With its legislative proposal known as “Chat Control,” the EU Commission is trying to establish an unprecedented mass-surveillance apparatus of Orwellian proportions in the European Union. If EU citizens don’t stand up for privacy now, it may be too late.

This Wednesday, June 19, 2024, the EU Council could be voting on the controversial Chat Control bill. Should it pass, the consequences would be devastating: Under the pretext of child protection, EU citizens would no longer be able to communicate in a safe and private manner on the Internet. The European market’s location advantage would suffer a massive hit due to a substantial decrease in data security. And EU professionals like lawyers, journalists, and physicians could no longer uphold their duty to confidentiality online. All while children wouldn’t be better protected in the least bit. On the contrary, Chat Control could have a negative impact on minors in particular.

What is Chat Control? The EU Commission’s proposed Child Sexual Abuse Regulation (commonly known as “Chat Control”) aims to combat the circulation of CSAM (child sexual abuse material) on digital platforms by requiring service providers to implement some sort of detection mechanism that automatically scans users’ (media) messages for both known and potential CSAM and reports detected cases to authorities.

It doesn’t matter how the EU Commission is trying to sell it – as “client-side scanning,” “upload moderation,” or “AI detection” –, Chat Control is still mass surveillance. And regardless of its technical implementation, mass surveillance is always an incredibly bad idea, for a whole plethora of reasons. Here are just three:

1. Mass Surveillance is a Totalitarian Tool Incompatible with Democracy One distinguishing factor between totalitarian states and democracies is that only in the former can the government invade citizens’ privacy for no apparent reason. Modern democracies recognize privacy as a basic human right. The EU itself acknowledges it in the Charter of Fundamental Rights (article 7): Everyone has the right to respect for his or her private and family life, home and communications. Imagine, for example, the police could randomly enter your home without having any reason to believe you’re involved in illegal activities, simply to snoop around and see whether they can find something suspicious by sheer chance. In a healthy democracy, it should be the citizens who oversee the government – mass surveillance is the inversion of this democratic principle. With a measure like Chat Control, the EU would violate one of its own basic rights and put its citizens under general suspicion, thereby profoundly disrupting the trust between citizens and the government.

2. Mass Surveillance Is Ineffective Mass surveillance of standard communication channels like instant messengers only affects law-abiding citizens. Given their involvement in illegal activities, criminals will go to any length to avoid surveillance. After all, why would any criminal continue to use a communication channel that’s known to be under government surveillance? However, flying under Chat Control’s radar wouldn’t even require resorting to some other, obscure means of communication that can’t be (or isn’t yet) surveilled. Criminals could, for example, simply manually encrypt illegal content before sharing it. Ordinary, unsuspecting Internet users, for whom it wouldn’t be practical to handle day-to-day communication with friends and family members in this manner, would therefore be the only ones really affected by mass surveillance. And besides inevitable false positives (think family photos of a beach vacation), minors (i.e., the ones who should be protected) engaging in consensual “sexting” would probably amount for the vast majority of CSAM reports.

3. Mass Surveillance Undermines Data Security It’s not just citizens’ privacy that would suffer from the proposed mass surveillance. Because Chat Control essentially requires communication services to install a backdoor, it’s also citizens’ security that would take a massive hit. The reason secure communication services like Threema employ end-to-end encryption is to make sure no one except the intended recipient is able to read a message, not even the service provider. Introducing a backdoor into such a system is like adding a weak link to a strong chain lock. Sure, the government can now open the lock without a key, but so can any burglar. The negative impact a backdoor has on security can hardly be overstated. It’s not just the first place anyone would try to penetrate a system that’s otherwise secure, it’s like an API for hackers. And EU interior ministers seem to be well aware of this: why else would they themselves want to be exempt from Chat Control’s surveillance?

Of course, sharing CSAM is an absolutely intolerable, horrific crime that must be punished. Before CSAM can be shared online, however, a child must have suffered abuse in real life, which is what effective child protection should be trying to prevent (and what Chat Control does not focus on). For this and many other reasons, child protection organizations such as Germany’s Federal Child Protection Association are against Chat Control, arguing that it’s “neither proportionate nor effective.”

Besides, there’s no way of really knowing whether Chat Control would actually be (or remain) limited to CSAM. Once the mass-surveillance apparatus is installed, it could easily be extended to detect content other than CSAM without anyone noticing it. From a service provider’s point of view, the detection mechanism, which is created and maintained by third parties, essentially behaves like a black box.

What can you do?

Since the matter may be decided this Wednesday, June 19, 2024, time is a critical factor. If you’re a EU citizen, please consider contacting your government’s representative today, asking them to vote against Chat Control.

It may also help to take to the digital streets, spread the word online, and raise awareness for the EU’s dubious plan to establish an unprecedented mass-surveillance apparatus that would essentially nullify the right to data privacy and set a highly dangerous precedent in doing so.