EU Proposal for Chat Control for fighting CSAM

Things are moving along a fairly predictable vector.
I have already mentioned an example scenario that began after the arrest of Pavel Durov.

Fighting is a stretch.
The real struggle begins where you are not afraid to show who you are, your face - and at the same time have real arguments and evidence of why you are right.

In my humble opinion, it is very important to position yourself immediately as a compromise seeker and concerned about understanding the truly justified needs for access to cryptographic communication channels from the State.
Because if you try to chop from the shoulder…in general, don’t become a nail under the ready made hammers in the master’s box.

Try to become a tool.
You know, as they usually say - if you want to achieve something outstanding or at least make money - solve the problem, or better,
solve the problem of rich (powerful) people.

The European Union is slowly but surely drifting towards a mass surveillance system that could resemble what happens in certain authoritarian regimes. I will focus on France, but I am convinced that the situation is not fundamentally different in other EU countries.

In France, we observe:

-Growing pressure on the media, with journalists hesitating to tackle sensitive topics such as the Covid-19 pandemic, conflicts in the Middle East, or the war in Ukraine. The fear of repercussions sometimes seems to outweigh the duty to report the truth.
-The government’s refusal to pass laws protecting journalists and whistleblowers, some of whom have been subjected to surveillance.
-Striking workers being monitored, placed under surveillance, with heavy-handed interventions by the GIGN at their homes at unreasonable hours, followed by prolonged custody.
-Peaceful protesters, particularly those opposing environmentally destructive projects like the destruction of a forest to extend a highway, being labeled as terrorists (marked as S files) simply for expressing their dissent—labeled as ecoterrorists by the government.
-The massive deployment of facial recognition cameras in public spaces, a measure that raises serious concerns about individual liberties.
-The recent attempt to legislate against the use of VPNs, which would greatly restrict online anonymity and freedom of expression.

At the European level, the regulation of social media platforms, although it may seem justified on paper, appears in practice to be a means of controlling information. During the Covid-19 crisis, for example, platforms like X (formerly Twitter), YouTube, Google, and Meta were urged to combat “disinformation,” often by removing any content that contradicted the dominant pro-vaccine narrative. The upcoming Chat Control law might follow this same logic, under the guise of security, but in reality, it could lead to increased mass surveillance.

3 Likes

Well, if more and more people think like this we all will lose one day! It may help to remember that there are people who can give us tips on what we can and SHOULD do! It’s not really difficult: Take action to stop chat control now! – Patrick Breyer

Chatcontrol was discussed long before the Telegram problem, and tbh i don’t think is really relevant because Telegram largely isn’t E2EE anyway. There is always the expectation to comply when you have data.

I think all this will do is encourage larger companies to move towards federated/decentralized design as doing so is probably cheaper than the massive cost for compliance. It’s also what is required in separate laws like DMA. Backdoors means they know about it and have to “take action” which is difficult with any service of size.

Meanwhile newer protocols eg Signal Protocol, MLS etc are being developed and no, there’s no magical backdoor feature.

Politicians need to realize they can pass as many laws as they like, ultimately though if it is unpolicable due to size then it simply won’t be complied with. Smaller services will just operate from more friendly jurisdictions.

Compliance requires enforcement, and that requires resources and prosecution. Make ridiculous laws and people won’t take any notice.

2 Likes

I think you miss the point.

EU can’t ban E2EE messengers, we are not yet at a point where an EFW (European Firewall) is being even considered.

But deplatforming will go to great length to reduce Signal’ appeal. It will be seen as a “criminal platform”.

As said in Google Photos dilemma, Privacy is collective. I can always find Signal apks and download it. Now good luck if I want to communicate with iPhone users, and good luck to explain how to install apks to my grandparents.

Hello. I believe I understand your point. Indeed, the agenda of controlling the means of communication is a well-known discussion vector, and we see no new information here.

If I may, I would like to suggest that we consider the situation in a sandbox together. I think it would be beneficial to reflect on the possible options in the same way that modern ‘collectives’ do before the actual battlefield.

While it is not accurate to say that Telegram was the cause of the chatcontrol, it is likely that it was one of the few platforms with a large user base that prompted it to be taken to such aggressive steps.

Telegram is not currently E2EE by default. However, it might be worth considering whether it could be made so by default in the next version.
Do you think that would be a realistic possibility?

I would suggest that we consider the additional factor of the numerous, often routine, requests from law enforcement that are often ignored.

In light of the upcoming election, it is worth noting that a significant proportion of both voters and those who can influence their opinion or promote the content of someone who can do so are on a platform that does not respond to letters and can hire teams to implement E2EE in bulk.

This may create a situation where the opposing side’s intentions and strategies remain unknown.

It’s a significant potential challenge with the ability to result in unfavorable outcomes if a decisive action isn’t taken.

Pavel could consider spending time in the UAE to invest in the development of a new version, with the goal of implementing encryption by default.

This could even involve dividing the platform into a social network and chat tool. This is a realistic possibility, particularly given the potential support from capital in the Middle East.

Doubtful, because chatcontrol is about E2EE and telegram was never that at least for most users.

I guess it really depends if this functionality extends to deplatforming from certain countries. I was thinking more of a mastodon/matrix style where you could use a different client that may not have those restrictions.

Doubtful, because a lot of their features haven’t been designed around that possibility. It is possible they could expand it to other places like desktop (not just mobile), but even then there limitations.

If this law passes, then App Stores will be required to remove any app that doesn’t have this backdoor.

No one knows how it will/could be implemented, but that’s probably the easiest way.

Though Signal will withdraw from EU market in that case, and Meredith’s move to France for a few months to talk about Signal future operations in EU, gives me hope this Chat Control will not pass, at least not as its proponents would like to.

Facebook also mentioned earlier they don’t want to break encryption. And if they threaten to wihdraw from EU market in case such request becoms reality, and leavi half a billion users without their everyday social and im platforms, that could actually prevent EU from doing this.

And the last thing, there are so many EU legislations implemented so poorly, that it makes no difference after all.

Bu I do agree that this battle must be fought, otherwise we might come to the point when people will vote for this in their own countries, at nationial elections

1 Like

Good morning. It seems to me Meredith’s acumen and foresight would consider exiting the European market only in the most extreme cases. She seems like the kind of woman who believes that even one is a warrior.

She has a clear ideology and a strong defense of confidentiality of correspondence with no tolerance for its use for criminal purposes.

One of her endgame against a total ban on E2EE in the EU should be something like E2EE but with KYC.

Europe is not only a big market, it is also a very developed and intellectually rich in the context of ready specialists and educational institutions, a springboard for other (even more promising) markets of the future.

I can’t get my head around the idea that Meredith could give up and just leave the market, even in the case of aggressive chatcontrol.

An important factor here is the current instability of the region, the continent itself. There’s serious fighting going on.

Communication and logistics are the arteries of war and national security.

The EU national leaders realize this.

They did for UK’S ban on E2EE.But will they for this ? You would think they would already have spoken out.

Unfortunately, authoritarian-leaning countries like Hungary might force the hand in enforcement.

Can something like this be implemented on a legal basis in Europe ?

1 Like

I believe it will inevitably result in the CJEU having to address this question definitively, should the relevant law be adopted by the EU Parliament. In particular, it will need to be examined whether the law in question is in compliance with the principles of existing EU law.

From the perspective of existing mechanisms in the world, it is possible to draw a parallel between KYC, the use of private communication services and a precious metals exchange, where transactions are conducted only with the necessary identification.

Perhaps the key point here is that we, as consumers of private communication products will only have to find out…whether people in power are comfortable with this as a compromise.

It is not out of the question, authorities have realised that without monitoring all communications globally, they will not be unable to fulfil their duties.

This, by the way, can also be understood…

1 Like

This doesn’t make any sense whatsoever. Unless you want to stop children from communication freely, then any other goal of KYC is nonexistent.

And Signal will never want to ask users to share their sensitive ids numbers to them or 3rd parties.

1 Like

I understand that this may not be immediately apparent, but I hope that with a little explanation, it will become clearer.

Why don’t you think the option for KYC for a minor should require an ID document to register a E2EE chat, rather than the age of majority itself.

In the event of an individual’s violation of the law and perpetration of illicit activities, their personal account, which has been duly authenticated on the aforementioned exchange, shall be subject to immediate closure.

Furthermore, the funds associated with this account will be confiscated.

In the event that this occurs with regard to your private E2EE chat, and provided there are legal grounds for doing so, the platform will take the necessary steps to revoke your access to it.

The chat will be confiscated and the relevant authorities will be granted access to it, along with the keys it contains.

Prior to this juncture, all communication was encrypted and stored within a Know Your Customer (KYC) account, thus ensuring absolute confidentiality until the designated time.

You share your data when you register somewhere that requires it.

I am certain that the main department of the Ministry of the Interior of each European state, together with the World Organization for the Protection of Children’s Rights, will provide servers to process such data. The expression “third parties” is an underestimation of the seriousness of these structures.

Or let’s ban E2EE in Europe.
People will complain, social polls will drop, and there’ll be a few water cannons and flag-waving.
But that’s what it’ll look like.

It is imperative that we consider the following method in parallel with this:

Absence of abuse of authority

Absence of corruption

Transparency and publicity of the prosecution processes where the decision to seize a means of communication is taken.

Controlling judges and jurors by an incorruptible body.

Intelligence, agents who identify lousy sheep, infiltrate those who try to bribe, provoke abuse.


Those who violate the law specifically with regard to human rights by making false accusations and seizing private communications will face very serious penalties, like for treason or grievous harm.


Because E2EE encrypted chats are an important tool for safe communication. Sexual violence victims say they valued “Safe Spaces” including private chats.

It is also useful to protect young protesters again zealous LE.

If there was an AI that could detect CSAM with a <1% false positive, then it would be very difficult for me to oppose it.

But current systems have high level of false positives. Both on the detection on wheter it’s a child (For example Asian woman can be identified as child by AI) and the intent (for.medical exam, or consensual sexting between minors).

1 Like

I sense that your perspective might be leaning towards a fatalistic outlook.

If the victims of crime saw a safe harbor in E2EE, it will remain so, provided that it is disclosed. In such a case, if the competent Authorities (which are designed to protect their rights) revealed as a result of investigative actions that the law was violated
in the real world.

I believe that monitoring all conversations in real time may create psychological pressure for everyone. The idea is that the E2EE chat’s can be decrypted if necessary, not that they would decrypt 100% of them in real time detecting violations based on that.

Why?
It is a very big challenge for any investigation to present something to the accused without more data, and that data is often behind E2EE.