EU Proposes It’s Own Version Of EARN IT: Effectively Mandates Full Surveillance Of All Messaging & No Encryption

from the this-is-so-so-bad dept

What the actual fuck, EU? While they pretend to be all about protecting privacy, they then push out this bit of utter nonsense: a bill to “protect the children” by literally requiring online services scan all messaging all the time. In some ways, the bill is similar to the EARN IT Act in the US, but it’s bizarrely even worse than that.

The law requires messaging providers to do “risk assessment” and “risk mitigation” but if the government feels that the services aren’t doing enough (which, of course, they’ll claim about everyone), it can get a court to issue “detection orders” which require the site to monitor communications for “new child sexual abuse material or grooming.”

Ah, yeah, good one, EU. Just as the Trumpists of the US have declared anyone who supports the ability to respect the sexual orientation and gender of other human beings “groomers” you’re now saying websites can be forced to scan private messages for evidence of “grooming.” I’m sure that won’t be abused at all.

There is a lot of language in there to pretend that this will be limited and that it doesn’t need to break encryption, but there is no way to do any of this without basically breaking encryption and creating massive surveillance systems that snoop on basically every communication. As the EFF notes in response to this proposal:

The new proposal is overbroad, not proportionate, and hurts everyone’s privacy and safety. By damaging encryption, it could actually make the problem of child safety worse, not better, for some minors. Abused minors, as much as anyone, need private channels to report what is happening to them. The scanning requirements are subject to safeguards, but they aren’t strong enough to prevent the privacy-intrusive actions that platforms will be required to undertake. 

Cryptographer Matthew Green called this proposal “the most terrifying thing I’ve ever seen.”

It truly is incredible that at the very same time they’re claiming that Silicon Valley companies are doing too much surveillance, they’re now going to demand much, much more surveillance.

This proposal is still in the early stages, but it could move somewhat quickly. Things that claim they’re about “protecting the children” often do. However, if this became law, it would do the opposite of protecting children. It would put way more children at risk, by removing the ability for them to have safe and secure communications, including spying on their communications with others in ways that could be massively intrusive. At the very least, it may intimidate children at risk from speaking up or reaching out for help, because those communications will no longer be secure.

What a complete disaster, proposed by clueless bureaucrats who have been told how ridiculous this proposal would be and still decided to push forward with it.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “EU Proposes It’s Own Version Of EARN IT: Effectively Mandates Full Surveillance Of All Messaging & No Encryption”

Subscribe: RSS Leave a comment
TaboToka (profile) says:

Re: Re: Re:3

“Thank goodness for Brexit, so we don’t have any of these draconian EU laws!”

What about these?

“Those aren’t as bad, did you even read the content?”

Here’s a specific example of one that’s bad.

“That won’t become a law because we have special double-secret voting magic!!1 Plus it isn’t as bad as those EU laws!!!’

(rinse, repeat)

sabroni says:

Re: total bollocks

I live in the UK.
Your talking bollocks.
Brexit is a Kremlin plan to destabilised Europe. What do you think happend on bojo’s trip to Lebednev’s party? Why did we sign this impossible treaty with us leaving the EU, no border between Northern and Southern ireland and no border between us and the north?
Every stupid brexit “tactic” puts more pressure on the EU, who are already watching a war on their borders.
This is serious shit junior, grow up.

Scary Devil Monastery (profile) says:


“Shitty legislation like this is making even Remainers now bless Brexit. Just sayin’.”


The UK’s “Brexit” may have been plotted primarily by xenophobic nationalists and executed by inept morons, but…the EU has, for the last twenty years, produced some astonishingly bad legislation fit to match chinese totalitarianism.

“The most puzzling development in politics during the last decade is the apparent determination of Western European leaders to re-create the Soviet Union in Western Europe.”
– Mikhail Gorbachev, last premier of the USSR, 1990-ish.

The UK will be going through a very bad time due to their brexit handling, but I’m afraid that if the EU keeps progressing down this path it’s going to be followed by a lot of member nations.

Because although European Unity is a great dream, the current EU isn’t it. More like an all-consuming totalitarian bureaucracy governed by a new feudal class.

Wyrm (profile) says:

What a complete disaster, proposed by clueless bureaucrats who have been told how ridiculous this proposal would be and still decided to push forward with it.

From what I’ve seen with bills in other domains (e.g. copyright, computer security), being told how ridiculous a proposal is seems like an incentive for them to push it forward.

You tell them “it’s a stupid proposal”, they hear “I double-dog dare you”.

Anonymous Coward says:


Well this proposal tries to sneakily get around that by not specifying what kind of tech has to be implemented leaving that for the companies to determine. Only that it meets a certain requirement.

They also say it’s going targeted but as the rest of the proposal lays out, it is anything BUT targeted and tries to dance around that by not saying it.

Someone on Twitter named That Privacy Guy has noted that this proposal as it currently stands runs afowl of EU treaties and case law in terms of proportionality and necessity.

Anonymous Coward says:

Ah, ChatControl, as it’s being called by Patrick Breyer. I was wondering when TechDirt might cover it. Had this on my radar since EARN IT got reintroduced and noticed some Europeans mulling about what ChatControl could entail. Now we know for sure, and it’s every bit as bad as speculated.

It’s worse than EARN IT because right now, EARN IT seems to be going after encrypted services specifically. This doesn’t just impact E2E, it impacts any service with a messenger aspect. So if a company currently doesn’t scan non-E2E encrypted messages, they may be forced to do what Facebook and Google and etc. do and scan literally every message.

The comparisons to EARN IT are apt though, in that not only the negative effects are even more pronounced, but the method in which it could be taken down is more blatant. Aspects of EARN IT may be foiled by the Fourth Amendment. This ChatControl in entirety goes completely against established EU constitutional and case law regarding privacy and government intervention, and would likely be stricken down in the courts.

But that requires a company or individual standing up to it and having the funds to do so. Given it claims to be about protecting kids… who wants to bite that bullet? Certainly no company big enough that bad press about “not helping kids” would hurt, and certainly no company so small they lack the funds. And even if someone steps up, that’s still a few years’ of companies feeling like they need to snoop on everyone.

Hopefully- knock on wood, not wishing on anything resembling a monkey’s paw- like EARN IT, it stalls out and nothing comes of it.

Scary Devil Monastery (profile) says:


“How likely is it to pass?”

Highly. It took a massive effort to shutter ACTA despite the utterly horrible way that was handled, and even when almost every EU PM was against it the shenanigans pulled to make it pass anyway became so ridiculous the EU’s own shadow rapporteur resigned, leaving an open resignation letter where he condemned the various maneuvers as the most corrupt practice he had ever seen or heard of in his lifetime as a politician.

It may afterwards be struck down by the EU court of justice, the way the Data Retention Directive was abolished…but the damage will remain done, in any nation quick and eager to embrace a governance of mass surveillance.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...