Leak on chat control: EU Commission anticipates millions of false positives

German news website netzpolitik.org leaked a record of internal discussions regarding the EU‘s proposed online child abuse law (dubbed “chat control”) which is much criticised for resulting in mass surveillance and undermining secure encryption. According to the leaked record, the EU Commission expects that 1 in 10 private conversations flagged by “artificial intelligence” algorithms for potential “child grooming” would be falsely exposed to a Europol-affiliated authority without any criminal relevance. The Commission confirmed that communications providers would not be obliged to check the machine-generated reports of flagged conversations before they are being sent. It also admitted the envisaged algorithms are “high risk” technology.

“Since more than the current amount of 29 million machine reports per year are expected as a result of the EU plans, more than 3 million often intimate chats and photos would be wrongfully disclosed every year,” warns German Pirate Party Member of the European Parliament and digital freedom fighter Patrick Breyer. “In truth the unverifiable manufacturer’s statement on the error rate of the secret algorithm is probably much too low. In languages other than English, there will be far more errors. According to the Swiss Federal Police, up to 86% of the machine reports to NCMEC are criminally irrelevant.

We cannot accept countless false suspicions of law-abiding EU citizens as a result of error-prone automated searches in our private conversations. Police and providers have no right to see completely legal nude photos or intimate chats of adults and minors. Exposing sensitive photos and conversations to unknown persons is prone to abuse and might result in the circulation of such material.”

When asked how services could prevent being ordered to search all private messages, the EU Commission cited age limits and preventing direct contact by unknown users. “EU bureaucrats are seriously calling for either totally cutting off 17-year-olds from messages from 18-year-olds or depriving them of any privacy. This is as patronising as if we didn’t allow under-18s to go out unaccompanied”, Breyer said.

The EU Commission also claims to have the support of service providers for its chat control plans, when in fact several have strongly opposed e.g. the proposed attack on secure end-to-end encryption for being able to perform the searches. “The providers must now publicly take a stance: are they accessories to the EU’s mass surveillance plans or are they helping us to stop them?” asks Breyer.

“It is outragous that the abolition of digital privacy of correspondence is being pursued in secret negotiations. We urgently need to take the defence of digital privacy of correspondence into our own hands!” is Breyer’s concluding appeal.

Background:

With the proposed online child abuse law, the EU Commission wants to oblige internet providers to indiscriminately search the content of all messages, emails, photos, etc. of EU citizens for suspicious content and to forward them automatically to the police. The German government publicly criticised this plan and sent a long catalogue of questions to the EU Commission. The secret answers to these questions have now been published by Netzpolitik.org.

Breyer calls for resistance to the plan on his homepage chatcontrol.eu.

Earlier this week CDT director Iverna McGowan warned that the proposal “would actually make everyone in the EU, including children, less safe”, “would essentially create a mass surveillance regime across the EU.” “[Y]ou would never again be able to communicate electronically with the confidence that your information isn’t being intercepted. … The innocent picture you take of your baby in the bath and send to their grandparents could end up in a law enforcement database or, worse, in the hands of child abusers who could manipulate that image.” she wrote in an op-ed.