Chat Control is the popular name given to a regulation proposal inside the European Council to scan all private communications in hopes of protecting children from sexual abuse. It expands over the existing regulations by making the scan continuous and global, while the current law requires scans to be targeted and approved by a judge. Despite its honorable intentions, Chat Control has raised all the alarms due to the abusive means of achieving its goals.
Scanning all private communications raises questions about the implications for fundamental rights of European citizens, the effectiveness of the measures, and the overall impact of weakening encryption.
After all, this law would effectively turn Europe into a Police State.
We’ve already suffered the cookie-pocalypse, and we don’t want another mess-up. This annoyance forced banners on all websites and didn’t translate into privacy improvements. Now, Brussels is trying to fix its error with a proper technical solution.
Luckily, Chat Control is losing momentum. The vote scheduled for October 14 won’t take place thanks to citizen protests. However, this fight is far from over. Control over private communications is a topic that politicians bring to the table quite often.
Let’s explore the impact of Chat Control to better understand why this legislation is such a shitshow.
The Dawn of a Police State
Let’s make something clear. Scanning all communications indiscriminately is establishing a police state. It’s like placing a police officer on every corner or flooding cities with video cameras “just in case.”
You may like it, you may feel safer, but it is what it is: A police state you cannot escape from. But “police state" sounds too abstract, so let’s describe it in another way:
You are guilty until proven otherwise.
No matter how well-behaved a citizen you are, mass surveillance places you at the same level as terrorists and pedophiles.
Care to send a message to a friend saying “This is a bomb", or “I’m gonna kill them”? An alarm will definitely trigger, and someone will need to check it. That someone won’t have any context on you, and they may not share your sense of humor. You may find yourself in a situation where you suddenly need to prove your innocence.
Sounds crazy? Well, it’s already happening.
Trying to be funny when sending money to a friend may result in a call from your bank at the least, and possibly a visit from the police. Since Bizum became popular in Spain, there have been several registered instances of this happening. Banks must investigate subject messages like “Arms for the holy war in Syria” to help authorities fight against terrorism and drug trafficking.
A mass surveillance setting also causes numerous false positives.
When thinking on privacy and law enforcement you are not trusting your current government, but anything that will come in the future. In 2022, a wave of anti-abortion laws spread across the U.S.A. Law enforcers would cross personal data like web searches (find abortion pills) and credit card history (buying birth control products) to find and prosecute women.
You must protect your private data. Once it’s out, you no longer have control on what it’s going to be used for.
Once in place, a mass surveillance system will relentlessly expand its reach. Think about the NSA in the U.S.A., it started as a terrorism-fighting tool after 9/11, and nowadays it is a domestic surveillance tool.
There are no Safe Backdoors
The problems with legislation like Chat Control go beyond the ethics. Let’s dig into the technical details.
The main reason why enforcement officers are pushing for this law is that most communications are encrypted end-to-end. That means that not even those hosting the messaging services (like WhatsApp or Apple) can read your messages. So, that data is secure even if a judge requires the companies to provide it.
The problem is that there is no such thing as “secure for everyone but for law enforcement" on data encryption. Either it’s secure or it is vulnerable.
Anti-privacy policies like Chat Control only make things easier for hackers. It was recently discovered that a hacker group was using the “BRICKSTORM” backdoor to infiltrate US companies. Something meant for US authorities ended up being a goldmine for hackers.
These legislations not only put personal information at risk, but also sensible business data. It’s terrifying.
Chat Control would put all European Countries at a disadvantage against the rest of the world. Cybercriminals could use our personal data to target convincing phishing attacks or create sophisticated corporate espionage campaigns.
Apple has repeated these arguments everywhere while actively lobbying for privacy protections. In fact, it’s the third most prominent lobbyist in the European Union. However, they can only do so much. Apple couldn’t beat the UK government, requiring them to make user data available. Instead of creating a backdoor that could affect all their users globally, they decided not to encrypt some of their UK users’ data. Unsafe, but contained.
The UK is in the crosshairs lately regarding privacy. Again, in the name of child safety, they required all companies offering services to adults to identify their users. Forcing hundreds of companies to process and store ID data makes it easier for hackers to steal it.
Last week we experienced how risky this is. A security breach at Discord led to the leak of millions of government photo IDs belonging to its users.
The less of our personal data that is outside, the safer we are.
We Already Have Child Protection at Home
The worst thing about mass surveillance legislation is that, after all the harm they cause, they aren’t effective at protecting children.
We already have effective mechanisms to take targeted actions against criminals. Tools like Pegasus are actively used to infect suspects’ devices and allow the retrieval of data that would be encrypted somewhere else. Law enforcers can even use it without a judge’s approval.
Mass surveillance only adds noise to the mix.
You’ll receive a ton of leads, but they’ll be low-quality. ¿Remember the false positives we mentioned earlier? Any joke sent as a text message will trigger an alert that will need to be investigated. You need a massive workforce to filter through all these.
When designing cybersecurity tools, avoiding the noise and alert fatigue is our focus. You cannot be effective if you spend all your time chasing shadows. It only causes you to arrive late to the real incidents, after the harm is already done.
To be effective, cybersecurity tools need to understand the context of every alert. That is what allows them to triage the false positives from the real incidents.
Extrapolating this to a mass surveillance mechanism, that tool would need to understand each and every one of us to know if we are about to commit a crime or not. That’s a dystopian future I hope I won’t ever see.
It seems a bit weird to push for Chat Control when there are known and prominent hubs of child abusers that are passing unchecked.
It is known that Roblox, despite its appearance as a child’s game, is a dangerous place. In the following video, Schlep makes a detailed and frightening exposition of the problem. He is dedicated to identifying pedophiles at Roblox and working with the authorities to put them behind bars.
Three things enrage me in that video:
- At some point, a teacher asks a class of 9-year-olds if they have been requested to do “inappropriate things" while in Roblox. Most of them raise their hands.
- The Roblox company knows this is a widespread issue, and they don’t take action.
- Law enforcers won’t investigate the issue either (beyond addressing individual cases).
The problem doesn’t seem to be our tools, but rather a lack of education campaigns and enforcers.
TikTok is another hub that gathers together children and abusers without getting significant attention from the authorities.
If children’s safety is the issue, wouldn’t we be better off tackling these giant hubs? Or investing in the existing programs that have proven effective? Is it about educating children and parents on how to use the internet safely?
Do we really need Chat Control?
Bye Bye Chat Control, for now
We have dodged a bullet with Chat Control.
It’s hard to oppose measures to fight terrorism and protect children; that’s why they are always used as the spearhead for a police state.
We must protect our rights and urge all our politicians to find the right way to safeguard us without risking our democracies.
We didn’t completely defeat Chat Control; it will eventually be proposed again, and we need to stay on guard to prevent it from resurfacing.
If you want to learn more or contact your European representatives about this topic, head to fightchatcontrol.eu.
Connect With Your Audience
We are experts at crafting stories that connect with your clients’ pains and position your product strengths organically.
Book a Call