Expert: Partial victory on Chat Control 2 but more remains

The twists and turns surrounding the potential implementation of Chat Control 2 by the EU have been numerous in recent years, with massive criticism from both experts and ordinary citizens. It recently became clear that there will be no mandatory scanning of the content of EU citizens’ electronic communications – despite this, it is far too early to declare victory, according to an expert.

After years of stalled negotiations, the governments of EU countries have agreed on their approach to the legislation originally developed by the then Swedish EU Commissioner Ylva Johansson (S). This paves the way for final negotiations with the EU Parliament on a permanent surveillance framework for all digital communication.

Subsequently, it became clear that the EU Council of Ministers will not proceed with the Commission’s proposal for mandatory scanning of the content of private individuals’ electronic communications, something that journalist and social commentator Henrik Alexandersson describes as a victory.

“Fair enough. But that doesn’t mean everything else is good,” he notes while pointing out that the voluntary scanning, which is currently permitted and technically applicable to non-fully encrypted messaging services, risks becoming the new normal for everyone who uses them – something that still constitutes a significant intrusion into people’s right to privacy.

High error rate

Even though it will be possible to choose service providers that neither want, intend, nor can scan their users’ messages, it must be assumed that virtually all other messaging services may review what people write and send to each other, warns Alexandersson, adding that such scanning has an error rate of up to 50-80 percent.

This means that lots of completely innocent people may be investigated for child pornography offenses or improper contact with minors. The price for the individual can then be very high even if nothing illegal or relevant in the context is found.

Furthermore, Alexandersson argues that for the time being, it should be assumed that all forms of electronic communications that are not fully encrypted will be scrutinized and in many cases forwarded to the authorities for further investigation.

Now the hope lies with the European Parliament in the upcoming negotiations. The Parliament’s position is that surveillance should only be targeted at individuals and groups suspected of containing illegal content – not be general. And that decisions on surveillance should be made by a court.

Negotiations behind closed doors

To Samnytt, Henrik Alexandersson points out that there are provisions in the text that will put pressure on operators, who not only handle end-to-end encrypted messages, to engage in “voluntary” scanning.

He still believes that the major victory is that an operator, for example Signal, which prioritizes its users’ privacy, cannot be forced.

– And that it has been realized that one cannot go after end-to-end encrypted messages. This means that even on more “common” services, which otherwise scan, scanning can be avoided if total encrypted mode is enabled, as in Messenger. Then it simply cannot be scanned, he tells Samnytt.

Another point that Alexandersson notes is that the Council’s proposal for client-side scanning (spyware at the application or system level on all phones, computers, etc.) has also been halted. The plan was to control the content of messages before they are encrypted and sent.

– As soon as possible, the EU Council of Ministers, the European Parliament, and the EU Commission will enter into so-called trilogue negotiations, which take place behind closed doors. The result of these negotiations must then be approved by both the Council and the Parliament again. The aim is for everything to be ready before the current temporary legislation expires this spring, he concludes.