In May 2022, the European Union unveiled its proposal for a Regulation on Child Sexual Abuse Material (CSAM) detection, quickly sparking controversy and privacy concerns. The said regulation ended up being dubbed as “Chat Control”, due to its intentions of implementing mandatory scanning of private chats within Eurospace, applicable to every single European citizen and not just to those under suspicion.
After being down for a while, the discussion on Chat Control came back this summer, with a major EU Council vote set for mid October. There are many arguments that can be made against this Regulation. Besides undermining privacy rights and freedom of expression, introducing client side scanning to communications can produce massive financial costs for tech companies and affect market competitiveness.
The defined voting ended up being scrapped amid deep division on the matter – but it can come back at any time. This article, however, does not intend to extensively explain why Chat Control is a bad thing. It seeks, instead, to display a set of solutions European citizens have to safeguard their privacy if this Regulation is taken forward.
If it’s implemented, Chat Control will affect every major social media platform, such as Facebook, Instagram, WhatsApp, Signal or X. The millions of European users of these platforms will have their direct messages under surveillance, as well as outside users who happen to be in contact with people based in the EU. Since these platforms are centralized, meaning that all their users’ data and activity is controlled by a single company, they become an easier target for a Regulation like Chat Control. The simple fact these companies operate in Europe means they have to comply with European legislation and, thus, implement private message scanning for users within Eurospace if such is required. If they do not, the consequences are either being fined by the EU or having their services blocked within Europe.
But there is good news, which can be compelled in the following sentence: decentralized social media exists. In the last decade, there has been an increase of offer and popularity of social media platforms that are not owned by a company and do not rely on a central server to store data, host content, or control what users see. Decentralization models vary, but there is a wide range of options European cybernauts can turn to if Chat Control is applied. The next two sections will explain how Decentralized social media platforms work and provide some examples.
Server-based Decentralized Platforms
Server-based decentralized social media and communications platforms are not owned by a corporation and do not rely on a big central server for their operations, but rather on independent servers run by individuals or communities. Without a single central server, it becomes harder to implement a regulation such as EU’s Chat Control for these platforms. It can be possible to target EU-hosted servers but, in such a case, users have the possibility to move to another server, outside of the Eurospace, and communicate without having their messages scanned.
Some platforms of this type are:
- Mastodon: One of the major symbols of decentralized social media. It is, like X, a microblogging platform, but ad-free and with a chronological feed (instead of an algorithm-based feed). Despite not featuring direct messages in the traditional way, it allows private discussions through posts (called “toots”) with limited visibility.
- Lemmy: A decentralized alternative to Reddit, focused on forum chats and communities. It supports direct messages, but the feature is still being improved.
- Matrix: A communication platform featuring text messaging, file and images sharing, voice notes and video calls (including group video conferencing). Can be seen as a decentralized version of WhatsApp or Discord.
It is important to note, though, that from these three, only Matrix enables encryption. On Mastodon and Lemmy, private messages can still be accessed by the servers’ administrators, even in a scenario where the EU is unable to reach them. In any case, users can always choose the servers that better suit them.
Peer to Peer (P2P) Decentralized Platforms
Peer to Peer (P2P) decentralized social media and communications platforms run on no servers – or the users themselves work both as clients and servers. In the P2P model, communications between users are done directly from device to device, without any central authority in the middle controlling how people connect, how data is shared and stored, or how the system is managed.
P2P is even more resistant to regulations like Chat Control than server-based decentralized social media because, with no central server or specific servers to target, the EU (or another institution) would have to go from device to device to enforce mass scanning. Considering this could involve thousands of devices, it does not sound feasible nor practical.
Some examples of P2P decentralized communication platforms are:
- Briar: A text messaging app compatible with Android devices, which allows group chats, forums and blogs. It works over Bluetooth and can be used offline.
- Jami: A platform that allows conversational exchanges through text, voice and video. It can be seen as a decentralized version of platforms like Skype or Zoom.
- Session: A secure messenger built on top of the Oxen blockchain, that does not require a phone number. It allows its users to share text messages, files and attachments.
- BitChat: Created by Jack Dorsey, one of Twitter’s (now X) founders, this app is currently in beta testing and does not require any internet, servers or phone numbers. It is becoming a choice for protesters around the world and can also be useful during natural catastrophes, blackouts and concerts, where internet access becomes difficult or inexistent.
All these options enable encryption.
We should speak against Chat Control, we should explain its downsides and we should advocate for our privacy rights so it does not become a reality – but we also need to look for solutions. Decentralization is, at least, a short-term solution with an incredible potential.
While it is extremely important to tackle abusers, radical approaches like message scanning should apply only to people who are suspicious of misconduct, based on carefully analyzed proof. More than 85% of the EU population uses the internet to communicate. That corresponds to over 382 million of people who did nothing to have a superior entity looking at their private chats.
Let’s communicate responsibly, but freely.
* Beatriz Santos is the Chief Communications Officer (CCO) at We Are Innovation. She is based in Lisbon, Portugal. Beatriz started publishing articles through her University newspaper and eventually moved to national and international reach outlets, including the well known Portuguese outlets NOVO and Observador. Her professional career includes international communications experience with the ATREVIA agency and the European Parliament. She also has two published books and is an essential part of the Students For Liberty organization in Portugal. With a focus on positive change and global cooperation, Beatriz actively seeks partnerships across the globe to promote innovative initiatives.
Source: We Are Innovation
