Chat Control: Helpful or Harmful?

After months of guarded anticipation, the EU introduced its latest proposal to stem the tide of Child Sexual Abuse Material (CSAM) available on the Internet. While the goal is laudable, the new “Chat Control” legislation would require online service providers to automatically and indiscriminately monitor all digital communications and images to identify potential child sexual abuse material, and automatically report ‘suspicious' users to law enforcement authorities. Ironically, the proposed law does not oblige law enforcement to have CSAM removed.

The proposal’s provisions have been characterized as Orwellian, and criticized as an assault on privacy, security, and confidential communication that are cornerstones of democratic society, and fundamental prerequisites for a functioning digital economy and society.

Undeterred by months of criticism from civil liberties groups, data protection authorities, and Members of the European Parliament about the risks the new measures pose to everyone’s privacy, security, and free expression online, EU Commissioner for Home Affairs, Ylva Johansson, addressed the European Parliament’s Civil Liberties (LIBE) Committee about the proposed EU Child Sexual Abuse Regulation (2022/0155) on October 10th to extoll the virtues of the new ‘Chat Control” regulation.

As if direct criticism about the proposal wasn’t enough, its credibility was inadvertently undermined by Commissioner Johanssen who asserted that artificial intelligence is capable of detecting unknown depictions of sexualized violence against children with over 90% accuracy and 99% precision.

Her assertion was quickly debunked.

An astute observer and former Member of the European Parliament, Felix Reda, submitted an access to information request for details about Commissioner Johanssen’s claim. The response revealed that the almost-perfect CSAM detection results she had referred to are based on industry claims, in particular from Meta and Thorn, an NGO that uses tech solutions, such as its safer.io tool, to disrupt child abuse.

Perhaps unsurprisingly, the web page that contained those figures was quietly removed after the revelation.

The UN Human Rights Council is equally critical, noting that legislative attempts such as the EU Chat Control proposal, and the UK’s Online Safety Bill, might indirectly compel Internet communications services to impose "broad monitoring obligations for all communications, including those that are encrypted.”

The EU's latest attempt to control internet content is mirrored by equivalent encryption-busting, privacy-invasive legislation that other countries have introduced to protect viewers from unsuitable online content.

In Canada, Bill C-11 was introduced in 2022 as a measure to update the federal Broadcasting Act by, among other things, bringing the Internet under the purview of the regulatory authority, the Canadian Radio-television and Telecommunications Commission (CRTC), which has a mandate to regulate and supervise broadcasting and telecommunications in the public interest. Bill C-11 would allow the CRTC to have platforms routinely scrutinize “on demand” communications and block any content deemed unsuitable. By that logic — and since all personal communications, and all video transmissions via FaceTime and Zoom are ‘on demand’ — it follows that they, too, would be subject to regulatory scrutiny.

Similarly, Canada’s Bill C-26 authorizes the government to secretly order telecom providers “to do anything or refrain from doing anything” including imposing surveillance obligations on private companies, weakening encryption standards, and blocking Internet access to specified persons. And Bill C-18 has major implications for the free flow of information online and an independent press.

In like manner, India’s recently-introduced Draft Telecommunication Bill threatens end-to-end encryption. India’s Unified Payment technology entails sacrificing privacy for convenience since, as with digital payment systems elsewhere, all transactions are trackable, making anonymous payments an impossibility.

Since internet-based communications traverse the globe, the impact of these various legislative measures will threaten all communications, including text and images, regardless if they are privileged, confidential, political or state secrets.

As the European Digital Rights Initiative cautioned, Commissioner Johansson's proposal, “will force the providers of all our digital chats, messages and emails to know what we are typing and sharing at all times. It will remove the possibility of anonymity from many legitimate online spaces. And it may also require dangerous software to be downloaded onto every digital device."

More ominously, as the United States, Britain and Netherlands discovered, replacing police officers, social workers, teachers and accountants with technology solutions “is just the sort of magical thinking that leads to bad policy" that can have life-altering negative impacts.

When it comes to controlling online content, the measures proposed by EU, Canadian, and other governments will undermine any remaining vestiges of online privacy — including that of children whose attempts to report abuse will be at risk of being automatically identified as Child Sexual Abuse Material, with the content blocked and the abused children automatically reported as ‘suspicious' users to law enforcement authorities.