Chatcontrol is back on the table

After a brief suspension due to the lack of agreement on the text, the European Union is trying again with some important changes that might reconcile all member states.

After a short suspension, the European Union has resumed discussions on Chatcontrol, the infamous regulation (Child Sexual Abuse Regulation) that has been under debate since 2021. If approved, Chatcontrol promises to establish a pervasive system of digital surveillance of chats and communications across Europe.

On September 9, 2024, POLITICO released the latest revised version of the text, which will be discussed on September 23 by representatives of various European member states.

Before continuing, leave a like!

Here, I will offer a brief analysis of the latest changes, or rather, those that I find most interesting for a cyberspace inhabitant. In addition to the analysis, there will also be a brief reflection on the real motivations that — despite minimal benefits — drive the European Commission to push for an extremely ambiguous regulation, disliked by many, and especially dangerous both for citizens and for companies operating in the Old Continent.

Chatcontrol has a long and intricate history, which I have retraced in the context of the Crypto Wars. For those just arriving now, I recommend diving deeper by reading at least the following materials:

Chatcontrol: global surveillance of communications

The European Union is slowly banning online privacy

USA, UK, and EU Arm Themselves Against Encryption

In a nutshell, Chatcontrol is a regulation that proposes to oblige every communication platform, social media, and hosting service to introduce measures to reduce the risk of CSAM (child sexual abuse material) dissemination through advanced mass surveillance technologies. In cases where a platform may be deemed high risk, such as Telegram, authorities may also require the company to actively monitor the communications of each individual user or groups of users to further reduce risk.

The law is not equal for all

Starting with the new features of the revised text, what immediately stands out is a special exemption from the regulation's application for all communication services not available to the public, and whose use is restricted to a company, organization, public body, or authority. The law would therefore not apply if a public authority or ministry decided to use communication systems that are not publicly available.

The text goes on to further specify that the notorious “detection orders,” i.e., those orders to scan the communications of every user on a specific platform, do not apply to accounts used by public officials for national security, police, and military purposes.