Signal: New \”Upload Moderation\” Threat to End-to-End Encryption

In a strong statement, Meredith Whittaker, President of Signal, has highlighted the persistent threats to end-to-end encryption (e2ee), criticizing new proposals such as \”upload moderation\” that undermine digital privacy under the guise of innovative branding.

This comes amidst ongoing debates within the EU over chat control legislation.

Threat to e2ee integrity

Whittaker\'s statement highlighted the essential role of end-to-end encryption in protecting privacy amid increasing state and corporate surveillance. She pointed out the long-standing expert consensus that any attempt to expose encrypted communications to surveillance inherently compromises the integrity of encryption.

\”For decades, experts have been clear: there is no way to both preserve the integrity of end-to-end encryption and expose encrypted contents to surveillance,\” Whittaker stated.

“But proposals to do just this emerge repeatedly — old wine endlessly repackaged in new bottles, aided by expensive consultancies that care more about marketing than the very serious stakes of
these issues.\”

Last November, the European Parliament took a significant step by voting to exclude end-to-end encryption from mass surveillance mandates in the chat control legislation. This decision was celebrated as a victory for privacy advocates and was informed by a global coalition of computer security experts. These experts warned that subjecting private communications to mass scanning would create dangerous vulnerabilities exploitable by hackers and hostile nation-states.

Despite this progress, some European countries continue to push for surveillance measures under new labels, such as \”upload moderation.\” Whittaker condemned these rebranding efforts as misleading and dangerous, asserting that they still pose the same risks to encryption and privacy.

\”Mandating mass scanning of private communications fundamentally undermines encryption. Full stop,\” Signal’s President emphasized.

https://twitter.com/mer__edith/status/1802612199426306150

Broader call to action

The debate over chat control is not confined to Europe; its implications are global. Whittaker stressed that any weakening of encryption standards in Europe would have far-reaching consequences, potentially compromising the security infrastructure worldwide. She called on policymakers to heed the warnings of the expert community and prioritize the protection of encryption.

In a related statement, European MEP Patrick Breyer of the Pirate Party echoed Whittaker\'s concerns and urged immediate action. Breyer warned that the Belgian Presidency of the EU Council plans to push through chat control measures during a period of reduced public scrutiny post-elections. He emphasized the need for civil society to remain vigilant and active in opposing these measures, providing steps for citizens to contact their governments and express their opposition.

Adding to the chorus of opposition, the Chaos Computer Club (CCC) also criticized the rebranding efforts, labeling them as \”forced voluntariness.\” Linus Neumann, a spokesperson for the CCC, highlighted the deceptive nature of these proposals, noting that requiring user consent under threat of service limitations is not genuine voluntariness. The CCC reiterated that mass scanning of private communications equates to mass surveillance, regardless of the technicalities or terminology used.

As the EU Council prepares to vote on the chat control legislation, the message from privacy advocates and experts remains clear: any measure that mandates the scanning of private communications undermines the fundamental principles of encryption and poses significant risks to global security.

Things people can do to stop this legislation from passing include contacting their government’s representatives to the EU urging them to vote against chat control measures, and raising awareness online and offline about the implications of these proposals so others can join in the effort to oppose them.