On the occasion of tomorrow’s European Data Protection Day, EU lawmakers are addressing the European Commission in a cross-party letter: They warn that the draft legislation announced by the Commission for March 2022 on indiscriminate message and chat control on all mobile phones would result in mass surveillance of the private communications of all EU citizens. Moreover, the legislation threatens secure encryption and IT security in general.

Similar to Apple’s highly controversial „SpyPhone“ plans, the EU Commission plans to „protect children“ by requiring providers of digital communication services to bulk intercept, monitor, and scan the contents of all citizens’ communications.

A draft legislation is to be presented on 2 March. Communications that have so far been securely end-to-end encrypted would need to be screened on all mobile phones and, in case of suspicion, automatically redirected and reported to the police. „Indiscriminately and generally monitoring everybody’s online activities ‚just in case‘ causes devastating collateral damage,” MEPs appeal to the responsible EU Commissioners Margrethe Vestager, Margaritis Schinas, Věra Jourová, Thierry Breton, Didier Reynders and Ylva Johansson. The proposed surveillance requirement “fails to respect the essence of the fundamental right to confidential communications (Article 7 of the Charter), and is therefore neither necessary nor proportionate “, the letter continues.

„It has a chilling effect on the exercise of fundamental rights online, including of children and victims, minorities, LGBTQI people, political dissidents, journalists etc. It sets a precedent for expanding it to other purposes in Europe as well. The outsourcing of law enforcement activities (crime detection) to private corporations and their machines removes the protection afforded by the independence and qualification of public investigators, as well as the institutional oversight over their activities.“

MEPs express concern about recent media reports that investigators shut down child sexual abuse platforms such as “Boystown” but failed to report the linked content for removal. This means that thousands of gigabytes of illegal images remain accessible.

„Investigators argue that they lack capacities to report material they are aware of. Adding thousands and thousands of mostly false reports of alleged circulation of well-known material via major communications services to their burden would fail victims whose safety depends on focusing all resources on preventing abuse and the production of abuse imagery in the first place,“ underline the MEPs.

MEP and civil liberties defender Patrick Breyer (German Pirate Party) comments:

“This EU Big Brother attack on our mobile phones by error-prone denunciation machines searching our entire private communications threatens to lead to a Chinese-style surveillance state. Will the next step will be for the post office to open and scan all letters? Indiscriminately searching all correspondence violated fundamental rights and is the wrong approach to protecting children. It actually puts their private pictures at risk of falling into the wrong hands and criminalises children in many cases. Flooding overburdened law enforcement officers, who don’t even have time to sift through already known child pornography, with mostly false machine-generated reports is irresponsible with regard to the victims of ongoing abuse.”

Marcel Kolaja Member and Quaestor of the European Parliament (Czech Pirate Party) adds:

“Monitoring across large platforms will only lead to criminals moving to platforms where chat control will be technically impossible. As a result, innocent people will be snooped on a daily basis while tracking down criminals will fail. Moreover, it will discourage victims from seeking help digitally. Not to mention that e.g. witnesses or harassment victims, whose lives may be in danger, are highly dependent on confidentiality of their communications. Therefore, chat control would only cause widespread uncertainty and distrust. Rather than mass surveillance of digital correspondence, the Commission should focus on assistance to victims, prevention of child sexual abuse, and coordination of targeted investigations.”

Background:

Apple’s plans, announced in August, to search personal photos for suspicious content prompted a public outcry. More than 90 organizations called on the company to scrap the plans. Apple eventually put its plans on hold.

MEPs warn that the Commission’s plans would trigger a similar storm of protest. Providers would need to implement a backdoor in their software („client-side scanning“) to enable such monitoring. Implementing a routine for automatically reporting suspected communications content in case of a match would break safe end-to-end encryption altogether and eliminate the security and trust that comes with it. Individuals, businesses and government rely on end-to-end encryption to safeguard their personal, commercial and state secrets.

patrick-breyer.de/en/members-o…

As part of the Digital Decade, the EU Commission today presented its draft principles that are supposed to strengthen fundamental rights in the digital era. According to EU Vice-President Margrethe Vestager, the text shall serve as a benchmark and guideline for corporations and policymakers, when implementing new technologies in the future. EU civil society and the representation of its fundamental digital rights, such as privacy, empowerment and inclusion shall be at the heart of policy.

Patrick Breyer, MEP for the German Pirate Party and digital rights activist, is skeptical:

“It is positive to see the EU Commission not only talking fundamental rights, but wanting to put them into practise. However, in light of the actual policies of von der Leyen’s Commission, this announcement turns out to be nothing but smoke and mirrors. You cannot, on the one hand, point to the right to confidential communications, while at the same time pursue chat control to monitor EU citizens’ private messages without suspicion. You cannot, on the one hand, publish a survey, according to which 91% of citizens consider the right to confidential communications of paramount importance, while at the same time pursuing data retention plans to collect information about the communications of the entire population. You cannot, on the one hand, promise ‘artificial intelligence’ that conforms to fundamental rights, while at the same time reject a ban on biometric mass surveillance in public spaces. All in all, the suspicion is growing that this ‘declaration’ is only a smoke screen, while the actions of the EU Commission seem rather inspired by the model of the Chinese surveillance state.

“Extremely dangerous and hostile to fundamental rights is the statement that children needed to be protected from ‘harmful content’, that they have a ‘right to be protected from all crimes, committed via or facilitated through digital technologies’, and that all crime should be ‘prevented’. Preventing all crime is impossible in a free society, and trying to do so would result in creating a totalitarian Stasi state. Without asking for their opinion, children are currently being instrumentalised by politicians to justify policies such as indiscriminate chat control as well as attacks on secure encryption. Children have a right to be protected from political instrumentalisation!”

patrick-breyer.de/en/hypocriti…

The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block “illegal” websites, including pirate sites.

torrentfreak.com/the-eu-wants-…

The EU’s new legislation needs to be good enough to be the game-changer needed for citizens and democratic institutions to take back control of our digital future, argues Patrick Breyer.

As the plenary vote on the Digital Services Act (DSA) draws near, divergences of opinion remain, but there is one point on which everyone agrees: the DSA will define Europeans’ relationship with the Internet for generations to come and set global standards.

theparliamentmagazine.eu/news/…

Today, the EU Parliament will formally adopt its position on the Digital Services Act (DSA). The Parliament approved language aimed at protecting end-to-end encryption and, in a major victory, added a right to use and pay for digital services anonymously wherever feasible. Still, the Pirates in the European Parliament ultimately decided to oppose the package. Indiscriminately collecting the mobile phone numbers of all uploaders to adult platforms corrupts the right to anonymity and endangers the safety and lives of sex workers in the European Union: a red line for European Pirate Party MEPs.

With amendment 291 letter (a), Parliament seeks to require users to disclose their mobile phone numbers to porn platforms before they may upload content or post comments. This provision violates the fundamental rights to privacy and data protection. In a letter to lawmakers, the EU Sex Workers’ Rights Alliance (ESWA) emphasized that “due to the stigmatised and criminalised nature of adult sexual content producers and other types of sex work, the safety of their data is of utmost importance as any data.” Data leaks would “pose a direct threat to the real-life (offline) safety and wellbeing of sex workers“.

While we recognise the honourable intentions of the amendment, Pirates will not support a proposal that threatens the safety of a group of persons who are already stigmatised. Nor can we support creating a precedent for eliminating anonymous publishing as an acceptable means of deterrence.

Pirates successfully advocated for digital rights

In other regards, Pirate Party Members of the European Parliament made major contributions to improving user privacy. For the first time, users would be able to generally opt out of pervasive surveillance online and the creation of personality profiles for commercial purposes in their apps, which would also spare them from the time-consuming consent banners. Refusing consent would become as easy as giving it. Online platforms would need to give fair access options also to users who refuse to be pervasively tracked.

Furthermore, the end-to-end encrypted services, that are essential to communicating securely, would be shielded against interferences by EU Member States. National data retention or identification requirements would be excluded. As proposed by MEPs and the LIBE Committee, platform terms and conditions that do not comply with freedom of speech, media freedom or other fundamental rights will be void. And in a major last-minute victory, Parliament now wants users to be able to use and pay for digital services anonymously wherever possible.

Pirate Party MEP Patrick Breyer, Civil Liberties, Justice and Home Affairs (LIBE) rapporteur for the Digital Services Act and digital rights activist, comments:

“Parliament’s backing for a right to use and pay for digital services anonymously is a major victory for protecting our privacy and safety online. Only last year, over 500m mobile phone numbers leaked from Facebook/Meta. We cannot accept that every year, data leaks expose millions of EU citizens’ data to cyber criminals.

“In the upcoming trilogue negotiations, we shall fiercely defend our successes in protecting our privacy and freedom of expression online, including the Parliament’s intention to exclude mandatory error-prone upload filters, to protect effective encryption and to reject national indiscriminate identification obligations and data retention requirements.

“Yet, many of the LIBE Committee‘s recommendations were not adopted. As a result, ‘illiberal’ EU governments will be able to spy on our online activities and censor content, including content hosted abroad in liberal democracies, without requiring a court order. And the decision fails to fundamentally tackle the monopolies and surveillance capitalist business model of big tech, exposing us to the harms of mud-slinging algorithms and corporate censorship, including by way of error-prone upload filter algorithms and AI.”

MEP Mikuláš Peksa, Chairperson of the European Pirate Party and DSA rapporteur to the Committee on Economic and Monetary Affairs (ECON), comments:

“Users will now be able to ban all websites from using targeted advertising that uses their personal data with a single click in their browser, ending the endless clicking of consent. Platforms will also no longer have to mandatorily filter any content when uploading. But at the same time, there will be a mechanism for people to report objectionable or illegal posts. Our main goal is to protect the interests of individual users and smaller players by clearly defining their rights. From our point of view, letting the authorities in each member state decide about banning ,,illegal” content is a colossal mistake which will fragmentise the market and allow authoritarians like Viktor Orbán to control the online space and oppress the opposition.”

Next, the European Parliament will need to negotiate a deal with the less progressive EU Member States, led by the French government. Trilogue negotiations will take place behind closed doors. Pirate Party MEP Patrick Breyer will participate on behalf of the LIBE Committee.

Some insights into the content of the DSA mandate:

Upload filters

Parliament has learned from the protests against article 13/17 of the Copyright in the Digital Single Market directive and rules out new filtering obligations in the Digital Services Act. However, the promise to ban the “voluntary” use of error-prone filters by internet platforms is not kept. In practice, therefore, nothing will change.

Digital privacy and data securityGovernment authorities will be able to request pervasive records on a person‘s online activities without a court order. On the other hand, the right to secure encryption would be guaranteed. And service providers could not be obliged by national legislation to generally and indiscriminately retain personal user data.The newly introduced right to use digital services anonymously would read: “Without prejudice to Regulation (EU) 2016/679 and Directive 2002/58/EC, providers shall make reasonable efforts to enable the use of and payment for that service without collecting personal data of the recipient.” A recital would explain: “In accordance with the principle of data minimisation and in order to prevent unauthorised disclosure, identity theft and other forms of abuse of personal data, recipients should have the right to use and pay for services anonymously wherever reasonable efforts can make this possible. This should apply without prejudice to the obligations in Union law on the protection of personal data. Providers can enable anonymous use of their services by refraining from collecting personal data regarding the recipient and their online activities and by not preventing recipients from using anonymizing networks for accessing the service. Anonymous payment can take place, for example, by paying in cash, by using cash-paid vouchers or prepaid payment instruments.“

Surveillance advertising

The systematic monitoring and creation of personality profiles of internet users for advertising purposes is not to be banned. However, for the first time, users could generally opt out in the browser (“do not track”) and then also to be spared from annoying consent banners. Refusing consent would need to be just as easy as giving it (ban on “dark patterns”). Users who refuse to being tracked would still have access. Alternative access options would have to be fair and reasonable both for regular and for one-time users, such as options based on tracking-free advertising. Targeting individuals on the basis of their political opinion, health status, sexual preferences or religious belief would be banned.

Freedom of information

Authorities could require the (cross-border) removal of internet publications without a court order – even if they are completely legal in the country of publication. This means that in future Orban can have content deleted throughout the EU, on the basis of his own laws. The promised ban on network-level blocking is not part of the position. Internet platforms will not need to ask users before removing their content. At least, according to the Parliament, automatic suspension of users who have allegedly repeatedly violated copyright or other laws would not be mandated.

Timeline algorithms and user choice

Digital corporations will continue to be allowed to decide on their own what appears in the timelines of users and what does not. Users are not given a right to opt out of the commercial recommender algorithms or use external algorithms of their own choice.

patrick-breyer.de/en/digital-s…