„Follow the money“ has published lobby documents produced by surveillance-tech provider Thorn, some of which the EU Commission had tried to hide from the public. EU Internal Affairs Commissioner Johansson teamed up with a network of foreign organisations to propose mandatory scanning of any private message and chat for suspicious content, including by undermining the secure end-to-end encryption of popular messaging apps. The leaked documents cast doubt over the assertions made to defend the EU‘s chat control CSAR bill. Patrick Breyer, Member of the European Parliament for the Pirate Party and most prominent opponent of chat control, comments:
„In the course of the chat control gate we discovered that a foreign intelligence-industrial complex is behind the EU Commission’s attempt to destroy the privacy of correspondence and secure encryption. Even today the Commission is obstructing the reconstruction of the truth about this scandal by withholding evidence. The LIBE Committee is still trying to get hold of documents. We can tell from the latest disclosures that Thorn’s lobby documents don’t contan any intellectual property at all, but are withheld because their content is politically inopportune to the Commission’s chat control surveillance scheme.
Configuring the scanning AI to an accuracy of 99.9% is totally unrealistic, as Big Sister Johansson knows very well. Only in December she publicly acknowledged that no more of 25% of the personal communications disclosed by chat control scanners are found to be criminally relevant by the police. We thus observe 75% of false positives in practise, not 0.1%. Nothing in the Commission’s own chat control proposal requires a 99.9% reliability of scanning algorithms. Industry would be free to use the current algorithms that flood our police with mostly legal intimate photos.
We now know Thorn lobbies against requirements for their flawed technology, discrediting regulation as „overly prescriptive“. In the European Parliament we are pushing to require independent and publicly accessible audits of any technology used. Anyway, no technology can reliably distinguish consensual sexting from sharing CSAM, resulting in the mass criminalisation of teenagers.
Where Thorn and the Commission advocate for undermining secure encryption by turning our smartphones into bugs, they disregard the findings of the Commission’s own experts as quoted in the impact assessment: The experts rate the privacy of the recommended method of „on-device hashing with server side matching“ as „medium-low“ warning the method „may introduce vulnerabilities that could decrease the privacy of the communication“. Likewise they rate the security of the approach as „medium-low“, warning that tech-savvy offenders like the organised criminals that produce material might just switch so different messengers.
The public will be appalled to find that Thorn pushes for legislation on encryption to apply beyond child sexual abuse, arguing that the purpose of scanning encrypted messages could be „much broader than one single crime“. This is what Europol advocates for, too – and two former Europol officials have joined Thorn for a reason. If the international intelligence-industrial complex manages to destroy secure encryption, they will next want to scan our personal messages for terrorism, for file sharing and for political purposes. These insights should fuel our fight for the privacy of our correspondence and secure encryption.”
Currently, the surveillance-industrial network including the umbrella organization WeProtect, of which Thorn is a member, is calling for the extension of indiscriminate chat control scanning of private messages on a voluntary basis by US big tech companies. The European Parliament‘s LIBE committee is to vote next Monday.