Chat control: How the EU is jeopardizing our digital freedom

Robots, computers and algorithms don't serve us, we serve them. They have us under constant control, measure everything we do and calculate how they can get even more out of us.” These provocative words by technology expert Gunter Düeck aptly describe where we are heading – especially if the plans of some EU politicians are anything to go by.

Introduction

Chat control: How the EU is jeopardizing our digital freedom “This is how it is: robots, computers, and algorithms do not serve us; we serve them. They have us under permanent control, measure everything we do, and calculate how they can extract even more from us.” With these provocative words of technology expert Gunter Düeck, the direction in which we are heading can be aptly described – especially if the plans of some EU politicians come to fruition. This article complements the privacy Deluxe Podcast episode #26 Chatbots utilize: for what and better not? The topic has become relevant again after a while without any news on chat control. In this contribution, we discuss the problem in general of wanting to monitor chats on a large scale. Currently, there is no decision yet as to whether such monitoring will come or how it will be designed. What is being discussed is not evaluating texts and audio recordings, but rather images.

You can listen to the German podcast here:

The privacy-Deluxe podcast is operated locally on Dr. GDPR. The Podigee platform will no longer be used. Instead, the previous podcast was automatically migrated to a local version. Thanks to AI support, this went smoothly.

What is chat control?

For several years now, the EU Commission has been discussing a draft law that aims to undermine encryption technologies in messenger services and all electronic communication services under the pretext of combating crime – particularly child pornography and cyber-grooming. Around ten EU member states currently support this push for all-encompassing surveillance.

Opponents argue that this so-called chat control goes far beyond the privacy and fundamental rights of our democratic order. But what would it mean in concrete terms if governments were able to intercept private communications in chats, messenger services and emails at any time without any great pretext?

The problem with client-side scanning

The planned mechanism is called “client-side scanning”. An automatic scan is to take place directly on the end device – i.e. on your smartphone or computer. This is intended to check whether certain keywords are used that could be associated with criminal activities or whether the semantics of the communication appear suspicious.

The false alarm problem

The biggest problem: there will be countless false alarms. A harmless example illustrates the absurdity: parents who send a photo of their naked toddler on the beach to family members could automatically be targeted. The algorithm recognizes “naked child” – and the chat is immediately routed out and checked.

This situation is similar to the problem with car alarms: if an alarm keeps going off for no real reason, nobody takes it seriously any more. In the case of chat control, it would probably be 99 percent false alarms and perhaps one percent actually suspicious cases.

Apple's CSAM scandal as a warning

Apple has already developed and tested such a mechanism. The so-called CSAM affair (Child Sexual Abuse Material) made it clear just how problematic this technology is:

• Images were automatically transmitted to Apple servers in encrypted form
• A comparison with a database took place – before the user had even sent the message
• The system has become increasingly sensitive over time

An internal whistleblower at Apple reported that the focus had been expanded from “explicit child pornography” to “child without a T-shirt”. The system would ultimately have classified any parent-family chat with harmless photos of children as suspicious.

Who controls the controllers?

Private companies are supposed to carry out these pre-control checks – not police authorities. Companies like Meta (Facebook, WhatsApp) or Google, which already now:

• Possessing omnipresent market power
• In some countries, the Internet will effectively be equated with
• Using algorithms to influence opinions in a targeted manner
• Regularly violating data protection regulations

Entrusting these companies with the task of uncovering crime while they themselves systematically commit violations of the law is absurd. These companies are engaged in organized crime in the digital space – they deliberately break laws worldwide and wriggle out of responsibility at hearings with excuses such as “it was the algorithm”.

Everyone is affected – not just Messenger users

Anyone who thinks they are safe without Facebook or WhatsApp is mistaken. Almost everyone uses them:

• Android smartphones with Google services
• The Google voice search
• Windows from Microsoft
• An iPhone from Apple

Chat control would apply to all these services. A harmless search query such as “Does chat control help effectively against child pornography?” could already trigger an alarm because the word “child pornography” appears.

The real problem: lack of deterrence

The true cause for inadequate crime-fighting is not in lacking surveillance capabilities, but in lacking deterrence and consistent prosecution.

Data protection authorities are failing

One frightening example: the Hessian data protection authority is effectively refusing to do its job. Complaints are often not even answered. Authority representatives refer to their approaching retirement and “no longer want to lead an exciting life”.

Millions of violations through illegal web tracking occur daily in Germany – not a single German data protection authority has imposed a fine for this so far. If violations remain without consequences, elaborate surveillance mechanisms are completely useless.

Courts ignore EU law

The German judiciary is also failing when it comes to data protection. Courts: