Brussels faces privacy crossroads over encryption backdoors
- Reference: 1757588410
- News link: https://www.theregister.co.uk/2025/09/11/eu_chat_control/
- Source link:
Representatives from member states will meet on Friday to consider [1]legislation critics call Chat Control, aka "laying down rules to prevent and combat child sexual abuse," which seeks to require ISPs or messaging app providers to scan user content or backdoor encryption so that intelligence agencies can do it themselves. It's the latest attempt in a three-year campaign by some in the community to allow government agencies unprecedented access to private communications.
The proposed legislation has been [2]in the works since 2022 but immediately drew fire from security professionals. After being rejected by EU member states repeatedly, this latest attempt has come at the request of the Danish delegation, which currently holds the EU presidency, and should go to a full vote next month.
[3]
An [4]open letter signed by more than 600 security academics, practitioners, and stakeholders has called on the proposals to be dropped and claimed they are unworkable and highly intrusive. It also points out that the false positive detection rate for such a serious crime is unacceptable and could lead to many people being unfairly smeared.
[5]
[6]
One signatory, Matthew Green, associate professor of computer science at the Johns Hopkins Information Security Institute, told The Register that the plans, if implemented, would be a "national security disaster."
He pointed out that if encryption backdoors were implemented, adversarial nations would see it as a "Manhattan Project" which could be used to expose all data, and if client-side scanning was used then it would create a privacy nightmare.
[7]
The revised legislative proposals call for systems to be set up to find all current "and new" forms of CSAM, but decline to give any guidance as to how this seemingly impossible task would be achieved. Government and military communications would be exempt from the plan.
"It is science fiction," fellow signatory Bart Preneel, the Belgian cryptographer and former president of the International Association for Cryptologic Research, told us. "The latest draft extends the detection order to new CSAM – it is assumed that AI can do this in a reliable way 'quod non.'" This is a Latin term loosely translated as "which it does not."
While there are plenty of companies that would love to provide this service, they lack the technical expertise to do so, he pointed out. Also, the best estimates show around a 10 percent false positive rate for client-side scanning – which could see a huge number of people accused of crimes they didn't commit.
[8]EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians
[9]European Court of Human Rights declares backdoored encryption is illegal
[10]German Digital Affairs Committee hearing heaps scorn on Chat Control
[11]Scanning phones to detect child abuse evidence is harmful, 'magical' thinking
If passed, the legislation would require encrypted app makers like WhatsApp, iMessage, Signal, Telegram, and Tuta to find ways to enforce such scanning – something they have neither the ability nor the desire to do.
Similar legislation has [12]passed in the UK, but with an admission that the plans for message scanning are unworkable at the moment. Attempts to enforce them have failed, and drawn the ire of the US government, which has [13]warned it would not look on such proposals favorably.
[14]
Signal, possibly the gold standard of end-to-end encrypted services, has said it will fight any moves to enforce such rules. Tuta spokesperson Hanna Bozakov told us that the company would not comply and would consider moving outside the EU if the legislation passed, but only after fighting it in the courts.
"First of all, we will sue, because we are pretty certain that this will not stand up in court," she said. "You can't do this because we have privacy rights in the EU Constitution, and you can't just overwrite this."
However, sources told The Register that some EU members might be getting cold feet about the plans. Two people told us that the German delegation, which has previously been [15]highly skeptical of the proposals, could ask for a delay for further consideration. We'll see on Friday what happens. ®
Get our [16]Tech Resources
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52022PC0209
[2] https://www.theregister.com/2022/05/12/eu_encryption_csam/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aMLyFqRR5ifQvEwfL4U7QwAAAE4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://csa-scientist-open-letter.org/Sep2025
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aMLyFqRR5ifQvEwfL4U7QwAAAE4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aMLyFqRR5ifQvEwfL4U7QwAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aMLyFqRR5ifQvEwfL4U7QwAAAE4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2024/06/18/signal_eu_upload_moderation/
[9] https://www.theregister.com/2024/02/15/echr_backdoor_encryption/
[10] https://www.theregister.com/2023/03/03/german_digital_committee_hearing_heaps/
[11] https://www.theregister.com/2022/10/13/clientside_scanning_csam_anderson/
[12] https://www.theregister.com/2023/10/27/online_safety_act_charles/
[13] https://www.theregister.com/2025/08/22/ftc_us_censorship/
[14] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aMLyFqRR5ifQvEwfL4U7QwAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[15] https://www.theregister.com/2023/03/03/german_digital_committee_hearing_heaps/
[16] https://whitepapers.theregister.com/
Re: They work for us?
It's clear they work to control us. To restrain us. To make us their obedient slaves.
It has always been like this, because once you are in power you want to maintain that power and the only way to do it is crush the people under your heel, make them work for you (taxes), make them die for you (war).
Total control of communications is the second best thing to mind control, and since the second is not (yet) available, they'll go with the first.
And of course AI (paid by our taxes) will help them do it. And if it's sometimes wrong, who cares? Maybe some poor person will end up in prison for life, but who cares?
Re: They work for us?
Total control of communications is the second best thing to mind control, and since the second is not (yet) available, they'll go with the first.
Social media is mind control. Look around at the mindless drones walking/driving with their eyes glued to the screen.
Re: They work for us?
No... just themselves... as always...
It won't stop with scanning for child abuse
Scanning for anti-EU sentiment will be somewhere on the list.
Re: It won't stop with scanning for child abuse
Please don't reflect China's reality onto the E.U.
Re: It won't stop with scanning for child abuse
Just wait for it. It's not China anymore, it's the whole world that is going in that direction, and maybe they are right, since China is THE superpower right now.
Hidden agenda
It's not "about protecting children". That's just a familiar device which allows the politicians to demonise anyone who would dare criticise the idea.
This is yet another step along the road to the world wide panopticon where your opinions will land you in jail if the politicians don't like them. Dissent will not be tolerated!
If this truly comes to pass, the first thing I'll be getting rid of is any mobile phone new enough to be updated to include client side scanning. Then, my e-mail account will be hosted outside the EU. Any web sites I run will also be relocated. Like the elves, my data will leave these shores for somewhere much safer.
You'd think, at this time when we should be trying to divorce EU tech from an unreliable and hostile USA, that even the EU politicians could see that the only consequences of this draconian idea would be to push EU citizens straight into the arms of US technology companies.
Re: Hidden agenda
>> It's not "about protecting children". That's just a familiar device which allows the politicians to demonise anyone who would dare criticise the idea.
Amen. The press are fully on board with this.
Re: Hidden agenda
The vast majority of journalists are anything but. They are compliant, useful idiots for uncritically regurgitating propaganda to further the politician's agendas.
True journalism will not be found in any old media company any more.
Re: Hidden agenda
All nice and cozy, but where outside the EU? USA? China? Russia?
If this goes through, not only children will be fucked.
In fact, childer will be fucked anyway by the people who are exempt from this bullshit anyway. Because this is for US plebs, not for THEM aristocrats.
Yeah
"If passed, the legislation would require encrypted app makers like WhatsApp, iMessage, Signal, Telegram, and Tuta to find ways to enforce such scanning – something they have neither the ability nor the desire to do."
Reality doesnt matter this is politics and trying to obtain more control. It doesnt matter if its unworkable, dangerous and stupid, when does that stop government?
Now relate this article to the other one trying to get people to move their data away from the big bad US and into the EU.
I doubt it will pass but...
if it does we just need to have some innocent 'false positives', make them go viral and then let the fun begin.
With all the muppets addicted to socials, some adversarial pictures can be shared on regular bases by millions without them even knowing.
Doesn't really fixex teh problem if the goal is backdooring encryption for 'general use' though
First steps towards EU version of the Online Safety Act and can't they see how flawed and overreaching this disastrous piece of broken law is, for a few bleeding hearts that constantly bang the "think of the children" drum to suppress freedoms. If security services can't find paedo's online then what hope of nation states professional spies and hackers ?
Two Items Of Misdirection In El Reg.......
Item #1: Quote: "...if client-side scanning was used..."
(a) What do you mean "if"? Both NSO/Pegasus and Paragon/Graphite
provide "client-side scanning" at the drop of some malware!!!
(b) ...and anyway the use of the phrase "client-side" is pure misdirection
since the scanning has to be based on HUGE server-based databases!!
====
Item #2: Quote: "...if encryption backdoors were implemented..."
What do you mean "if"? Who says that "encryption backdoors" are NOT ALREADY IMPLEMENTED?
.....maybe not by Signal.....but by other service providers?
====
Quote (William Burroughs): The paranoid is a person who knows a little of what is going on.
Convenient exemption
"Government and military communications would be exempt from the plan."
I wonder why. If the backdoors are so safe, and those with nothing to hide have nothing to fear, then these rules should apply to everyone. It would be interesting to see how politicians' attitudes change, given the prospect of their own communications being scrutinised.
Cashless society
Meanwhile, tracking your every movement and purchase. What else is big data for? Profiling is the name of the game.
Of course, avoidence of being profiled sits in its own profile category.
I'm not paranoid! They're after all of us.
They work for us?
Never trust the government. Ever. Their agenda is not your agenda.