The EU's plan to make all digital devices monitorable at all times poses "important risks of mass surveillance as well as substantial security and privacy threats."
This warning comes from a coalition of 55 civil society groups and tech companies, including secure email Tuta and Proton, the provider behind one of the best VPN and email services.
Experts are especially worried about how the proposal was created "behind closed doors," with civil society denied a chance to take part.
The Going Dark initiative
The European Commission's High-Level Group (HLG) first shared 42 recommendations back in June on how to implement a "lawful data access by design" framework to ensure data access for effective law enforcement across all digital devices and online platforms.
The goal is to make the digital devices we use every day, from smartphones and smart homes to IoT devices and even cars, legally and technically monitorable at all times by law enforcement bodies.
Encryption (the scrambling of data into an unreadable form to prevent unauthorized access), stored data and localization access, data retention practices, and anonymization offered by virtual private networks are among the main targets.
According to experts, this so-called Going Dark agenda – the claim that there is a lack of access to data for successfully fighting crimes – would constitute "insecurity by design" instead.
"In practice, it would require the systemic weakening of all digital security systems, including but not limited to encryption," reads the open letter, while arguing this would put everyone's safety at risk and severely encroach people's fundamental rights.
"A backdoor – or any other circumvention mechanism – intended for law enforcement can always be exploited by other actors," wrote again the experts.
A report delivered by a High-Level Group “#GoingDark” 🌑 promotes an ideology of maximum police access to data for surveillance purposes. Read our open letter reacting to these flawed EU policy recommendations and our offer for a brighter approach. ☀️https://t.co/cu2SfHe4fY pic.twitter.com/i3ZJOoDUmIDecember 11, 2024
This plan adds to another legislation proposal being discussed in the EU Council – the Child Sexual Abuse Regulation (CSAR).
Deemed Chat Control by its critics, the current draft would require communication service providers – including encrypted messaging apps and secure email services – to scan all the photos, videos, and URLs you share upon users' permission on the lookout for child sexual abuse material (CSAM).
Needless to say, the controversial proposal has attracted strong criticism on both privacy and security grounds from all fronts since it was first presented in May 2022.
While the EU Council still cannot agree on Chat Control, all members are committed to finding a balanced solution to combat these crimes. Hence, lawmakers need to find a compromise before submitting the draft bill to Parliament for negotiations.