Lately there has been an increase in discussions about the use of end-to-end encryption for consumers. The most blatant attack on privacy I have read about is the so-called EU Chat Control. But there are other regulations as well, such as the UK Online Safety Bill.

Chat Control (EU)

Let’s begin with the European Union, and what is usually called Chat Control. This regulation aims to protect children from abuse by forcing both hosting and communications services to reduce the risk of the service being used for Child Sexual Abuse Material (CSAM) by

adapting, through appropriate technical and operational measures and staffing, the provider’s content moderation or recommender systems, its decision-making processes, the operation or functionalities of the service, or the content or enforcement of its terms and conditions;

As with so many of regulations like this, the intent is to do good. However noble the intent, legislating against strong end-to-end encryption is not the way, and many of my criticisms in Apple, Surveillance and CSAM are still valid.

To better understand the problems with this act, and other acts like it lets try to convert what the bill wishes to do to the physical world. The enforcement of content moderation is in practice a form of surveillance. As every communication platform should monitor messages or calls for CSAM (Child Sexual Abuse Material). This would be equivalent to forcing all landlords to have a camera in every room to ensure that there are no child abuse in their property.

This intrusion into the physical life seems to clearly (I am not a lawyer, but seems cut and dry to me) violate Article 8 of the European Convention on Human Rights, as it protects the right to privacy for both his home and correspondence.

Article 8 – Right to respect for private and family life

  1. Everyone has the right to respect for his private and family life, his home and his correspondence.

  2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

It is not okay to legislate away the privacy of individuals in the physical world, so why should it be okay online?

Online Safety Bill (UK)

Another attempt, though not as intrusive as the Chat Control, is the United Kingdom Online Safety Bill, which is under heavy scrutiny. From its publication the bill has been heavily criticised, as it can be used to introduce a modern form of censorship, under the control of the Secretary of State. In practice the proposed duties of any user-to-user service (according to Wikipedia) are:


The Duty of Care refers to a number of specific duties to all services within scope:[1]

  • The illegal content risk assessment duty
  • The illegal content duties
  • The duty about rights to freedom of expression and privacy
  • The duties about reporting and redress
  • The record-keeping and review duties

The main focus of this bill is to enforce the “appropriate” response to illegal activities on online platforms. But whom decide what is illegal?


In these cases it is democracies legislating. However, if a democracy can legislate away the privacy of its citizens, what will stop an authoritarian regime from doing so as well? As with the human rights written and accepted globally, we need to accept that there are rights that are applicable online as well! In addition, we in the free (democratic) world need to safeguard these rights for those more unfortunate than us. We cannot apply mass surveillance where it suits the government, and then condemn regimes for using it for their needs.


  1. The Online Safety Bill
  2. Chat Control

Further Reading