The EU has never been closer to agreeing on the scanning of your private
chats -- but how did we get here?

Date:
Thu, 11 Sep 2025 17:00:00 +0000

Description:
After several proposals, the Danish version of Chat Control is thought to
have the best chances of becoming law since 2022, with a crucial meeting set for September 12.

FULL STORY ======================================================================

On Friday, September 12, 2025, EU Council members are asked to share their final position on the controversial child sexual abuse (CSAM) scanning bill.

It's been a long ride, started in May 2022, when the EU Commission first unveiled its Child Sexual Abuse Regulation (CSAR) proposal. The goal is ambitious to make the online environment safer for kids by preventing the sharing of child sexual abuse material. Yet, the proposed system for how to
do that, meaning the scanning of private messages, has sparked a strong
debate among political ranks and the tech industry alike.

Three years after failing to reach an agreement, the Danish Presidency
unveiled the latest iteration of what's become known as Chat Control on July
1, 2025. For the first time, lawmakers appear to be close to getting the majority of countries on board. At the time of writing, 15 countries already support the proposal, six are undecided, and only six are against.

The Danish proposal introduces new obligations for all messaging services operating in Europe to scan users' chats even if they're encrypted in the search for both known and unknown CSAM material.

Crucially, the mandatory scanning is expected to occur directly on the device before messages get encrypted, targeting shared URLs, pictures, and videos. Only governments and military accounts are excluded from the scope of the
bill.

While acknowledging some of the improvements the Danish version has made, on Tuesday (September 9), over 500 cryptography scientists and researchers
signed a letter to warn the EU Council of the risks of agreeing to the
proposal in its current form. This is the third time since 2022 that experts have urged against mandatory chat scanning. So, how did we get here? And
what's at stake?

Three years of failed attempts

As mentioned earlier, the EU Council has so far failed to craft a bill that could attract the necessary majority for submission to the Parliament for negotiations. Over a period of more than three years, various proposals have been made, as Presidency after presidency attempted to find a compromise that could work for most countries.

As per its first version, all messaging software providers would be required
to perform indiscriminate scanning of private messages to look for CSAM. The backlash was strong, with the European Court of Human Rights proceeding to
ban all legal efforts to weaken the encryption of secure communications in Europe.

In June 2024, Belgium proposed a new, more compromising text to target only shared photos, videos, and URLs, with users' permission. In February 2025, Poland tried to find a better compromise by making encrypted chat scanning voluntary and classified as "prevention."

Fast forward to July 2025, Denmark reintroduced Chat Control as a top legislative priority on its first day of Presidency. While keeping the
Belgian approach of limiting scanning to URLs and multimedia files, many experts feel that the text goes back to where it started it reintroduces the indiscriminate scanning of unknown CSAM material, too.

That's most likely why former MEP for the German Pirate Party and digital rights jurist, Patrick Breyer, deemed the Danish proposal the "more radical version" so far, warning against the "intrusive and unreliable scanning" that the law will create. Other experts who talked to TechRadar also agree that,
as it stands, the regulation is too far-reaching and likely ineffective.

Defining between consensual and non-consensual abuse material is challenging, in fact, and even AI detection tech won't help against false positives. Also, limiting the scanning to a certain part of the private messages could allow criminals to easily bypass detection, ultimately creating a false sense of security for both parents and children.

All of this, while irremediably breaking encryption for all. As Bart Preenel,
a Belgian cryptographer, professor at Leuven University, and signatory of the September 9 open letter, explains, while the Danish proposal mentions the commitment to preserve end-to-end encryption protections, that technology simply does not exist.

"[Lawmakers] try to deny it, but encryption means that only the sender and receiver can see the message. If anybody has looked at it [even before
getting encrypted], then you destroy the value offered by the encryption," Preenel told TechRadar.

Why breaking encryption is a bad idea

Encryption refers to the technical infrastructure that scrambles our online communications to prevent unauthorized access.

Encrypted messaging apps like Signal or WhatsApp, secure email providers like Proton Mail and Tuta , and the best VPN services all rely on end-to-end encryption to ensure our communications remain private between the sender and the receiver end-to-end.

Law enforcement bodies, however, have long argued that this level of
protection is an obstacle during investigations and have been pushing to
create an encryption backdoor (in and out of the EU) for years.

Digital rights experts, cryptographers, and technologists keep fighting back against this idea, though, warning that a backdoor could cause more harm than good. Do you know? (Image credit: Tuta) German encrypted mail provider, Tuta, is ready to drag the EU into Court if the controversial Danish CSAM scanning bill becomes law. "We will not stand by while the EU destroys encryption,"
says Matthias Pfau, CEO of Tuta Mail.

Talking to TechRadar, Director of Government Affairs and Advocacy at the Internet Society, Callum Voge, explains that the proposed "client-side scanning" system would not only violate people's right to privacy and confidentiality, but also inevitably introduce new vulnerabilities that both law enforcement and cybercriminals will be able to exploit.

"This is a very big threat to national security in the EU. A weakness that
the EU should not be creating at all," said Voge. "Given the current geopolitical situation, we think governments should really be encouraging
more encryption, not trying to weaken it, or undermine it."

He's certainly not alone in feeling this way. Both the Swedish Armed Forces
and the Netherlands Intelligence Agency have stressed that circumventing encryption creates too great a national security risk, arguing that hostile nations would exploit new technologies to attack European users. Yet, while
the Netherlands is currently opposing the bill in the Council, Sweden is
among the supporters.

"What's very telling of the Danish proposal is that government and military accounts are exempt from scanning. So, clearly [lawmakers] understand there's
a security risk, but they think that risk is acceptable for the public but
not acceptable for themselves," Voge added.

Beyond national security, concerns include the potential for indiscriminate surveillance against all EU citizens.

As Voge puts it, "If breaking encryption is like a letter going to the post office and someone rips it open and reads what's inside, then client-side scanning is like someone reads the letter over your shoulder as you write it. Crucially, once the system is created, it's very easy to expand it to scan
for anything you want."

Friday is the day EU members need to share their final positions on the
Danish Chat Control proposals. Another meeting with the EU Justice Minister
is also set for October 14, but that's just a formal sign-off, with the country's positions expected to remain unchanged.

If successful, the CSAR bill will finally land in the European Parliament to
be discussed as part of the trilogue negotiations, alongside the EU Council
and Commission.

Despite the list of countries opposing the law growing , support for Chat Control remains strong, with 15 countries supporting the proposal (including crucial members like France, Italy, and Spain) against six opposing the law (Austria, Belgium, the Czech Republic, Finland, the Netherlands, and Poland), and six still undecided (Germany, Estonia, Greece, Luxembourg, Romania, and Slovenia), according to the latest data.

Among the latter group, Germany is thought to be the deciding factor and
it's making Chat Control's critics worried.

As Voge from the Internet Society explains, Germany is key because there's a new government in charge. The previous government was indeed very pro-encryption seeking to make encryption a legal right at home, while strongly opposing mandatory scanning in the block. Yet, the new
administration "is giving very mixed messages and no one can definitively say what's going to happen on Friday," Voge added.

What's certain, however, is that the Chat Control is far from being the only proposal threatening encryption protections in the EU.

Commenting on this point, Preenel told TechRadar: "There is enormous pressure to get access to encrypted data: it's not only the CSAM case, there is also
the ProtectEU document. That's the real debate, and I think that CSAM is used as an excuse to open the door." ======================================================================
Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/the-eu-has-never-been-close r-to-agreeing-on-the-scanning-of-your-private-chats-but-how-did-we-get-here
$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)