Two days left! Support our fundraiser by January 5th and 
Chat Control Is Back On The Menu In The EU. It Still Must Be Stopped
from the spies-in-our-pockets dept
The European Union Council is once again debating its controversial message scanning proposal, aka “Chat Control,” that would lead to the scanning of private conversations of billions of people.
Chat Control, which EFF has strongly opposed since it was first introduced in 2022, keeps being mildly tweaked and pushed by one Council presidency after another.
Chat Control is a dangerous legislative proposal that would make it mandatory for service providers, including end-to-end encrypted communication and storage services, to scan all communications and files to detect “abusive material.” This would happen through a method called client-side scanning, which scans for specific content on a device before it’s sent. In practice, Chat Control is chat surveillance and functions by having access to everything on a device with indiscriminate monitoring of everything. In a memo, the Danish Presidency claimed this does not break end-to-end encryption.
This is absurd.
We have written extensively that client-side scanning fundamentally undermines end-to-end encryption, and obliterates our right to private spaces. If the government has access to one of the “ends” of an end-to-end encrypted communication, that communication is no longer safe and secure. Pursuing this approach is dangerous for everyone, but is especially perilous for journalists, whistleblowers, activists, lawyers, and human rights workers.
If passed, Chat Control would undermine the privacy promises of end-to-end encrypted communication tools, like Signal and WhatsApp. The proposal is so dangerous that Signal has stated it would pull its app out of the EU if Chat Control is passed. Proponents even seem to realize how dangerous this is, because state communications are exempt from this scanning in the latest compromise proposal.
This doesn’t just affect people in the EU, it affects everyone around the world, including in the United States. If platforms decide to stay in the EU, they would be forced to scan the conversation of everyone in the EU. If you’re not in the EU, but you chat with someone who is, then your privacy is compromised too. Passing this proposal would pave the way for authoritarian and tyrannical governments around the world to follow suit with their own demands for access to encrypted communication apps.
Even if you take it in good faith that the government would never do anything wrong with this power, events like Salt Typhoon show there’s no such thing as a system that’s only for the “good guys.”
Despite strong opposition, Denmark is pushing forward and taking its current proposal to the Justice and Home Affairs Council meeting on October 14th.
We urge the Danish Presidency to drop its push for scanning our private communication and consider fundamental rights concerns. Any draft that compromises end-to-end encryption and permits scanning of our private communication should be blocked or voted down.
Phones and laptops must work for the users who own them, not act as “bugs in our pockets” in the service of governments, foreign or domestic. The mass scanning of everything on our devices is invasive, untenable, and must be rejected.
Republished from the EFF’s Deeplinks blog.
Filed Under: chat control, client side scanning, encryption, eu, surveillance
Comments on “Chat Control Is Back On The Menu In The EU. It Still Must Be Stopped”
My next keyboard will be a Raspberry Pi 400
Looks like a keyboard, and with a custom USB driver my laptop will think so too. But hit the right hot-key and what goes up the USB cable will be encrypted before Chat Control can see it. And the Raspberry Pi is just one of many small cheap computers powerful enough to add encryption or steganography while you type.
'The public needs to know, let's see what you've been saying the last year shall we?'
You could shut down 99.9% of all legislative attempts to undermine privacy and security like this with one simple rule: ‘You first’.
Any time a new avenue to spy on people is proposed, every new ‘totally-not-broken-encryption’ being ‘requested’ is applied first to all accounts of the politicians proposing the new law for a minimum of six months, with the public informed at the start.
If something like that was in place and it was their safety and security on the line I suspect that all of a sudden politicians would understand and value privacy and security.
Re:
Given how many times Hegseth has leaked war plans on Signal (that we know about), we should probably downgrade that to 99.8%.
Why does this American blog care about the EU? Not even the EU cares about the EU.
Re:
I love this comment. Some people complain when Techdirt talks about something other than tech. Some people complain when Techdirt talks about tech . You can’t please everyone. Almost like it’s not worth trying and you should just write what you want on your own website…
Re:
Because things that happen in the EU can have consequences for other territories.
The Danish Secretary of Justice has also been making the rounds in support of this EU proposal, and he’s spreading all the classic bullshit:
I’ve never actively hated a politician in my country, but the level of ignorance and arrogance he displays is fucking staggering.
This is a chilling direction for the EU to take. Client-side scanning isn’t “balancing privacy and safety” — it’s mass surveillance with extra steps. Once you allow governments or corporations to peek inside private communications, you’ve already lost the foundation of encryption. It’s disappointing to see Denmark push this forward despite every expert warning how dangerous it is.
Encrypt, Encrypt, Encrypt
If the end-to-end encryption stays in place, we should off course use the same encryption (with the Alice- & Bob keys) to send the results to the EU (Carol)…
The intelligence services says this is a bad idea it leaves a back door for hackers it also is 100 percent against the eu laws on privacy and human rights .see this week in tech podcast 20 minutes in .discussion. this week’s edition .
It also means if you want to install certain apps you ,ll have the turn on user id verification in your phone to install them
It would seem to me that a government that monitors the conversations of its citizens view those citizens as an enemy. If I was one of those citizens, the feeling would be mutual.
Re:
Exactly. The cop mentality of creeping authoritarianism and control freakishness.
Re:
I live in the US, and remember the Snowden files. Imagine how much hasn’t been leaked.