A draft report on the European Commission’s Child Sexual Abuse Regulation (CSAR), also known as Chat Control, has been published Wednesday, April 19th, for the upcoming debate in the EP’s civil liberties parliamentary committee. The document proposes to add “voluntary detection orders” and automated metadata scanning to the already invasive proposal.
“Mandatory indiscriminate searching of private correspondence and data of unsuspected citizens is still in [the proposal],” MEP Patrick Breyer (Greens-EFA), a member of the anti-censorship European Pirate Party, wrote in his assessment of the first draft report.
As we wrote before, the official purpose of Chat Control is to curb the dissemination of child pornography by automatically monitoring all digital correspondence of European citizens. The messages and pictures would be scanned for certain keywords, then flagged and sent to a central database for further inquiry and, if needed, prosecution.
The Commission aims to make the regulation mandatory for all popular email and messaging apps, including those with more advanced end-to-end encryption (such as WhatsApp, Signal, or Telegram), and even require the service providers to introduce age verification systems that would effectively exclude any anonymous use.
Appearing noble in purpose, the call for mandatory searches nevertheless prompted critics to call the legislation “the end of privacy in digital correspondence” in the EU.
The draft report, filed by MEP Javier Zarzalejos (EPP), put forward a series of amendments to the original proposal. Some of the amendments seemed to address a few of the privacy concerns (such as the requirement to “limit the detection order to an identifiable part or component of a service,” such as specific channels or groups).
But according to MEP Breyer, this is still not enough to ensure that the monitoring is limited to persons already suspected to be linked to child sexual exploitation material (CSEM), as required to avoid annulment of the detection provisions by the Court of Justice.
Some other amendments appear to be making the legislation even more problematic. For instance, “unlike the Commission, [the] Rapporteur doesn’t want users to be informed that their correspondence has been (falsely) reported,” the assessment warns.
Furthermore, the draft proposes to introduce “voluntary detection” powers for the service providers to search messages and data of unsuspected citizens of their own initiative, even when the conditions of a detection order are not met, regardless of any prior suspicion.
What’s more, the proposal would establish a system of “automated metadata retention and analysis,” despite the Commission’s prior assessment which deemed metadata “insufficient” to detect CSEM or to initiate investigations.
Apart from the violation of basic privacy of all EU citizens, critics of Chat Control—such as the European Pirate Party or the internet watchdog European Digital Rights, EDRi—have pointed out a number of different issues with the proposed legislation, such as the increased possibility of people being falsely reported and investigated for completely legal material (such as vacation photos), or the risk of malign actors (such as hackers or outside governments) putting their hands on the data.
Additionally, the NGOs protesting the law believe that Chat Control doesn’t provide an effective solution to the problem it aims to counter, since actual child exploitation material is rarely spread using conventional applications, but rather through the dark web or using analog forms of communications.
Unsurprisingly, Chat Control enjoys little to no support from European citizens so far. According to the Commission’s own consultation, the majority of both the citizens and the relevant NGOs opposed making it mandatory in Europe. A recent poll also concluded last month that over two-thirds of European teenagers reject the scanning of their personal correspondence, and 80% claimed they would feel uncomfortable being politically active if they knew their messages were being recorded.
Despite the pushback, the legislation is scheduled to be voted on first by the European Parliament’s LIBE committee (on Civil Liberties, Justice and Home Affairs) in September 2023 after several rounds of negotiations and amendments. If passed in the committee, it is expected to be put before a plenary vote in October and finalized by the end of the year.
