Chat Control Controversy Continues

A political drama update and a signal boost

Controversy and uncertainty continue over the fate of proposed European mass digital communications scanning (Chat Control), as I write today for the Hertie School Centre for Digital Governance blog:

Proposed laws across Europe (Chat Control, aka the Child Sexual Abuse Regulation or CSAR), the UK (the Online Safety Bill), and the U.S. (the EARN IT Act) would require client-side scanning for CSAM [Child Sexual Abuse Material]. Imagine if, every time you use email, messenger, or chats, governments require the companies running the infrastructure to scan your communications for evidence of abuse – and report hits to the police on the basis of some algorithm that analysts don’t understand well. Implementing these programs would destroy end-to-end encryption, create mass surveillance infrastructure, and, according to the implications of probability theory, backfire  – endangering children. 

The stage is set for a battle between policymakers who understand this, and policymakers who don’t. Decades in the making, this transnational initiative made headway when the UK Parliament passed the OSB on September 19, and the U.S. Senate Judiciary Committee for a third time sent the EARN IT Act to Congress for consideration in May. But Chat Control met strong opposition in the European Parliament last month. 

Anticipated votes were twice postponed amid ongoing controversy before the Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) rejected several problematic aspects of the Commission’s proposed CSAR. LIBE’s counterproposal draws a red line against client-side scanning, and protects end-to-end encryption and potential whistleblower anonymity by design. It also proposes to protect young people better than the Commission’s proposal in two ways. Firstly, LIBE’s counterproposal mandates that the new EU Child Protection Centre crawl the web for known CSAM, law enforcement agencies report it to providers, and providers remove it. And secondly, it enhances privacy protections for users on Internet services and apps in ways designed to mitigate grooming risks. 

It remains now for LIBE to vote to adopt this negotiated compromise proposal on November 14, and prepare a mandate for the trilogues. Then, the EU Parliament could oppose the committee’s compromise within 24 hours. Next, the EU Council is expected to adopt its own approach on 4 December, with subsequent trilogues between the EU Commission, Council, and Parliament expected to then continue finalizing the legislation’s text either by early February, or after the June 2024 elections. 

Crucially, the final CSAR text could still include mass scanning.