Today EU governments will not adopt their position on the EU regulation on “combating child sexual abuse”, the so-called chat control regulation, as planned, which would have heralded the end of private messages and secure encryption. The Belgian Council presidency postponed the vote at short notice. Once again the chat control proposal fails in Council. Pirate Party MEP, digital freedom fighter and negotiator for his group in the European Parliament, Patrick Breyer, cheers:

“Without the commitment and resistance of countless individuals and organizations in Europe, the EU governments would have decided today in favour of totalitarian indiscriminate chat control , burying the digital privacy of correspondence and secure encryption. A big thanks to all who have contacted politicians and spoken out in the past few days. The fact that we have prevented the orwellian chat control for the time being should be celebrated!

For now the surveillance extremists among the EU governments and Big Sister Ylva Johansson have failed to build a qualified majority. But they will not give up and could try again in the next few days. When will they finally learn from the EU Parliament that effective, court-proof and majority-capable child protection needs a new approach?

Now the critical governments should finally do their homework and agree on a joint list of requirements. It is not enough to defend encryption. The indiscriminate, error-prone screening of private messages is the most toxic part of the draft regulation, but the problems go far beyond that. We therefore need a new approach that focuses on preventive child protection instead of mass surveillance and paternalism! The last ‘compromise proposal’ put forward by the Council Presidency needs to be fundamentally revised in at least 4 points:

1) No indiscriminate chat control: Instead of blanket message and chat control, the judiciary should only have the power to order searches in the messages and uploads of suspects. This is the only way to avoid a disproportionate mass surveillance order inevitably failing in court and achieving nothing at all for children.

2) Protect secure encryption: So-called client-side scanning to infiltrate secure encryption must be explicitly ruled out. General declarations of support for encryption in the text of the law are worthless if scanning and extraction take place even before encryption. Our personal devices must not be perverted into scanners.

3) Protect anonymity: Remove mandatory age verification by all communications services to save the right to communicate anonymously. Whistleblowers risk being silenced if they have to show ID or face to the communications service before leaks.

4) No app censorship and digital house arrest for young people: It is completely unacceptable to exclude young people from apps such as Whatsapp, Instagram or games in order to protect them from grooming. Instead, the default settings of the services must become more privacy-friendly and secure.

The push for indiscriminate chat control is unprecedented in the free world. It divides child protection organizations, abuse victims, other stakeholders and governments. It’s time for a fresh start that relies on consensus, as proposed by the European Parliament. I am convinced that we can protect children and all of us much better.”

Background:

According to the latest text proposal users of apps and services with chat functionalities wouldbe asked whether they accept the indiscriminate and error-prone scanning and, if necessary, leaking of their privately sent images, photos and videos. Previously unknown images and videos would also be screened using “artificial intelligence”. If a user objects to the scanning, they would no longer be able to send or receive any images, photos, videos or links (Article 10). Despite paying lip service to encryption, end-to-end encrypted services would have to implement chat control by installing monitoring functions that are to take effect “before data transmission” (so-called client-side scanning, Article 10a). The scanning of text messages for indications of grooming, which has hardly been used to date, has been removed from the proposal, as was the scanning of voice communication. The chats of employees of security agencies and the military would be exempted from the error-prone chat control scanners.

At a meeting on 24 May, the Council’s Legal Service made it clear that mass chat monitoring without suspicion is still being proposed and remains a violation of fundamental rights.

On 16 June it has been revealed by Der SPIEGEL that most of the chats leaked voluntarily by US-based Big Tech companies are not criminally relevant.

Further information:

The wording of today’s voting proposal:
patrick-breyer.de/wp-content/u…

The European Parliament’s approach to protecting children online:
patrick-breyer.de/en/posts/cha…

How we would be affected by chat control:
patrick-breyer.de/en/posts/cha…

Myths/arguments in favour of chat control debunked:
patrick-breyer.de/en/posts/cha…

Arguments against chat control:
patrick-breyer.de/en/posts/cha…

Why message and chat control is particularly harmful to children and victims of abuse:
patrick-breyer.de/en/posts/cha…

Alternatives to chat control:
patrick-breyer.de/en/posts/cha…

patrick-breyer.de/en/chat-cont…

Tomorrow (Thursday) EU governments are to vote on a bill (officially called “child sexual abuse regulation” but known as “chat control”) that would require automated searches in and disclosure of private chats, including end-to-end encrypted chats, that might contain illegal photos or videos.[1] If a user refuses this “upload moderation” of their chats, they would be blocked from receiving or sending images, videos and URLs. 48 politicians from Germany, Austria, Luxembourg, the Czech Republic and the Netherlands have published a letter to their governments calling for rejection of the latest version of the chatcontrol proposal, arguing that mass surveillance violates fundamental rights and would fail in court.[2] Signal and Threema have announced they would end their services in the EU if forced to implement the proposed automated monitoring (so-called “client-side scanning”). Whatsapp head Will Cathcart warned “scanning peoples messages like the EU is proposing breaks encryption”.[3] Last night NSA whistleblower Edward Snowden was the latest to weigh in on X, calling the proposal “a terrifying mass surveillance measure”.

[4]It is not yet clear whether the proponents among EU governments will be able to convince enough EU governments to make a qualified majority, which is why tomorrow’s agenda item is marked as “possible”.[1] Against this backdrop Pirate Party Member of the European Parliament Patrick Breyer, who co-negotiated the European Parliament’s position on the proposal[5], has published a call on citizens to reach out to EU governments, listing several governments that may yet be undecided.

[6]“Europeans need to understand that they will be cut off from using commonplace secure messengers if chat control is adopted – that means losing touch with your friends and colleagues around the world”, warns Breyer. “Do you really want Europe to become the world leader in bugging our smartphones and requiring blanket surveillance of the chats of millions of law-abiding Europeans? The European Parliament is convinced that this Orwellian approach will betray children and victims by inevitably failing in court. We call for truly effective child protection by mandating security by design, proactive crawling to clean the web and removal of illegal content – none of which is contained in the Belgium proposal governments will vote on tomorrow. We have one day left to make our governments take a different approach of effective and rights-respecting protection while saving our privacy and security online!”

[1] Agenda for tomorrow’s meeting: data.consilium.europa.eu/doc/d…
[2] Open letter by EU lawmakers: patrick-breyer.de/en/lawmakers…
[3] Statement by head of Whatsapp: x.com/wcathcart/status/1803178…
[4] Statement by Edward Snowden: x.com/Snowden/status/180312759…
[5] Summary of the European Parliament’s position: patrick-breyer.de/en/posts/cha…
[6] Breyer’s call for action: patrick-breyer.de/en/council-t…

Breyer’s website on the chat control proposal: chatcontrol.eu/en/feed

patrick-breyer.de/en/chat-cont…

The following letter by Members of Parliament from across the EU has been sent today (and is still open for signatures):

Dear Council of the European Union,
Dear national governments,

In the last days of the Belgian EU Council Presidency, Belgium has put forward its final initiative to reach a general approach in the Council of the EU regarding the highly contested CSA regulation (Proposal for a regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse). In possibly putting the CSA Regulation to a vote on 19 June, the Council is risking far more than just passing a simple regulation.

Sexual abuse and the exploitation of children, including the dissemination of child sexual abuse material, must be addressed with the utmost determination in accordance with the rule of law. While the regulation proposal put forward by the EU Commission includes some good and crucial measures, such as the EU center, it is highly questionable whether core aspects of the regulation are compatible with European fundamental rights.

As parliamentarians, we observe with great concern the proposal of the Council of the EU that would put to an end the confidentiality of private communication. Even if the Belgian Council Presidency has now presented a compromise proposal that would limit the obligation to scanning private unencrypted as well as encrypted video and image content, it remains just as much an encroachment on fundamental digital rights and takes the discussion back to the origin of the debate. In fact, the Belgian proposal represents the Commission’s first plans that came to light in December 2021.

Safe and encrypted communication is of utmost importance for every human being. This also accounts for children and victims of sexual abuse to allow for safe emergency and help services – particularly in countries where victim support organisations cannot rely on the support and confidentiality of state law enforcement authorities.

Besides risking to contradict the aim of the CSA proposal by intervening in the digital self-determination of people, there might be several unintentional but dangerous side effects:

• Client Side Scanning (CSS) and any other mass surveillance, would render confidential information carriers impossible: Scanning would affect users who rely on confidential communication and whose communication is particularly protected (professionals bound by confidentiality such as journalists, lawyers, the medical sector, but also whistleblowers). Furthermore, built-in backdoors could compromise the confidentiality of digitally transmitted trade secrets and business transactions. Encryption protects the identity and the contents of communication participants, thus preserving the autonomy of victims of sexual violence.
• Democratic society and democratic debate need trustworthy spaces: Democratic societies need privacy for the formation of opinions and will. The proposed measures carry the danger of leading to self-censorship, jeopardizing safe spaces for children and victims of sexual violence, but also for everyone else. It will also likely leave to users unwilling to use digital services and lose trust in providers if their data is not secure and protected.
• Blueprint for authoritarian states and weakening cybersecurity: By building an architecture capable of undermining all possibility of private digital communication, the regulation might inadvertently serve as a blueprint for surveillance in authoritarian states and can serve as a built-in backdoor that can easily be exploited for all sorts of surveillance practices (e.g. trade secrets) and cybercriminals. Once built, this IT-architecture is an invitation to undermine privacy.
• Impairment of digital educational, youth, and assistance services: It will eliminate the common practice to exchange important sexual health information to such education as is case in some European countries.

The mandatory investigation of private communication messages without suspicion carries the risk of creating a climate of general suspicion. Such an approach will irreparably damage the image of the European Union as a guarantor of freedom.

We explicitly warn that the obligation to systematically scan encrypted communication, whether called “upload-moderation” or “client-side scanning”, would not only break secure end-to-end encryption, but will to a high probability also not withstand the case law of the European Court of Justice. Rather, such an attack would be in complete contrast to the European commitment to secure communication and digital privacy, as well as human rights in the digital space.

We therefore urgently need an approach that prioritizes the protection and prevention of child sexual abuse, provides more resources and better-targeted coordination of European law enforcement authorities, strengthens victim support in accordance with fundamental rights, and avoids relying on a false sense of security through technosolutionism.

As national and European parliamentarians, we are convinced that the proposed measures are incompatible with European fundamental rights. We are committed to safeguarding the right to anonymous and pseudonymous use of the internet, as well as strengthening end-to-end encryption.

We urgently call on all negotiating governments in the COREPER to reject a general approach based on compromise proposal that Belgium has put forward.

Signatories

Tobias B. Bacherle, MP, Alliance 90/The Greens, Germany

Konstantin von Notz, MP & Vice Chair of the group, Alliance 90/The Greens, Germany

Süleyman Zorba, MP, The Greens, Austria

Maximilian Funke-Kaiser, MP, FDP, Germany

Konstantin Kuhle, MP & Vice Chair of the group, FDP, Germany

Sven Clement, MP, Pirates, Luxembourg

Patrick Breyer, MEP, Pirates, Germany

Marketa Gregorová, MEP, Pirates, Czech Republic

Marcel Kolaja, MEP, Pirates, Czech Republic

Rasmus Andresen, MEP, Alliance 90/The Greens, Germany

Maik Außendorf, MP, Alliance 90/The Greens, Germany

Michael Bloss, MEP, Alliance 90/The Greens, Germany

Damian Boeselager, MEP, Volt, Germany

Georg Bürstmayr, MP, The Greens, Austria

Marcel Emmerich, MP, Alliance 90/The Greens, Germany

Emilia Fester, MP, Alliance 90/The Greens, Germany

Alexandra Geese, MEP, Alliance 90/The Greens, Germany

Stefan Gelbhaar, MP, Alliance 90/The Greens, Germany

Andreas Glück, MEP, FDP, Germany

Sabine Grützmacher, MP, Alliance 90/The Greens, Germany

Svenja Hahn, MEP, FDP, Germany

Katrin Helling-Plahr, MP, FDP, Germany

Manuel Höferlin, MP, FDP, Germany

Misbah Khan, MP, Alliance 90/The Greens, Germany

Moritz Körner, MEP, FDP, Germany

Katharina Kucharowits, MP, SPÖ, Austria

Denise Loop, MP, Alliance 90/The Greens, Germany

Boris Mijatovic, MP, Alliance 90/The Greens, Germany

Maximilian Mordhorst, MP, FDP, Germany

Hannah Neumann, MEP, Alliance 90/The Greens, Germany

Dr. Nikolaus Scherak, MP, NEOS, Austria

Jan-Christoph Oetjen, MEP, FDP, Germany

Tabea Rößner, MP, Alliance 90/The Greens, Germany

Michael Sacher, MP, Alliance 90/The Greens, Germany

Kordula Schulz-Asche, MP, Alliance 90/The Greens, Germany

Kim van Sparrentak, MEP, Greens, Netherlands

Marie-Agnes Strack-Zimmermann, MP, FDP, Germany

Council is to greenlight #Chatcontrol 2.0 on Thursday!

Don‘t let them get away with quietly pushing this through right after the #EuropeanElections. Sound the alarm and contact the representatives of your government NOW! Contact details and additional informationContact details and additional information

Contact details and additional information

patrick-breyer.de/en/lawmakers…

Wednesday EU governments are to endorse proposed EU legislation (“child sexual abuse regulation” or “chat control”) which provides for automatically searching all private communications and chats for indications of potentially illegal images or videos (CSAM). The final wording that is being put to a vote has been leaked today by POLITICO.[1] At the request of France language has been added that when scanning services using end-to-end encryption (so-called client-side scanning), the surveillance code must “not lead to a weakening of the protection provided by the encryption” (Article 10). However it is uncertain whether a sufficient majority of governments will support this proposed text which would force users to accept automated searches or be blocked from sending and receiving images, videos or links via any app offering communications features. Yesterday German news outlet Der SPIEGEL reported that the German crime agency BKA classified more than half of the chats, photos and videos leaked voluntarily via US-based NCMEC as “not criminally relevant” in 2023 – as many as never before.[2] German pirate party Member of the European Parliament Patrick Breyer published a call to contact EU governments and organise protest on his homepage, naming some that are yet undecided.[3] Signal has announced to rather withdraw their services from the EU than succumb to implementing client-side scanning bugs in their app. Switzerland-based Threema also announced that they would be subject to the legislation and would “call on fellow communication services to join us in leaving the EU.”

[4]Breyer comments: “We’re on the brink of a surveillance regime as extreme as we witness nowhere else in the free world. Not even Russia and China have managed to implement bugs in our pocket the way the EU is intending to. To silence critics within the French government and to fool the public, the final proposal pays lip service to secure encryption while in fact, as hundreds of scientists have made clear, destroying it. They understand this very well, as the exception in Article 7 for ‚accounts used by the State for national security purposes, maintaining law and order or military purposes‘ demonstrates. Besides, encrypted or not, indiscriminate searches and error-prone leaks of private chats and intimate photos destroy our fundamental right to private correspondence. If chat control passes, it will open the floodgates to chilling monitoring of our private correspondence for any kind of purpose, as Europol has already called for. Following the logic of chat control, the opening and scanning of all physical letters could be next.”

In the runup to the vote on Wednesday, a working group is meeting tomorrow for a “questions and answers” session on the proposal.

[3][1] Leaked proposal: patrick-breyer.de/wp-content/u…
[2] SPIEGEL story: spiegel.de/netzwelt/netzpoliti…
[3] Breyer’s call for action: patrick-breyer.de/en/council-t…
[4] Threema’s comments: threema.ch/en/blog/posts/stop-…
[5] Agenda: parlament.gv.at/dokument/XXVII…

Breyer’s website on the chat control proposal: chatcontrol.eu/en/feed

patrick-breyer.de/en/pirates-w…

The Belgian Council presidency seems set to greenlight Chat Control on Wednesday 19 June. This confirms fears: the proponents of Chat Control want to exploit the situation after the European Elections, in which there is less public attention and the European Parliament is not yet constituted. If Chat Control makes it through the Council now, there is a risk that the Parliament in its new composition will not fight as fiercely as before and surrender our previous wins.

So you must take action now. More than ever, the resistance of civil society against Chat Control is crucial. There are many things you can do and in this post I explain how. The three most important steps are:

• Contact your government and tell it to vote against Chat Control (see contact details below)

• Raise the alarm online. Don’t let the Council presidency get away with pushing this through silently now

• Meet at least one person offline and plan an action together

Below in the post you will find a current timeline.

Contact your government

Now it is important to show that civil society is alert. The best way to do so is contacting the ‘permanent representatives’, so the official representation of your government to the EU.

You can find the contact details for all permanent representations on the website „EU Whoiswho“.

Tell your government that the current draft on Chat Control is unacceptable. Be polite but also resolute and ask them to clearly voice their disagreement against the proposal and to vote against the proposal.

Further, ask them to insist on a formal vote and for the abstentions to be properly counted by the presidency. (Otherwiese, in the Permanent Representatives Committee, there sometimes is a procedural trick, where a presidency does not actively ask for abstentions, even though they would have to be counted as “No” votes otherwise).

Timeline

On Thursday, 13 June, ministers were set to debate a progress report. (Find a recording here) The Belgian Council presidency announced that they will present a new compromise proposal afterwards. According to documents leaked by netzpolitik.org, the session to seek an agreement on it will already take place on Wednesday, 19 June.

So we all need to take action as soon as possible and demand a firm “No” by our governments against the Chat Control proposal to ward off this attempt to greenlight Chat Control in the Permanent Representatives Committee on 19 June. Time is pressing. This may be our last chance to stop Chat Control!

patrick-breyer.de/en/council-t…