Those believed to be dead live longer: The Belgian Presidency of the EU Council of Ministers once again sees reason to assume that, despite all previous hurdles, the member states will agree on the hotly contested chat control before the European elections in June. Your latest attempt to correct the EU Commission's hotly contested initiative for a regulation on online surveillance under the banner of the fight against child sexual abuse has met with significantly more approval among national governments, writes the Presidency in the foreword to the relevant draft dated 13 . March. Belgium presented the paper to the law enforcement working group on March 1 and subsequently concluded that there was enough support “to continue developing this new approach.”
Advertisement
Old questions remain unanswered
According to its leaked current draft, the council leadership says it is relying on more targeted detection orders through improved risk assessment and categorization as well as the “protection of cybersecurity and encrypted data”. The revised Article 4 states: This regulation does not create an obligation for service providers such as WhatsApp, Signal and Threema to “provide access to end-to-end encrypted data”. On the other hand, Belgium emphasizes that services with end-to-end encryption also remained part of the investigation orders in principle. How appropriate technical safeguards should be protected remains an open question.
Specifically, the Belgians propose to establish three categories into which parts or components of services could be classified as high, medium and low risk. This classification is intended to be “objectively defined” and based on a number of objective parameters such as the core architecture of the service, the provider's policies and “security by design functionalities” as well as usage trends. This process offers service providers instructions for self-assessment and also provides relevant criteria to the coordinating authority, which ultimately decides on the application for disclosure orders. The relevant EU child protection center could also provide information or recommendations on corrective measures that could be implemented or offer to carry out sampling.
“Highest alert level”: Restrictions are considered meaningless
In view of the comments made by national delegations, the Presidency proposes that, as a last resort, only high-risk services, or parts or components thereof, be subject to a detection order “if the additional remedial measures do not effectively address the high risk identified”. The coordinating authority must always aim for the least intrusive means. At the same time, surveillance measures should be aimed at “users of interest” who have already been automatically identified on the basis of several “hits” as a potential sender or recipient of material about child sexual abuse or as a person on the hunt for relevant contacts with offspring through grooming.
From a civil rights perspective, what the governments are now trying to push through after debates behind closed doors is not a good thing, warns EU MP Patrick Breyer (Pirate Party). In essence, “the Commission’s extreme initial draft” should be retained. The restriction to “high-risk services” is meaningless “because every communication service is always misused to send illegal representations.” Ireland would be responsible for classifying the major services – one of the strongest supporters of chat control. Furthermore, end-to-end encryption should continue to be generally undermined in order to “convert smartphones into spies” via client-side scanning. According to the parliamentarian, the highest alert level exists because previously critical EU states also praised the repackaged plans and the blocking minority no longer exists. Even the federal government has not clearly rejected comprehensive chat control of unencrypted services.
(my)