Historic agreement on child sexual abuse proposal (CSAR): European Parliament wants to remove chat control and safeguard secure encryption

This week, the European Parliament’s negotiators reached a broad majority agreement on a common position concerning the controversial EU chat control bill. The Commission’s bill proposes bulk scanning and reporting of private messages for allegedly suspicious content by using error-prone algorithms, including „artificial intelligence“. But the European Parliament’s position removes indiscriminate chat control and allows only for a targeted surveillance of specific individuals and groups reasonably suspicious of being linked to child sexual abuse material, with a judicial warrant. End-to-end encrypted messengers are exempted. Instead, internet services will have to design their services more securely and thus effectively prevent the sexual exploitation of children.

EU lawmaker Patrick Breyer of the Pirate Party, a digital freedom fighter who negotiated the parliamentary position on behalf of his group Greens/EFA, explains:

“Under the impression of massive protests against the looming indiscriminate chat control mass scanning of private messages, we managed to win a broad majority for a different, new approach to protecting young people from abuse and exploitation online. As a pirate and digital freedom fighter, I am proud of this breakthrough. The winners of this agreement are on the one hand our children, who will be protected much more effectively and in a court-proof manner, and on the other hand all citizens, whose digital privacy of correspondence and communication security will be guaranteed.

Even if this compromise, which is supported from the progressive to the conservative camp, is not perfect on all points, it is a historic success that removing chat control and rescuing secure encryption is the common aim of the entire Parliament. We are doing the exact opposite of most EU governments who want to destroy digital privacy of correspondence and secure encryption. Governments must finally accept that this highly dangerous bill can only be fundamentally changed or not be passed at all. The fight against authoritarian chat control must be pursued with all determination!

In detail, our position will protect young people and victims of abuse much more effectively than the EU Commission’s extreme proposal:

1. Security by design: In order to protect young people from grooming, internet services and apps shall be secure by design and default. It must be possible to block and report other users. Only at the request of the user should he or she be publicly addressable and see messages or pictures of other users. Users should be asked for confirmation before sending contact details or nude pictures. Potential perpetrators and victims should be warned where appropriate, for example if they try to search for abuse material using certain search words. Public chats at high risk of grooming are to be moderated.
2. In order to clean the net of child sexual abuse material, the new EU Child Protection Centre is to proactively search publicly accessible internet content automatically for known CSAM. This crawling can also be used in the darknet and is thus more effective than private surveillance measures by providers.
3. Providers who become aware of clearly illegal material will be obliged to remove it – unlike in the EU Commission’s proposal.
4. Law enforcement agencies who become aware of illegal material must report it to the provider for removal. This is our reaction to the case of the darknet platform Boystown, where the worst abuse material was further disseminated for months with the knowledge of Europol.

At the same time, we are pulling the following poisonous teeth out of the EU Commission’s extreme bill:

1. We safeguard the digital secrecy of correspondence and remove the plans for blanket chat control, which violate fundamental rights and stand no chance in court. The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material.
2. We safeguard trust in secure end-to-end encryption. We clearly exclude so-called client-side scanning, i.e. the installation of surveillance functionalities and security vulnerabilities in our smartphones.
3. We guarantee the right to anonymous communication and remove mandatory age verification for users of communication services. Whistleblowers can thus continue to leak wrong-doings anonymously without having to show their identity card or face.
4. Removing instead of blocking: Internet access blocking will be optional. Under no circumstances must legal content be collaterally blocked.
5. We prevent the digital house arrest: We don’t oblige app stores to prevent young people under 16 from installing messenger apps, social networking and gaming apps ‘for their own protection’ as proposed. The General Data Protection Regulation is maintained.”

The EU Parliament’s civil liberties committee is due to confirm the agreement on 13 November.

20 November 2023: Announcement in plenary (likely no vote on substance)

4 December 2023: Envisaged Adoption of Partial General Approach by EU Council (tbc)

after 2024 EU elections: Envisaged trilogue negotiations of the final text of the legislation between Commission, Parliament and Council, as well as adoption of the result