Why the controversial chat control could come soon-The EU has failed for the time being with its plan to monitor private chat messages. Germany in particular recently defended itself against the plan with which Brussels wants to combat child pornography on the Internet. But chat control is by no means off the table – on the contrary.
Hanover. Anyone who chats on common messenger services such as Whatsapp, Signal, iMessage or Threema has been able to be sure of one thing: what is written or sent there is private. All major services’ chats, except for a few like Telegram , are end-to-end encrypted by default. This means: If a message is sent, it is made unrecognizable on the way to the recipient – and only decrypted again on the other person’s device. This means that third parties cannot read the messages.
The EU states should have negotiated the initiative again on Thursday. However, the vote was quickly removed from the agenda. The Belgian Council Presidency said it had become apparent that a sufficient majority would not be achieved. Germany had previously announced that it would not agree to the current draft of the law.
But the topic is far from being off the table. The dossier is now likely to end up with Hungary, which will take over the rotating presidency of the EU Council on July 1st. What will happen next is still unclear – but some possibilities are already emerging. So what is the current state of the debate? And could control of chat messages still be coming?
What does the EU actually have planned?
The first draft of the law was first presented in May 2022. At that time, EU Commissioners Dubravka Suica and Ylva Johansson announced that they wanted to develop “a world standard” against illegal child pornography. After all, one in five children becomes a victim of sexual abuse, according to the reasoning. In 90 percent of cases the material is “on servers in the EU”. Brussels is therefore particularly challenged.
In order to prevent further crimes, according to the plans in The Hague, an “EU Center against Child Abuse” should be able to force online providers to scan their users’ communications for prohibited content. If depictions of child abuse are found, they should inform the central office. After their own review, they should then alert the national law enforcement authorities.
Services that refuse to do so should be blocked by providers in the EU – the apps and websites would then no longer be accessible.
How should this work technically?
How operators should actually enforce chat control was initially considered vague. After all, end-to-end encryption is private – and not even messenger operators can read messages. However, the solution is now in Article 10a of the draft law: operators should implement so-called upload moderation.
However, an addition can now be found in the most recent draft. Accordingly, users can also refuse to scan the data on their device. However, they would then no longer be able to send pictures or videos.
Why is chat control criticized?
The authors of the plans have repeatedly emphasized in recent years that the procedure should not harm EU citizens and only serves to combat the spread of child pornography. However, numerous experts and activists see several problems in the unprovoked control.
In Germany, the Chaos Computer Club (CCC) protested in 2022, shortly after the first plans were announced. The association feared that client-side scanning could theoretically be used to search for parameters other than child pornography. Criticism also comes from freedom rights activists: The Society for Civil Rights explains on its website that it is “mass surveillance without cause,” which is incompatible with the protection of privacy and data protection in accordance with the EU Charter.
IT experts also see the process as a security risk. Renowned experts had already in a publication (PDF) highlighted the risks of client-side scanning in 2021. If the state were given access to private data, this gap could also be exploited by criminals – then profound attacks would be possible and the protective mechanisms of the devices would be ineffective.
Why has the law failed for the time being?
In the days before the planned vote, it became clear that if the EU plans were actually implemented, the consequences would probably be even more devastating than previously assumed. In addition to the invasion of privacy, major messenger operators also declared that they would discontinue their services in the EU in the event of chat controls. In the worst case, this would have further restricted the communication of EU citizens.
The Swiss service Threema, for example, wrote on its website: “What is certain (…) is that there will never be a Threema version that listens or monitors its users in any way.” And: “If there is no other way, we will Calling on other communication services to leave the EU with us.” The head of the encrypted messenger Signal, Meredith Whittaker, also announced that she would leave the EU if chat controls were implemented.
Shortly before the vote, 36 politicians from Europe appealed in an open letter to the EU member states to vote against the so-called chat control. German Interior Minister Nancy Faeser (SPD) said on Wednesday that Germany would reject chat control and vote no in the Council. A qualified majority for the project could no longer be obtained.
How could things continue now?
But the topic is not off the table yet. It remains a priority for member states to protect children from “disgusting crimes,” Belgium said on Thursday. Critics assume that Belgium’s successor in the Council, Hungary, will now try to reach an agreement between the EU states. The states would then have to negotiate the final legal text with Parliament and the Commission.
For experts, activists and industry representatives, the fight against the plans continues. If they had their way, they would now finally be overturned. In addition to the privacy issues, many experts believe the plans are also simply ineffective. The Chaos Computer Club wrote in 2022: “Criminals are already using distribution channels that would not be affected by these scans and will easily evade the scans in the future.” The messenger service Threema also wrote: “The mass surveillance of common communication channels such as instant messengers (… ) only affects law-abiding citizens. Why should criminals continue to use communication channels that are known to be under state surveillance?”
What would be the alternatives to chat control?
The “Stop Chat Control” campaign, which includes the CCC as well as the Digitale Gesellschaft and the Digitalcourage association, instead calls for a completely different approach. Accordingly, the capacities of law enforcement should be expanded. Today, references to criminal content are neither viewed nor deleted for a long time. Those behind the abuse did not share their material via social media, but rather on the dark web. This is exactly where undercover police work must take place, the activists demand.
The campaign also calls for tackling the problem at its root. There must be prevention concepts and training in care facilities to prevent and stop abuse. There is also a need for mandatory reporting mechanisms for online services, hotlines and advice centers.