The planned chat control makes the world less secure and more authoritarian, as it is directed against private and encrypted communication. Proponents are using disinformation, lies, and sleight of hand to push through the project. But chat control can still be stopped. A commentary.
For years, legions of IT experts and security researchers, lawyers, data protection experts, digital organizations, tech companies, messengers, UN representatives, child protection experts, guardians of internet standards, scientists, and anyone else with expertise have been raising alarms around the world: chat control is dangerous. It is a new form of mass surveillance. It will weaken the IT security of us all. It would introduce a surveillance infrastructure on apps and end devices beyond the EU that authoritarian states will use to their advantage.
Ultimately, chat control is a frontal attack on end-to-end encryption. Put simply, this form of encryption ensures that the sender puts their message in an envelope that can only be opened by the recipient. With the planned chat control, the envelope is not forcibly opened on the way to the recipient; instead, the contents of the envelope are analysed before being inserted into the envelope. So when you write a letter, your private data is looked at directly over your shoulder. Nothing Is Private Anymore When Chat Control Arrives
Those in favour of chat control now claim that the envelope – in this case, end-to-end encryption – would not be opened and that communication would therefore be secure and encrypted. It’s a shabby and transparent sleight of hand: after all, what is the protective envelope worth if what we send to other people is screened by default before it is sent? And where is the good old privacy of correspondence for our digital letters on WhatsApp, Signal, or Threema? What right do you have to monitor what I do and what I send on my mobile phone, tablet, and computer? How dare you!
The fact is that it is not technically possible to monitor all content at the same time and still guarantee private and secure communication. It simply isn’t possible. But the EU Commissioner for Home Affairs, Ylva Johansson, and all the other proponents of chat control claim exactly the opposite. They openly lie to our faces, place misleading ads, and pretend that chat control is somehow harmless and compatible with fundamental rights and data protection. They spread the disinformation that private communication and the screening of all content can coexist. This is nothing less than an insult to common sense.
It’s Not About the Children
The surveillance proponents pretend that they want to better protect children and tell horror stories based on dubious figures. But it was clear from the outset that chat control is about attacking end-to-end encryption – and therefore the secure and private communication of billions of people. Because if the EU, with its 450 million inhabitants, introduces chat control, it will have a global impact.
From the very beginning, a lobby network intertwined with the security apparatus has been pushing chat control. It was never really about the children; otherwise, the root causes of abuse and violence would be addressed instead of monitoring innocent people without any initial suspicion. The point is that encrypted communication is a thorn in the side of the security apparatus. That is why it has been trying to combat our private and encrypted communication in various ways for years.
This is the surveillance state at its best and a reversal of the principles of the rule of law. Everyone is guilty until proven otherwise. This chat control is a spawn of authoritarian fantasies – and as such, the EU member states must reject it in the Council on Thursday if they still have a shred of democratic values.
How are they even going to enforce this? What prevents me from just using an E2EE message service that doesn’t do chat scanning?
The law… But seriously, it’s not meant to spy on you or me. It’s meant for 90% of the population who can’t install an .apk and don’t know the difference between a web browser and a search engine. They’ll just download facebook messenger from the play store if it doesn’t come already pre-installed with their phone and won’t even know that this law is a thing until they get arrested for sharing pictures of their sick kid with the family doctor or
political dissentterrorism once it gets inevitably expanded to other things than csam.Ooo man, this is a super underrated take. Too often people get caught up in what the law is trying to do, how people could get around it, and what the incentives/disincentives are, while not really taking into consideration how the law would actually operate. Sometimes people get all conspiratorial about it trying to point to ulterior motives, but man, most of the time it’s more that bad-faith actors are taking advantage of what’s already out there rather than actively creating the problems they want to create.
Yes guys who let Catholic clergy fuck kids are here to save us from pedos!!!
Doing that, or operating such a service, will become a crime.
Yes but how will they enforce it? How can they possibly discover such a thing? It seems impossible.
Well they’ll go for the service providers, of course.
Signal would effectively have to leave the EU market and block any EU users to stay out of hot water.
The list of privacy-respecting chat apps would become real short real fast, and good luck getting everyone in your life to use one.
Yeah, I have my own matrix instance, but unless I want to cut off 90% of the people I want to have in my life, I can’t not bridge it to at least telegram and whatsapp.
It doesn’t matter that this is unenforceable, or that alternatives exists. That simply means that those of us who care will still be able to keep some of our communications secure. But this legal change will still make it impossible to keep all of our communications private. That’s already the case, and this will make it orders of magnitude worse.
Unenforceable? On an individual level, yes. On a societal level? No. This absolutely can and will enable the monitoring of 99.99% of actual chat activity.
How do they enforce the GDPR?
The GDPR is actually unfortunately widely unenforced, aside from the very biggest tech companies perhaps.
For now, nothing.
For phone manufacturers wanting to sell into the EU market in the future? It’s will end up being a hardware level requirement baked right into the processor and OS. Like what they’ve already done for drm.