I’m publishing an email I just sent to Ireland’s Minister for Justice, Jim O’Callaghan, on a truly hideous and anti-democratic European law that Ireland is strenuously supporting. It’s looking like Germany, which was strong on data protection, may crack and support this law, too. This week is make or break week for ‘chat control’, a proposal to insert message-scanning software on every European’s phone, ostensibly to scan for child sexual abuse material.
(I say ‘ostensibly’ because I cannot tell you how many times I’ve seen a draconian surveillance introduced “for investigating serious crime only” that is used within a few years to check if people are putting their bins out on the right day or sending their kids to the school in the right catchment area. Oh how fondly I remember the time, fighting the UK’s appalling, Labour-introduced surveillance regime in the early 2000s, when we scored a victory to reduce the acceptable reasons for broad surveillance to investigating murders and such, only for the Home Office to say ‘well, we can’t collect the data for use on less serious offences, but if we’ve already got it sitting there for the serious crime, nothing says we can’t use it for everything else, and boo to you too!)
Nowadays, I rarely use arguments of principle, because few justice ministers really have any. Nowadays, I try to have them imagine what it would and will feel to be in the maw of the monster they’re feeding. Sooner or later, we all will.
Dear Minister O’Callaghan,
As you may know, on 13-14 of October, EU governments will vote on the EU’s new Chat Control legislation (EU Regulation to Prevent and Combat Child Sexual Abuse (CSAR)).
As an international technology policy expert with over twenty years of experience, this is by my count the fifth time I’ve been through the encryption debate. Yet again, misinformed governments are attempting to destroy end to end encryption for everyone, based on the obvious and proven fallacy that you can weaken encryption to allow government access without destroying security for everyone.
Do you use a mobile phone, Minister? I expect you do, and I also expect that you take reasonable steps to ensure the privacy and security of your communications. If, however, you vote for the “chat control” proposal, you will break the secure, end to end encryption you personally rely on. And not just once, but for good. When it’s gone, it’s gone. And all of our security goes with it.
Client-side scanning, i.e. surveillance of your content on your phone before you upload or send it, means adding a new layer of vulnerability to your device. Put simply, the software used to read everything you post or send will now become the target for hackers.
If you use Signal (the only messenger endorsed by the European Commission as sufficiently secure) or WhatsApp, they will no longer be secure. Foreign state actors will be more likely to intercept your messages. The most likely consequence of this for you as a government minister would be for a paid criminal syndicate linked to an enemy state – for example, Russia or North Korea – to hack into your messages and images before you send them. They would then use what they find for blackmail or sell it to the highest bidder, or simply publish it to embarrass you, as part of ongoing hybrid warfare to sow discontent and distrust of politicians in countries like ours.
Of course, if you use Signal, well, better stop using it now as it will cease to operate in the EU if governments try to force it to break its core product. You cannot expect companies to want to do business in jurisdictions that break their product and wreck their trustworthy USP globally.
We all rely on the privacy of our communications. Remember that perfectly legal and legitimate communications can be extremely embarrassing, hurtful and even career-ending when published. Over the years I have heard so many government ministers imply or just say outright that “if you have nothing to hide, you have nothing to fear”. However, that’s simply not true; conversations and messages about topics like internal party decisions, government discussions, gossip, speculation, shared photos and memes, and even harmless flirtations can be incredibly damaging when taken out of context. Breaking encryption for governments to snoop means breaking it for anyone with enough money and motivation to snoop, too.
Minister, I know you are not naive. But at the same time, you are probably involved in the encryption debate for the first time. Law enforcement will tell you they can securely break encryption. They’ll say that companies can ‘work around’ any new vulnerabilities they impose on our messenging services. That simply isn’t true. Encryption isn’t magic. It’s mathematics. When you require service providers to intentionally weaken their product’s encryption, or insert unencrypted stages into the process, you break encryption for everyone, not just the ‘bad guys’.
A state-backed hacker will always gain access to unencrypted software – like client-side scanning – to spy on high-value targets like you and the rest of the cabinet, and on judges, activists, and even on their own citizens, often political refugees, who live in Ireland. We see the government of China doing this kind of surveillance in other countries all the time.
We live in a moment when our national and regional security has never been under more sustained attack. We rely on you, Minister, to protect us all, not to impose ineffective and damaging measures that child protection experts, cyber security experts, and legal experts all say will do far more harm than good.
Frankly, it is embarrassing that a supposedly ‘tech-friendly’ country like Ireland is at the forefront of such an ignorant and damaging policy.
Weakening encryption leaves us all open to spying, surveillance, blackmail, and other forms of malicious interference. Europe simply doesn’t have time for you as a minister to repent at leisure, when the extent of these well-proven harms become manifest to everyone else.
Hundreds of cybersecurity experts have given their expertise and testimony on this. But yet again, the justice ministries who want to weaken encryption for everyone are relying on bedtime stories about technologies to weaken encryption “just for government use” that simply do not exist.
Chat control is pre-emptive surveillance of everybody’s phone forever. It’s the most extreme surveillance proposal I personally have seen in any democracy. It will be used against journalists, politicians, activists, judges, teachers, lawyers – everyone who increasingly authoritarian governments want to crush. Is that what you want your legacy to be?
Is this a power you want to see in the hands of Victor Orban? Or the new far-right president in the Czech Republic? Or the next time the far-right get back into power in Poland. Or, God forbid, France? Or indeed, perish the thought, Sinn Féin, when they continue their virulently anti-democratic campaign against Irish journalists and and carry out deeply personalised campaigns against political enemies, as Trump does today?
One thing I’ve learnt in the decades I’ve seen this ridiculous policy keep coming back is that these powers are always used by the worst possible people against the best. How would they be used against you, Minister? What perfectly ordinary, lawful things have you put in your own private messages that would be negatively life-changing if they became public? We are all in the same boat. But that’s the world we will all be living in shortly, if Ireland supports these deeply anti-democratic, authoritarian policies.
Don’t think about how you would use these powers, Minister. Think of how your enemies would use them against you. Because that’s the boat we will all be in, if Ireland supports this outdated and authoritarian law. Please take this last chance to defend our individual and collective security.
Yours sincerely, etc. etc.
(P.S. CT readers, to learn more: https://edri.org/our-work/most-criticised-eu-law-of-all-time/)
{ 0 comments… add one now }