Analysis
According to critics, what the EU Commission is planning in the fight against the sexual abuse of children is a giant step towards a surveillance state. Here you can find out everything you need to know about the controversial project.
Follow
The fears have been confirmed, the EU Commission is planning far-reaching measures to digitally monitor the citizens of Europe.
The core of the project officially presented on Wednesday is a nationwide "monitoring system" controlled from Brussels. A new "EU center against child abuse" should be able to force online services to scan all communication from their users for illegal content, writes the "Spiegel".
Civil rights activists and experts are alarmed – and even investigators are not necessarily happy, the German news magazine notes. Meanwhile, the Swedish EU Interior Commissioner Ylva Johansson speaks of "tough, unprecedented and groundbreaking legislation".
This article revolves around the most important questions and answers on "chat control" – from a Swiss perspective.
Who does the EU want to monitor?
All citizens who communicate digitally.
Specifically: online services that are operated or active in countries of the European Union (EU). And that doesn't just mean the big US platform operators like Apple, Google, Microsoft and Meta (Facebook), who have their tax-efficient European headquarters in Ireland.
However, it is likely to be particularly controversial that the measure can oblige messenger operators such as WhatsApp, Telegram, Signal or Threema to scan private messages from their users. »
The EU Commission wants to make all providers with a branch in the EU responsible, or if they have “a significant number” of users there.
And that's not all: online services to which none of this applies, but which are suspected of being used to distribute illegal content, should also be blocked by Internet providers in the EU, writes the "Spiegel".
"This could block smaller providers whose operators remain anonymous or evade access by authorities – they should no longer work in Europe."
What exactly does the EU Commission want to fight?
Targeted according to Q&A by the EU Commission:
German prosecutors criticized the EU plans behind closed doors, as the "Spiegel" writes. Several investigators would have welcomed the fact that the EU wanted to pass new uniform rules against child abuse and would also make various internet services compulsory. However, the current plans would not necessarily result in more pedophiles being arrested.
Even more reports of abuse images did not automatically lead to more investigative successes – on the contrary:
"The mass of new reports after the EU plans threaten to paralyze our prosecution."
What is the EU Commission proposing?
The EU draft law provides for the following:
According to "Spiegel", the responsible EU interior commissioner asserted that numerous technical precautions should be taken to protect the privacy of EU citizens. National authorities and data protection officers would have to give their permission "before each scan".
In addition, the new EU center may only use surveillance software with which "the privacy of citizens is least at risk," assured Johansson.
Why are the EU plans problematic?
For many reasons. They relate to the protection of private and intimate spheres, data protection and the security of IT systems and the legal system in general.
The planned monitoring of private chats represents a massive invasion of privacy and would violate the fundamental rights of citizens.
According to the definition, the intimate sphere includes the inner world of thoughts and feelings as well as the sexual area and its appropriate protection is a fundamental human right.
In addition, according to critical experts, it is completely unclear how reliably such surveillance technology works – for example, how easily innocent people are targeted.
The EU Commission also wants to oblige companies such as WhatsApp, Signal and Telegram to install a “back door” in their messenger services in order to monitor chat content despite end-to-end encryption. Once such a system is implemented, it can easily be used for other purposes in the future.
Facebook and Co. should design the automatic monitoring of their services in such a way that misuse by employees or third parties is ruled out. "The confidentiality of the communication of millions of innocent people is nevertheless undermined," states the "mirror", and nobody can rule out the abuse of such a monitoring structure for all time.
An EU Commission test report leaked in March also showed that EU Commissioner Johansson ignored internal criticism and was undeterred in her search for ways to “introduce a new form of mass surveillance across Europe”.
As reported by netzpolitik.org, the internal report said that "it was not sufficiently clear how the search mechanisms described would respect the ban on mass surveillance without cause in force in the EU".
The leaked document also states that the “efficiency and proportionality” of the planned measures “have not been sufficiently proven”.
Why is the EU doing this and who is behind it?
In the past year alone, 85 million images showing sexual violence against children were found on the Internet, according to the "Spiegel" newspaper, EU Interior Commissioner Ylva Johansson. The Swede is politically responsible for the advance. The German EU Commission President Ursula von der Leyen is considered to be the most powerful advocate or originator of the proposed Internet surveillance.
They are responsible for the planned mass surveillance: the German EU Commission President Ursula von der Leyen (left) and the Swedish EU Commissioner for Home Affairs Ylva Johansson.Image: keystone
Von der Leyen is a member of the Group of the European People's Party (Christian Democrats). Johansson is a member of the Swedish Social Democratic Labor Party.
Johansson said that in 90 percent of the cases discovered, the material was stored on servers in the EU, which is why Brussels is now particularly required to develop "a world standard" against illegal recordings.
In recent months, the Swede has "emphasized like a mantra that privacy and encryption should not stand in the way of criminal prosecution," recalls netzpolitik.org. And Von der Leyen's earlier proposal for "net blocking" against child abuse content caused massive protests in 2009 and gave the politician the nickname "censorship" in Germany.
Who benefits?
The donation-financed online medium netzpolitik.org points to a little-known side aspect and shows that the monitoring planned by the EU Commission could turn into a multi-billion dollar business.
According to this, internal EU documents show how the US actor Ashton Kutcher and his organization Thorn lobbied in Brussels for his own surveillance technology.
"With Thorn, Kutcher entered the surveillance technology market: In 2020, the organization launched Safer, which it says is the first third-party 'comprehensive detection platform' for child abuse content."
Thorn presented itself to EU institutions as a charity that "for idealistic reasons against child abuse" is used. However, the organization repeatedly brought up its self-developed Safer software at meetings with European authorities. This was shown by emails and notes that netzpolitik.org received from the EU Commission, German and Swedish authorities as a result of freedom of information requests.
Thorn offers "Artificial Intelligence-driven software to find, remove and report child abuse content." In addition, the organization is working on a “new algorithm for recording grooming activities”. screenshot: thorn.org
The US actor Kutcher uses his celebrity status to achieve concrete goals with Thorn in Europe. In 2020, according to netzpolitik.org, Thorn “vehemently supported a proposal from the EU Commission”, which became law at record speed a few months later. The EU has created an exception in its (comparatively strict) data protection rules to enable social media platforms such as Facebook to voluntarily scan users' private chats for suspected child abuse.
According to netzpolitik.org, a spokeswoman for Thorn confirmed "that its own technology could be used to enforce the new EU law."
That brings us to the secret services.
Unfortunately, this new attempt to force a backdoor into encrypted communications is "part of a global pattern," writes the Electronic Frontier Foundation (EFF), an NGO that advocates for fundamental rights in the information age.
In 2018, the "Five Eyes" – an alliance of intelligence services from Canada, New Zealand, Australia, Great Britain and the United States of America – warned that they would take technical, legislative or other measures to gain access if the providers such services not voluntarily.
What are the penalties for violations?
If platform operators and other companies do not comply with the monitoring measures planned by the EU Commission, they should be fined.
The fines should be set by the EU member states and be “effective, proportional and deterrent”, as the “Spiegel” writes. The maximum financial penalties should not exceed six percent of the total annual turnover of the offending company.
European citizens who are captured by the digital "total surveillance" face criminal prosecution and conviction, whether for possession, distribution or even production of CSAM or grooming.
What do the affected service providers say?
"The Commission's plans could therefore lead to a mass criminalization of innocent citizens."
WhatsApp boss Will Cathcart had already sharply criticized a leaked version of the EU plans on Tuesday:
«Strong encryption protects the privacy and security of billions of people, including children. Removing that is a mistake."
Matthias Pfau, managing director of the encrypted e-mail service Tutanota, also finds clear words:
"This would be the worst surveillance mechanism ever put in place outside of China, all under the guise of protecting children."
Matthias Pfau, Tutanota
It should be noted that in July 2021 a majority of MEPs voted in favor of an earlier version of “chat control”.
Since then, providers have been allowed to voluntarily scan communications. However, so far only a few non-end-to-end encrypted US services such as Gmail, Facebook/Meta Messenger and Xbox (Microsoft) operate such surveillance.
In the summer of 2021, the US company also announced a CSAM scanner for US iCloud users in the fall, but postponed the launch to an indefinitely later date after massive global protests.
What's next?
The next step is for the draft law presented by the EU Commission to go to the EU Parliament. This will set up a committee to process the proposal and can suggest changes before announcing a final position, as derstandard.at writes.
It could be years before the law actually comes into force. And whether the "chat control" will actually be implemented in the planned form is anything but certain.
According to "Spiegel", the new German government has expressly committed itself to the right to encryption in its coalition agreement and has praised end-to-end encryption.
It can be assumed that "various EU civil rights organizations will try to overturn the relevant paragraphs before they are passed," predicts the Swiss news magazine "Republik".
How does Switzerland react?
National Councilor Judith Bellaiche wants to know with a parliamentary initiative from the Federal Council to what extent the local population would be affected by the new EU law.
The country's top data protection officer, the Federal Data Protection and Information Commissioner (FDPIC), is "critical of the unreasonable monitoring of the individual communication of the population in general and chat control in particular".
In his statement, the FDPIC states that “the most serious encroachments on fundamental rights” such as chat monitoring are questionable from a constitutional point of view and in any case require a formal legal basis in Switzerland in the sense of a law subject to a referendum.
"Chat controls may not be carried out on residents of Switzerland based on foreign law, nor be used by Swiss authorities to the detriment of the Swiss population."
Adrian Lobsiger, Federal Data Protection and Information Commissioner.
More on Apple's controversial parental control tools