The proposed EU Chat Control law is a threat to our democracy. What can you do to prevent it?

With the EU law proposal “Regulation to Prevent and Combat Child Sexual Abuse” — more commonly know as the EU Chat Control Law — our democracy is threatened from the inside: by our own governments. Citing child protection as the reason, the EU wants to backdoor end-to-end encryption, so they can access and read any message, including photos and videos.

With the so-called Chat Control law, the EU would oblige all email and messenger providers to analyze content before it gets encrypted on the phone of the sender, using AI to detect child sexual abuse material (CSAM). If content is flagged, the providers must report it to the authorities for further investigation.

How did we get here, what does it mean for you, and what can you do to prevent it?

What is end-to-end encryption? A quick recap

With end-to-end encryption (E2EE), no one but the sender and receiver can access a message, including attachments such as photos and videos. To achieve this, the message gets scrambled into an illegible code on the sender’s phone. Only the receiver has the unique key stored on their device that lets it automatically decrypt the message to read it.

What is the issue with the proposed EU Chat Control Law?

It’s one of the rare cases that we agree with Big Tech, albeit for different reasons.

Big Tech firms are likely to support end-to-end encryption because moderating messages would be extremely expensive. With E2EE, they can easily claim that moderation isn’t possible, saving time and costs. At Nextcloud, we have been a long-term supporter of E2EE — not for financial reasons, but because we believe in privacy and want to keep the web free.

Governments, however, often have stronger incentives to want to break encryption. That’s why they have repeatedly tried to push for laws granting more insight into their populations’ messaging. In 2019, we already reported a German plan to force decryption of chat. More recently there was the attempt by the UK government, blocked by Apple.

The Chat Control law propoes to use local decryption of messaging, making it a novel approach in reading encrypted messages. But the effects are the same: it gives governments a backdoor to your messages. And once that door is open, your online safety can quickly spiral.

While the reasoning for the Chat Control law seems noble, the effects are far-reaching. Just think of governments spying on the opposition under the guise of “terrorism prevention”. This possible cascade of surveillance makes the Chat Control law one of the biggest threats to our digital life in the past decade.

What does the EU Chat Control law mean for you?

The EU Chat Control Law states that all e-mail and messenger providers must gain access to your messages and scan them. This includes providers such as WhatsApp, Signal, Proton Mail, and many more apps. The scanning would apply to all EU citizens, except EU politicians. They might exempt themselves from the law under “professional secrecy” rules.

Unlike Big Tech, our model doesn’t depend on hosting or mining your data. As Nextcloud has no access to your data — and also doesn’t store or run it — we can’t give governments access to your information. If they want to see information you have privately hosted, they will have to deal with you directly. Most Enterprise customers also have this covered in their contract. We don’t plan to make changes to our software and, as we don’t host anything, we also cannot be contacted to release any information.

What can you do?

As awareness about the EU Chat Control Law and the possible impact on citizens’ lives grows, so do the initiatives, including:

• Signing a petition: The German party Young Liberals set up the website StopChatControl.eu, aimed at a younger audience. With emojis and a video, it explains the issues with the law clearly, while providing visitors with Chat Control slides to create their own social media messages, as well as a petition to put further pressure on EU lawmakers.

• Writing your EU representatives: The citizen-led initiative Fight Chat Control allows you to look up with just one click which EU countries are supporting, opposing, or undecided. Handy templates enable you to write a letter to your EU representatives asking them to oppose the law in a few easy steps.

• Informing yourself and spreading the message:
  • The German digital rights activist Patrick Breyer launched a dedicated page to the EU Chat Control Law. From a timeline to a document pool and infographics to download and use, this is a one-stop page to learn everything about the law’s history, objections, and current status.
  • With the Stop Scanning Me initiative of the European Digital Rights (EDRi) movement, you can find localized campaigns for the German, Danish, Swedish, Spanish, Portuguese and English speakers, so you can get informed and spread the word in your own language.

Join one or more of these initiatives to raise your concerns with your EU Member of Parliaments, preventing mass surveillance and your fundamental rights to privacy and data protection.

What’s next for privacy in Europe?

As your digital life is extremely valuable, you and your company’s data are always at risk. Big Tech monopolies sell data for ad revenue, governments want your data to track you, and hackers can exploit it to scam you.

By reclaiming control over your data, you take back control of your online privacy.

Curious where to get started? Check out how others, including government agencies, organizations, and companies, have taken their digital privacy in their own hands again with Nextcloud.