17 April 2023
ICCL and DRI welcome the Oireachtas Joint Committee on Justice’s intervention against a proposed EU law which could mandate the monitoring of virtually all public and private digital communications, calling into question its efficacy and disproportionate intrusion on fundamental rights.
The ‘ChatControl’ law would oblige service providers to either break end-to-end encryption or put surveillance technology directly on everyone’s phones and computers in a bid to detect known and possible child sexual abuse material (CSAM), and to examine texts and audio communications for possible grooming on their entire service, via detection orders.
Olga Cronin, Surveillance and Human Rights Policy Officer, ICCL, said:
"This is a welcome intervention from the Justice Committee. ICCL accepts the European Commission’s good intentions to tackle what is a heinous crime. Everyone agrees that effective measures must be taken to protect the rights of victims and survivors. But mandating the mass scanning of the messages and emails of almost 500 million people in the EU to combat a deeply complex social problem is disproportionate.”
Dr TJ McIntyre, Chair of Digital Rights Ireland and Associate Professor in UCD School of Law, added:
“There is concern across Europe about this plan for unprecedented mass surveillance. For example, the German Bundestag’s Digital Affairs Committee has held a hearing showing that it presents significant threats to fundamental rights. The proposal must be withdrawn and rethought.”
In a communication sent to Minister for Justice Simon Harris, all Irish MEPs, President of the European Commission Ursula von der Leyen, President of the European Parliament Roberta Metsola and President of the European Council Charles Michel, the committee has said the proposed law:
- Is unprecedented in requiring indiscriminate scanning of digital communications, threatening the safety, privacy, and freedom of expression of every citizen;
- Would significantly undermine the security of our communications and online services;
- Would likely lead to police authorities being inundated with false positives, and that the flagging of so many innocent files would take vital resources away from abused children;
- Would mandate the increased use of error-prone technology that already incorrectly flags innocent people as sharers of CSAM in a manner that is “extremely intrusive” to people’s rights;
- Faces being struck down by the courts because it doesn’t comply with certain rights guaranteed by the Charter of Fundamental Rights of the EU, including the rights to privacy, protection of personal data and freedom of expression and information; and
- May place a significant burden on Irish national authorities, given many Big Tech companies are located in Dublin.
Ends
Available for comment:
- Olga Cronin, Surveillance and Human Rights Policy Officer, ICCL
- Dr TJ McIntyre, Chair of Digital Rights Ireland and Associate Professor in UCD School of Law
For media queries: ruth.mccourt@iccl.ie / 087 415 7162
Notes to editors:
- The Oireachtas Joint Committee on Justice’s communication can be read here.
- The services which could be scanned under this proposed law include: online and app-based chat services, including encrypted services such as Facebook Messenger, WhatsApp, Signal, and Telegram; direct messaging on platforms such as Instagram, Twitter, LinkedIn, and Reddit; email services such as Gmail and Outlook; dating apps, chat rooms, Slack, and other chat-based services; telephone calls and SMS messages; hosting platforms and services such as iCloud, Google Drive and Microsoft Azure.
- End-to-end encryption is vital to protect the privacy and security of citizens and governments around the world, as it prevents any third party from reading messages sent between a sender and a recipient. But end-to-end encryption is not just an essential tool that we use to safeguard our texts, emails, voice calls and social media. It also protects and secures the processing of our data when it comes to sensitive activities such as personal banking transactions, online credit card use, online shopping, buying health insurance, accessing health data, making mobile payments and carrying out our employment.
- Technology experts say governments demanding the ability to weaken or interfere with encryption makes the Internet less secure.
- As also stated by the UN, mandating so-called backdoor access to encrypted communications creates liabilities that go far beyond their usefulness with regard to specific users identified as crime suspects. Such access jeopardises the privacy and security of all users, exposing them to unlawful interference. (see par.25).
- The Justice Committee’s concerns about how this proposal will impact fundamental rights of all internet users echo similar concerns raised by:
- The European Parliamentary Research Service;
- A former Court of Justice of the European Union judge who has stated the proposed law is incompatible with EU case law;
- The European Commission’s Regulatory Scrutiny Board (RSB), which has pointed out that parts of the proposed law would likely amount to generalised surveillance, which contravenes the EU prohibition of general monitoring (a risk also emphasised by the United Nations High Commissioner for Human Rights);
- The European Data Protection Board and Supervisor have jointly warned that the proposed law “could become the basis for de facto generalised and indiscriminate scanning of the content of virtually all types of electronic communications of all users in EU/EEA” and “may present more risks to individuals, and, by extension, to society at large, than to the criminals pursued for CSAM”.
- Civil society and privacy experts;
- ICCL revealed last October that the error-prone scanning technology at the heart of this proposal is already resulting in innocent people being wrongly flagged as sharers of CSAM. In Ireland, An Garda Siochana retains personal data about people wrongly flagged, as reference and intelligence material in respect of future investigations. This deeply concerning issue of people being wrongly kept in a net of surveillance and suspicion with no cause would multiply if this type of scanning is mandated.