- The VPN industry has spoken against the controversial draft law of child sexual abuse (CSAM)
- The members of the VPN Trust Initiative warn that legislators must “reject any regulation that weakens encryption standards”
- The members of the EU council share their final position on the Danish proposal of the so -called chat control on September 12, with the next meeting scheduled for October 14
EU legislators must reject any regulations that he refers to the rear doors of encryption, weakens encryption standards or impose insecure technical requirements.
That is the promise of the VPN Trust (VTI) initiative, a consortium that includes some of the best VPN suppliers in the market, since EU members share their final positions in the Danish version of the proposal for the regulation of child sexual abuse (CSAR) in the Council.
Nickname the chat control of its critics, the bill seeks to introduce new obligations for all messaging services operating in Europe to scan user chats, even if they are encrypted, in the search for known and unknown child sexual abuse material (CSAM).
Although the Private Network Virtual Software (VPN) is beyond the reach of the law, for now, at least, VTI members are concerned that this so -called client side scan irrevocably ruined the technology VPN.
“The encryption protects everyone or does not protect anyone,” said Emilija BeržanskaitÄ—, co -president of the VPN Trust initiative.
“Governments around the world, and especially in Europe this week, must lead from an informed position and defend a strong encryption as an cornerstone of privacy, digital trust and democratic values.”
How could chat control break the encryption?
In its current form, the Danish CSAM scanning proposal would force the tastes of WhatsApp, Signal, Protonmail and other messaging services to carry out an indiscriminate scan of private messages.
Crucially, the mandatory scan is expected to occur directly on the device before the messages are encrypted, aimed at shared URLs, images and videos. Only governments and military accounts are excluded from the scope of the bill.
Despite the proposal that mentions the commitment to preserve end -to -end encryption protections, experts believe that client’s side technologies simply cannot do that.
“The scan provisions of the Chat Control client create a false option between security,” Laura Tyrylyte, Nordvpn’s privacy defender, a member of the VTI, told Techradar. “Solutions should not be transactional. We cannot solve a problem, even as serious as child safety, at the expense of creating systemic security vulnerabilities that expose all greater risks.”
The NYMVPN CEO, Harry Halpin, has also spoken against chat control, considering “a great step back for privacy.”
“Scanning everyone’s intimate conversations is a disproportionate response that normalizes surveillance,” he explains. A measure that could easily be reused to journalists, activists or political opponents. Such rear door will also create a vulnerability that criminals and hostile governments could exploit.
“The best approach is the directed investigations, based on the order, the rapid elimination of illegal content, the clear industry reports and the specialized equipment properly with resources,” added Halpin.
How likely to pass chat control?
On the eve of today’s meeting (September 12), Luxembourg and Germany joined the opposition, carrying the list of countries that oppose the bill to eight.
The last rumors shared by the former Eurodiputa for the German Pirate Party and the jurist of digital rights, Patrick Breyer, also indicate that Slovenia has gone from the undecided to those against.
If that is true, only three EU members remain undecided (Estonia, Greece and Romania), and we will have to wait and see if these governments will eventually take a definitive position in the Council.
Know?
On Tuesday (September 9), more than 500 cryptography scientists and researchers signed a letter to warn the EU Risk Council of accepting the proposal in its current form. This is the third time since 2022 that experts have urged the mandatory chat scan.
However, support remains stronger, since 15 countries (including France, Italy and Spain) are in favor of the bill, according to the latest data.
According to the senior director of the European Government and the regulatory issues of the Internet Society, David Frautschy, that is “a bad result” for privacy and safe communications in the EU.
“It is not over, but the window is closing quickly. The process will end before October 14. Therefore, we encourage citizens to convince their policy formulators that the right path to follow is to support a strong encryption, not weaken or undermine it by means of the scanning of the client’s side,” Frautschy added.
However, what is certain is that chat control is only one of the proposals that could jeopard to research work.
When commenting on this point, Tyrylyte de Nordvpn told Techradar: “Once implemented, the scan infrastructure of the client’s side can be trivially reconfigured to expand surveillance beyond its original purpose. This directly contradicts the properties of the cybersecurity of the EU.
