The description of Europe as the cradle of freedoms, democracy, respect for the rights of individual citizens and privacy is often associated with various historical, cultural and legal factors. No place, however, is without challenges and the picture can change rapidly if those who administer “public affairs” do not make wise and far-sighted choices. Under the bill dubbed, by detractors, Chat Control 2.0, photos and private messages exchanged through any messaging software can be forwarded to European authorities and examined by specialized officials. It’s not science fiction: Big Brother from George Orwell’s novel has already arrived, precisely in that Europe which has always declared itself a champion of rights and respectful of the private sphere.
Messaging applications become tools for mass control: photos and private messages accessible by the Authorities
The topic on the table is very serious but the media have talked about it, guiltily, far too little. Soon, i messages you exchange via WhatsApp or the emails you send can be read and analyzed by designated personnel, in defiance of any privacy safeguards. privacy and protection of personal data.
It seems impossible, but this is exactly the gist of the legislation that is about to come into force in all European member states and which authorizes the authorities to put the private communications of individual citizens.
Already in March 2023 we observed that the subjects designated by European Commission will be entitled to access user chats and spy on personal content: software by instant messaging, email, collaboration and productivity platforms, communication systems integrated into any app or video game. Everything must be accessible by the European Authorities.
L’objective declared is to criminally prosecute those who distribute material relating to child sexual exploitation (CSEM). The result: mass surveillance in real time through automated verification of the content of messages and chats.
There’s end-to-end encryption anyway…
Wrong. The legal provision currently being approved provides that the scan messages is carried out client-side, directly on users’ devices. It therefore does not matter whether the application uses end-to-end encryption to exchange messages or emails. The personal informations of users travel in secure mode between the two ends of the communication (therefore they cannot be read, modified, monitored or damaged along their journey) thanks to encryption. However, the law actually introduces one backdoor client side by requiring all messaging and email service providers to activate a direct communication channel between each user’s device and the server managed by the European Authorities.
He explained it very well Bert Hubert, during a hearing before the Dutch Parliament. Despite the strongly negative opinion of hundreds of experts, Europe intends to rely onartificial intelligence to scan the content of users’ private communications, looking for illicit content. The reports of automated scans they are then forwarded to officials assigned the role of “controllers”: in the event that suspicious profiles are detected, the local authorities of the individual countries are called upon to carry out subsequent checks by directly contacting the subjects who managed the material.
Hubert notes that it will be like having an additional, hidden and uninvited participant in every single chat. An undeclared recipient for every single email. And the European legislator does not seem to realize the consequences of an operation that effectively activates a monitoring large-scale private communications 500 million citizens Europeans.
Image source: Patrick Breyer – Licenza CC BY 3.0.
All messaging and email applications are affected
The new regulation is named Chat Control 2.0 because in reality there is already a provision in force today that allows communication service providers to voluntarily scan users’ messages (Chat Control 1.0). Only some communication services such as Gmail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud and Xbox carry out a verification action on the contents exchanged by users, detecting potentially illicit ones. With the introduction of a legal obligation, any application or service is required to activate the scanning of messages, reporting those that may constitute some type of crime.
Free Software Foundation (FSF) has announced a battle, determined to stop the control of private chats in Europe. Similar position from the Mullvad VPN service which has started a campaign to oppose the proposed law. Furthermore, since the regulatory provisions prescribe the obligation to verify the identity and age of users, risks are foreseen for the very existence of some online stores and of the operating systems themselves based on open architecture.
Needless to say, companies such as Tutanota and ProtonMail, applications that provide email services that respect user privacy, have also come into conflict.
Telegram will avoid the new legislation, which does not affect non-commercial applications
In his hearing, Hubert underlines that while WhatsApp will adapt to the provisions, Telegram intends to evade the provisions of the law. The company founded by Pavel Durov seems intent on protesting by not implementing European regulations and starting an information campaign. The consequences of failure to adapt are yet to be verified, but sanctions are not excluded (their effectiveness must be verified for a company based in Dubai, in the United Arab Emirates) and censorship at network level that would be worthy of the most oppressive totalitarian regimes .
On the other hand, Hubert could not close his lucid analysis in a compelling way: “if we want to learn how to implement such scanning technology, if we want to learn internationally how to do it, there is only one country in the world that can help us. And it’s China. I don’t know if that’s a good prospect“.
Furthermore, in our opinion, using the stick with European citizens will not help to achieve the laudable declared objectives. Tools like OpenPGP e Tor, just to name a couple of names, have allowed the transfer of confidential data across the Internet since time immemorial. Furthermore, the legislation admits that i open source products non-commercial entities cannot in any way be subject to the provisions of the law. In short, if there are tools that can escape the “mass scan” Is it not perhaps wiser to continue with the fight against crimes as done to date (by strengthening the resources available for the police force), without subjecting millions of citizens to unsustainable interference in their private sphere?
In the end, Chat Control 2.0 it doesn’t seem like a “unicum”: the United Kingdom has proposed a sort of government backdoor to be inserted into messaging apps, with consequences that go far beyond the borders of the country of His Majesty Charles III.