The EU chat control law represents a significant shift in how digital communications are monitored and regulated. Aimed at detecting and combating child sexual abuse material (CSAM), the EU chat control law encompasses several key components that collectively aim to enhance online safety while raising substantial privacy concerns, including encrypted ones.
A quick recap of the EU chat control law
Introduced in 2022, the law seeks to implement an “upload moderation” system that scans all digital messages, encompassing images, videos, and links. Services required to use this “vetted” monitoring technology must also secure user consent to scan messages. If users refuse, they will be barred from sharing images or URLs. Key aspects of this system include:
- Mandatory scanning: All digital messages, irrespective of the platform, will be subject to scanning.
- Consent requirement: Users must give consent for their messages to be scanned. Without consent, users would be restricted from sharing images or URLs on the platform.
- Vetted technology: The technology used for scanning must be vetted and approved to ensure it meets specific standards for detecting CSAM.
One of the chat control law’s most contentious elements is its approach to end-to-end encryption. The law appears to both support and undermine encryption.
The legislation acknowledges that end-to-end encryption is vital for protecting fundamental rights and ensuring privacy in digital communications. Despite this acknowledgment, the law posits that encrypted services could inadvertently facilitate the sharing of CSAM, thus necessitating scanning. The proposed solution? Scan messages before they are encrypted. This means that services like Signal, WhatsApp, and Messenger would need to scan the content of messages before applying encryption. Here is Signal CEO’s statement about the law:
📣Official statement: the new EU chat controls proposal for mass scanning is the same old surveillance with new branding.
Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilitieshttps://t.co/g0xNNKqquA pic.twitter.com/3L1hqbBRgq
— Meredith Whittaker (@mer__edith) June 17, 2024
What will EU AI Act change for real?
Concerns
EU chat control law vs. encrypted messages: Critics argue that scanning messages before encryption creates vulnerabilities. These could be exploited by hackers or hostile entities, undermining the security provided by end-to-end encryption.
The mandatory scanning of all digital communications is viewed by many as a form of mass surveillance, infringing on the fundamental right to private correspondence. Organizations such as the Electronic Frontier Foundation, the Center for Democracy & Technology, and Mozilla have criticized the law with a joint statement, urging the EU to reject proposals that mandate scanning user content.
Several members of the European Parliament have spoken out against the law, highlighting the risk of error-prone searches and the potential for intimate data leaks. Polls indicate significant public opposition, particularly among younger demographics, with many expressing concerns over privacy and mass surveillance.
The future of the EU chat control law
The EU chat control law is currently advancing through a critical legislative process that will determine its implementation and enforcement across member states. Initially, EU governments will vote on the proposal, which is scheduled to occur soon. This vote will decide whether the law progresses further in the legislative pipeline or faces potential amendments and revisions based on member state feedback and concerns.
If the proposal garners sufficient support from EU governments, the next phase involves negotiations among the European Parliament, the Council of the European Union, and the European Commission. These negotiations aim to refine and finalize the text of the law, addressing various issues and balancing competing interests, particularly concerning online safety and digital privacy.
Following negotiations, a definitive version of the law will be drafted. This final text will incorporate compromises and agreements reached among EU institutions to establish uniform standards across member states. It will also set guidelines for how national governments must adapt their existing legislation to comply with EU-wide regulations on digital communication and content moderation.
Understanding the NIS2 Directive: How will Europe be protected from cyber threats?
Once finalized, member states of the European Union will be required to implement the chat control law into their respective national legal frameworks. This phase involves adapting and integrating the EU regulations into national laws, ensuring consistency and effective enforcement across all participating countries.
Throughout this process, the chat control law is expected to encounter challenges and scrutiny from various stakeholders, including privacy advocates, digital rights organizations, and industry representatives. Public opinion and feedback will play a crucial role in shaping the law’s evolution and potential amendments as it progresses through the legislative stages.
Post-implementation, ongoing monitoring and evaluation efforts will assess how well the chat control law is being implemented and its impact on digital rights, online safety, and privacy within the EU. These evaluations will inform future adjustments and improvements to ensure the law achieves its intended objectives effectively while upholding fundamental rights in the digital age.
All images are generated by Eray Eliaçık/Bing
