Pan-European plans to require technology companies to monitor the contents of encrypted messages and emails have been shelved after diplomats failed to reach agreement on the proposals last night.
A planned Oct. 14 vote on the controversial proposals, known as Chat Control, is now unlikely to take place, but Denmark or another EU presidency could submit revised plans at a later date.
Chat Control has drawn opposition from tech companies and experts who warned it would undermine cybersecurity and make companies more vulnerable to hostile attackers and nation states.
Germany's decision on October 7 not to support Danish proposals aimed at identifying child abuse material by requiring encrypted email and messaging services such as WhatsApp and Signal to scan messages meant member states were unable to reach an agreement at yesterday's meeting.
This was stated by the majority leader in the Bundestag Jens Spahn. public statement :“We, as the parliamentary group of the CDU/CSU, are against indiscriminate monitoring of chats. This is the same as opening all letters in advance to check if there is anything illegal in them. This is unacceptable and will not happen under our watch.”
More than 40 European companies have published open letter warned this week that chat controls would destroy privacy, weaken encryption and seriously harm the competitiveness of European businesses.
He called on EU ministers to scrap any form of client-side scanning or mass surveillance, protect encryption as a cornerstone of European cybersecurity and take measures to protect children that are effective and proportionate.
Matthew Hodgson, chief executive of Element, an end-to-end encrypted communications platform used by NATO, the United Nations and the Ukrainian army, said Germany's opposition to Chat Control showed there was a line when it came to government surveillance.
“Encryption underpins the security of the global digital infrastructure, protecting governments, businesses, journalists and citizens. Attempts to weaken it through backdoors or mass scanning mechanisms are not only misguided – they risk undermining the very fabric of digital trust and security,” he said.
Campaigner and former member of the European Parliament Patrick Breuer said chat monitoring had stopped for now.
“The Commission must permanently withdraw this irreparable bill because it has failed to find a majority in the Council for many years.”
He said the European Commission should accept alternative proposals from the European Parliament to combat child abuse that do not require mass communications surveillance.
Instead, the European Parliament is proposing app security, proactive removal of illegal content online and prompt takedown obligations.
Alexander Linton, president of the Session Foundation, which provides encrypted messaging services, said requiring tech companies to scan messages would leave EU citizens without access to encrypted messages.
“It is likely that many will attempt to deliberately circumvent restrictions, as was the case in the United Kingdom during the rollout of age verification. These types of events provide an unfortunate opportunity for untrusted platforms to intrude and defraud, attack or otherwise harm people seeking legitimate encrypted tools,” he added.
Technology companies separately objecting to Irish proposals for legislation to give law enforcement access to encrypted communications
