The EU Commission has presented a new draft regulation. This is to serve the fight against sexual abuse of children. It was announced that chat controls would be introduced. However, the draft also deals with topics such as age control and network blocking. Is this already data retention?
Chat control in design
A comparatively small part of the draft is devoted to so-called chat control. This refers to the detection of misuse material and attempts at solicitation on users' devices. IT security lawyer Dennis-Kenji Kipker compares this procedure to "extended data retention.
To this end, the EU is planning a new EU center in The Hague that will provide the relevant software. This software is to scan messages and content at the respective service provider (communication or hosting). Kipker sees this as a "new security authority with extensive data collection powers and very far-reaching data processing powers [...] whose employees enjoy legal immunity." The new EU center is envisioned to have the broadest powers in each member state. It will also work closely with Europol.
Criticism of the draft from the review committee
The European Commission's review committee has already sharply criticized the draft, although the details of the EU center have not even been determined yet. It is unclear to what extent the search mechanisms are compatible with the ban on warrantless mass surveillance. In addition, there is a lack of information on the extent to which the measures are suitable and proportionate in the fight against sexual abuse of children on the Internet.
The Commission counters the accusations with the objection that chat control would only be used as a last resort.
Age control in design
The draft also provides for age checks. This would be extremely costly for providers if it is to be carried out effectively. On the part of users, this results in a data protection risk. Especially since this measure would be easy to circumvent, measured against current procedures. Particularly since it would be obvious in the case of a European regulation that the implementation would also only take place in the EU.
Security experts warn that SSI (Self Sovereign Identity) technologies such as the EU ID will become the login standard and thus pose a threat to citizens' data. Anonymous login would then no longer be possible, resulting in complete traceability.
Network blocking and app store control
According to the draft, there will also be regulations for apps in the EU in the future, which will be controlled via specifications for the app stores. The main issue here is the deactivation of end-to-end encryption, which many messengers refuse. Such messengers could face banishment from the app store in the future. The app stores are also given a certain responsibility to identify "dangerous" apps and make them inaccessible to children.
The draft also obliges Internet access providers to block access to child pornography content - unless it has been deleted. There is a danger here that these network blocks will become more and more widespread and a "censorship infrastructure" will emerge. With a little technical expertise, however, it will be possible to circumvent these as well.
Conclusion
The regulations listed in the draft show that Internet use could be severely restricted in the future. Even if chat control is currently the main focus of public attention, the other planned regulations and their development into a kind of all-dominant censorship must not be overlooked.