The EU Commission is the definition of insanity. It has tried for years to convince all EU members the best way to fight crime is to undermine the security and privacy of millions of EU residents. And, for years, it has failed to make an argument capable of convincing a majority of the 27 European Union countries that this especially drastic, incredibly dangerous proposal is necessary.
Those pushing for encryption backdoors (that they dishonestly won’t call encryption backdoors) have leveraged all the usual hot buttons: terrorism, drug trafficking, national security, child sexual abuse material. But once anyone reads past the introductory hysteria, they tend to see it for what it is: a way to create massive government-mandated security flaws that would negatively affect their constituents and, ironically enough, their own national security.
The Commission keeps pushing, though. And it has no reason to stop. After all, it’s not playing with its own money and it rarely, if ever, seems to actually care what most Europeans think about this proposal. But to get it passed it does need a majority. So far, it hasn’t even managed to talk most members of the EU Parliament into giving broken-by-mandate encryption a thumbs up, much less at least 14 of the 27 governments that make up the EU Council.
The desperation of the would-be encryption banners is evident. If the EU Commission thought it had the upper hand in anti-encryption negotiations, it never would have sent out the EU’s Donald Trump to convince fence-sitters to side with the encryption breakers. This is from activist group EDRi’s (European Digital Rights) report on the latest failure of the EU Commission to secure some much-needed support for its “chat control” (a.k.a. client-side scanning) efforts.
In summer 2024, the government of Hungary became the fifth country to be given the unenviable task of attempting to broker a common position of the Council of the EU on this ill-fated law. The European Commission has long been trying to convince Member State governments that the proposed Regulation is legally sound (it isn’t), would protect encryption (it wouldn’t) and that reliable technologies already exist (they don’t).
[…]
According to Politico and to local reports, notorious Hungarian Prime Minister, Viktor Orbán, pulled out all the stops to try and convince the Netherlands to support the latest text. And in the last few days, he came worryingly close to succeeding.
Orban, last seen at Techdirt manipulating emergency powers rolled out during the pandemic to arrest people who called him things like “dear dictator” and “cruel tyrant” on social media, is one of an unfortunate number of European leaders to hold “conservative” views. (You know which ones.) He’s a nationalist, which is a polite way of calling him a bigot. And, of course, our own would-be “dear dictator” thinks he’s one of the greatest guys in Europe.
Here’s why Trump thinks he’s so great. It’s also why Orban might think forcing companies to break end-to-end encryption might be a good idea.
Orbán, who has turned into a hero of Trump’s followers and other conservative populists, is known for his restrictions on immigration and LGBTQ+ rights. He’s also cracked down on the press and judiciary in his country while maintain a close relationship with Russia.
You can’t make human rights violation omelets without breaking a few encryptions, as they say. There are several self-serving reasons why Orban would support the notion of “chat control.” And very few of them have anything to do with fighting crime, combating terrorism, or stopping the spread of CSAM.
And that’s exactly why he should have been the last choice to soft-sell continent-wide undermining of encryption. But, as EDRi notes, it almost worked in the Netherlands. If the near-success of Orban’s sales tactics is surprising, it’s not nearly as surprising as the entities that showed up to push the Dutch government away from agreeing to the Commission’s “chat control” proposal.
On 1 October, following significant mobilisation from civil society, including EDRi member Bits of Freedom and national opposition politicians, the news broke that the Netherlands would officially abstain from the proposal. This is a welcome development, because it means that Hungary does not have a majority to move forward with their proposal, instead having to remove the CSA Regulation from an upcoming Council agenda.
One of the most interesting parts of the Netherlands’ will-they-won’t-they saga, however, is the fact that one decisive element seems to be an opinion of the national security service. Dutch spooks warned their government that the latest proposal would threaten the cybersecurity of the country, putting national security at risk. This is a warning that should resonate with other countries, too.
When the people who would have the most to gain from pervasive disruption of encrypted services tell you there’s also a downside, that means something. It’s one thing for rights groups to say it. It’s quite another when the spies say the negatives would outweigh the positives.
While one might think that the last ditch effort that briefly converted an aspiring autocrat into a EU salesperson might signal the end of the line for “chat control”/client-side scanning/encryption bans, hope seems to spring eternal at the Commission. A new Commission will be in place by the end of the year and we can expect several of the new members will be just as desirous of breaking encryption as their predecessors, no matter how many times (and by how many countries) they’ve been told “no.”