Online surveillance thrives when fear takes over – Diego Naranjo

European law enforcement has been pushing to end encryption and investigate everyone’s online communications.

LuckyStep /

In 2020, the European Commission proposed temporary legislation on ‘cat control’. This aimed to legalize the analysis of everyone’s private online communications, namely every message, email or chat. The successor in a long series of government attacks on encryption of online communications, it has raised concerns among privacy activists with its potential to start a new “crypto war.”

These attacks instrumentalize fears of politically motivated violence and child abuse to undermine security measures such as encryption, which are essential for the safety of not only journalists, whistleblowers, political dissidents and advocates. human rights, but anyone who depends on confidential online communication. This includes LGBT + people and survivors of abuse, seeking solidarity and counseling online, and those seeking mental health support.

The “solution” proposed by the committee would create many more problems than it would solve. There are alternative answers to the serious challenge of sharing child abuse and exploitation material online, without resorting to spying on everyone.

Problematic proposals

Over the summer, the European Parliament approved the controversial legislation, though it contained several problematic proposals, such as the potential to invade conversations on Facebook and Instagram. The committee qualified these measures as “temporary” in order to avoid the complete control usually applied to European Union law. For this, he has been severely criticized by the European Data Protection Supervisor (EDPS) and the European Parliament’s research service.

Despite fears that such measures could infringe on fundamental rights, Apple has announced changes to the privacy settings of its email and cloud services. These would have allowed Apple to scan all images uploaded to iCloud and iMessage sent or received by children’s accounts.

The news alarmed privacy experts, including whistleblower Edward Snowden, academics, researchers, ethical hackers, civil society organizations and even Apple’s own employees. Under the guise of child protection, the measures would have allowed widespread surveillance of Apple users. Apple has addressed these concerns and has “suspended” the implementation.

Attack trigger

One of the triggers for this latest attack on secure communications was when Facebook (now “Meta”) offered to enable end-to-end encryption on its Messenger app. End-to-end encryption prevents anyone from reading or listening to private communications – it already applies to WhatsApp, which Facebook acquired in 2014. Fearful of being accused of being “lenient on criminals,” Facebook has however decided to postpone the introduction of end-to-end encryption on Messenger, at least until 2023.

Critics had claimed that such a decision would reduce the amount of child pornography (CSAM) detected by Facebook, with fewer prosecutions and more illegal material being disseminated. The weakening of the encryption and security of electronic communications services used by the public is however neither necessary nor proportionate, as the EDPS explained in his opinion on the proposed legislation on the control of chats.

Indeed, many could run the risk of being spied on by domestic and foreign security services, intelligence services or private companies in exchange for the perceived protection of children’s rights. As stated by the United Nations in their General Comment (2021) on the rights of the child in relation to the digital environment, “interference with the privacy of a child is only permitted if it is not is neither arbitrary nor illegal ”and“ attention should always be given to the least privacy intrusive means available to achieve the desired objective ”.

Be part of our progressive community

Social Europe is a independent editor and we believe in content that is available for free. For this model to be sustainable, we depend on the solidarity of our loyal readers – we depend on you. Become a member of Social Europe to less than 5 euros per month and help advance progressive politics. Thank you very much!

Become a member of Social Europe

Human rights standards

Encryption benefits children by protecting sensitive information. As also recognized by the United Nations Children’s Fund, UNICEF, improving the privacy and protection of children’s data is essential for their development and future as adults. National laws on surveillance must conform to international human rights standards, including the right to privacy.

In practice, this means that government requests for communications data, such as emails and chats, must always be judicially authorized, narrowly targeted, based on reasonable suspicion and necessary and proportionate to achieve a legitimate objective. In other words, law enforcement cannot probe everyone “just in case”.

A democracy cannot thrive on the assumption that all of its inhabitants are always potential suspects. Such reasoning overturns the presumption of innocence.

The temporary legislation approved by the European Parliament, however, allowed platforms like Apple, Google and Facebook to continue “voluntarily” to scan all communication all time, instead of focusing on the real suspects for limited periods.

Massive impact

EU policymakers need to protect end-to-end encryption. Without online privacy, businesses, law enforcement agencies, and governments would be able to track everything adults and children share online. This would have a huge impact on freedom of expression and other fundamental rights.

Policymakers need to ensure that the technologies used to detect CSAM are the least invasive for privacy, state-of-the-art, and only used for that strict purpose. This would prevent their use, at least in theory, to detect content and crack down on environmental or racial justice activists, as cybersecurity experts warned, for example, in a recent open letter to the Belgian government.

Data protection authorities must ensure that the technologies used comply with data protection and privacy requirements. They should examine existing and new technologies that could be used for surveillance purposes and establish their legality. This should be coordinated with the European Data Protection Board. Such a guarantee could, in principle, put an end to practices which are neither necessary nor proportionate.

However, all measurements involving online material will almost always be retrospective: they aim to identify images or video footage in which harm has already been caused. Investing in education, social services and other preventive means will be a much better way to ensure the safety of young people, which includes the confidentiality of their personal lives.

New legislation

This year, the committee will propose new legislation to replace the interim cat control measure. No information has been made public on what it would contain and requests from European Digital Rights to meet with the responsible European commissioner team have been ignored.

On World Encryption Day, a group of MEPs from all political groups warned the committee against further attempts to undermine encryption in legislation. The committee must ensure that EU online communications laws do not slide down the slippery slope towards mass surveillance.

Diego Naranjo is Policy Officer at European Digital Rights (EDRi).

Comments are closed.