An updated version of the methodology to be used in the Child Sexual Abuse Regulation, leaked by the news portal Contexte, reveals more details on the approach pursued by the Belgian Council Presidency: The text doubles-down on services that allow people to protect themselves. If services are used through pseudonyms, VPNs, encryption or without an account, they will score worse on the risk scale, and will be more likely to be served a detection order mandating scanning of all communications content. The same applies if a services allows users to use cryptocurrencies or if it allows users to connect from another jurisdiction (like VPNs, TOR). If a services enables the „direct sharing of content without using centralised servers“, via P2P, that makes it score worse, because it would evade server-side scanning. If a privacy-friendly platform cannot or does not collect data on users (to monitor their behaviour or metadata), it will score worse. Services through which users “predominantly engage in public communication” (i.e. instead of private chats) will score better and thus be less likely to receive detection orders.

Pirate Party Member of the European Parliament and digital freedom fighter Patrick Breyer comments: “Basic services such as Signal, TOR, encrypted email services like ProtonMail, torrenting platfroms are being demonized by this methodology. Privacy-friendly communication services are to become the most extremely monitored. This leaked paper reveals most EU government’s push to mass surveillance and undermining encryption on services essential to citizens, NGOs, lawyers, etc. In contrast, the European Parliament’s approach would only permit the interception of conversations by people connected to child sexual abuse, while mandating many more safety-by-design measures than the Council only mentions in this paper without making them mandatory. We Pirates will not stop fighting for our fundamental right to digital privacy of correspondence and secure encryption.”

patrick-breyer.de/en/leak-eu-g…

The majority of the EU Parliament will later today approve far-reaching new anti-money laundering laws: Anonymous cash payments over €3,000 will be banned in commercial transactions. Cash payments over €10,000 will even be completely banned in business transactions. And anonymous cryptocurrency wallets operated by providers (hosted wallets) will be prohibited without a threshold.

MEP and digital freedom fighter Dr. Patrick Breyer (Pirate Party) explains his vote against as follows:

“This EU war on cash will have nasty repercussions! For thousands of years, societies around the world have lived with privacy-protecting cash. With the creeping abolition of cash, there is a threat of negative interest rates and the risk of banks cutting off the money supply at any time. We remember credit card companies cutting off Wikileaks from donations. Our dependence on banks is increasing at an alarming rate. This kind of financial disenfranchisement must be stopped.

Generally prohibiting anonymous payments will at best have minimal effects on crime, but it will deprive innocent citizens of their financial freedom. The medicines or sex toys I buy is nobody’s business. To collect donations, dissidents such as the late Alexei Navalny and his wife are increasingly reliant on anonymous donations in virtual currencies worldwide. Where every financial transaction is recorded forever, this creates a honey pot for malicious hackers and law enforcement as well as a chilling government shadow over every purchase and donation.

Instead, we need to think about ways we can bring the best attributes of cash into our digital future. We have a right to pay and donate online without our personal transactions being recorded. If the EU believes it can regulate virtual currencies at a regional level, it hasn’t understood the global nature of the Internet.”

Background on the cash limit:

There was a great public outcry when the Commission asked the public for their opinion on limiting cash payments in 2017. More than 90% of responding citizens spoke out against such a step. Respondents considered paying anonymously in cash an “essential personal freedom” and that “Restrictions on payments in cash are ineffective in achieving the potential objectives (fight against criminal activities, terrorism, tax evasion)”. According to an ECB survey up to 10% of citizens use cash even for amounts greater than 10.000 € (e.g. buying cars). According to calculations by shadow economy expert Friedrich Schneider of the University of Linz, banning large cash payments would have “only minimal lowering effects on crime”.

Background on “virtual cash”:

Unlike cash, which is entirely anonymous, transactions carried out with cryptocurrencies can, in the case of Bitcoin, be traced on the “blockchain”. Law enforcement has again and again been successfully prosecuting such criminals by detecting unusual patterns and identifying suspects. Some criminals have eventually de-anonymized themselves, and every criminal will need to eventually exchange their digital funds for real money. Virtual Assets are of minor relevance to the global financial system. There is insufficient evidence on the volume and frequency of the usage of cryptocurrencies for money laundering. EU rules would be easy to circumvent due to the global nature of the Internet. Virtual Assets can technically be transferred directly from one person to another without using intermediaries, which makes them impossible to regulate. Where Virtual Assets have been used for criminal activities in the past, prosecution has been possible on the basis of the current rules.

Full text of the legislation

patrick-breyer.de/en/pirates-e…

The European Parliament is to give its final nod to the regulation on the creation of a “European Health Data Space” (EHDS) today. According to this regulation, information on all medical treatment, including vaccination status, medication and pregnancies, laboratory and discharge reports, is to be stored digitally for all patients. This information will be remotely accessible to a large number of organisations throughout Europe in an identifiable (only pseudonomised) way. As shadow rapporteur and co-negotiator of the regulation for the Committee on Home Affairs (LIBE), Pirate Party MEP Patrick Breyer, warns of a loss of control by patients over sensitive health data and a loss of medical confidentiality and will vote against.

“We Pirates support the idea of an EU health data space, but not at the price of sacrificing patient control and medical confidentiality in favour of government, big pharma and big tech data access. The EU’s health data space can benefit cross-border treatments and medical progress – but these advantages could have been had by relying on patient consent and full anonymisation, which the final agreement fails to ensure. The agreed design of the regulation is against the clear will of the people. We Pirates stand up for patient rights and reject this sell-out of their health data. Information about our physical and mental health is extremely sensitive and reveals our addictions, mental disorders, abortions, sexually transmitted diseases and reproductive disorders. If we cannot rely on such information being treated confidentially by our doctors, we may no longer seek treatment, and the risk of suicide by some patients may increase.

The EU is allowing the most sensitive patient files to be collected, interconnected and disclosed without ensuring that patients are in control of their data. ‘Anything goes, no obligations’ is not an approach that patients can trust. Without trust, a European Health Data Space cannot work. According to surveys, more than 80% of EU citizens want to decide for themselves about the sharing of their patient records. The majority of them want to be asked for consent. The EU deal is far from achieving this. It betrays the interests and will of patients in order to sell their data to Big Tech and pharmaceutical giants. We Pirates strongly reject the disenfranchisement of patients that this design of the European Health Data Space entails. 


Patients will have no right to refuse EU-wide cross-border access to their health records by foreign practitioners, researchers, and governments. The right to object specifically to cross-border data access is not provided for in the regulation in a legally secure manner. This is contrary to the interests and will of patients, only a minority of whom, according to opinion polls, want cross-border access to their patient records across Europe. Moreover, it does not come close to doing justice to the sensitivity of health data, which ranges from addictions, mental disorders, and abortions to sexually transmitted diseases and reproductive disorders.

The regulation is designed to maximise the exploitation of our personal health data, not to serve the interests of patients. Contrary to the European Parliament’s original position, for example, sensitive health data does not have to be stored in Europe, which could result in storage in US cloud services, for example. The EU Parliament has also abandoned its call for independent certification of the security of European health data systems.

In future, doctors treating patients throughout Europe will be able to view their entire patient file without their consent – unless they explicitly object. Technology companies and the pharmaceutical industry will also have access to both anonymised and personally identifiable (only pseudonymised) patient files throughout Europe without the patient’s consent inter alia for product development, innovation and training artificial intelligence – unless the patient expressly objects. We know that only a fraction of the patients who oppose third-party external access to their health data will actually go through a complicated objection procedure. Even for our DNA and information recorded by personal wellness apps, the European Parliament has given up requiring consent as a precondition of third-party access. In addition, all patient rights to object can be circumvented by Member States retaining the right to operate national health record schemes under their own rules, without any guaranteed patient rights and without any limitation in time.

Even under the EHDS scheme itself, health ministries, health institutions and universities will have access to personal health data without a guaranteed right of the patient to opt out, even though polls show that most patients oppose government access to their health records. The accessible records will include psychological and addiction therapies, abortions, sexual, and reproductive disorders. To us Pirates, patient control over their data and the protection of medical confidentiality is not negotiable, so that this design of the European Health Data Space is unacceptable.“

The European Consumer Organisation BEUC and the data protection network EDRi have criticised the agreement, too.


patrick-breyer.de/en/pirates-c…

32 European police chiefs have issued a joint statement calling for a halt to the introduction of secure end-to-end encryption for direct messages sent via Facebook and Instagram. This step would make telecommunications interception and voluntary chat control content scanning impossible, they argue. Pirate Party Member of the European Parliament Patrick Breyer, who is suing Meta over its voluntary chat control scanning scheme, puts it in perspective:

“By attacking secure encryption, the surveillance authorities are not calling for ‘lawful access’, but for an unlawful threat to the security of us all. Just a few weeks ago, the European Court of Human Rights ruled that generally weakening encryption violates the human right to privacy, especially as there are targeted surveillance alternatives.

Claiming that we cannot be safe without destroying the privacy of digital correspondence is an attack on our constitution, really. The vast majority of electronic communication services, especially European ones, have always respected the secrecy of telecommunications. Keeping our private messages safe from general and unreliable snooping algorithms protects us – including our children’s family pictures. It’s an unproven myth to claim that voluntary chat control contributes significantly to saving children. The British police cite a case of sextorsion, but fail to specify whether the report was triggered by a user or resulted of unreliable chat control scanning. Sextorsion normally becomes known when it is reported by users – there is no need for destroying the digital privacy of correspondence.

Our surveillance authorities seem to panic about the very existence of any safe and private spaces. Have they forgotten that our homes and letters have always been largely safe from spying? Are our homes soon to be made ‘secure by design’ by having to provide a duplicate key to the police? The police have never known as much about us as they do today in the digital age. The Stasi-style wish of total information awareness contradicts the very idea of a democracy in which citizens control the government, not the other way around.”

Background: An EU expert group (“High-Level Group (HLG) on access to data for effective law enforcement”) is currently drafting proposals to undermine secure communications encryption and to reintroduce bulk communications data retention.

patrick-breyer.de/en/police-ch…