Hundreds of academics and engineers and non-profit organizations such as Reporters Without Borders, as well as the Council of Europe, believe that the Child Sexual Abuse Regulation (CSAR) would mean sacrificing confidentiality on the internet, and that this price is unaffordable for democracies.
The European Data Protection Supervisor, who is preparing a statement on this for late October, has said that it could become the basis for the de facto widespread and indiscriminate scanning of all EU communications. The proposed regulation, often referred to by critics as Chat Control, holds companies that provide communication services responsible for ensuring that unlawful material does not circulate online. If, after undergoing a risk assessment, it is determined that they are a channel for pedophiles, these services will have to implement automatic screening.
The mastermind behind the billboards and newspaper exhortations calling on Apple to detect pedophile material on iCloud is, reportedly, a non-profit organization called Heat Initiative, which is part of a crusade against the encryption of communications known in the U.S. as Crypto Wars. This movement has gone from fighting against terrorism to combating the spread of online child pornography to request the end of encrypted messages, the last great pocket of privacy left on the internet. “It is significant that the U.S., the European Union and the United Kingdom are simultaneously processing regulations that, in practice, will curtail encrypted communications. It seems like a coordinated effort,” says Diego Naranjo, head of public policies at the digital rights non-profit EDRi.
The executive in the federal government in the US tried to punch holes in encryption since at least the Clipper Chip in the early 1990s, and it’s been repeatedly rejected. Also, there used to be hard restrictions on export of strong encryption from the US – it had been treated as a munition – and that was removed in the late 1990s. I’m not so sure that there’s some sort of inevitable future Panopticon down the line.
considers
I suppose that, depending upon the structure of a system of government, if there’s enough effort, constitutional amendments can create a high bar for change, as one could guarantee a right to private communication. In the US, it’s quite difficult to change the US Constitution, so anything that goes in there is gonna be pretty difficult to for a government to ignore. If an amendment like that went in, you’d first have to have three-quarters of states agree to back it out. Then have the federal legislature pass a law that previously would have been unconstitutional. It’d be pretty visible.
As it stands, there is no explicit right to privacy in the US Constitution. You do have the Fourth Amendment, and what flows from it, and that can be closely-related to privacy:
There has been case law based on interpretation of explicit rights that has established various non-explicit constitutional rights to privacy; Roe v. Wade had originally been based on such an interpretation.
https://en.wikipedia.org/wiki/Penumbra_(law)
If an explicit right were authored and then added as a constitutional amendment, that would be a substantial bar.
In contrast, in the UK’s present system of government, there’s fundamentally no way to restrain the legislature in that way; that’s not really a viable route.
The EU presently doesn’t have treaty-level guarantees of privacy either, which is the closest analog to an EU constitution that exists today, but treaty change has a very high bar, and any such change guaranteeing a right would be exceptionally difficult to back out, as treaty change requires unanimity. The flip side, though, is that getting such a right through would also be exceptionally difficult, and I would personally bet that the bar for such a right being added to the EU treaties will not be met, given a unanimity requirement.
The EU does have regulations and directives, like GDPR. Something like that will protect against change in an individual EU member without corresponding change at the confederation level, though that assumes that the concern is specifically about a member state monitoring communications.
Member states may have individual constitutional guarantees related to private communication; the extent and status of those is going to vary, but anything there will have both a local effect and a broader effect on the EU:
The EU is able to pass law that mandates member state action that directly conflicts with an EU member’s constitution. However, it is also unlikely to do so, since within that member state’s legal system, the member state constitution is a higher authority for the system of government than the EU. That would cause the member state to immediately be in immediate violation of EU law. Brussels will probably not intentionally create such a situation.
So unless EU law is going to specifically create a carve-out for constitutional requirements in member states – as they did for the neutrality exception for the mutual assistance clause in the EU treaties – such a guarantee in one member state will also discourage EU-level legislation that affects other member states. The EU has no restriction on creating such carve-outs, but my guess is that there is probably a desire not to do so. If, say, Italy, Estonia, and Ireland all guarantee a constitutional right to end-to-end encryption, my guess is that the EU will not pass EU-level laws disallowing it.