EU Chat-Control: An Update

Exactly two year ago, we discussed the European Council’s plan to implement laws that would require messaging platforms to scan users’ messages and shared contents for information that could potentially harm children. Our blogpost discussed the broad implications such measure could have on all individuals within the European Union, their privacy and the concept of encryption in general. Critics of the planned legislation also noted that broad surveillance of every citizen could hardly help to protect children and would not in fact mitigate such crimes.

We do not want to iterate again on the whole idea of the proposed legislation and its various pitfalls, as we have done so already in the past, however in the past month, new movement came into the debate and the legislation altogether. In fact, the vote on the legislation has been on the European Council’s agenda only a few weeks ago. So we want to give a little and hopefully final update on this matter.

A real compromise?

Earlier this year, the Belgian presidency of the Council pushed forward with a compromise proposal, intending to sway the last remaining countries that have not yet approved the bill. The bill would now implement “voluntary on-device scanning”, so citizens would have to agree to the measure individually. However, if no consent was given, users would be unable to send images, videos, Links to websites or other non-text messages. A “crucial feature of message service” which would in turn mean that “one can not talk of voluntariness”, as the German NGO Chaos-Computer-Club suggests. [1, 2, 3, 4]

The European Digital Rights Group (EDRi) notes, that forced consent to surveillance with potentially “faulty AI-based scanning” would not be a sufficient compromise. While the new proposal claims that End-to-End Encryption would not be affected by the measures, critics explain that on-device scanning would mean the end of private digital communication. [2]

For a moment, it looked like the persuasion tactic could have worked. A few countries previously opposing the bill indicated that they might agree, if E2EE would indeed not be impacted, such as France among others. [3, 4, 5, 6]

At the same time, the initiators of the proposal recommended enforcing the legislation to particularly security-centric services first. As a reaction, many such services published statements on the current debate, condemning the EU council’s proposal. The security-focused Signal messaging app writes that “[there] is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe”. [4, 7, 8]

It is note-worthy that the chat-control legislation is not only criticized for the apparent paradox that scanning content for infringements while keeping secure and private communication intact is simply not possible on a technical level, but also for legal reasons. Already in 2023, the legal service of the EU member states deemed the proposal unlawful, due to the apparent unprovoked mass surveillance. The further the discussion went, the more voices raised the accusation that this legislation is not about child protection at all, but more about control and state surveillance. [5, 9]

Voting for or against the chat-control bill?

The European Council put the vote on the agenda for June 20^th, so just a few days ago. [10]

Over the past months, journalists, activists, politicians, and the industry around privacy- and security centric messaging built up pressure on legislators to reject the chat-control proposal. Countless fundamental rights groups published announcements on the proposal, informed citizens or called for direct action. FOSS-related companies all over the EU, such as Element, Nextcloud, Tuta, Proton and others raised their concerns in open letters and company blogs. Citizens e-mailed their representatives in the European Parliament or their national governments to oppose the bill. [10, 11, 12]

Due to the critique, more and more member states proclaimed that they would vote against the bill. The German interior ministry published a statement, clearly turning down their vote on the proposal [12, 13, 14]:

“We reject the so-called chat control. Germany will therefore vote no in the Council if the current proposal is retained. This is because we must take targeted action and maintain the balance of the rule of law. Encrypted private communications of millions of people must not be monitored without cause. We in the German government have long agreed on this. This has also been widely criticized in the European Parliament.”

As a reaction, the Council removed the topic from the agenda again on short notice, since the required amount of positive votes could not be reached. Journalists note, this is not a final end for the chat control legislation, however the risk of it passing is not imminent any more. [15, 16, 17, 18]

ViOffice’s stance

We agree wholeheartedly with the statements already published by other FOSS-related companies as well as the open letter published by 36 MEPs. Mass-surveilance of citizens can never be the solution to crime prevention, as it undermines trust and creates an ominous feeling of being monitiored and a constant chilling effect. This would affect journalists, scientists, activists and indeed all citizens’ every day life as well as many other aspects of life in the European Union and potentially all over the world. It would also give authoritarian governments powerful instruments to suppress free speech. This is particularly worrying in the context of continued right-wing shifts in European and global politics.

Seeing the massive public backlash on the chat control legislation, we are hopeful for the future of private and secure communication in Europe.

Sources

1. Neumann, L. (2024): Chatkontrolle: Kuhhandel, während niemand hinschaut. URL: https://www.ccc.de/de/updates/2024/chatkontrolle-kuhhandel-wahrend-niemand-hinschaut
2. EDRi (2024): Be scanned – or get banned! URL: https://edri.org/our-work/be-scanned-or-get-banned/
3. Meister, A. (2024): Belgien will Nutzer verpflichten, Chatkontrolle zuzustimmen. URL: https://netzpolitik.org/2024/internes-protokoll-belgien-will-nutzer-verpflichten-chatkontrolle-zuzustimmen/
4. Steiner, F. (2024): CSA-Verordnung: Rat der EU vor Abstimmung über “freiwillige” Chatkontrolle. URL: https://www.heise.de/hintergrund/CSA-Verordnung-Rat-der-EU-vor-Abstimmung-ueber-freiwillige-Chatkontrolle-9768376.html
5. Reuter, M. (2024): Frankreich will Chatkontrolle zustimmen, wenn Verschlüsselung nicht geschwächt wird. URL: https://netzpolitik.org/2024/ratsverhandlungen-frankreich-will-chatkontrolle-zustimmen-wenn-verschluesselung-nicht-geschwaecht-wird/
6. Reuter, M.& Meister, A. (2024): Frankreich wackelt in der Ablehnung der Chatkontrolle. URL: https://netzpolitik.org/2024/anlasslose-massenueberwachung-frankreich-wackelt-in-der-ablehnung-der-chatkontrolle/
7. Biselli, A. & Meister, A. (2024): Sichere Dienste sollen als erste Chatkontrolle einführen. URL: https://netzpolitik.org/2024/belgischer-vorschlag-sichere-dienste-sollen-als-erste-chatkontrolle-einfuehren/
8. Whittaker, M. (2024): New Branding, Same Scanning: “Upload Moderation” Undermines End-to-End Encryption. URL: https://signal.org/blog/pdfs/upload-moderation.pdf
9. Reuter, M. (2024): Die Chatkontrolle ist Überwachungsstaat pur. URL: https://netzpolitik.org/2024/client-side-scanning-die-chatkontrolle-ist-ueberwachungsstaat-pur/
10. Reuter, M. (2024): Abgeordnete warnen vor „Blaupause für autoritäre Staaten“. URL: https://netzpolitik.org/2024/chatkontrolle-abgeordnete-warnen-vor-blaupause-fuer-autoritaere-staaten/
11. Koch, M. C. (2024): Chatkontrolle: Kritiker warnen vor Kompromissvorschlag, Abstimmung verschoben. URL: https://www.heise.de/news/Chatkontrolle-Kritiker-warnen-vor-Kompromissvorschlag-Abstimmung-verschoben-9770405.html
12. Reuter, M. & Leisegang, D. (2024): Deutschland will Chatkontrolle im Rat nicht zustimmen – aber ist das ein „Nein“? URL: https://netzpolitik.org/2024/massenueberwachung-deutschland-will-chatkontrolle-im-rat-nicht-zustimmen-aber-ist-das-ein-nein/
13. Steiner, F. (2024): Chatkontrolle: Deutschland wird gegen aktuellen Vorschlag stimmen. URL: https://www.heise.de/news/Chatkontrolle-Deutschland-wird-gegen-aktuellen-Vorschlag-stimmen-9770046.html
14. Meister, A. (2024): Deutschland stimmt gegen Chatkontrolle. URL: https://netzpolitik.org/2024/interne-dHeute feiern, morgen weiter kämpfen
15. okumente-deutschland-stimmt-gegen-chatkontrolle/
16. Steiner, F. (2024): EU: Abstimmung über Chatkontrolle von Tagesordnung gestrichen. URL: https://www.heise.de/news/EU-Abstimmung-ueber-Chatkontrolle-von-Tagesordnung-gestrichen-9770944.html
17. Koch, M. C. (2024): Chatkontrolle: Kritiker warnen vor Kompromissvorschlag, Abstimmung verschoben. URL: https://www.heise.de/news/Chatkontrolle-Kritiker-warnen-vor-Kompromissvorschlag-Abstimmung-verschoben-9770405.html
18. Meister, A. & Henning, M. (2024): Belgien scheitert mit Abstimmung zur Chatkontrolle. URL: https://netzpolitik.org/2024/etappensieg-belgien-scheitert-mit-abstimmung-zur-chatkontrolle/
19. Meister, A. & Henning, M. (2024): Heute feiern, morgen weiter kämpfen. URL: https://netzpolitik.org/2024/reaktionen-zur-chatkontrolle-heute-feiern-morgen-weiter-kaempfen/

Jan Weymeirsch

 | Website

Jan is co-founder of ViOffice. He is responsible for the technical implementation and maintenance of the software. His interests lie in particular in the areas of security, data protection and encryption.

In addition to his studies in economics, later in applied statistics and his subsequent doctorate, he has years of experience in software development, open source and server administration.

• Cyberattacks on democracy
• Blurring Digital Footprints during Protests
• The Downward Spiral: Understanding Enshittification in Online Platforms
• Commercialisation of Privacy