Chat Control 1.0 to the vote in the EU Parliament, what is the law that removes privacy from chats

Today, July 9, the European Parliament will have to vote for the third time on a law that it has already rejected, the exception to the digital privacy legislation, more commonly called Chat Control 1.0. This is a rule designed to search for explicit content involving minors, but which is criticized because it would allow platforms and providers to read all user conversations.

The proposal was abandoned and evolved into Chat Control 2.0, which would force tech companies to monitor every private exchange between their users, when Chat Control 1.0 simply allows it.

The history of Chat Control

In 2020, the EU passed privacy legislation that ensures that chats and email exchanges cannot be legally read by people other than those involved in the exchange if they don’t want to. In fact, with this regulation, the European Electronic Communications Code equates digital correspondence with physical correspondence.

This legislation prevented technology companies from reading conversations made through their messaging applications. For the European Commission this was not acceptable. The EU executive would have liked to allow internet providers to read citizens’ chats, so as to be able to report a crime: the dissemination of child pornography. Thus, Chat Control 1.0 was born, which would include:

  • an exception to privacy legislation;
  • a concession to providers, but no obligation.

However, the European Parliament has blocked the rule twice because, according to critics, it would give rise to a systematic violation of the privacy of private conversations. However, the European Commission has not given up, on the contrary it has proposed Chat Control 2.0, an even more extreme version of chat control, which would require providers to monitor every correspondence.

Criticisms of Chat Control

Those who criticize Chat Control, both the first and second versions, do so not on the purpose of the law, but on the means it uses. According to critics, this is mass surveillance and the violation of private correspondence that all Western constitutions, including the Italian one in Article 15, guarantee.

Critics, including several cybersecurity experts as well as many digital rights associations, point out that the control would be automatic, left entirely to an algorithm. An incorrect report from this algorithm could ruin anyone’s life, given the seriousness of the crimes it would look for.

Finally, there is the question of precedent. Legally, there is nothing that distinguishes child pornography from other crimes. Nothing would therefore prevent a government from using Chat Control to monitor every conversation for various crimes. From there to the search for political opponents, according to critics, it would be a very short step.

Chat Control technical problems

Mass monitoring of people’s conversations is not only a violation of citizens’ fundamental rights, according to critics of Chat Control. In the digital space, there are also serious technical problems that cannot be overcome without causing significant cybersecurity risks.

The central one, especially for Chat Control 2.0, is end-to-end encryption. This technology is common on many messaging services, including the most widespread in Europe, WhatsApp. It effectively applies the principle of confidentiality of correspondence to the technological field. Conversations are encrypted, only those who send and receive them have the key to decipher them. Not even the company that controls WhatsApp, Meta, has the ability to read them.

This is a problem for Chat Control, which wants to allow, or require, internet providers and companies to read chats. The only solution is to transfer control to the device sending the message, so that the message is read before it is sent.

If a system like this were hacked it could lead to disastrous consequences. For private individuals, the risks would potentially be theft of credentials, identities, documents and anything sent by message. However, a national security problem would also arise if the hacker attack was ordered, as often happens, by a foreign state, and the targets were high-ranking state officials.

Where are we with Chat Control?

To date, there are therefore two forms of Chat Control: 1.0 and 2.0. The main differences between the two are summarized in this table:

Chat Control 1.0 Chat Control 2.0
Year of proposal 2021 2022
Objective Allow controls of private chats Force companies and providers to control chats via orders
Technical problems Nobody Overcoming end-to-end encryption
Criticisms Systematic violation of privacy Mass surveillance and security risks

Regarding Chat Control 1.0, the legislative process could accelerate after the July 9 vote in the European Parliament. Chat Control 2.0, however, continues to remain blocked. Negotiations are underway between the European Commission and the Council of the EU, which are pushing for its approval, and the European Parliament, which in recent years has expressed criticism of the measure and which has rejected it several times, in its various forms.