Brussels: More than two dozen tech companies and trade associations have written an open letter to EU ministers calling on them to reject the proposed ‘chat control’ to maintain privacy.
EU interior ministers will next month vote on the highly-controversial introduction of either backdoors or mandatory client-side scanning, as part of a Regulation on child sexual abuse. Currently, there is a regulation in place allowing—but not requiring—providers to do this.
“Even if this mechanism is created with the purpose of fighting crime online, it would also quickly be used by criminals themselves, putting citizens and businesses more at risk online by creating vulnerabilities for all users alike,” reads the letter.
“As tech companies operating within the European Union, we have built products and services in line with the strong data protection framework of the EU which still serves as an example and inspiration across the world.”
The letter is signed by tech and security firms including Element, Proton, Surfshark and Threema, along with ACT The App Association, Defend Democracy, Encryption Europe and the Privacy & Access Council of Canada.
The letter suggests that the EU’s reputation for stringent data protection is a unique selling point for businesses operating within its borders, offering a competitive edge. Mandatory scanning would erode trust, it says.
Client-side scanning is a highly controversial technology, with critics claiming that it erodes user security and privacy, while failing to protect children.
In 2021, Apple announced plans to introduce client-side scanning, whereby individual devices’ iCloud photo libraries would be automatically scanned for child sexual abuse material using a technology called NeuralHash, and then compared with known CSAM material, before being reported to the authorities.
Forbes Daily: Get our best stories, exclusive reporting and essential analysis of the day’s news in your inbox every weekday.
By signing up, you accept and agree to our Terms of Service (including the class action waiver and arbitration provisions), and Privacy Statement.
But the company scrapped its plans early last year, admitting that allowing scans for one type of content could open the doors for searches for other types of material and open the door for bulk surveillance.
Meanwhile, the European Parliament recently acknowledged that scanning technologies are not compatible with confidential and secure communications. And at the end of last year, the Internet Architecture Board also came out against the practice, saying it offered no technical way to limit the scope and intent of scanning, nor to provide transparency. Meanwhile, it said, the regulatory burden that would be imposed would have a negative impact on innovation, restrict use of open-source software and lead to a ‘stagnant landscape’ where users lose choice.
“If the EU decides to make client-side scanning mandatory, they would kneecap themselves and undermine the EU’s unique global position with top data protection laws. Such drastic surveillance legislation would put Europe on the same level as China, hinder economic growth and stop businesses from trusting EU-based companies with their data”, says Matthias Pfau, founder of Tuta Mail.
“While the EU Parliament has clearly positioned itself in favor of strong encryption and people’s right to privacy with their historic agreement on the chat control proposal, the EU Member States must now decide what side they want to be on. We are hopeful that they will choose the right side and urge them to listen to experts in cryptography, cybersecurity and data protection, who all agree that client-side scanning must be stopped.”