End of "Chat Control": EU parliament stops mass surveillance

Posted by amarcheschi 6 hours ago

End of "Chat Control": EU parliament stops mass surveillance(www.patrick-breyer.de)

420 points | 219 comments

nickslaughter02 6 hours ago|

> Despite today’s victory, further procedural steps by EU governments cannot be completely ruled out. Most of all, the trilogue negotiations on a permanent child protection regulation (Chat Control 2.0) are continuing under severe time pressure. There, too, EU governments continue to insist on their demand for “voluntary” indiscriminate Chat Control.

> Furthermore, the next massive threat to digital civil liberties is already on the agenda: Next up in the ongoing trilogue, lawmakers will negotiate whether messenger and chat services, as well as app stores, will be legally obliged to implement age verification. This would require users to provide ID documents or submit to facial scans, effectively making anonymous communication impossible and severely endangering vulnerable groups such as whistleblowers and persecuted individuals.

JumpCrisscross 8 minutes ago||

> further procedural steps by EU governments cannot be completely ruled out

In a democracy, we don't kill our opposition. If they hold views we don't like, e.g. that security trumps privacy, they're going to litigate them. Probably their whole lives. That means they'll keep bringing up the same ideas. And you'll have to keep defeating them. But there are two corollaries.

One: Passing legislation takes as much work as repealing it; but unpassed legislation has no force of law. Being on the side that's keeping legislation from being passed is the stronger position. You have the status quo on your side. (The only stronger hand is the side fighting to keep legislation from being repealed. Then you have both the status quo and force of law on your side.)

Two: Legislative wants are unlimited. Once a group has invested into political machinery and organisation, they're not going to go home after passing their law. Thus, repeatedly failing to pass a law represents a successful bulwark. It's a resource sink for the defense, yes. But the defense gets to hold onto the status quo. The offense–the guys pushing for Chat Control–is sinking resources into the same fight except with nothing to show for it. (Both sides' machines get honed.)

Each generation tends to have a set of issues they continuously battle. The status quo that persists or emerges in their wake forms a bedrock the next generations take for granted. This is the work of a democracy. Constantly working to convince your fellow citizens that your position deserves priority. Because the alternative is the people in power killing those who disagree with them.

lpcvoid 1 minute ago||

Great comment, thank you. I know that I could simply upvote, but this deserved more.

1vuio0pswjnm7 1 hour ago|||

"> Furthermore, the next massive threat to digital civil liberties is already on the agenda: Next up in the ongoing trilogue, lawmakers will negotiate whether messenger and chat services, as well as app stores, will be legally obliged to implement age verification. This would require users to provide ID documents or submit to facial scans, effectively making anonymous communication impossible and severely endangering vulnerable groups such as whistleblowers and persecuted individuals."

Perhaps this is bad news for "messenger and chat services, as well as app stores" who solicit "users" to exploit them for commercial gain, for example _if_ users are unwilling to accept "age verification" and decide to stop using them. The keyword is "if"

The third parties know it's possible for capable users to communicate with each other without using third party "chat and messenger services" intermediaries that conduct data collection, surveillance and/or online ad services as a "business model". Thus the third party "tech" company intermediaries strive to make their "free services" more convenient than DIY, i.e., communication without using third party intermediation by so-called "tech" companies

But users may decide that "age verification" is acceptable. For many years, HN comments have repeatedly insisted that "most users" do not care about data collection or surveillance or online advertising, that users don't care about privacy. Advocates of "Big Tech" and other so-called "tech" companies argue that by using such third party services, users are consciously _choosing_ convenience over privacy

Perhaps the greatest threat to civil liberties is the mass data collection and surveillance conducted by so-called "tech" companies. The "age verification" debate provides a vivid illustration of why allowing such companies to collect data and surveil without restriction only makes it easier for governments that seek to encroach upon civil liberties. While governments may operate under legal and financial constraints that effectively limit their ability to conduct mass surveillance, the companies operate freely, creating enormous repositories that governments can use their authority to tap into

sveme 42 minutes ago||

There's a fairly non-invasive way to do age verification: ID cards that connect to a smartphone app that only provide a boolean age verification to the requesting service. Requesting service can be anonymous to the ID app and the requesting service can only receive a bool.

That most implementation will try to collect far more data is the real concern.

brightball 3 hours ago|||

The timing of having Meta dropping encrypted chats on Instagram is...interesting.

zoobab 2 hours ago|||

"Next up in the ongoing trilogue, lawmakers will negotiate whether messenger and chat services, as well as app stores, will be legally obliged to implement age verification."

Trilogues should be burned down, closed doors meetings with Ministers writing laws from their own services.

pnt12 1 hour ago||

See you soon folks!

miohtama 5 hours ago||

Here is the EPP's plea to get this passed earlier.

They even used a teddy bear image.

https://www.eppgroup.eu/newsroom/epp-urges-support-for-last-...

"Protecting children is not optional," said Lena Düpont MEP, EPP Group spokeswoman on Legal and Home Affairs. "We call on the S&D Group to stop hiding behind excuses and finally take responsibility. We cannot afford a safe haven for child abusers online. Every delay leaves children exposed and offenders unchallenged."

Personally, I feel there must be other privacy-preserving ways to address child abusers than mass surveillance.

Also, for the record, here is the list of parties that lobbied for this for Mrs Düpont, alongside very few privacy-focused organisations. Not sure why Canada or Australia are lobbying for EU laws.

ANNEX: LIST OF ENTITIES OR PERSONS FROM WHOM THE RAPPORTEUR HAS RECEIVED INPUT

- Access Now

- Australian eSafety Commissioner

- Bundesrechtsanwaltskammer (BRAK)

- Canadian Centre for Child Protection

- cdt - Center for Democracy & Technology

- eco - Association of the Internet Industry

- EDPS

- EDRI

- Facebook

- Fundamental Rights Agency

- Improving the digital environment for children (regrouping several child protection NGOs across the EU and beyond, including Missing Children Europe, Child Focus)

- INHOPE – the International Association of Internet Hotlines

- International Justice Mission Deutschland e.V./ We Protect

- Internet Watch Foundation

- Internet Society

- Match Group

- Microsoft

- Thorn (Ashton Kutcher)

- UNICEF

- UN Special Rapporteur on the right to privacy

https://www.europarl.europa.eu/doceo/document/A-9-2020-0258_...

DoingIsLearning 4 hours ago||

We need to add Palantir in bold letters to that list, they are behind this in every way except for 'officially'.

> The Commission’s failure to identify the list of experts as falling within the scope of the complainant’s public access request constitutes maladministration. [0]

> The Commission presented a proposal on preventing and combating child sexual abuse, looking in particular at detecting child pornography. In this context, it has mentioned that support could be provided by the software of the controversial American company Palantir... [1]

> Is Palantir’s failure to register on the Transparency Register compatible with the Commission’s transparency commitments? [1]

(Palantir only entered the Transparency Registry in March 2025 despite being a multi million vendor of Gotham for Europol and European Agencies for more than a decade)

> No detailed records exist concerning a January meeting between European Commission President Ursula von der Leyen and the CEO of controversial US data analytics firm Palantir [2]

[0] https://www.ombudsman.europa.eu/en/decision/en/176658

[1] https://www.europarl.europa.eu/doceo/document/E-9-2024-00016...

[2] https://www.euractiv.com/news/commission-kept-no-records-on-...

heavyset_go 1 hour ago||

> - Thorn (Ashton Kutcher)

They really have no shame, do they? https://www.bbc.com/news/entertainment-arts-66772846

Kutcher defended a rapist in court when they thought they were anonymous (they weren't), the same rapist who bragged about assaulting their underage peer/co-star to Kutcher, and then harassed the children of the plaintiffs[1] in his trial where he was convicted and sentenced to 30 years to life:

> Another plaintiff stated that she and her neighbors observed a man snapping pictures from her driveway, and later that night, broke a window in her 13-year-old daughter's bedroom.

[1] https://people.com/tv/danny-masterson-church-scientology-sue...

benced 1 hour ago||

> Recently, only 36% of suspicious activity reports from US companies originated from the surveillance of private messages anyway.

I don't have many opinions on this but this sort of lazy logic would make me nervous. 36% is not a small number and that's before the folks doing this activity find out that private message is less patrolled.

dgellow 57 minutes ago|

Yeah, that number is actually really high. I’m wondering how noisy those reports are

elephanlemon 6 hours ago||

I’m confused by

> This means on April 6, 2026, Gmail, LinkedIn, Microsoft and other Big Techs must stop scanning your private messages in the EU

It had already passed and started?

vaylian 4 hours ago||

> It had already passed and started?

Facebook and others have been scanning your private messages for many years already. Then someone discovered that this practice is illegal in Europe. So they passed the temporary chat control 1.0 emergency law to make it legal. The plan was to draft a chat control 2.0 law that would then be the long-term solution. But negotiations took too long and the temporary law will expire on the 4th of April (not the 6th) which means that it will be illegal again for Facebook and others to scan the private messages of European citizens without prior suspicion of any wrongdoing.

moffkalast 1 hour ago||

I take it facebook/meta paid no fines for doing it illegally in the first place?

vaylian 1 minute ago||

You could probably have sued them. I'm not aware of any cases where that happened.

isodev 5 hours ago|||

Of course, remember Apple championed the idea with iMessage scanning which at the time produced A LOT of discussion e.g. https://www.eff.org/deeplinks/2021/12/2021-we-told-apple-don...

nickslaughter02 6 hours ago|||

Yes, voluntary Chat Control 1.0 has been running since 2021.

SiempreViernes 4 hours ago||

Well, chat control 1.0 is about making an existing practice legal, it didn't create the practice of scanning messages for know child sexual abuse material, though I don't know how long that has been going on before the legislation in 2021 passed (but probably for several years at that point, since getting a new law trough takes a while).

fh973 3 hours ago|||

Gmail and likely others have been scanning at least emails for child pornography since the 2010s.

layer8 4 hours ago|||

https://eur-lex.europa.eu/eli/reg/2021/1232/oj/eng

3836293648 5 hours ago|||

Something something constitutional (ish*) rights say you can't do this.

Chat Control 1 says, eh do it anyway if you want on a voluntary and temporary basis until the Courts get around to saying no.

Chat Control 2 says you have to. Until the courts finally get around to striking it down in 15 years.

inglor_cz 6 hours ago|||

It was possible on a voluntary basis.

appstorelottery 5 hours ago|||

What happens to the already scanned metadata?

layer8 4 hours ago||

The data that isn’t flagged from scanning is prohibited from being stored in the first place. Flagging is required to have maximum accuracy and reliability according to the state of the art. Data that was flagged is stored as long as needed to confirm (by human review) and report it. Data that isn’t confirmed must be deleted without delay.

gostsamo 4 hours ago||

There was an interim legislation that will expire in april.

YeahThisIsMe 23 minutes ago||

It's never going to stop. They'll keep trying until they get it because they're sick people.

_fat_santa 5 hours ago||

It seems like an almost never ending hamster wheel of chat control being introduced, voted down, then introduced again in the next session.

hkpack 9 seconds ago||

[delayed]

xeonmc 34 minutes ago|||

I think the more fitting imagery would be https://en.meming.world/images/en/4/4a/Moe_Tossing_Barney_Fr...

ryandrake 3 hours ago|||

That's the problem with modern democracies (it happens in the USA too). They only have to win once and it's law. We have to win every time.

JumpCrisscross 2 minutes ago|||

> They only have to win once and it's law. We have to win every time.

Passing legislation takes about as much effort as repealing. (The exception being if the legislation spawns a massive bureaucracy.)

Chat Control 1.0 was de facto passed. It's now being unpassed. We don't have to win every time. Just more.

__loam 2 hours ago||||

Need to amend constitutional rights to privacy then these laws can be struck down in courts.

bigyabai 2 hours ago||

I feel like that would end with the same surveillance loopholes that Google, Microsoft and Apple exploit today.

Users need the ability to choose operating systems and software that is not exclusively green-lit by a first-party vendor. It's not glamorous, but pretending that software isn't a competitive market is what put us into this surveillance monopoly in the first place. "trust" distributed among a handful of businesses isn't going to cut it in a post-2030s threat environment.

moffkalast 1 hour ago|||

It's a problem when the parliament can't propose the laws it has to vote on and the commission isn't elected and continues to be presided by the most corrupt person in the EU. She is blatantly EPP and just keeps proposing the shit they want.

For Americans, imagine if only Republicans ever got to propose legislation and only Democrats could vote on it. That's more or less it.

petre 43 minutes ago|||

At least the Commision can't conduct war for 100 days without Congress approval.

I thought Juncker was an idiot but VdL is corrupt to Hillary levels and worse than the disastruous Merker/Juncker duo in every way. I'd like to see her replaced with someone like Macron. That's the type of leadership that the EU needs right now.

tpm 50 minutes ago||||

You are mostly right except vdl is very, very far from the most corrupt person. It can be much worse.

toyg 12 minutes ago|||

> She is blatantly EPP

Well, that's because she was nominated by European governments, which happen to be largely run by right-wing parties right now. There have been socialist personalities in her place in the past. That has nothing to do with democracy.

cess11 3 hours ago|||

The US really, really wants it implemented, and several national police institutions in the EU does too. Plus the politicians that start to drool a little at the prospect.

moffkalast 1 hour ago||

Given the current US-EU relations I'm more surprised we're not telling them to go fuck themselves on this.

dmitrygr 2 hours ago||

We need a double-jeopardy-like constitutional amendment for legislation. Legislation once-tried and failed cannot be tried again.

krapp 1 hour ago||

That would be antithetical to democracy. The people must be allowed to introduce any legislation they want, as often as they want.

Otherwise it would be trivial for a government to intentionally fail to pass anything they disagree with, and thus act as a de facto dictatorship.

jagged-chisel 1 hour ago|||

Not to mention how would one even define "the same legislation"?

dmitrygr 1 hour ago|||

When have "the people" been last consulted on this? Do you really think Chat Control has high public support? Given how most "democracies" work in our world today (which is to say with no consultation of the people), i think limiting their ability to do further harm might be worth it.

krapp 1 hour ago|||

This wouldn't limit the ability of governments to do harm, it would limit the ability of the people to mitigate that harm by giving them only one chance to ever do so.

I don't think "democracy is flawed therefore we need less of it" is a good idea.

moffkalast 1 hour ago|||

The MEPs represent the people. They've just been consulted. They said no.

Looking at what each of my MEPs voted they seemed to pretty accurately represent their own party lines, the right and far right voted for, left and center left voted against. I'm shocked! Shocked! Well not that shocked.

beej71 4 hours ago||

Political engineering angle: "These people will not rest until they are able to read your child's messages."

someguyornotidk 24 minutes ago||

The fact that they could pull a stunt like this shows that the EU is no democracy. Shame on the politicians who tried to rob people of their rights.

amarcheschi 6 hours ago||

I would say "end of chat control, for now"

vintermann 6 hours ago||

Those guys only ever have a "maybe later" button.

rsynnott 6 hours ago||

That's pretty much how it works; there's generally no way, in a modern parliamentary democracy to say "no, and also you can never discuss it again". You could put it in the constitution, but honestly there's a decent argument that parts of chat control would violate the EU's can't-believe-it's-not-a-constitution (the Lisbon Treaty is essentially a constitution, but is not referred to as such because it annoys nationalists) in any case and ultimately be struck down by the ECJ, like the Data Retention Directive was.

account42 5 hours ago|||

Constituional cours are a last defense against bad laws though and should not be the first one - they are not designed to be fast enough to prevent a lot of damage being done before they strike something down.

wongarsu 4 hours ago|||

The first defense is that the Council of the EU (formed by government ministers of the member states) and the European Parliament (elected directly by EU citizens) have to agree on the legislation. And while the council is staffed by career politicians, the parliament is a more diverse group that's generally a bit closer to the average person

From the point of view of the individual, the parliament is our first defense. And this is an example of it working

ApolloFortyNine 4 hours ago||||

If something in 'Chat Control' is so fundamental that it should lead to the law not even being brought up for discussion (privacy), then that 'right' should be more clearly defined in the constitution, or constitution like structure.

It's when laws can exist, but simply have bad implementations, where you obviously can't jump to an amendment process.

rsynnott 5 hours ago|||

I mean, they're _not_ the first defence. This is a story about the parliament rejecting a bad law.

cucumber3732842 5 hours ago|||

That constitution sure did stop Giuliani from having the cops shake down all those black guys.

At the end of the day you still need people to actually believe it, for whatever "it" is.

rsynnott 2 hours ago||

Yeah, this is more or less what I'm saying. Large parts of 'Chat Control' likely _are_ unconstitutional, but that doesn't necessarily stop it being brought (it just makes it likely that the courts will kill parts of it if it ever passes).

cucumber3732842 2 hours ago||

> (it just makes it likely that the courts will kill parts of it if it ever passes).

Years after harm was done and lives were ruined no less.

leosanchez 6 hours ago|||

For today or for this month.

lo_zamoyski 6 hours ago||

The value of persistence!

bradley13 2 hours ago|

Thex will try again. And again. It's for the children, don't you know?

The only way to really stop this would be to pass legislation that permanently strengthens privacy rights.

More comments...