The Council’s official Legal Service opinion on the legality of the proposed Child Sexual Abuse Regulation (CSAR), also named “Chat control”, has been leaked. The Council legal experts advise EU governments that the EU Commission’s proposal of ordering e-mail, messaging and chat providers to search all private messages for allegedly illegal material and report them to the police (“detection orders”) likely fails to comply with fundamental rights, thus would probably be annulled by the European Court of Justice. The experts also voice concerns regarding generalised age verification for communications services.
Specifically the Council analysis states:
- “if the screening of communications metadata was judged by the Court proportionate only for the purpose of safeguarding national security, it is rather unlikely that similar screening of content of communications for the purpose of combating crime of child sexual abuse would be found proportionate” (par. 75).
- “There is a clear risk”, the analysis notes, “that in order to be effective, detection orders would have to be extended to other providers and lead de facto to a permanent surveillance of all interpersonal communications.” (par. 46)
- The Council analysis warns that by authorising generalised access to personal communications of citizens not even remotely connected with child sexual exploitation, “the right to confidentiality of correspondence would become ineffective and devoid of content” and the legislation risks compromising “the essence of the fundamental right to respect for private life” (par. 56).
- It points out that the proposed “detection orders” aimed at all users of a telephony, e-mail, messenger, chat service or of a “part or component” of a service “highly probably” constitute “general and indiscriminate” surveillance (par. 47) which the highest EU Court has consistently dismissed and annulled. It contradicts the EU Commission’s and the Parliament Rapporteur’s claims that such orders are “targeted”.
- The Council analysis advises: “If the Council were to decide to maintain interpersonal communications within the scope of the regime of the detection order, the regime should be targeted in such a way that it applies to persons in respect of whom there are reasonable grounds to believe that they are in some way involved in, committing or have committed a child sexual abuse offence…” (par. 79). This concurs with the recent assessment of the European Parliament’s research service (EPRS) for the Civil Liberties Committee. 
- Concerning the proposed age verification requirements for e-mail, messaging and chat services, the experts warn age verification “would necessarily add another layer of interference with the rights and freedoms of the users”. “Such process [age verification] would have to be done either by (i) mass profiling of the users or by (ii) biometric analysis of the user’s face and/or voice or by (iii) digital identification/certification system.”
Pirate Party Member of the European Parliament Patrick Breyer, shadow rapporteur (negotiator) for his group in the Civil Liberties Committee (LIBE) and long-time opponent of mass surveillance of private communications, comments:
“The EU Council’s services now confirm in crystal clear words what other legal experts, human rights defenders, law enforcement officials, abuse victims and child protection organisations have been warning about for a long time: obliging e-mail, messaging and chat providers to search all private messages for allegedly illegal material and report to the police destroys and violates the right to confidentiality of correspondence. A flood of mostly false reports would make criminal investigations more difficult, criminalise children en masse and fail to bring the abusers and producers of such material to justice. According to this expertise, searching private communications for potential child sexual exploitation material, known or unknown, is legally feasible only if the search provisions are targeted and limited to persons presumably involved in such criminal activity.
I call on EU governments to take a U-turn and stop the dystopian China-style chat control plans which they now know violate the fundamental rights of millions of citizens! No one is helping children with a regulation that will inevitably fail before the European Court of Justice. The Swedish government, currently holding the EU Council Presidency, must now immediately remove blanket chat control as well as generalised age verification from the proposed legislation. Governments of Europe, respect our fundamental right to confidential and anonymous correspondence now!
I have hopes that the wind may be changing regarding chat control. What children really need and want is a safe and empowering design of chat services as well as Europe-wide standards for effective prevention measures, victim support, counselling and criminal investigations.”
The legal analysis was discussed in the EU Council working group on 27 April, and could be discussed in mid-May at the level of the Member States’ representatives. The Swedish Council Precidency recently proposed to adopt the indiscriminate detection regime without changes. Even after hearing about the legal limits, some governments seem unwilling to align the proposal with fundamental rights requirements. In a leaked position paper circulated one day after the legal opinion was sent, 10 countries – including the upcoming EU presidency Spain – took the extreme position of supporting the Commission’s original proposal without substantial changes, including where it calls for backdooring secure end-to-end encryption.