The EU's Plan to Kill Private Messaging

For years, the European Union has been fighting to access your private messages. Brussels desperately wants the ability to read every single piece of digital communication sent by an EU citizen—that includes texts, emails, DMs on social media apps like X, TikTok, or Instagram, and even messages sent via end-to-end encrypted services like Telegram and WhatsApp. None of your private conversations would be private any longer.

This idea was put forward in 2022, as part of the Child Sexual Abuse Regulation (CSAR). The aim of this measure, called Chat Control, was to sniff out illegal content—specifically child pornographic material—and forward it to the authorities. In theory, AI technology would be used to scan the contents of every message before it is encrypted—that is, before it is scrambled into unreadable code that only the recipient can decipher. This aspect of the legislation proved too controversial for many member states, and it was rejected in the European Parliament.

Now, though, the EU wants to try again. Upon taking over the presidency of the EU council last month, Denmark has made Chat Control a priority. Leaked minutes from a meeting of the Law Enforcement Working Party of the EU Council reveal that mass surveillance is firmly back on the agenda, with states attempting to smooth over previous disagreements. As it stands, 15 out of 27 nations back the plans, with some countries, such as Spain, even pushing for an outright ban of end-to-end encrypted messaging services. The Netherlands and Austria are bound by parliamentary votes before being able to support mandatory scanning, and Luxembourg and Slovenia say they are “not yet convinced.” Belgium, Poland, and Estonia are cautious, too. Poland did propose a suggestion to only target unencrypted messages and those individuals who were already under suspicion, but this was rejected, meaning that any legislation that materialises from this is likely to apply to everyone, everywhere.

It cannot be overstated just how devastating this would be for privacy. The EU has tried to reassure people that the messages will still be encrypted—only after they’ve first been scanned. But this effectively makes encryption pointless. It is the equivalent of the post office opening and reading your mail before sending it. Even the European Council’s own legal service thinks this is a disaster, noting that “client-side scanning is a violation of human rights and does not depend on the type of technology.” Reclaim the Net is right to call it “the biggest peacetime surveillance experiment in [European] history.”

The trouble is that this Orwellian mandate is being framed—as online censorship so often is—as a vital protection for children. It’s difficult to argue against a piece of legislation that promises to stop paedophiles from spreading content online and among themselves. That age-old idea that ‘if you have nothing to hide, you have nothing to fear’ has made far too many people complacent when it comes to government surveillance. But there is very little evidence that Chat Control will be an effective way to stop the spread of images depicting child sex abuse in the first place, and it is partially the product of lobbying. What it will undoubtedly do is target law-abiding citizens.

The EU’s Digital Services Act (DSA) is a prime example of this. It was introduced in 2022 with the purpose of countering illegal content, as well as “misinformation and disinformation,” but effectively gives Brussels the power to censor anything it deems problematic. Any platform that fails to police users strictly enough can receive massive fines or possibly be banned in the bloc altogether. As a result, social media sites are careful to apply overly sensitive filters to avoid penalties. The overwhelming majority of posts flagged and removed under the DSA aren’t even against the law.

The story is similar in the UK, which is currently in the process of implementing the Online Safety Act (2023). Like CSAR and the DSA, the Online Safety Act was lobbied for and introduced with the express purpose of protecting children—specifically, to stop minors from seeing potentially harmful or age-restricted content, like pornography. Last month, however, a Labour MP admitted that the law is being used to monitor “sentiments contrary to immigration” online. And, in the same way as the DSA, the Online Safety Act’s harsh punishments (fines of up to £18 million or 10% of global revenue, whichever is higher) incentivise social media companies to enforce the rules as strictly as possible. That means age-restricting a speech from a Conservative MP about the grooming-gangs scandal, or blocking a video from a different Tory MP about pro-parent policies, because it featured a baby.

Laws that aim to police illegal and harmful content almost never end there. In the first instance, Chat Control may well be used to go after child-abuse material. But it will likely soon expand to target criticism of immigration, opposition to woke ideology, and challenges to EU hegemony. Even those who don’t think of themselves as holding particularly controversial opinions should be concerned about this. What is considered the ‘acceptable’ dogma of the day changes so rapidly now that you can soon find yourself on the wrong side of mainstream orthodoxy, even when your opinions were held by the vast majority of people just a few years ago. Not that long ago, it was completely normal and expected to say that men cannot become women, or to publicly criticise politicians. Today, expressing this online can potentially get you into trouble with the law.

Regardless, we should all be adamantly opposed to anyone snooping in our private messages. How secure will this scanning technology be? Where will the information it picks up be stored and who will have access to it? How accurate will it be? Will it generate endless false positives and waste police forces’ already stretched time and resources? Given the EU’s terrible track record on tech (with systems often not working as they should or being vulnerable to security breaches), there’s little reason to believe that something as sensitive and complex as mass message scanning will be handled competently or safely.

Even if it were, Europeans still deserve the right to a private life. Not wanting the EU to read your messages and emails should not be a fringe concern or the domain of conspiracy theorists. It should be a basic demand that every person is allowed to keep secrets, no matter how mundane they may be. This is what enables us to speak freely and think critically. If every online musing ends up being scanned and monitored, there is no way for free speech to survive. With Chat Control, Brussels risks worsening the already stifling culture of self-censorship in Europe.

Once the infrastructure for censorship is in place, the temptation to expand it will be too great for the EU to resist. We’ve already seen how tools designed to tackle ‘harmful content’ morph into instruments for policing political dissent and suppressing controversial opinions. Chat Control will be no different. Mass surveillance is rarely rolled back, but almost always scaled up.