Thanks to a report by EDRi, I've recently become aware that various changes have been made to the chatcontrol proposal. As of writing, the latest version of the proposal can be read here.
The original proposal is already pretty bad, but the changes by the Council of the European Union make it much, much worse. I'll assume you've some familiarity with the original proposal. If you are unfamiliar with the proposal, my introduction post about chatcontrol might help a bit, however the changes to the proposal are not as focused on detection/scanning as the introduction post is.
Update one day after original post: In the original version of this blogpost,
I noted that no court order was required for any type of order.
This was inaccurate: For detection orders the requirement of obtaining approval by a judicial/independent administrative authority is currently still
in place in the current draft (2nd-last sentence of Article 7, page 12).
For the other types of orders, the original post remains accurate.
For transparency, incorrect information has been left in but marked with strikethrough and linked to this section.
Recently (2022-12-01), the European Commission published an article about their planned legislation (called chatcontrol by critics). While the Commission has in the past cited statistics which are wrong, the published article is so stunningly bad in that almost every single sentence is strongly misleading, a blatant lie or flat out wrong. As it's rather short, I'll fully cite the article and explain what's wrong with each part. I assume you have some familiarity with chatcontrol. If not, you may want to read about what it is before reading this post.
The chatcontrol regulation (see here for explanation) has been heavily criticized for various different reasons. In the last few weeks, it was possible to submit feedback to the european comission about the proposal. Many citizens and NGOs used this opportunity to express their objections or approval. I downloaded and analyzed all 414 comments from feedback page. Here's what I found:
A week ago (2022-06-29), netzpolitik.org published a leaked document showing answers from the european commission to the member states regarding the chatcontrol regulation. The leak is mostly in german, very long and was/is mostly ignored by mainstream media (even in germany). In this post, I've translated the parts I personally consider the most relevant and added some thoughts/criticism/relevant context.
We really need to talk about chatcontrol, the EU's next mass surveillance system. Long post, there are some hints to skip over parts of if it's too long for you. Sources are in [brackets] & linked at the end. I tried to simplify a bit to keep the post accessible for people without deep technical knowledge. I've packed a LOT of content into this post - if you have trouble undestanding, it's probably my fault. Ask me and I'll clarify!
Chatcontrol is what critics call the regulation proposed by the european comission [L1]. The regulation aims to reduce the online distribution of Child Sexual Abuse Material (CSAM). It will force messaging services to scan ALL content, including personal messages and photos, to detect CSAM and report detections to a newly established EU centre. The centre will then coordinate with police in EU countries and provide access to detection technologies.
While I doubt anyone will disagree with the aim, the means (mass surveillance) are not only violating privacy rights but also ineffective, for various reasons. This post will explain some of these reasons and what YOU can do to help stop the regulation. Let's start with the most important thing: Chatcontrol completely misses the point, as criminals rarely use messengers to share material - they're too slow to share large collections of CSAM.
Instead, they encrypt the files and upload them to a completely normal filesharing service. Since the files are encrypted, the service is unable to scan the contents, even if it wants to detect CSAM. Criminals can then simply share links to the content whereever they want [C1,4-6] - the scanning can't/won't hinder them! This alone should be enough to scrap the regulation! If that's enough for you, you can click here to learn what you can do.