FVD International Politics

Brussels votes to extend Chat Control via a controversial procedure

Forum for Democracy
Brussels votes to extend Chat Control via a controversial procedure

This week, the European Parliament approved the extension of the temporary Chat Control Regulation. This means that large technology companies will continue to be able to automatically scan unencrypted messaging services for material relating to child sexual abuse. Once the Member States have also given their approval, the regulation is expected to remain in force until 2028.

According to the European Commission, this power is necessary to combat online child sexual abuse more effectively. Critics, however, warn that the technology extends far beyond that single objective and creates an infrastructure that could ultimately be used to monitor the digital communications of all Europeans.

The fact that the regulation has been extended is controversial in itself. Equally remarkable is the way in which this happened. Earlier this year, the European Parliament had rejected an extension of the temporary regulation. Nevertheless, the proposal was put back on the agenda via an exceptional fast-track procedure, at a time when many MEPs were already absent due to the approaching summer recess. This made it considerably more difficult to gather enough votes to block ‘Chat Control’.

What is Client-Side Scanning?

At the heart of the debate is Client-Side Scanning (CSS). Under this system, photos, videos and messages are not checked only after they have been sent, but on the user’s device, before they are sent.

At present, major tech companies such as Meta, Google and Microsoft are permitted automatically to compare unencrypted messaging services against a database of known child sexual abuse imagery. When an algorithm suspects a match, a report is generated so that further assessment can take place.

A backdoor to mass surveillance

During a round-table discussion in the House of Representatives, FVD MP Frederik Jansen explicitly asked the experts present whether the same technology could also be used for purposes other than detecting child abuse.

Link to the tweet

The responses were striking:

Professor of Privacy Studies, Jaap-Henk Hoepman, replied that, technically speaking, this is actually “trivial”. If software can recognise images of child sexual abuse, he argued that the same technology could just as easily be used to detect other images and documents. Professor Frederik Zuiderveen Borgesius added that, ultimately, it might even be possible to search for words such as “demonstration” or “cartoon”. In his view, this would create a system capable of extending far beyond the fight against child abuse.

The experts also point to significant practical concerns. Every day, Europeans send many billions of messages. Even a very small margin of error (on average, one in a hundred thousand) could therefore lead to millions of false reports each week. According to expert Bert Hubert, such false reports could have far-reaching consequences, such as police investigations or home visits.

Michel van Eeten also doubts whether criminals would actually be deterred by this technology, whilst it is mainly ordinary citizens who are being monitored. Frederik Jansen adds that simply creating a ZIP folder is enough to render the technology ineffective, meaning that malicious actors – despite the surveillance system – have free rein.

Chat Control 1.0 is being expanded

The extension not only maintains the existing scheme but also broadens its scope.

Whereas the original Chat Control regulation focused exclusively on recognising known images of child sexual abuse, technology companies will now also be permitted to use artificial intelligence to detect new, unknown material. In addition, it will be possible to use AI to detect attempts at online grooming.

According to Professor of Cryptography, Bart Preneel, it is precisely this expansion that significantly increases the risk of false positives. AI is less accurate at recognising unknown material than it is with existing databases. Given the billions of messages sent daily in Europe, he believes this could lead to millions of innocent citizens being wrongly flagged as suspicious.

Digital confidentiality of correspondence

This extension once again pushes the boundaries when it comes to protecting the privacy of European citizens. An infrastructure introduced today to combat child abuse could also be used for other purposes tomorrow. A prank? A call to protest? At the touch of a button, it could become possible to track down – and punish – such expressions too. The FVD therefore continues to oppose any form of client-side scanning and advocates for the unconditional protection of digital privacy.

About the Author
Forum for Democracy
Written by

Forum for Democracy

Dutch Political Party

Dutch Political Party

The Dispatch

Stay informed.

Our latest analysis and reporting from the heart of Europe — delivered straight to your inbox. No spam. No ads. Ever.