- The VPN industry has stated against the controversial sexual abuse of children (CSAM) scan
- Members of the VPN Trust Initiative warn that legislators must “reject any rules that weaken encryption standards”
- EU council members share their final attitude towards the Danish proposal from the so-called chat check on September 12, with the next meeting set at October 14
The EU legislators should reject any rules that require encryption back doors, weaken encryption standards or place uncertain technical requirements.
It is the promise of the VPN Trust Initiative (VTI), a consortium that includes some of the best VPN providers in the market as EU members share their final positions on the Danish version of the regulation of sexual abuse (CSAR) in the Council.
Calname Chat Control of its critics, and the bill seeks to introduce new obligations for all message services operating in Europe to scan user chats – even though encrypted – in the search for both known and unknown material for children sexual abuse (CSAM).
Although Virtual Private Network (VPN) software is beyond the range of the law-in at least at least-VTI’s members concerned that this so-called scan of the client side would irrevocably ruin the technology itself on which VPNs are built.
“Encryption protects either everyone or it protects none,” said Emilija BeržanskAitÄ—, co-chair of the VPN Trust initiative.
“Governments around the world – and especially in Europe this week – will lead from an informed position and defend strong encryption as a cornerstone of privacy, digital trust and democratic values.”
How Chat Control could break encryption?
In its current form, the Danish CSAM scan proposal would force them as WhatsApp, Signal, ProtonMail and other messaging services to perform arbitrary scanning of private messages.
Of crucial importance, the mandatory scan is expected to occur directly on the device before messages are encrypted and targeted at shared URLs, images and videos. Only governments and military accounts are excluded from the range of the bill.
Despite the proposal that mentions the obligation to preserve end-to-end encryption protection, experts believe that the client side technologies simply cannot do so.
“Chat Control’s scanning provisions on the client side create a false choice between security and security,” Laura Tyryyte, Privacy Attorney told NordVPN, a member of VTI, to Techradar. “Solutions should not be transactional. We cannot solve a problem, even as serious as childhood safety, at the expense of creating systemic safety vulnerability that exposes everyone to greater risks.”
NyMVPN CEO Harry Halpin has also stated against chat control and considers it “a big step backwards for privacy.”
“Scanning of everyone’s intimate conversations is a disproportionate reaction that normalizes surveillance,” he explains. A measure that could easily be reused to target journalists, activists or political opponents. Such a back door will also create a vulnerability that criminals and hostile governments could exploit.
“The better approach is targeted, warrant -based studies, rapid removal of illegal content, clear industry reporting routes and properly resourceed specialist team,” Halpin added.
How likely should chat control go?
On the threshold of today’s (September 12), Luxembourg and Germany met the opposition and brought the list of countries that opposed the bill to eight.
The latest rumors shared by the former MEP for the German Pirate Party and Digital Right’s lawyer Patrick Breyer also indicates that Slovenia has gone from the indefinite to those opposed.
If this is true, only three EU members remain undislutgent (Estonia, Greece and Romania) and we will have to wait and see if these governments will eventually take a certain position in the council.
Do you know?
Tuesday (September 9), over 500 cryptographic researchers and researchers signed a letter to warn the EU’s advice on the risks of agreeing to the proposal in its current form. This is the third time since 2022 that experts have called for mandatory chat scanning.
However, the support remains stronger where 15 countries (including France, Italy and Spain) are for the bill, according to the latest data.
According to the Senior Director of the European Government and Legislative Affairs on the Internet Society, David Frutschy, it is “a bad result” for privacy and secure communication in the EU.
“It’s not over, but the window closes quickly. The process will be over on October 14.
What is certain, however, is that chat control is only one of the proposals that can jeopardize encryption protection for Europeans – and VPNs could also become a target, as some EU experts explicitly mentioned them as “key challenges” for investigative work.
In comments on this point, Tyryryte from NordVPN Techradar told: “Once inserted, the client-scan scan infrastructure may be trivially configured to expand monitoring beyond its original purpose. This directly contradicts the EU’s own cyber security goals while trying on the cyber-resistance and post-quantum cryptography. weakened security while others try to try to strengthen it.
