chilling effect on free speech. It could also lead to false accusations and divert law enforcement from real cases.
2. Client-side scanning remains a future threat
The Council's proposed text reassures that encryption cannot be weakened or bypassed, but fails to outlaw client-side scanning, where messages are scanned on devices before they are encrypted. This ambiguous language makes it possible in the future that regulatory pressure or judicial interpretation could force providers to implement client-side scanning.
1. The infrastructure for mandatory mass surveillance is being built
The proposed Chat Control gives the private sector the "voluntary" choice of monitoring communications. By allowing this slide towards scanning messages and failing to explicitly prohibit client-side scanning, the EU is creating a legal framework that is hostile to private communications.
By establishing the legal and technical machinery for mass surveillance, under the premise that it is voluntary, the lawmakers will more easily be able to bring in stricter enforcement measures tomorrow if they choose to.
Thus these new refinements that have been made to Chat Control are an improvement over what was proposed before. The threat to end-to-end encryption has been averted for the time being, but the move to voluntary scanning still creates areas of concern. We will now need to wait for the negotiations with the EU Parliament and Commission to see how the proposals evolve.
2 Comments
Load the comments and join the conversation!
Read the comments, ask the editors questions, show respect and join the conversation.