Chat Control is "like a malware on your device" – Signal slams the EU proposal to scan your private chats

News
By published

Encrypted messaging app, Signal, said it could leave Europe instead of weakening encryption if the bill were to pass

A woman holding a mobile phone in front of the Signal logo displayed on a computer screen
(Image credit: Getty Images)
  • Signal has claimed EU 'Chat Control' legislation is comparable to malware
  • It is also considering leaving Europe if the bill were passed
  • Chat Control is back on the lawmakers' table on October 14

Secure encrypted messaging app Signal said that the EU proposal to scan all citizens' private messages would work as targeted spyware.

What's been nicknamed by its critics, Chat Control, is the European Commission's response to online child safety. As per the latest iteration of the text, all messaging platforms operating in the EU would be obliged to scan all URLs, pictures, and videos shared by their users in the lookout for child sexual abuse material (CSAM).

This mandatory scanning is expected to occur directly on the device and, in the case of encrypted apps, before messages are encrypted. A requirement that, according to Signal, cannot be compatible with how encryption works.

"Apart from the legal bit, that's exactly how malware works. It compromises your device in order to gain access to information," said Signal’s vice-president for global affairs, Udbhav Tiwari.

"Very simply put, the idea that a device will scan content before it is encrypted for us negates the very purpose of encryption."

First unveiled in 2022, the EU has never been closer to agreeing to the Child Sexual Abuse Regulation (CSAR) proposal, with a crucial meeting set for October 14.

Signal could leave Europe

European Union technical background

(Image credit: Getty Images)

Signal has repeatedly said that if a requirement to create an encryption backdoor were to become law, the company would rather leave that market than weaken encryption. A position that Meredith Whittaker, President of the non-profit Signal Foundation, behind the encrypted service, recently reiterated to a German news outlet.

Speaking during an online event organized by the European Greens Party, Tiwari also confirmed that there are no plans "to make two versions of Signal." One that does client-side scanning and one that doesn't.

"For Signal, this is an existential catastrophic risk for providing our services in the European Union. It would negate the primary promises to our users, and I think that's a risk that many people are going to face," he said.

Signal and other experts have long argued that client-side scanning would break encryption protection, which is used by the best VPN and other encrypted apps to protect your data from unauthorized access. Ultimately, this will also create a vulnerable endpoint that malicious actors can exploit, too.

Germany: the deciding factor

Ahead of a crucial Chat Control meeting set for October 14, Germany remains a decisive vote. Yet, the government continues to send mixed messages.

Germany is among the countries that have been shifting their positions ahead of the important day, in fact. After joining the countries opposing mandatory chat scanning in September, the nation is now among the undecided countries again, according to the latest data.

This is why Whittaker urges German citizens to "let German politicians know how harmful, counterproductive, and self-sabotaging their reversal would be."

Signal is certainly not alone in feeling this way. Cryptographers, technologists, digital rights experts, and even some politicians have long warned against the implications such a scanning of all citizens' confidential chats will have for their privacy and security.

Some European government bodies, including those of Sweden and the Netherlands, have also deemed the deployment of so-called client-side scanning on all devices an unacceptable cybersecurity risk to national security. The outcry pushed Chat Control lawmakers to add a provision excluding all governments and military accounts. Evidently, though, the risk is worth it for all of us.

According to Tiwari, continuing to push for mandatory scanning regardless of the risks is ultimately a "slippery slope with global consequences." What will start with CSAM scanning could extend to terrorism, intellectual properties, and, who knows, what else. A capability that could also give a new and more disruptive way for authoritarian governments to restrict their citizens' rights.

"There are global consequences to building these technological capabilities. We should very strongly push back against it because if that ends up being implemented, we would have crossed a threshold from which I don't think we will be able to come back as a society."

You might also like

Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.