Digital rights activist and MEP Patrick Breyer explains how “chat control” got approved in the European Parliament, why it’s missing its primary goal, why it violates the fundamental right to privacy, and what it means for free speech. The Pirate Party Germany member also talks about why it would be better not to leave monitoring power in the hands of Facebook and Google moderators.
Host: Balázs Csekő
The European Parliament’s approval of ePrivacy Derogation, allowing providers of e-mail and messaging services to automatically search all personal messages of each citizen for presumed suspect content and report suspected cases to the police is a major blow for journalism, free speech and the fundamental right to privacy, guaranteed by the EU Charter. In search of “child pornography”, 537 members of the European Parliament approved the European Commission’s proposal, with 133 voting against and 20 abstentions.
Originally, the EU’s data protection legislation made providers of email services, chat services, and messaging services like Signal or WhatsApp compulsory to respect the confidentiality of communication so that they were banned to listen to or read private communication, such as messages and video conferences. The EP’s approval of an exemption from that derogation allows providers now to use algorithms to search messages automatically for suspicious content in order to find child pornography or people trying to groom children to get in touch with them.
Text, photo, video
To this end, providers can match images and videos against databases of known material, completely unknown for its content and its accuracy for the public. Providers will also be allowed to apply artificial intelligence to look for new images, giving machines the monitoring power.
With the exception of audio communication, algorithms will be allowed to monitor text, photos, videos and video conferences. The algorithms, however, are often error-prone and the access to their source code is unknown. Why these measures could be problematic, Swiss police statistics show: 86% of the reports of alleged child pornography sent to the police are false and criminally irrelevant.
Patrick Breyer, MEP and member of Pirate Party Germany, is one of the most fervent critics of the approved legislation and questions how the ePrivacy Derogation can cope with the fundamental right to the protection of personal data. He calls the EP’s move “the end of privacy” in digital correspondence.
Silicon Valley monitoring nude photos
In a world where nude photos are interchanged between partners on a daily basis, private and intimate pictures can easily be flagged in an improper way. In such cases, the content will be immediately revealed to moderators of enterprises like Facebook and Google. By taking into account the extended power of major IT companies, guaranteed by the legislation, it’s less of a surprise that the Silicon Valley giant backed the EU plans to fight “online child sexual abuse ”.
Digital rights activists are worried, and warn of possible consequences: “We don’t know what they will do with it. They [the pictures] are not safe in their hands and will possibly then be reported to a police agency somewhere in the world,” Mr Breyer told the CEA.
Perpetrators barely affected
The MEP also criticizes the EU regulation for “taking away” victims of child pornography the confidential communication spaces that they need to expose their abuse. It also lacks tracing of the real perpetrators as they are moving around in the Dark Web, therefore barely affected. “Criminals will continue to use encryption, no matter what legislation you pass. Organized crime doesn’t care about legislation.”
In order to persecute the offenders with a greater success, a different kind of approach is needed. The introduction of undercover investigators being able to monitor criminal structures should be “top priority” and could contribute to a more efficient persecution of persons producing illegal material.
“Child porn rings don’t use Facebook for exchanging their messages. And that’s why this whole procedure aims at the wrong end. It will not contain the distribution of these images,” Mr Breyer said.
“That’s why I am convinced that this [legislation] does not protect children, but rather harms them,” he added.
EP approval despite public rejection
The temporary legislation, applicable for a maximum of three years, was approved with over 75% of the MEPs votes, despite 72% of EU citizens opposing the use of chat control. Alhough many MEPs were aware of the issue’s sensitivity, they decided to vote for the proposal as they were under massive public pressure by certain “interested parties”.
“The title of the vote was fighting online child sexual abuse , and you could then vote plus or minus. So already the title was extremely suggestive”, the MEP said.
“We have seen from child protection organizations, particularly U.S.-based ones, massive lobbying, public influencing and public pressure on the EU. [Their message was:] If you enforce digital privacy, children will be abused and you are responsible for the destruction of lives,” he added.
Threat to journalism
The EU’s ePrivacy Derogation represents a major blow to all those all those relying on confidentiality. Despite what the Pegasus scandal has revealed in recent weeks, journalists, often depending on confidential communication channels, will have a tougher time in protecting their sources, once digital tools are involved in communication between the sides. Dissidents, political opponents, therapists and whistleblowers also belong to the most deprived by the regulation.
“Many people will have to fear consequences if they speak freely. And if they can’t be sure that this is in a confidential and anonymous space, they will have to reckon with repercussions if their identity is known,” Mr Breyer claimed.
Chat control could also lead to eroding people’s trust in the confidentiality of communications. Persons really needing private space will possibly cease to use digital tools, which can have “devastating effects” on people’s lives.
Unlike the Pegasus project, violating the right to privacy of a limited number of persons, the regulation approved by the European Parliament aims at every user of digital communication. If the digital communication channels are routinely searched, “mass surveillance” becomes reality.
“Privacy means that you have a right to mind your own business as long as you are not suspected of any wrongdoing. Chat control means that you will have your messages searched, even if you’re not suspected. So, that is surveillance,” the digital rights activist said.
If the principle of mass surveillance is not met with resistance, further steps could follow soon.
“Why not also apply it to personal computers, or to the storage of your smartphone? Why not have the post office open all letters? Because there could be forbidden material in there. Why not install CCTV cameras in private departments? There could be crimes happening there.”
Chat control 2.0 knocking on the door
For the autumn of 2021, the European Commission proclaimed that it will propose a follow-up legislation, making application of chat control compulsory for all email and messenger providers. That could also include encryption and endanger securely end-to-end encrypted communication channels.
“That would really affect the confidentiality of messages by journalists, therapists, and activists,” Mr Breyer stated.
A public consultation by the European Commission, however, showed that the overwhelming majority of respondents oppose an obligation to apply chat control. Over 80% of respondents reject its use to end-to-end encrypted communication.
Dark Web as possible safe haven
The ePrivacy Derogation could lead to a more frequent use of the Dark Web and anonymous networks by a growing number of persons praising privacy and seeing mass surveillance with a critical eye.
Networks like TOR or Whonix will make sure that users cannot be technically intercepted or identified. “It’s just the same as if they were speaking in a private department or going for a walk in the forest”.
Patrick Breyer and some victims of sexual abuse are planning to take legal action against the regulation. “We have commissioned a former judge of the European Court of Justice who also confirmed that it’s [the legislation] not permissible under the jurisprudence of fundamental rights.”
Even if the assessment is correct, it can take years for the Court to assess and review a legislation like the ePrivacy Derogation. “It’s up to the European Court of Justice to safeguard our fundamental rights, as the Parliament is no longer up to the job if they are subjected to political lobby pressure,” he said.
“This is the first legislation on mass surveillance that the European Union has adopted. If we don’t stop this, it won’t stop here,” he concluded.
Cover photo credit: Shutterstock
Patrick Breyer is a German jurist, digital rights activist, politician of the German and the European Pirate Party, as well as Member of the European Parliament since 2019. He was a shadow rapporteur on the ePrivacy Derogation. From 2012 to 2017 he was a Member of the state parliament of Schleswig-Holstein and from April 2016 until the end of the legislative period he was also the leader of the Pirate group in that assembly. The German Pirate Party calls him a “digital freedom fighter”. Twitter: @echo_pbreyer
Photo credit: patrick-breyer.de