Historic agreement on child sexual abuse proposal (CSAR): European Parliament wants to remove chat control and safeguard secure encryption

Today the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) in the European Parliament adopted by a large majority (51:2:1) a mandate to negotiate the controversial EU draft law on chat control. The Commission’s bill proposes bulk scanning and reporting of private messages for allegedly suspicious content by using error-prone algorithms, including „artificial intelligence“. But the European Parliament’s position removes indiscriminate chat control and allows only for a targeted surveillance of specific individuals and groups reasonably suspicious of being linked to child sexual abuse material, with a judicial warrant. End-to-end encrypted messengers are exempted. Instead, internet services will have to design their services more securely and thus effectively prevent the sexual exploitation of children.

EU lawmaker Patrick Breyer of the Pirate Party, a long-time opponent of chat control who negotiated the EU Parliament‘s position on behalf of his group, explains:

“Under the impression of massive protests against the looming indiscriminate chat control mass scanning of private messages, we managed to win a broad majority for a different, new approach to protecting young people from abuse and exploitation online. As a pirate and digital freedom fighter, I am proud of this breakthrough. The winners of this mandate are on the one hand our children, who will be protected much more effectively and in a court-proof manner, and on the other hand all citizens, whose digital privacy of correspondence and communication security will be guaranteed.

Even if this compromise, which is supported from the progressive to the conservative camp, is not perfect on all points, it is a historic success that removing chat control and rescuing secure encryption is the common aim of the entire Parliament. We are doing the exact opposite of most EU governments who want to destroy digital privacy of correspondence and secure encryption. Governments must finally accept that this highly dangerous bill can only be fundamentally changed or not be passed at all. The fight against authoritarian chat control must be pursued with all determination!

In detail, our position will protect young people and victims of abuse much more effectively than the EU Commission’s extreme proposal:

1. Security by design: In order to protect young people from grooming, internet services and apps shall be secure by design and default. It must be possible to block and report other users. Only at the request of the user should he or she be publicly addressable and see messages or pictures of other users. Users should be asked for confirmation before sending contact details or nude pictures. Potential perpetrators and victims should be warned where appropriate, for example if they try to search for abuse material using certain search words. Public chats at high risk of grooming are to be moderated.
2. In order to clean the net of child sexual abuse material, the new EU Child Protection Centre is to proactively search publicly accessible internet content automatically for known CSAM. This crawling can also be used in the darknet and is thus more effective than private surveillance measures by providers.
3. Providers who become aware of clearly illegal material will be obliged to remove it – unlike in the EU Commission’s proposal.
4. Law enforcement agencies who become aware of illegal material must report it to the provider for removal. This is our reaction to the case of the darknet platform Boystown, where the worst abuse material was further disseminated for months with the knowledge of Europol.

At the same time, we are pulling the following poisonous teeth out of the EU Commission’s extreme bill:

1. We safeguard the digital secrecy of correspondence and remove the plans for blanket chat control, which violate fundamental rights and stand no chance in court. The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material.
2. We safeguard trust in secure end-to-end encryption. We clearly exclude so-called client-side scanning, i.e. the installation of surveillance functionalities and security vulnerabilities in our smartphones.
3. We guarantee the right to anonymous communication and remove mandatory age verification for users of communication services. Whistleblowers can thus continue to leak wrong-doings anonymously without having to show their identity card or face.
4. Removing instead of blocking: Internet access blocking will be optional. Under no circumstances must legal content be collaterally blocked.
5. We prevent the digital house arrest: We don’t oblige app stores to prevent young people under 16 from installing messenger apps, social networking and gaming apps ‘for their own protection’ as proposed. The General Data Protection Regulation is maintained.“

The mandate is not expected to be voted on in plenary. The Council could make a further attempt to position itself on 4 December, after which the European Parliament’s negotiations with the Council and the European Commission (“trialogue”) can begin. The majority of EU governments have so far stuck to the plan for mass chat control without suspicion and the undermining of secure encryption. Other governments are firmly opposed to this. A legal opinion published yesterday by a former ECJ judge concludes that neither chat control nor an end to secure encryption would stand up in court.

Full text of mandate

Table published by Patrick Breyer comparing the EU Commission‘s proposal and the Council‘s draft mandate to the adopted mandate of the EU Parliament