Privacy and freedom should be the legacy we leave, not the opposite
No longer content with passively monitoring every phone call and text we send, anti-encryption efforts now aim to place invisible "backdoors" into the apps and protocols we use to message one another. It thereby grants government officials the ability to decrypt encrypted messages at will. Think you're just sending that message to one person? Guess again. With mandatory backdoors, you're also sending it to the government intelligence agent assigned to you. In today's world, we aren't used to thinking about the country someone might be in before messaging them. We simply expect that message to go through, and, if we're using encryption, for that message to be secure. This makes any anti-encryption measure that passes in any country a threat to end-to-end encryption globally. Each law that passes lends further (though false) legitimacy to the idea that government has the right to spy on our most private communications.
The European Union is now attempting to top the recent attacks against encryption in the US and UK through "chat control," a method of restricting encryption that encroaches on user privacy by mandating these client-side backdoors into popular messaging and email clients, especially those utilizing end-to-end encryption. European officials say that this will only be used to target criminals sharing illegal and morally reprehensible images, and they try to assure us that the security and privacy of the average person will remain untouched. This is all despite a recent report from the European Data Protection Board's warning that these processes are far from foolproof, likely to target more innocent citizens than actual criminals.
Chat control measures have been discussed in the EU for some time. Now, they seem dangerously close to adoption. They follow a temporary measure adopted by the European Parliament, which requested that communication providers voluntarily hand over information to law enforcement sourced from an individual's communications. A proposal currently under discussion within the Council of the European Union seeks to make this measure permanent, and moreover, to make it mandatory for email and chat hosts to spy on their users. In the case of end-to-end encryption, this means installing a permanent client-side backdoor into both free and nonfree messaging apps. And while there has been some resistance to legislators' actions from advocacy groups like European Digital Rights, and others in the EU, this has not created a change in direction. Chat control needs to be stopped in its tracks.
It's not exactly uncommon to see lawmakers misunderstanding technology. They're showing that misunderstanding loud and clear when they make the assumption that only criminals use end-to-end encryption. The average citizen should have "nothing to hide," so the tired argument goes. Yet as we've written previously, you aren't "hiding" when you lock your home to keep others out. Our communications ought to be treated the same way. Most of us have a natural aversion to someone reading over our shoulder. To paraphrase Orwell, the future European lawmakers are now working toward is a future where someone reads over your shoulder forever, and this comes to the extreme detriment of journalists, activists, whistleblowers, and everyday people that value their privacy.
As mentioned in the Data Protection board's report, European policymakers and technologists have acknowledged that the majority of material these backdoors flag will be false positives, or that they will represent hashes of infringing material now so well known that it won't be of any use. We couldn't have asked for a better example of this type of technology going wrong than Google's recent, inaccurate, and unjust flagging of a concerned father's medical inquiry as explicit, illegal imagery. Some would argue that it's acceptable to target criminals with measures like chat control, yet experience has shown that even when nominally targeting criminals, it's the broader public that suffers. Restricting end-to-end encryption is little more than attempting to make a certain kind of math off-limits to law-abiding citizens, and when this happens, only criminals will be using encryption. As activists for software freedom and every kind of digital liberty are well aware, these encroachments aren't liable to stop once they begin. Backdoors into encrypted services harm everyone's privacy, up to and including those that it's trying to protect.
As the way we interact with each other becomes ever more mediated by technology, the circumstances under which we share our most private thoughts and feelings matter more than ever. This is particularly the case for young adults coming to terms with their own identity, and the last thing this already difficult time in a person's life needs is a petty bureaucrat monitoring what they share, think, and feel. Especially where self-discovery is concerned, we ought to respect minors enough to allow them secure and encrypted communications with one another, without the prying eyes of bigoted parents or even bigoted bureaucrats.
Freedom and privacy should be the legacy that we leave children, not a technological infrastructure that deprives them of these rights, or worse, implies that they never existed in the first place. Having the best of intentions doesn't matter: once the backdoor is open, there's no closing it. Protecting children from harm is as noble of a goal as it always was, but placing backdoors in how we talk and share isn't the way to go about it.
The call for feedback has finished, and the proposal will be further discussed. We know from some member states that they are organizing protests and other ways to publicly show objection. We ask you to join these efforts to make sure that in these discussion rounds the voices of the people that are represented continue to be heard, and this injustice will be stopped.
The movement for freedom, security, and privacy can always use people who understand and recognize its importance. We recommend starting a conversation with your friends and family about the need for privacy in our communications, perhaps by offering to go through the FSF's Email Self-Defense guide with them.
Image Copyright © 2022 Free Software Foundation, Inc., licensed under a Creative Commons Attribution 4.0 International license.