On the occasion of tomorrow’s European Data Protection Day, EU lawmakers are addressing the European Commission in a cross-party letter: They warn that the draft legislation announced by the Commission for March 2022 on indiscriminate message and chat control on all mobile phones would result in mass surveillance of the private communications of all EU citizens. Moreover, the legislation threatens secure encryption and IT security in general.
Similar to Apple’s highly controversial „SpyPhone“ plans, the EU Commission plans to „protect children“ by requiring providers of digital communication services to bulk intercept, monitor, and scan the contents of all citizens’ communications.
A draft legislation is to be presented on 2 March. Communications that have so far been securely end-to-end encrypted would need to be screened on all mobile phones and, in case of suspicion, automatically redirected and reported to the police. „Indiscriminately and generally monitoring everybody’s online activities ‚just in case‘ causes devastating collateral damage,” MEPs appeal to the responsible EU Commissioners Margrethe Vestager, Margaritis Schinas, Věra Jourová, Thierry Breton, Didier Reynders and Ylva Johansson. The proposed surveillance requirement “fails to respect the essence of the fundamental right to confidential communications (Article 7 of the Charter), and is therefore neither necessary nor proportionate “, the letter continues.
„It has a chilling effect on the exercise of fundamental rights online, including of children and victims, minorities, LGBTQI people, political dissidents, journalists etc. It sets a precedent for expanding it to other purposes in Europe as well. The outsourcing of law enforcement activities (crime detection) to private corporations and their machines removes the protection afforded by the independence and qualification of public investigators, as well as the institutional oversight over their activities.“
MEPs express concern about recent media reports that investigators shut down child sexual abuse platforms such as “Boystown” but failed to report the linked content for removal. This means that thousands of gigabytes of illegal images remain accessible.
„Investigators argue that they lack capacities to report material they are aware of. Adding thousands and thousands of mostly false reports of alleged circulation of well-known material via major communications services to their burden would fail victims whose safety depends on focusing all resources on preventing abuse and the production of abuse imagery in the first place,“ underline the MEPs.
MEP and civil liberties defender Patrick Breyer (German Pirate Party) comments:
“This EU Big Brother attack on our mobile phones by error-prone denunciation machines searching our entire private communications threatens to lead to a Chinese-style surveillance state. Will the next step will be for the post office to open and scan all letters? Indiscriminately searching all correspondence violated fundamental rights and is the wrong approach to protecting children. It actually puts their private pictures at risk of falling into the wrong hands and criminalises children in many cases. Flooding overburdened law enforcement officers, who don’t even have time to sift through already known child pornography, with mostly false machine-generated reports is irresponsible with regard to the victims of ongoing abuse.”
Marcel Kolaja Member and Quaestor of the European Parliament (Czech Pirate Party) adds:
“Monitoring across large platforms will only lead to criminals moving to platforms where chat control will be technically impossible. As a result, innocent people will be snooped on a daily basis while tracking down criminals will fail. Moreover, it will discourage victims from seeking help digitally. Not to mention that e.g. witnesses or harassment victims, whose lives may be in danger, are highly dependent on confidentiality of their communications. Therefore, chat control would only cause widespread uncertainty and distrust. Rather than mass surveillance of digital correspondence, the Commission should focus on assistance to victims, prevention of child sexual abuse, and coordination of targeted investigations.”
Apple’s plans, announced in August, to search personal photos for suspicious content prompted a public outcry. More than 90 organizations called on the company to scrap the plans. Apple eventually put its plans on hold.
MEPs warn that the Commission’s plans would trigger a similar storm of protest. Providers would need to implement a backdoor in their software („client-side scanning“) to enable such monitoring. Implementing a routine for automatically reporting suspected communications content in case of a match would break safe end-to-end encryption altogether and eliminate the security and trust that comes with it. Individuals, businesses and government rely on end-to-end encryption to safeguard their personal, commercial and state secrets.