Inside the coalition, a dispute is brewing about the federal government's position on chat control. The Ministry of the Interior under Nancy Faeser (SPD) wants to support the EU plans, according to an internal position paper. In the coalition agreement, however, chat control was rejected, the FDP and the Greens are sticking to their position.
Netzpolitik.org reports on the position paper, and the portal publishes the full text of the letter. As usual, this is technologically vague. There is no direct reference to “client-side scanning”, instead there is a general reference to “possible detection orders”. Before these are used, “all milder means (mandatory) must first be exhausted”. It is also repeatedly said that the EU Commission must specify the proposals.
In essence, however, this position paper means that the Federal Ministry of the Interior wants to support the EU Commission's proposal in principle. However, this contradicts the coalition agreement. There it says, among other things, “Measures to scan private communication” are rejected. A position that the FDP-led ministries recently underlined in a joint paper that was also published by Netzpolitik.org.
In this letter, the Justice, Digital and Transport ministries formulated red lines. According to this, among other things, client-side scanning must disappear from the EU regulation, and there should also be no chat control. You want to rule that out by not applying the EU regulation to interpersonal communication. These and other demands must be met for the federal government to be able to approve the regulation from the point of view of the FDP ministries.
According to Netzpolitik.org, the Greens digital politician Tobias B. Bacherle also describes the coalition agreement as clear that the chat control goes too far. Even in the ranks of the SPD, the chat control initiative has been criticized so far. The question now, however, is which position the federal government will finally agree on. In Brussels, Faeser has so far kept a low profile as the German representative. The EU Parliament and the Council of Ministers – in which EU countries such as Germany are represented – are currently negotiating the EU Commission's proposal.
Controversial Proposals
This had presented the regulation in spring 2022. The goal is, among other things: Restrict the distribution of content that depicts child sexual abuse. According to the EU Commission, these have become out of hand in recent years. In order to achieve this, both hosting providers and messenger services should be able to be obliged to implement technologies that discover the relevant content. The draft regulation states:
Providers of hosting services and providers of interpersonal communications services that have received a detection order will carry it out by installing and operating technology that allows the dissemination of known or new child sexual abuse material or to contact children using the appropriate methods set out by the EU Centre Article 46 provided indicators can be recognized.
Article 10, Paragraph 1
This can be realized using two methods: The comparison with known material should be carried out using a hash Value comparison should take place, while there should be automated detection methods for content that has not yet been captured.
The initiative has been heavily criticized, with civil rights activists and data protection advocates unanimously rejecting it. Recently, for example, a statement from the Chaos Computer Club (CCC) said: “Mass surveillance without cause does not contribute to the safety of children, but rather endangers children and young people and opens wide-ranging gateways for abuse.” In fact, improved investigative capacities and “sufficient equipment would be effective institutions that actively protect children” – but that is left out of the Commission’s proposal.
Nor does the regulation protect fundamental rights, as the EU Commission and the Ministry of the Interior argue. Even if the end-to-end encryption is not directly leveraged, it is an intervention that undermines confidential communication. “The regulation would turn your own device into a monitoring tool that checks all communication for suspicious content before it is encrypted and sent,” says the CCC.
Reference is made to a paper by well-known security researchers who already looked into the risks of client-side scanning in 2021. This study came about when Apple announced that it wanted to scan content on users' devices. However, the plan was not implemented. And about a week ago, Apple announced that it was no longer pursuing this approach. Instead, Apple recently strengthened the encryption process.