Experts slammed the latest European Union proposals for chat control to prevent child sexual abuse, calling the proposals a front for mass surveillance that will undermine encryption standards.
Meredith Whittaker, president of the Signal foundation that operates the end-to-end encrypted (E2EE) messaging application, criticized the latest European Union proposals for chat control to prevent child sexual abuse, calling it “an old wine repackaged in new bottle.”
“For decades, experts have been clear: there is no way to both preserve the integrity of end-to-end encryption and expose encrypted contents to surveillance. But proposals to do just this emerge repeatedly,” Whittaker said.
“Either end-to-end encryption protects everyone, and enshrines security and privacy, or it’s broken for everyone.” – Meredith Whittaker
The Chat Control Proposal
Her statement comes in response to the European Council’s proposal for chat control, which lays down rules to monitor E2EE under the veil of preventing and combating child sexual abuse.
“While end-to-end encryption is a necessary means of protecting fundamental rights and the digital security of governments, industry and society, the European Union needs to ensure the effective prevention of and fight against serious crime such as child sexual abuse,” the proposal says.
“It is crucial that services employing end-to-end encryption do not inadvertently become secure zones where child sexual abuse material can be shared or disseminated. Therefore, child sexual abuse material should remain detectable in all interpersonal communications services through the application of vetted technologies.”
The proposal suggests that chat control could work in way that when any visual content is uploaded, the users be required to give explicit consent for a detection mechanism to be applied to that particular service. “Users not giving their consent should still be able to use that part of the service that does not involve the sending of visual content and URLs,” it said.
“This ensures that the detection mechanism can access the data in its unencrypted form for effective analysis and action, without compromising the protection provided by end-to-end encryption once the data is transmitted.”
What Experts Say
However, Whittaker said that what the EU is proposing isn’t possible without fundamentally undermining encryption and creating “a dangerous vulnerability in core infrastructure” that can have global implications beyond Europe.
She called the proposal a “rhetorical game” of some European countries that have come up with the same idea under a new banner. Whittaker was referring to previous proposals under the name of “client-side scanning,” which is now being called “upload moderation.”
“Some are claiming that ‘upload moderation’ does not undermine encryption because it happens before your message or video is encrypted. This is untrue. We can call it a backdoor, a front door, or “upload moderation.” But whatever we call it, each one of these approaches creates a vulnerability that can be exploited by hackers and hostile nation states, removing the protection of unbreakable math and putting in its place a high-value vulnerability.”
Whittaker reiterated that mandating mass scanning of private communications fundamentally undermines encryption, “Full stop.”
Chaos Computer Club, German MP Also Opposed
The Chaos Computer Club (CCC) and Patrick Dreyer, Member of European Parliament for the German and the European Pirate Party, argued along similar lines.
The proposal stipulates that users must actively agree to chat control, but the refusal to do so comes with a punishment: Those who do not agree are no longer allowed to send any pictures or videos at all, a severe restriction of the service. “There can be no talk of voluntary participation here,” commented Linus Neumann, spokesman for the Chaos Computer Club.
Dreyer urged Europeans to take immediate action against the Chat Control proposal and said the EU countries pushing the proposal are exploiting the short period after the European Elections during which there is less public attention and the new European Parliament is not yet formed. “If Chat Control is endorsed by Council now, experience shows there is a great risk it will be adopted at the end of the political process,” he said.
Dreyer said the silver lining in the current situation is the fact that many EU governments have not yet decided whether to go along with this final Belgian push for Chat Control mass surveillance. The countries still considering the proposal are Italy, Finland, Czech Republic, Sweden, Slovenia, Estonia, Greece and Portugal.
Only Germany, Luxembourg, the Netherlands, Austria and Poland are relatively clear that they will not support the proposal, but this is not sufficient for a “blocking minority,” Dreyer said.
The proposal for chat control searches of private communications could be greenlighted by EU governments as early as Wednesday, June 19. Dreyer urged Europeans to press their governments to vote against this. “Demand a firm ‘No.’ Time is pressing. This may be our last chance to stop Chat Control!” Dreyer said.
