{"id":872186,"date":"2025-09-11T21:11:56","date_gmt":"2025-09-12T02:11:56","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/09\/11\/chat-control-eu-to-decide-on-requirement-for-tech-firms-to-scan-encrypted-messages\/"},"modified":"2025-09-11T21:11:56","modified_gmt":"2025-09-12T02:11:56","slug":"chat-control-eu-to-decide-on-requirement-for-tech-firms-to-scan-encrypted-messages","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/09\/11\/chat-control-eu-to-decide-on-requirement-for-tech-firms-to-scan-encrypted-messages\/","title":{"rendered":"Chat Control: EU to decide on requirement for tech firms to scan encrypted messages"},"content":{"rendered":"<section id=\"content-body\">\n<p>Law enforcement experts and policymakers are <a href=\"https:\/\/www.consilium.europa.eu\/en\/meetings\/mpo\/2025\/9\/law-enforcement-wp-lewp-police-(358097)\/\">due to meet on 12 September<\/a> to decide on proposals to require technology companies, such as Signal and WhatsApp, to scan all encrypted messages and communications before they are transmitted.<\/p>\n<p>The Danish presidency of the EU Council is pushing for a vote on the proposals, dubbed \u201cChat Control\u201d \u2013 which advocate mass scanning of mobile phones and computers to identify suspected child abuse material sent by encrypted communications services used by the pubic \u2013 by 14 October.<\/p>\n<p>More than 500 cryptographers and security researchers signed an <a href=\"https:\/\/csa-scientist-open-letter.org\/Sep2025\">open letter<\/a> on 9 September, warning that the proposals are technically unfeasible and would \u201ccompletely undermine\u201d the security and privacy of all European citizens by creating vulnerabilities that could be exploited by hackers and hostile nation states.<\/p>\n<p>The encrypted messaging service WhatsApp is among the technology companies to have raised concerns about the European Union\u2019s (EU) draft proposals.<\/p>\n<p>\u201cThe latest proposal from the presidency of the Council of the EU breaks end-to-end encryption and puts everyone\u2019s privacy, freedom and digital security at risk,\u201d a spokesperson told Computer Weekly.<\/p>\n<section data-menu-title=\"Denmark\u2019s compromise\">\n<h2><i data-icon=\"1\"><\/i>Denmark\u2019s compromise<\/h2>\n<p>The European Commission first put forward proposals to mandate tech companies to scan emails and messages for potential child abuse content in 2022, but the plans were put on hold after they were blocked by a minority of member states amid concerns the proposals would damage the security and privacy of EU citizens.<\/p>\n<p><span data-teams=\"true\">The Danish presidency proposed a <a title=\"https:\/\/netzpolitik.org\/wp-upload\/2025\/07\/2025-07-01_council_presidency_lewp_csa-r_compromise-texts_10131.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/netzpolitik.org\/wp-upload\/2025\/07\/2025-07-01_Council_Presidency_LEWP_CSA-R_Compromise-texts_10131.pdf\" id=\"menuri9u\" aria-label=\"Link compromise\">compromise<\/a> in July 2025, which sought to strike a balance between maintaining the security of encrypted communications services and identifying potentially illegal content.<\/span><\/p>\n<p>The Danish draft asserts that nothing in the proposed regulation should be \u201cinterpreted as prohibiting, weakening or circumventing\u201d encryption, and expressly permits technology companies to continue to offer end-to-end encrypted services.<\/p>\n<p>But it also requires technology companies to introduce \u201cvetted technologies\u201d on phones and computers to scan messages for images, videos or URLs that could be associated with known child abuse content before they are encrypted and transmitted.<\/p>\n<p>Tech companies will also be required to deploy artificial intelligence (AI) and machine learning algorithms to detect previously unknown abuse images.<\/p>\n<p>As of 10 September, some 15 member states supported the Danish proposals, with six member states undecided and six in opposition.<\/p>\n<p>Dissenters include Belgium, Poland, Finland and the Czech Republic, which have raised concerns about the mass surveillance of citizens\u2019 communications.<\/p>\n<p>Supporters include France, Italy, Spain and Sweden. Germany is as yet undecided. Each member state receives votes based on the number of representatives it has, with large countries having more sway over the final decision.<\/p>\n<\/section>\n<section data-menu-title=\"Suspicionless mass surveillance\">\n<h2><i data-icon=\"1\"><\/i>Suspicionless mass surveillance<\/h2>\n<ul><\/ul>\n<p>Opponents claim that Chat Control effectively introduces \u201csuspicionless\u201d mass surveillance for hundreds of millions of Europeans.<\/p>\n<p>In their open letter this week, cryptographers and security researchers warned that on-device detection, also known as client-side scanning, \u201cinherently undermines the protections\u201d of end-to-end encryption without any guarantee that it would improve protection for children.<\/p>\n<p>The detection mechanism would become a high-value target for hackers and hostile nation states, which could reconfigure it to target other types of data, such as people\u2019s financial or political interests, they said.<\/p>\n<p>It would also undermine the security of encrypted messaging apps, such as WhatsApp and Signal, which are used by politicians, journalists, human rights workers, EU civil servants and law enforcement officers, as well as ordinary citizens, the letter stated.<\/p>\n<p>The new proposals \u201cunequivocally violate\u201d the principles of end-to-end encryption and will weaken its protection, \u201cthreatening the public\u2019s right to privacy,\u201d the scientists warned, arguing there could be potentially serious consequences for democracy and national security.<\/p>\n<p>Once introduced, scanning technology could be repurposed by less democratic regimes to monitor dissidents and opponents, or to censor communications, the security researchers claimed.<\/p>\n<p>\u201cThe new proposals, similar to its predecessors, will create unprecedented capabilities for surveillance, control and censorship, and have an inherent risk for function creep by less democratic regimes,\u201d they added.<\/p>\n<\/section>\n<section data-menu-title=\"Risk of people being wrongly targeted\">\n<h2><i data-icon=\"1\"><\/i>Risk of people being wrongly targeted<\/h2>\n<p>The Danish proposals could put large numbers of innocent people at risk of investigation for sending images wrongly identified as suspicious, the security researchers, representing 30 countries, warned.<\/p>\n<p>\u201cExisting research confirms that state-of-the-art detectors would yield unacceptably high false positive and false negative rates, making them unsuitable for large-scale detection campaigns at the scale of hundreds of millions of users,\u201d the letter stated.<\/p>\n<p>Proposals for Chat Control to use AI and machine learning to identify unknown abuse images are also flawed, the scientists claimed, as \u201cthere is no known machine-learning algorithm that can identify illegal images without making large numbers of mistakes\u201d.<\/p>\n<\/section>\n<section data-menu-title=\"Encrypted messaging services react\">\n<h2><i data-icon=\"1\"><\/i>Encrypted messaging services react<\/h2>\n<p>German encrypted email provider Tuta Mail said that if the EU\u2019s Chat Control proposals are adopted, it would take legal action against the EU rather than betray its users by introducing backdoors into its encrypted messaging service.<\/p>\n<p>CEO Matthias Pfau said the proposals would undermine trust in European technology. \u201cBy forcing providers to break encryption and enable mass surveillance, the EU would kill trust in European products and drive users to foreign tech giants,\u201d he added.<\/p>\n<p>Alexander Linton, president of the Session Technology Foundation, another encrypted messaging service, said it was not possible to introduce scanning without creating new security risks.<\/p>\n<p>The Danish proposal states that scanning technologies that introduce security risks that cannot be mitigated should not be used, but Linton said this was not technically possible.<\/p>\n<p>\u201cNone of the technologies available achieve this standard \u2013 all client-side scanning technologies introduce new unmitigable risks,\u201d<i>\u00a0<\/i>he added.<\/p>\n<\/section>\n<section data-menu-title=\"Backdoors could be used by bad actors\">\n<h2><i data-icon=\"1\"><\/i>Backdoors could be used by bad actors<\/h2>\n<p>Matthew Hodgson, CEO of Element, a secure communications platform used by European governments, said the proposed Chat Control regulation was fundamentally flawed and would put the privacy and data of 450 million citizens at risk.<\/p>\n<p>\u201cUndermining encryption by introducing a backdoor for lawful intercept is nothing other than deliberately introducing a vulnerability, and they always get exploited in the end,\u201d he added.<\/p>\n<p>A years-long Chinese hacking operation, dubbed <a href=\"https:\/\/www.computerweekly.com\/news\/366616972\/Government-agencies-urged-to-use-encrypted-messaging-after-Chinese-Salt-Typhoon-hack\">Salt Typhoon<\/a>, used law enforcement backdoors in the US public telephone network to access call records and unencrypted communications of US citizens.<\/p>\n<p>\u201cThe US is still urging its citizens into end-to-end encrypted systems as a result,\u201d Hodgson told Computer Weekly.<\/p>\n<p>Signal <a href=\"https:\/\/x.com\/mer__edith\/status\/1796508893822238881\">warned last year<\/a> that it would pull its messaging service out of the European Union rather than undermine its privacy guarantees.<\/p>\n<p>Callum Voge, director for government affairs and advocacy at the Internet Society, a non-profit organisation, said client-side scanning created opportunities for bad actors to reverse engineer and corrupt scanning databases on devices.<\/p>\n<p>\u201cIf breaking encryption is like having the envelope ripped open while a letter goes through the Post Office, client-side scanning would be like someone reading over your shoulder as you write the letter,\u201d he told Computer Weekly.<\/p>\n<p>He said that even if AI scanning were 99.5% effective at identifying abuse, it would lead to billions of wrong identifications every day.<\/p>\n<p>\u201cThat is a huge number that could overwhelm the system, but also lead to innocent people incorrectly being labelled as sharing illegal child abuse material,\u201d he added.<\/p>\n<\/section>\n<section data-menu-title=\"No \u2018technical fix\u2019\">\n<h2><i data-icon=\"1\"><\/i>No \u2018technical fix\u2019<\/h2>\n<p>The scientists argue that, rather than relying on a \u201ctechnical fix\u201d, governments should invest in education, reporting hotlines and other proven techniques for tackling abuse.<\/p>\n<p>Voge told Computer Weekly that policymakers should prioritise approaches that protect children but also foster the open and trusted internet.<\/p>\n<p>\u201cThat means more resources spent on targeted approaches \u2013 things like court-authorised investigations, metadata analysis, cross-border cooperation, support for victims, prevention and media literacy training,\u201d he added.<\/p>\n<p>Apple dropped its own plans to introduce client-side scanning to detect child abuse on the iPhone after the world\u2019s top scientists published a paper that found the supplier\u2019s attempts would not be effective against crime or protect against surveillance.<\/p>\n<\/section>\n<\/section>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/366630597\/Chat-Control-EU-to-decide-on-requirement-for-tech-firms-to-scan-encrypted-messages\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Alejandro Geddes<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Law enforcement experts and policymakers are due to meet on 12 September to decide on proposals to require technology companies, such as Signal and WhatsApp, to scan all encrypted messages and communications before they are transmitted. The Danish presidency of the EU Council is pushing for a vote on the proposals, dubbed \u201cChat Control\u201d \u2013<\/p>\n","protected":false},"author":1,"featured_media":872187,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4250,62862,46],"tags":[],"class_list":{"0":"post-872186","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-control","8":"category-requirement","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/872186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=872186"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/872186\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/872187"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=872186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=872186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=872186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}