The Notorious Chat Control Cooked Up by the EU Directly Violates the Constitution of the Republic of Croatia

The European Union will read all our messages, monitor all communication, and infringe on citizens’ right to privacy. This is how the situation around chat control looks these days, i.e., the proposal from the European Union to enable oversight of all encrypted digital communications under the guise of protecting children on the internet (child sexual exploitation material – CSAM). This means that all communication service providers like WhatsApp, Viber, and others would automatically have to review all private messages and conversations without exception.

As we have already written in Lider, this is not a new proposal; three years ago, our government also gave a positive opinion on this regulation, i.e., they agreed that monitoring all citizens of Europe is necessary. The proposal dates back to 2022, specifically, on May 11 of that year, the European Commission presented a proposal that would obligate all email and communication service providers to search and scan all communications, even those currently securely encrypted with end-to-end encryption.

What does this mean for citizens’ privacy and for the security of communication? We asked lawyer Vlaho Hrdalo.

– First, there is the chilling effect. People will stop communicating freely. Secondly, there are false positive results that will label a photo of a naked child that every modern parent sends to a pediatrician as child pornography. We often hear the argument ‘I am not doing anything wrong, let them monitor me.’ This argument was best refuted by Edward Snowden. His famous quote is: ‘Saying you don’t care about the right to privacy because you have nothing to hide is like saying you don’t care about the right to free speech because you have nothing to say right now.’ Fundamental human rights are principled and must be guaranteed continuously even if we do not use them at every moment. And it is completely natural not to want everything about you to be known – Hrdalo tells us.

As he adds, this does not mean you are doing something illegal. Absolute and non-selective control of messaging, besides being unconstitutional (Article 36, paragraph 1 of the Constitution of the Republic of Croatia), also represents a complete departure from the libertarian and democratic spirit of Europe. Our Constitution could not accept this regulation even though it comes from the EU because paragraph 2 of the same article states that restrictions on the freedom and secrecy of correspondence can only be prescribed by law for the protection of state security or the conduct of criminal proceedings, referring to secret measures carried out by law enforcement agencies, not to individual criminal acts.

Who will monitor the monitors?

– It is not possible to prescribe that everyone’s communication will be continuously monitored to prevent one criminal act, no matter how much we agree that it represents one of the most heinous human behaviors. Always ask yourself quis custodiet ipsos custodes (who will monitor the monitors)? Finally, there is a blatant collision with GDPR to the extent that the European Ombudsman and the European Data Protection Board have already expressed their opposition to this proposal, stating that such a regulation would de facto serve for ‘general and non-selective scanning of the content of literally all forms of electronic communication’ – Hrdalo points out.

According to this lawyer, this is a direct blow to the right to privacy and a direct violation of the Constitution of the Republic of Croatia and the EU Charter of Fundamental Rights. However, he notes that it is questionable whether the EU, even if it votes for it, is capable of technically implementing this regulation.

– Namely, for such a thing, a backdoor would have to be built at the hardware level because otherwise, an application that would perform (pre)encryption before entering text into WhatsApp or Messenger would quickly appear, and it itself would not be subject to this regulation because it is not a communication application. This means that encryption must be abolished at the ‘station’ level. I am honestly curious how the EU, which has no chip manufacturers, will force American and Asian giants who currently carry the entire world economy on their backs to produce two variants of chips; one for the EU, the other for the rest of the world – says Hrdalo.

He claims that a very realistic scenario is where technology companies will tell the EU ‘we understand your regulation, but we cannot comply with it because it is not profitable for us, so we will stop supplying you with chips entirely.’

– The EU would be a wasteland in ten years like in dystopian films because unfortunately, it no longer produces anything but regulations. The mobile phone you use is not European, the television you watch is not ‘made in EU’, and we are very close to that being the case with cars as well. Even if they successfully push through the implementation of chat control, it would mean a huge door whose lock has been secured by the ‘good guys’ who hope that the ‘bad guys’ will never be able to break in – notes Hrdalo, who believes that such a regulation destroys all the secrets that we as a democratic and liberal society accept should exist.

Additionally, applications like the Croatian LittleDot become useless due to this regulation as they serve for confidential communication with a doctor that may contain extremely intimate elements.

– Namely, this regulation is developed by the High Level Group (HLG), a kind of working group established within the European Commission when adopting regulations that deal with complex issues. The problematic aspect of this HLG is that it has turned into a cabal whose composition is unknown. The European Commission refuses to disclose the identities of the HLG members and many other details of the development of this regulation, and it is difficult to find legitimate reasons that would justify hiding data about the individuals who shape and push this regulation. And at the same time, they send the message that there is no reason to worry. The one who tells you not to worry is often the one you should be most afraid of – says Hrdalo.

The Most Incomprehensible Regulation Proposal Ever

The possibility that someone reads everything you write, he continues, opens up the possibility of a specific abuse, which is taking things out of context. A single sentence that could be tendentiously singled out to portray someone in a bad light can be found for anyone. As Cardinal Richelieu, the father of modern secret services, said, ‘Give me six lines written by the most honest man in the world, and I will find in them a reason to hang him.’

Of course, regarding chat control, we are still in a ‘what if’ situation, so it is rightly a question of whether citizens can do anything to protect their digital rights if this regulation passes. Hrdalo claims ‘very difficult’, because if encryption is abolished, it means that all communication becomes like an open book.

– Imagine what this means for banks. Namely, all of them within their applications have the ability to send messages, which users exchange when sending money to other users in the case of neobanks like Revolut or when exchanging messages with customer service when traditional banks are involved, so they would be subject to this regulation – explains Hrdalo, adding that digital finance and the abolition of encryption do not go together, and the possibilities for abuse are endless. However, people are creative, especially when they are harassed, so we will have to see if some technical solution will emerge that would circumvent this regulation if it is passed.

– Finally, this is the most incomprehensible regulation proposal I have ever read, which is why the possibilities for its abuse are very broad. Even Minister Davor Božinović stated a few days ago that scanning does not apply to text but only to photos, which is not true. I do not think he is intentionally misinforming, but it is very difficult to conclude anything with certainty from the legal text due to the newspeak in which it is written, as befits a dystopian regulation. Our digital lives are already completely transparent; imagine when every word we write and every photo we take becomes a subject of analysis – claims Hrdalo, who believes that a special problem is that this analysis will be conducted by artificial intelligence, which in some testing phases had up to 80 percent false positive recognition.

All of this could easily, says Hrdalo, turn into a digital version of the boy who cried ‘wolf’, so when child pornography is actually caught, it will be ignored due to the unreliability of the system.