TZUTC: -0500
MSGID: 1491.consprcy@1:2320/105 2d296bfd
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
The EU has never been closer to agreeing on the scanning of your private 
chats -- but how did we get here?

Date:
Thu, 11 Sep 2025 17:00:00 +0000

Description:
After several proposals, the Danish version of Chat Control is thought to 
have the best chances of becoming law since 2022, with a crucial meeting set
for September 12.

FULL STORY
======================================================================

On Friday, September 12, 2025, EU Council members are asked to share their
final position on the controversial child sexual abuse (CSAM) scanning bill. 

It's been a long ride, started in May 2022, when the EU Commission first
unveiled its Child Sexual Abuse Regulation (CSAR) proposal. The goal is
ambitious  to make the online environment safer for kids by preventing the
sharing of child sexual abuse material. Yet, the proposed system for how to 
do that, meaning the scanning of private messages, has sparked a strong 
debate among political ranks and the tech industry alike. 

Three years after failing to reach an agreement, the Danish Presidency
unveiled the latest iteration of what's become known as Chat Control on July
1, 2025. For the first time, lawmakers appear to be close to getting the
majority of countries on board. At the time of writing, 15 countries already
support the proposal, six are undecided, and only six are against. 

The Danish proposal introduces new obligations for all messaging services
operating in Europe to scan users' chats  even if they're encrypted  in the
search for both known and unknown CSAM material. 

Crucially, the mandatory scanning is expected to occur directly on the device
before messages get encrypted, targeting shared URLs, pictures, and videos.
Only governments and military accounts are excluded from the scope of the
bill. 

While acknowledging some of the improvements the Danish version has made, on
Tuesday (September 9), over 500 cryptography scientists and researchers 
signed a letter to warn the EU Council of the risks of agreeing to the
proposal in its current form. This is the third time since 2022 that experts
have urged against mandatory chat scanning. So, how did we get here? And
what's at stake?

Three years of failed attempts

As mentioned earlier, the EU Council has so far failed to craft a bill that
could attract the necessary majority for submission to the Parliament for
negotiations. Over a period of more than three years, various proposals have
been made, as Presidency after presidency attempted to find a compromise that
could work for most countries. 

As per its first version, all messaging software providers would be required
to perform indiscriminate scanning of private messages to look for CSAM. The
backlash was strong, with the European Court of Human Rights proceeding to 
ban all legal efforts to weaken the encryption of secure communications in
Europe. 

In June 2024, Belgium proposed a new, more compromising text to target only
shared photos, videos, and URLs, with users' permission. In February 2025,
Poland tried to find a better compromise by making encrypted chat scanning
voluntary and classified as "prevention." 

Fast forward to July 2025, Denmark reintroduced Chat Control as a top
legislative priority on its first day of Presidency. While keeping the 
Belgian approach of limiting scanning to URLs and multimedia files, many
experts feel that the text goes back to where it started  it reintroduces the
indiscriminate scanning of unknown CSAM material, too. 

That's most likely why former MEP for the German Pirate Party and digital
rights jurist, Patrick Breyer, deemed the Danish proposal the "more radical
version" so far, warning against the "intrusive and unreliable scanning" that
the law will create. Other experts who talked to TechRadar also agree that, 
as it stands, the regulation is too far-reaching and likely ineffective. 

Defining between consensual and non-consensual abuse material is challenging,
in fact, and even AI detection tech won't help against false positives. Also,
limiting the scanning to a certain part of the private messages could allow
criminals to easily bypass detection, ultimately creating a false sense of
security for both parents and children. 

All of this, while irremediably breaking encryption for all. As Bart Preenel,
a Belgian cryptographer, professor at Leuven University, and signatory of the
September 9 open letter, explains, while the Danish proposal mentions the
commitment to preserve end-to-end encryption protections, that technology
simply does not exist. 

"[Lawmakers] try to deny it, but encryption means that only the sender and
receiver can see the message. If anybody has looked at it [even before 
getting encrypted], then you destroy the value offered by the encryption,"
Preenel told TechRadar.

Why breaking encryption is a bad idea 

 Encryption refers to the technical infrastructure that scrambles our online
communications to prevent unauthorized access. 

Encrypted messaging apps like Signal or WhatsApp, secure email providers like
Proton Mail and Tuta , and the best VPN services all rely on end-to-end
encryption to ensure our communications remain private between the sender and
the receiver  end-to-end. 

Law enforcement bodies, however, have long argued that this level of
protection is an obstacle during investigations and have been pushing to
create an encryption backdoor (in and out of the EU) for years. 

Digital rights experts, cryptographers, and technologists keep fighting back
against this idea, though, warning that a backdoor could cause more harm than
good. Do you know? (Image credit: Tuta) German encrypted mail provider, Tuta,
is ready to drag the EU into Court if the controversial Danish CSAM scanning
bill becomes law. "We will not stand by while the EU destroys encryption,"
says Matthias Pfau, CEO of Tuta Mail. 

Talking to TechRadar, Director of Government Affairs and Advocacy at the
Internet Society, Callum Voge, explains that the proposed "client-side
scanning" system would not only violate people's right to privacy and
confidentiality, but also inevitably introduce new vulnerabilities that both
law enforcement and cybercriminals will be able to exploit. 

"This is a very big threat to national security in the EU. A weakness that 
the EU should not be creating at all," said Voge. "Given the current
geopolitical situation, we think governments should really be encouraging 
more encryption, not trying to weaken it, or undermine it." 

He's certainly not alone in feeling this way. Both the Swedish Armed Forces
and the Netherlands Intelligence Agency have stressed that circumventing
encryption creates too great a national security risk, arguing that hostile
nations would exploit new technologies to attack European users. Yet, while
the Netherlands is currently opposing the bill in the Council, Sweden is 
among the supporters. 

"What's very telling of the Danish proposal is that government and military
accounts are exempt from scanning. So, clearly [lawmakers] understand there's
a security risk, but they think that risk is acceptable for the public but 
not acceptable for themselves," Voge added. 

Beyond national security, concerns include the potential for indiscriminate
surveillance against all EU citizens. 

As Voge puts it, "If breaking encryption is like a letter going to the post
office and someone rips it open and reads what's inside, then client-side
scanning is like someone reads the letter over your shoulder as you write it.
Crucially, once the system is created, it's very easy to expand it to scan 
for anything you want."

Friday is the day EU members need to share their final positions on the 
Danish Chat Control proposals. Another meeting with the EU Justice Minister 
is also set for October 14, but that's just a formal sign-off, with the
country's positions expected to remain unchanged. 

If successful, the CSAR bill will finally land in the European Parliament to
be discussed as part of the trilogue negotiations, alongside the EU Council
and Commission. 

Despite the list of countries opposing the law growing , support for Chat
Control remains strong, with 15 countries supporting the proposal (including
crucial members like France, Italy, and Spain) against six opposing the law
(Austria, Belgium, the Czech Republic, Finland, the Netherlands, and Poland),
and six still undecided (Germany, Estonia, Greece, Luxembourg, Romania, and
Slovenia), according to the latest data. 

Among the latter group, Germany is thought to be the deciding factor  and 
it's making Chat Control's critics worried. 

As Voge from the Internet Society explains, Germany is key because there's a
new government in charge. The previous government was indeed very
pro-encryption  seeking to make encryption a legal right at home, while
strongly opposing mandatory scanning in the block. Yet, the new 
administration "is giving very mixed messages and no one can definitively say
what's going to happen on Friday," Voge added. 

What's certain, however, is that the Chat Control is far from being the only
proposal threatening encryption protections in the EU. 

Commenting on this point, Preenel told TechRadar: "There is enormous pressure
to get access to encrypted data: it's not only the CSAM case, there is also
the ProtectEU document. That's the real debate, and I think that CSAM is used
as an excuse to open the door."
======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/the-eu-has-never-been-close
r-to-agreeing-on-the-scanning-of-your-private-chats-but-how-did-we-get-here
$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426