The European Pirate Party’s mission is to fight surveillance and censorship online. We asked German Pirate MEP Patrick Breyer, a legal expert and judge by profession, about the lurking dangers of the EU’s ‘digital transition.’
The von der Leyen Commission passed two landmark laws as part of the EU’s ‘digital transition’: the Digital Services Act (DSA) and the AI Act. What should voters know about these?
One problem is that the DSA doesn’t protect freedom of speech. The large online platforms are using error-prone upload filters to censor our speech, and even manually take down completely legal speech.
The other problem is about privacy. The large platforms have a surveillance-capitalist business model that relies on collecting our entire online activity. This pervasive online surveillance is all about manipulating us, and the DSA doesn’t tackle it.
It does make sense to regulate artificial intelligence, but the final AI Act somehow just made it worse. While civil society was pushing to ban biometric mass surveillance, the Commission passed into law that it should even be possible to use real-time face surveillance in public spaces. Just by saying that you are looking for specific persons for specific crimes, a government can justify placing the entire country under this error-prone and chilling face surveillance system.
France is already rolling this out for the Paris Olympics, and even legalized ‘behavioral surveillance,’ meaning that AI will alert the police as soon as you behave differently from the crowd. That creates a very Chinese-like, conformist society. The Commission’s AI Act did nothing to ban this, it will be totally legal in Europe.
These surveillance systems are not only extremely powerful, they are extremely error-prone too. We know from the United States that there have been many false arrests. So we will be in fear of being mistaken for criminals, and that has an additional chilling effect.
Brussels is also planning to introduce an EU digital ID system and a digital currency. What do you think of these projects?
As for the European digital identity, we did prevent in the Parliament the proposal that every citizen should be assigned a mandatory eID number. Now there’s no obligation for member states to do so, and the legislation says that you can’t be discriminated against if you use other means of identification.
Nonetheless, the digital ID will become a de facto standard in the EU. You’ll use this new ID not only on government sites but also sites like Facebook and Google. It’s a huge problem that there is no requirement in the Act that your wallet provider cannot observe and combine all of your online activities.
Also, there’s a huge issue with browser security and encryption. Governments can abuse the eID system by easily intercepting any web traffic that is supposed to be end-to-end encrypted. Hundreds of scientists and cyber security experts protested against the provision, but it’s still part of the legislation.
If the digital euro was digital cash that you could use to pay online anonymously, it would be a great idea. Unfortunately, the digital euro is more like a bank account, you will be tracked and traceable. It’s impossible, for example, to watch a movie online anonymously and pay using digital euros. Many groups, such as WikiLeaks, rely on anonymous donations online, but that won’t be possible with the digital euro. You should have a right to use the internet anonymously. Unfortunately, digital technology is being abused to place our finances under surveillance and control that is unheard of when it comes to cash.
You also led a campaign against EU legislation dubbed ‘Chat Control.’ What is it and where does it stand now?
The idea of Chat Control is to search any private message and photo for indications of criminal content. Of course, these automated searches are wildly unreliable, and most concern innocent people. Yet the EU Commission wants to make this mandatory for all communications service providers, even end-to-end encrypted messaging services. Chat Control would essentially destroy secure encryption and compromise the secrecy of correspondence.
We managed in the Parliament to exclude indiscriminate mass scanning and limit it to established criminal behavior. The Commission’s original Chat Control proposal was also twice rejected by the Council. But now the Council’s Belgian presidency is trying to revive it by promising that breaking encryption would apply only to “high-risk services,”— nobody knows what they really are.
The Belgian presidency hopes that, after the June elections, governments will agree to indiscriminate searching of our private messages with error-prone algorithms, at least if the service is designated as high- risk. This topic urgently needs to come back to public attention; there is a huge risk that the secrecy of correspondence and secure encryption will be destroyed in Europe.
It is such a fundamental goal to somehow infiltrate private communication that Brussels will not give it up easily. The Commission has set up a secret so-called ‘Going Dark’ working group—officially the High-level Group on Access to Data— to propose how to undermine secure encryption for police investigations, and bring back data retention, meaning indiscriminately collecting our contacts and movements online. The European Court of Justice struck this down as disproportionate, but they want to bring it back in a different wrapping. Based on plans from this undemocratic working group, the new Commission would then present legislation to undermine encryption and indiscriminately collect metadata of the entire European society.
Unfortunately, the Commission is acting against the advice of the Council’s legal service, former judges of the Court of Justice, and now even the European Court of Human Rights. So the EU itself has a major rule of law problem, and it doesn’t even respect the most fundamental rights.
