This past week, the European Commission approved a temporary proposal commonly being called “Chat Control.” In just the few days since, I’ve seen wild accusations and misinformation spew out of the depths of the internet, and few people actually fact checking these. To their defense, this stuff sucks. It sucks to wade through 40 pages of legalese trying to interpret things and make sense of them, but it’s important because nothing undermines your message more than being sensationalist, as The Boy Who Cried Wolf can tell you. So this week I want to try to wade through this mess and clear up some of the stuff I’ve been seeing.
Before we go any further, important disclaimer: I am not a lawyer, and I am not an EU citizen. But I have consulted with some of the latter for some of the content at the end of this article.
Chat Control is a temporary measure (on paper, we’ll see how that actually shakes out) to help the ongoing fight against that nefarious boogieman of “child sexual abuse.” Now, let me clarify real quick: pedos are bad. Child sexual abuse is bad. We should do everything reasonable to fight it and protect children. However, 1) crime will always exist no matter how hard you try to stomp it out, and 2) there comes a point where you have to ask if the ends justify the means and if maybe in your quest to protect children you aren’t leaving them a worse world to grow up in. Is there even a point in protecting children if you’re just gonna have them grow into a world where they have no freedom or human rights?
Anyways, chat control is a measure that provides legal protection to messaging providers to use certain measures to detect and report child sexual abuse. Many providers already do this, like Facebook Messenger, but this measure is designed to give those companies protection and push other companies to do the same.
What Is It Not?
Let’s start off by addressing the two biggest pieces of blatant lies and misinformation that I’ve seen this week.
1) Chat Control is NOT a mandatory backdoor into end-to-end encrypted messengers. In fact, Section 25 says in its entirety “End-to-end encryption is an important tool to guarantee the security and confidentiality of the communications of users, including those of children. Any weakening of encryption could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or weakening end-to-end encryption.”
2) Chat Control is NOT a blank check to read all your text messages. Section 16 says “The types of technologies used for the purposes of this Regulation should be the least privacy-intrusive in accordance with the state of the art in the industry. Those technologies should not be used to systematically filter and scan text in communications unless it is solely to detect patterns which point to possible concrete reasons for suspecting online child sexual abuse, and they should not be able to deduce the substance of the content of the communications.”
So What Is It?
Chat Control gives messaging providers legal authority to collect and analyze metadata for the purpose of finding possible child sexual abuse happening. From what I was able to read and understand, the legislation doesn’t outline what to do if a provider suspects child sexual abuse – are they then allowed to access the messages? I would imagine so. In Europe, you can’t go around arresting and sentencing people just because of metadata (though apparently that’s good enough to extrajudiciously kill someone). So presumably, if the service provider gets a hit, they have to snapshot any information they can and pass that along to police for further investigation. In fact, the text repeatedly talks about reporting to law enforcement and giving users recourse to have their data removed if they get improperly reported. It also talks about requiring new content to be verified by a human before reporting to law enforcement. In case you didn’t know, several agencies involved in this stuff have hashes of images so that if a company believes they’ve intercept child sexual abuse material, they can check the hashes and see if it’s on record. So if it’s returned as not on record, a human has to double check and make sure whether it’s new abuse material, or just a false positive.
So Should We Be Concerned?
Of course we should. I know that up until now I’ve sounded kind of sympathetic, but nothing could be further from the truth.
Metadata kills people. If you didn’t click that link before, you should. It’s from a former NSA chief admitting that US military operations often rely strictly on metadata to decide whether or not they should assassinate possible insurgents in foreign lands. It’s so powerful that we feel comfortable ending someone’s life based just on the metadata. Even Snowden pointed out – in response to the White House’s rebuttal of his revelations – that when you have enough metadata you don’t need the content. The EFF gave several examples of this in their post “Why Metadata Matters.”
Furthermore, this is still mass surveillance. I never understood when people say they’re okay with bulk collection of messages because it’s not a person looking at them. They’re still being looked at and analyzed, combed for red flags. There is functionally no difference between an AI reading your messages and a human reading your messages if the end result is the same: all your content is scanned and either approved or flagged. Again, Chat Control does not include content but also again: functionally the same.
Last but definitely not least, nobody even wants Chat Control. A poll found that 72% of Europeans were against it, 10% were unsure, and up to 80% were against it being applied to end-to-end encrypted services. Patrick Breyer, a politician from Germany, even reports that with a coming vote in September, Chat Control might become mandatory rather than optional.
What To Do
I’d always be remiss if I didn’t point out “don’t be a criminal.” There’s some crime I do believe in (the American Revolution would be a good example of justified criminality in my opinion), but I’m pretty hard pressed to think of a situation where I think child sexual anything is justified. Don’t be a garbage human being. On a more sympathetic, serious note:if you think you might actually be a pedophile, I’ve heard that there’s actually therapists for non-offending pedophiles who try to help people like that to not act on their urges and to get better. Try looking into that. Use the Tor browser because you shouldn’t get profiled for trying to fix yourself.
For everyone else, there’s always the obvious answers here: download encrypted messengers. Signal, Matrix, even better if you use ones that don’t keep metadata like Signal and Session. For ones that do record metadata, like Matrix, be sure to use false information like a throwaway email and a VPN to hide your IP address (and maybe even encrypt your traffic from the provider who might otherwise be bound by law to watch you).
There’s also the less popular route of speaking up. A reader of mine from the EU sent me links to the European Parliament’s Citizens’ enquiries page, the Better Regulation FAQ, a general EU Commission contact page, and the “Have your say” page (note that this last one may require an account to submit feedback). You can also spread awareness with public posts on your social media platform of choice, but I think those are best coupled with contacting your representatives as well. It’s all well and good for people to talk but unless they make it clear to the officials that this will affect their votes and behaviors, it’s unlikely to result in much.
Chat Control is not good. It’s a slippery slope, and all governments love to go sledding. Don’t mistake this post for giving Chat Control a free pass or downplaying it. It’s just the start, the way to ease you in and make you feel comfortable with this kind of surveillance. Today it’s to stop predators, tomorrow it’s to stop political dissidents. Chat Control – while not a blank check or a backdoor – is still a massive invasion of privacy and is only one bad administration away from being abused. This post was not made to excuse it, only to arm you with the correct information so you can have your facts straight while trying to fight it. Disinformation is a key part of defense, so if you’re going to go on the attack you have to know where the real target lies.
You can read the full text of the Chat Control legislation here.