The plan: To search all of your private messages and automatically report you to the police
The EU wants all private electronic messages to be monitored and searched by unreliable algorithms for possible child pornographic content. Providers of e-mail, messenger and chat services are to be allowed to search the content of all private messages without suspicion for known and unknown child and youth pornography and for the “initiation of sexual contacts” with minors – also with the help of error-prone “artificial intelligence”. If an algorithm flags a message as suspicious, message content and customer data may be disclosed to law enforcement agencies and non-governmental organisations worldwide, without human review. The users reported will never know about this, regardless of the outcome of the investigation.
Until now, only major US services such as GMail, Outlook.com and Facebook Messenger are indiscriminately screening all private messages. However, the EU Commission wants to oblige all providers to do so in future.
What does this have to do with you?
- Due to unreliable algorithms your nude photos could fall into the hands of employees of US corporations and the police – regardless of whether you are an adult or not. Your nude photos could end up being circulated and abused.
- You could be wrongfully suspected of possessing child pornography. US corporations algorithms often report perfectly legal holiday photos of children on the beach to the police – up to 90% of the algorithmically generated reports are unfounded. If you are sent unsolicited illegal material you will also be reported to the police. Teenagers who send self-generated nude pictures are particularly at risk of being reported – 40% of investigations for “child pornography” in Germany target minors.
- You could be in big trouble the next time you travel abroad. Reports are forwarded to various countries like the US, which lacks basic data protection rules – with unforeseeable consequences for you.
- Your private messages and flirtations can be read by employees of US corporations if algorithms wrongfully flag you for „soliciting minors“.
- If secure encryption is removed to be able to scan for illegal content, your private messages are no longer safe from mass surveillance by intelligence agencies and misuse by criminals. Whistleblowers who take high risks to expose scandals and democracy activists in dictatorships may end up in prison due to the lack of secure communications!
The proposal is currently being negotiated between the Parliament, the Council and the Commission in the so-called trilogue. The detailed positions of each institution can be found here. Child protection organizations are exerting pressure. All parliamentary groups are in favor of general monitoring, except for Greens/EFA and GUE/NGL. The regulation is to be passed at the beginning of 2021.
By mid-2021, the EU Commission wants to present a draft law that would force all providers to permanently and indiscriminately search the content of all private messages.
According to the European Court of Justice, the permanent and indiscriminate automated analysis of private communications violates our fundamental rights and is prohibited (§ 177). For this reason, MEP Patrick Breyer has reported the US companies Facebook and Google to the Data Protection Authorities for a breach of the General Data Protection Regulation.
Upcoming Dates (to be confirmed):
- 14 January 2021: Internal Meeting
- 15 January 2021: Technical Negotiations between Council, Commission and Parliament (Technical Trilogue)
- 18 January 2021: Shadows-Meeting among the Parliament’s Negotiators
- 19 January 2021: Internal Meeting
- 20 January 2021: Technical Negotiations between Council, Commission and Parliament (Technical Trilogue)
- Probably end of January: Negotiations between Council, Commission and Parliament (Political Trilogue)
- Probably 2nd week of February: Vote in the Plenary of the European Parliament
What you can do
- Spread the news! Tell others about the dangers of the incrimination machines. Post articles on your social media accounts about their dangers! For example, share this page or record videos.
- Increase the pressure on those responsible! Contact the responsible MEPs Birgit SIPPEL, Javier ZARZALEJOS, Sophia IN ‘T VELD, Annalisa TARDINO, Patrick BREYER, Jadwiga WIŚNIEWSKA and Cornelia ERNST. And contact the permanent representations of the governments.
- Ask your providers! Avoid GMail, Facebook Messenger, outlook.com and the chat function of the X-Box, which are already being monitored. Ask your email, messenger and chat providers whether they search the content of your private messages for prohibited content or plan to do so.
10 arguments against mass surveillance of private messages
- Mass surveillance is ineffective. The increasing number of reports demonstrates that the spread of child pornography cannot be curbed in this way – and encrypted channels are not included in the numbers, too. The right way forward is undercover investigations in „child pornography rings“.
- Mass surveillance criminalises minors. 40% of investigations for possession of “child pornography” in Germany are directed against minors who share such depictions for completely different reasons than adults, e.g. because they are inconsiderate, consider it “fun” or want to sound an alarm.
- Mass surveillance particularly harms young people and victims of abuse. Young people often send nude pictures of themselves, which threaten to fall into the wrong hands due to such algorithms. And victims of abuse need private communication channels in order to receive advice and help (e.g. from lawyers and psychologists), to discuss with other victims and in order to report cases confidentially.
- Mass surveillance makes it more difficult to prosecute child abuse. It pushes criminal communication further underground, where it is more difficult to intercept. Furthermore, the risk of being reported to the police and have their account blocked can deter users from reporting “child pornography”.
- Mass surveillance threatens secure encryption without backdoors, as encryption prevents such screening. Secure encryption protects minorities, LGBTQI persons, political dissidents, journalists, etc.
- Mass surveillance wrongfully incriminates thousands of users. According to the Swiss Federal Police, 90% of the content reported via the USA (NCMEC) is not criminally relevant, for example holiday photos on the beach with naked children.
- Mass surveillance privatises law enforcement, which under the rule of law belongs in the hands of independent public officials under judicial supervision.
- The proposed legislation is ineffective. It will not allow Facebook and others to continue mass surveillance. The proposed exception to the ePrivacy Directive is without prejudice to the General Data Protection Regulation (GDPR). Under the GDPR, mass surveillance remains illegal due to lack of a legal basis and proportionality. A complaint submitted by Patrick Breyer is pending with the data protection supervisory authorities.
- The proposed legislation violates fundamental rights and will not stand up in court. According to the case law of the European Court of Justice, a permanent automated analysis of communications is only proportionate if it is limited to suspects (Case C-511/18, paragraph 192).
- The proposed legislation creates a precedent for gradually destroying the fundamental right to respect for privacy: Will the same infrastructure be used in the future to search private messages for copyright infringements, defamation and content which the intelligence agencies are interested in? Will by the same reasoning our personal smartphones and computers be searched, letters opened and private homes bugged with AI “violence detection technology”?
Position Papers and Background Research:
- Prostasia Foundation: “How the War against Child Abuse Material was lost” (19 August 2020)
- European Digital Rights (EDRi): “Is surveilling children really protecting them? Our concerns on the interim CSAM regulation” (24 September 2020)
- Civil Society Organisations: “Open Letter: Civil society views on defending privacy while preventing criminal acts” (27 October 2020)
- Alexander Hanff (Victim of Child Abuse and Privacy Activist): “Why I don’t support privacy invasive measures to tackle child abuse.” (11 November 2020)
- AccessNow: “The fundamental rights concerns at the heart of new EU online content rules” (19 November 2020)
- Global Encryption Coalition: “Breaking Encryption Myths: What the European Commission’s Leaked Report Got Wrong About Online Security” (19 November 2020)
- Bundesrechtsanwaltskammer (German Lawyer’s Association): “Stellungnahme zur Übergangsverordnung gegen Kindesmissbrauch im Internet” (German) (24 November 2020)
- Alexander Hanff (Victim of Child Abuse and Privacy Activist): “EU Parliament are about to pass a derogation which will result in the total surveillance of over 500M Europeans” (4 December 2020)
- Bundesdatenschutzbeauftragter (German Data Protection Supervisor): „BfDI kritisiert versäumte Umsetzung von EU Richtlinie“ (German) (17 December 2020)