Keep it secure
In democratic societies, trust in communication systems is vital for our lives and connections with others. This allows us to work, socialise, organise, express ourselves, and care for each other safely, without being put under arbitrary suspicion. Our privacy and security must be strongly protected to ensure that our most sensitive conversations are not subject to unwarranted intrusion.
States and companies launch unprecedented attacks on our devices and communications: Pegasus, client-side scanning, encryption backdoors
The recent Pegasus and #CatalanGate scandals have shown the huge risks at stake when people’s devices and communications are compromised without a legitimate and lawful reason. In Catalonia, a total of 65 direct victims, and thousands of collateral ones, were put under permanent surveillance with the Pegasus programme – spyware from the Israeli company NSO Group – for the last five years. In many regions of the world, this spyware was used to limit dissent, political expression, organisation and journalism.
Now, imagine if Pegasus spyware were installed on every single smartphone!
This is what the European Commission’s proposed new chat control legislation could do, by introducing client-side scanning as a purported solution to the sharing of illegal content online, but which in fact would fundamentally undermine encryption.
Worried about Pegasus and CatalanGate? Wait until you hear about Client-Side Scanning and the latest attack on encryption.
Help EDRi protect encryption and the confidentiality and safety of our communications in Europe and beyond!
Spyware and attacks on encryption provide malicious actors and authoritarian regimes with tools of control on a silver plate. Breaking encryption in the EU would result in undermining encryption everywhere. The EU must do better!Donate now!
How does the EU’s new law attack encryption with Client-side scanning?
The EU’s proposed law can force companies that provide messaging and web-based email services to scan people's private conversations. This will inevitably require the use of Client-Side Scanning (CSS) systems, which would undermine the foundation of end-to-end encryption. CSS breaks one of the fundamental principles of encryption: only the sender and the recipient can access and read the content exchanged. With CSS, this is no longer the case: the content is spied on before it is sent.
CSS is a method using content scanning technologies to monitor and detect certain types of content on the side of a user’s device (hence the “client side”) rather than on a server, for example. Many governments around the world are exploring Client-Side Scanning as a purported way to detect unlawful content in private communications. But experts agree that CSS creates serious dangers for all users of a service.What?
CSS technology is installed on the user’s mobile device, so it can scan content on the phone like personal photos, videos, messages or emails. This means that CSS techniques can monitor all content before you encrypt and send it. In some cases – like Apple’s notorious 2021 plans to introduce CSS on their customer’s phones – it would scan every photo on the device.How?
Protected conversation between two users. End-to-end encrypted communications ensure that no one can access the content of the messages, not even the server that facilitates the transmission.
Two examples of how communications are affected by the use of Client-Side-Scanning (CSS). The CSS system scans the content directly from the users’ phones, making it prone to attacks, whether it finds malicious content or not.
Learn more about EDRi's work on EU rules on scanning private online communications
On 12 September, EDRi published the position paper “Encryption Workarounds: a digital rights perspective”. It was published in response to the European Commission’s expert consultation exercise around the...
The European Commission is working on a bill that requires platforms to monitor all your chats. This would undermine the essence of end-to-end encryption. What's up with that?
In July 2021, the European Parliament and EU Council agreed temporary rules to allow webmail and messenger services to scan everyone’s private online communications. In 2022, the European...
Vital EU rules on human rights and on due process protect all of us from unfair, arbitrary or discriminatory interference with our privacy by states and companies. As...
The automated scanning of everyone’s private communications, all of the time, constitutes a disproportionate interference with the very essence of the fundamental right to privacy. It can constitute...
Open letter: Protecting digital rights and freedoms in the Legislation to effectively tackle child abuse
EDRi is one of 52 civil society organisations jointly raising our voices to the European Commission to demand that the proposed EU Regulation on child sexual abuse complies...
This document pool contains analyses, updates and resources relating to EU rules on scanning private online communications ('chat control'), upload filters, online anonymity and other threats to human...
On 11 May, the European Commission put forward a proposal for a ‘Regulation laying down rules to prevent and combat child sexual abuse’ to replace the interim legislation...
European Commission’s online CSAM proposal fails to find right solutions to tackle child sexual abuse
Today, 11 May, is a worrying day for every person in the EU who wants to send a message privately without exposing their personal information, like chats and...
European Commission must uphold privacy, security and free expression by withdrawing new law, say civil society
In May, the European Commission proposed a new law: the CSA Regulation. If passed, this law would turn the internet into a space that is dangerous for everyone’s...