Chat Control

• How to Protect Children Online Without Violating Privacy?
  • What Is Chat Control and Why Is It Controversial?
  • Hash-Based Detection: A Limited Solution
  • Better Solutions for Protecting Children
    • 1. Prevention and Education
    • 2. Targeted Investigations and International Cooperation
    • 3. Stricter Action Against Dark Web Sites
    • 4. Enhanced Platform Moderation
    • 5. Privacy-Preserving Technologies
    • 6. Support for Victims
  • Conclusion: Finding the Balance

How to Protect Children Online Without Violating Privacy?

If you’re not living under a rock, you’ve probably heard about Chat Control, the controversial EU proposal aimed at combating the spread of child sexual abuse material (CSAM) and online child exploitation. While the goal is noble, the plan to scan private communications, including breaking end-to-end encryption, has sparked fears of mass surveillance and privacy violations. Moreover, the majority of CSAM is shared on the dark web, where Chat Control’s measures are largely irrelevant, as perpetrators operate beyond the reach of such regulations. Is it possible to protect children online while preserving privacy? One option is searching for hashes of known illegal images, but there are better alternatives. This article explores the issue and offers solutions.

What Is Chat Control and Why Is It Controversial?

Chat Control is an EU legislative proposal designed to detect and prevent the spread of CSAM and child exploitation online. It mandates scanning private communications (e.g., WhatsApp messages, emails, or cloud storage) using algorithms to identify suspicious content, potentially bypassing end-to-end encryption. Critics, including Czech Prime Minister Petr Fiala and Interior Minister Vít Rakušan, warn that it threatens privacy:

• Mass Surveillance: Scanning private communications violates the EU Charter of Fundamental Rights and endangers the privacy of millions.
• Encryption Weakening: The proposal could undermine end-to-end encryption, increasing risks of data breaches by hackers or state actors.
• Algorithm Errors: Automated systems may misidentify innocent content (e.g., family photos), leading to false accusations.
• Dark Web Irrelevance: The majority of CSAM is distributed on the dark web, where perpetrators use encrypted networks like Tor that are unaffected by Chat Control’s proposed scanning of mainstream platforms.

The Czech Republic opposes Chat Control in its current form and is seeking allies to form a blocking minority in the EU.

Hash-Based Detection: A Limited Solution

One less invasive approach is hash-based detection of known illegal images from police databases. Here’s how it works:

• Hashing: Each image has a unique digital fingerprint (hash) compared against a database of known CSAM (e.g., managed by Interpol or NCMEC). However, this can be easily bypassed by cropping or modifying the image, which changes the hash, rendering the detection ineffective.
• Scanning: Technologies like Microsoft’s PhotoDNA can detect matches on devices or servers without human intervention.
• Advantages:
  • Focuses only on known illegal content.
  • Less invasive than scanning text messages.
• Disadvantages:
  • Bypass Vulnerability: Cropping, resizing, or editing images alters the hash, allowing perpetrators to evade detection.
  • Error Rates: Algorithms have a 1–10% error rate, potentially leading to millions of false positives with billions of messages.
  • Database Misuse: Hash databases could be expanded to include other content (e.g., political material), risking abuse.
  • Encryption Risks: Client-side scanning could create security vulnerabilities exploitable by hackers or governments.
  • Limited Scope: Hash-based detection is ineffective against new CSAM or content shared on the dark web, where most illegal activity occurs.

While hash-based detection is less problematic than blanket scanning, its vulnerabilities, particularly the ease of bypassing through image modifications, make it an imperfect solution.

Better Solutions for Protecting Children

There are more effective and less invasive alternatives that better balance child protection with privacy, particularly by addressing the dark web’s role. Here are six key approaches:

1. Prevention and Education

• Why It’s Better: Most child abuse comes from people known to the child, not anonymous online predators. Education reduces risks proactively.
• How to Implement:
  • Programs like the Czech “Nedej se” campaign teach children to recognize online dangers.
  • Parental control apps (e.g., Qustodio, Google Family Link) allow voluntary monitoring of children’s online activity.
  • Training teachers to spot signs of abuse.
• Advantages: Non-invasive, promotes digital literacy.
• Disadvantages: Requires long-term investment.

2. Targeted Investigations and International Cooperation

• Why It’s Better: CSAM is predominantly shared on the dark web or poorly moderated platforms. Targeted actions against these networks are more effective than mass surveillance of mainstream platforms.
• How to Implement:
  • Use Interpol and Europol databases with AI to identify perpetrators on the dark web.
  • Operations like Europol’s Operation Cathedral show success in dismantling CSAM networks.
  • Limit communication monitoring to specific suspects with court orders, as suggested by MEP Tomáš Zdechovský.
• Advantages: Minimizes privacy intrusions, focuses on actual criminals in dark web ecosystems.
• Disadvantages: Requires significant resources and international coordination.

3. Stricter Action Against Dark Web Sites

• Why It’s Better: The dark web is the primary hub for CSAM distribution, yet it remains largely untouched by proposals like Chat Control. Governments should prioritize cracking down on these sites with severe punishments to deter perpetrators.
• How to Implement:
  • Increase law enforcement resources to infiltrate and shut down dark web marketplaces hosting CSAM.
  • Impose harsh penalties, such as 40-year prison sentences, for those convicted of producing, distributing, or possessing CSAM to send a strong deterrent message.
  • Enhance international collaboration to track and prosecute dark web offenders across borders.
• Advantages: Directly targets the core of the problem, deters future crimes through severe consequences.
• Disadvantages: Dark web investigations are technically complex and resource-intensive.

4. Enhanced Platform Moderation

• Why It’s Better: While the dark web is a major hub, some CSAM still appears on public platforms. Strengthening moderation here is less invasive than scanning private messages.
• How to Implement:
  • Use technologies like PhotoDNA to detect CSAM on social media and cloud storage.
  • Enforce stricter regulations on platforms to remove illegal content quickly.
  • Expand anonymous reporting systems like the Czech www.internethotline.cz.
• Advantages: Respects privacy, targets public spaces where some CSAM appears.
• Disadvantages: Costly for platforms and doesn’t address dark web content.

5. Privacy-Preserving Technologies

• Why It’s Better: Technologies can detect illegal content without breaking end-to-end encryption, potentially adaptable to dark web challenges.
• How to Implement:
  • Homomorphic Encryption: Analyze encrypted data without decrypting it.
  • Federated Learning: Train AI models on devices without transferring data.
  • Zero-Knowledge Proofs: Verify content compliance without revealing details.
• Advantages: Preserves privacy and security.
• Disadvantages: Technologies are still developing and expensive.

6. Support for Victims

• Why It’s Better: Helping victims and preventing repeat abuse is more effective than reactive scanning, regardless of where CSAM is shared.
• How to Implement:
  • Expand helplines like the Czech Linka bezpečí for children and parents.
  • Invest in therapy and rehabilitation for victims.
  • Improve collaboration between police, schools, and social services.
• Advantages: Addresses the human aspect, reduces long-term harm.
• Disadvantages: Resource-intensive.

Conclusion: Finding the Balance

Hash-based detection is less invasive than scanning all communications but is severely limited by its vulnerability to simple image modifications like cropping, which changes the hash, as well as errors, database misuse risks, and ineffectiveness against new CSAM or dark web content, where the majority of illegal material is shared. Better solutions combine prevention (education, parental controls), targeted investigations (court-ordered actions, dark web-focused international cooperation), stricter dark web enforcement (harsh penalties like 40-year sentences), platform moderation (PhotoDNA, anonymous reporting), and innovative technologies (homomorphic encryption). These approaches are more effective, addressing root causes while respecting privacy.

In the Czech Republic, initiatives like “Nedej se”, Linka bezpečí, and www.internethotline.cz pave the way for a safer internet without mass surveillance. The key is balancing child protection with fundamental rights, especially by targeting the dark web, where Chat Control has little impact and stricter government action is urgently needed.