MC's journal

Sweetmorn, the 27 day of Bureaucracy in the YOLD 3187

Chatcontrol, searching messages for illegal content

On July 6 the EU parliament voted yes to a proposal from the EU commission (PDF) on a temporary law to allow services to automatically search messages for suspicious content with a focus on child exploitation.

We have quite strict confidentiality laws within EU even when it comes to electronic communication. Its current basis is the 2002/58/EC "ePrivacy Directive" (PDF) from 2002. On 21 December 2020 the new "European Electronic Communications Code" (PDF) came into affect in local laws (or the countries would face fines) and that directive redefined electronic communication services to also include "number-independent interpersonal communications services", which I think means things like e-mail and IM messages.

When this change of definition came into force in local laws it suddenly made some existing practises illegal. You see, some service providers automatically scan their users' messages for child exploitation. As cryptographer Matthew Green wrote in his insightful article about client-side scanning in 2019:

Facebook, Google, Dropbox and Microsoft, among others, currently perform various forms of automated scanning on images (and sometimes video) that are uploaded to their servers. The goal of these scans is to identify content that contains child sexual abuse imagery

The commission scrambled to make this legal again and suggested a temporary law (PDF) while they figure out what to do about it. Things dragged on for quite a while and not until this summer the temporary law was voted on in the EU parliament.

Here you can see how the MEPs voted on this proposal on July 6:

It's interesting to note that Germany and the Netherlands voted against but that Sweden voted for.

Checking in on the Swedish MEPs and how they voted:

I'm really surprised to see only Malin Björk from Vänsterpartiet/Left party voted against! It's also interesting that the German Social Democrats were split on the question (10 for, 6 against) but the Swedish Social Democrats all voted for the proposal.

I can't help wondering if the Swedish MEPs fully understood what they were voting for? Since this hasn't been covered that much in media, especially compared with the recent Apple announcement that they will scan photos, I haven't seen any party representatives speak up about this.

The MEP Patrick Breyer for the German Piratenpartei has a lot more information about this on a campaign site:

Matthew again:

[T]oday’s CSAI scanning infrastructure represents perhaps the most powerful and ubiquitous surveillance technology ever to be deployed by a democratic society[.]

Consider if this far-reeaching scanning infrastructure will scan for something else? And what about false positives?

Watch out for the December 2021 follow-up proposal from the commission! The already accepted proposal is a temporary law and the real law will be proposed soon and might be consideribly worse, for instance making scanning mandatory.

Written by MC using Emacs and friends.