In an apparent victory for digital privacy, the head of the largest political party in Germany has come out against controversial legislation that would enable mass online state surveillance.
German technology news site Heise Online reports that next week’s vote in the EU Council has now been delayed, although this was not confirmed at the time of writing.
Under the guise of fighting child sexual abuse material, the “Chat Control” regulations would enable the mass surveillance of private messages prior to encryption on platforms such as Telegram and WhatsApp.
But cypherpunks know that even if this attempt fails, it’s only a matter of time before they try again, because this is a battle that has been fought many times.
In 1988, one of the founding members of the “cypherpunk movement,” Timothy C. May, predicted that computer tech would soon let people “communicate and interact in a totally anonymous manner” and the state would attempt to halt its spread, citing “national security concerns.”
He later presented this thesis at a 1992 meeting that kicked off the “cypherpunk movement” — a group of 1,300 people advocating for the widespread use of cryptography to preserve privacy.
This infamous group eventually included the likes of Hal Finney, Jack Dorsey and Satoshi Nakamoto, who created Bitcoin as money outside the control of the state in 2008.
May has been proven right time and time again. Over the past three years, European member countries have been debating whether to support the “Chat Control” bill in the name of child safety.
The European Union was due to vote on Oct. 14 on the Danish Presidency’s Chat Control proposal. Fight Chat Control, a website that tracks its progress, currently shows there are 12 member states in support, nine opposing, and six still undecided.However, member states representing at least 35% of the EU’s population can team up to block the bill.
The Christian Democrat Union/Christian Socialist Union yesterday signaled its opposition following intense public and private sector pressure. Germany, which holds 97 seats in the European Parliament, is seen as the deciding factor for whether the vote would pass.
Jens Spahn, leader of the CDU/CSU, warned against the bill’s overreach: “That would be like opening all letters as a precaution and seeing if there’s anything forbidden in them. That’s not possible, it won’t happen with us.”
Early Bitcoin developer Peter Todd, who definitely isn’t Satoshi despite what a HBO documentary claimed earlier this year, tells Magazine that Chat Control is an unprecedented violation of privacy.
“Obviously, this is utterly absurd, an incredible violation of communication privacy unprecedented in human history. It must be stopped,” he says.
“It’s not a surprise. Politicians in the EU have been pushing for it for years,” he adds.
Chat Control: Won’t someone think of the children?
Chat Control, formally known as Regulation to Prevent and Combat Child Sexual Abuse (CSA), requires messaging apps to allow regulators to scan messages for child sexual abuse content before they’re sent.
However, critics argue it’s a Trojan horse that would kill off privacy by making end-to-end encryption useless.
“Quite simply, Chat Control completely defeats the security provided by end-to-end encryption,” says Todd.
“It’ll mandate that a snitching module be installed in all chat software that’ll detect content the government doesn’t like, and undetectably report it.”
Many people worry that once the government is given the power to scan messages for child sexual abuse material (CSAM), they could then “scope creep” into scanning for anything else they see fit to spy on.
“That snitching module won’t be possible to audit. So you’ll have no idea what it’s actually doing – it’ll be quite possible for governments to snoop on everything from communication between individuals they don’t like, to entire classes of content,” says Todd.
There are many more reasons cypherpunks don’t want it passed.
Some argue it is likely to generate so many false positives from misidentifying parents’ photos of their own kids playing that it will hurt regular folk while sucking up police resources, making it even harder to catch the real criminals.
Others argue the law undermines Europeans’ fundamental rights to privacy and data protection, violating Article 7 of the Charter of Fundamental Rights of the European Union.
Chat Control could be a national security catastrophe
Or, worse, it could give bad actors a chance to use the same backdoor.
“From a national security perspective, this is huge. While highly-regulated and process-abiding governments might use it responsibly, if the system is ever hacked, it could put millions of private conversations at risk,” Shahar Madar, vice president of security and trust products at Fireblocks, tells Magazine.
“This isn’t theoretical; last year, we saw the Chinese state-sponsored Salt Typhoon compromise US law enforcement wiretapping systems inside telcos, which made the FBI urge US citizens to avoid SMS,” and instead use encrypted messaging solutions.
“If messages are scanned before encryption, the EU risks essentially building a backdoor that could be exploited by anyone who figures out how to get in.”
Brussels, however, has argued that voluntary measures from tech companies are not enough. There were 1.3 million reports of child sexual abuse in 2023 alone, covering more than 3.4 million images and videos.
“While it is true that encrypted messaging can be used by bad actors, the answer is not to strip privacy from everyone in an effort to catch a few,” a cypherpunk known only as CP33 tells Magazine.
“Encrypted communication is a fundamental right in a free society, and its protection should not be contingent on the actions of a few malicious individuals,” they add.
CP33 has been developing a privacy messenger called X-Messenger since 2024, which uses decentralization and encryption protocols to send messages and transfer crypto without “fear of exposure or censorship.”
Attacks against privacy have happened before EU Chat Control
“If you dive deep into the history of crypto, you’ll know that cypherpunks are the OGs championing privacy and Satoshi Nakamoto himself is a cypherpunk too,” Herbert Sim, also known as The Bitcoin Man, tells Coinpectra.
In 1993, the Clinton administration tried to get a “Clipper Chip,” developed by the National Security Agency, into landline telephones and other electronic devices in the US.
The tech purportedly intended to protect private communications with encryption, but it also would have given the government a not-so-secret backdoor to listen in. AT&T Bell later produced the first and only telephone device based on the Clipper Chip.
Among the most vocal opponents of the Clipper Chip were cypherpunks, though it also saw significant opposition from the public and corporations. An article from The New York Times published in June 1994 said it could be considered the first “holy war” of the information highway.
The project was abandoned in 1996, partially due to a significant vulnerability in the chipset. Unfortunately, that hasn’t stopped the government from trying again, and again, and again.
In 2013, former government contractor Edward Snowden revealed that the National Security Agency had been working with companies to insert vulnerabilities into their products and make them hackable by the NSA.
A year later, the Washington Post editorial board called on tech companies to come up with a decryption “golden key” just for law enforcement, while FBI Director James Comey savaged companies for embracing end-to-end encryption and suggested rewriting laws to cover new means of communication.
“I’ve been openly talking about government surveillance for the past 15 years. On a global level, it is a matter of time before there will be global surveillance under a one-world government,” Sim, who also serves as the chief marketing officer of AICEAN.IO, adds.
Case in point: Bitchat surges in Nepal
If you can’t escape surveillance, censorship or bad laws, cypherpunks devise systems to get around them. For example, Bitcoin is a way to get around debanking and financial censorship, and one of Satoshi’s most ardent fans, Jack Dorsey, recently devised a way for citizens to communicate even if the government shuts down social media, as in Nepal, or the internet itself, as in Afghanistan recently.
In September, almost 50,000 Nepali citizens flocked to Dorsey’s Bluetooth network-powered Bitchat to communicate amid a massive protest over a sudden social media ban and government corruption.
The app, which was launched as a beta in July, allows people to send messages from device to device using Bluetooth, meaning it works even during internet outages, natural disasters and protests. Most importantly, it’s free of centralized infrastructure and is surveillance-resistant, it says.
Dorsey is also one of the original 1,300 cypherpunks, dating back to 1996, and is so closely intertwined with Bitcoin that some people speculate he may actually be Satoshi Nakamoto (which he denies).
Are we in the clear?
Passage of the law requires 65% of the bloc’s members to vote in favor of it, weighted by their population count. Germany’s opposition tips the scales in favor of rejection.
“I think it’s most likely that it does not pass. But they’ll try to get it passed again,” says Todd.
“If it does pass, the best option is for countries like the US to force US companies to not comply. Apple, for example, refused to comply with UK demands, and the UK eventually backed down,” he says, referring to an order by the UK government earlier this year for Apple to give access to its users’ data for national security threats.
CP33 says he remains optimistic that even if mass surveillance laws are ever implemented, the blockchain and privacy communities will find a way around them.
“Decentralized blockchain-based platforms, federated social networks, and privacy-focused browsers are just some of the ways in which people are taking control of their digital lives.”
Felix Ng
Gaming giants in talks with Immutable to launch token: Web3 Gamer