In che modo l’Unione Europea controllerà le conversazioni online

Nato per un fine nobilissimo, il nuovo Regolamento Europeo Chatcontrol potrebbe aprire un enorme breccia nella privacy di centinaia di milioni di cittadini europei. Ecco perché.


Giuseppe Croce Giornalista

Peppe Croce, giornalista dal 2008, si occupa di device elettronici e nuove tecnologie applicate al mondo automotive. È entrato in Libero Tecnologia nel 2018.

Il Parlamento Europeo ha approvato con 537 voti un regolamento che permette il controllo delle conversazioni online degli utenti. The regulation allows providers of communication services to intercept the traffic of child pornography material that takes place through their systems, reporting it to the authorities.

Approved last July 6, the Regulation defined "Chatcontrol" represents a change of course compared to the directives in place that prevent precisely the providers to monitor exchanges on the network, unless the explicit consent from the user or a specific authorization by law. According to what is reported in the text, this is a temporary derogation to the ePrivacy Directive 2002/58/EC that protects the confidentiality of communications that take place via messaging, using apps such as Whatsapp, Telegram or Messenger. In fact, the measure goes to cover a regulatory hole that until now did not allow to operate actively in the search of transfers involving children and minors on the web. Although the motivations at the base are obviously valid, many have turned their noses up at the decision that could jeopardize the privacy of all users of the services.

Chatcontrol, what does the regulation

The rule will last three years. This will allow the legislator to make a more specific directive during the established time frame. The checks on the communications carried out on the platforms will be targeted, with the sole purpose of hitting the transfer of child pornography content or content concerning the solicitation or abuse of minors.

In the future, the process will touch every type of electronic communication, in a compulsory way and no longer voluntary as happened so far; in fact, already today some providers of unencrypted mail and messaging exploit dedicated technologies - including hashing - that act to detect abuse. Hashing, in particular, compares an image or a shared video with a marker in a dedicated database, in order to quickly and effectively identify risky files and report them to the police.

With the arrival of the new legislation, a clear change is expected also for services that use end-to-end protected systems, which will be required to insert backdoors to allow for appropriate monitoring. Many underline the double effect of the choice, with which providers will have carte blanche to carry out a more invasive control than in the past, violating the rights that provide for the protection of personal data and privacy of web surfers.

This is because, with the introduction of methodologies that include the application of Artificial Intelligence, it will be possible to enter correspondence without any filter, going to intercept even possible chats with professionals who normally enjoy professional secrecy, including doctors, lawyers or psychologists. On this aspect, however, would act the last section of the rule just introduced that confirms the validity of the GDPR (law 679/2016), by which the secrecy of personal information is guaranteed. The same applies to the retention time of the materials, which is closely linked to the terms of the investigations.

Chatcontrol, what are the critical points

The approval of Chatcontrol has put a large group of EU politicians on the warpath, among which stand out MEPs Patrick Breyer and Marcel Kolaja of the European Pirate Party. Both have underlined the cases of errors emerged from the evaluation of the AI (about 86% of those that have required a further human examination), as well as the subsequent verification carried out by the staff in charge that would offer the victims of such crimes right in the eyes of those who are required to decide on the real nature of what ended up under observation.

To this, then, is added the exposure of e-mail messages (attachments included) or instant messaging to the analysis of the tools used in the operation, without any previous approval of the authority. The suspicion of the algorithm will be enough to trigger an alarm, with explicit texts or private photos of a sexual nature being withheld and analyzed by the employees of third party companies that collaborate with the police.

Last but not least, is the danger that criminal hackers may take advantage of the "front doors" installed on the systems to access emails or apps, taking advantage of the expedient to spy or take possession of any type of information. It's a thorny situation that is sure to cause much discussion.