How a Child Protection Law could destroy privacy as we know it
In October 2025, the European Union may adopt one of the most controversial digital surveillance laws in its history: the Chat Control regulation, officially framed as a measure to combat child sexual abuse material (CSAM).
On the surface, the goal is commendable. In practice, the proposed methods — mandatory scanning of all private messages, even encrypted ones, before they are sent — raise profound questions about privacy, secure communications, and the risk of authoritarian overreach.
Pushed aggressively by Denmark’s EU Presidency, this proposal could be adopted as early as October 14th 2025, despite repeated warnings from experts, advocates, even EU’s own legal services.
Yet, as leaked documents from former German Pirate Party MEP Patrick Breyer reveal, many countries that opposed the law in 2024 are now wavering or supportive, even though the latest version is more extreme than ever.
Why is it a problem
At the heart of the proposal lies client-side scanning (CSS), an intrusive technical measure that would require your phone or computer to scan every message, image, and file before encryption, searching for illegal content (primarily CSAM, but potentially much more).
CSS completely breaks End-to-end encryption (E2EE) — used by apps like Signal, WhatsApp, and ProtonMail — by turning your device into a surveillance agent, analyzing your communications before they are even encrypted.
Also, AI-driven scanning systems are not foolproof. Innocent users could face police investigations, account bans, or public shaming without any sort of justification. Take for example Apple that has abandoned its CSS plans after tests showed medical and artistic images were frequently misclassified.
A slippery slope toward mass surveillance
While Chat Control currently focuses on CSAM, nothing prevents its expansion once the infrastructure is in place. Internal EU documents already suggest extending scanning to:
- Counterterrorism ("radicalized" messages).
- Misinformation ("harmful" content).
- Copyright enforcement (detecting pirated links).
*Once surveillance tools exist, their use expands**. In the UK, the Online Safety Bill—which started with similar goals—now monitors legal but "harmful" speech. In China, laws initially framed as "child protection" now censor dissidents.
Moreover, If the EU adopts Chat Control, other countries may follow. In the U.S., the EARN IT Act (another anti-encryption bill) is waiting for EU approval to move forward. Similar laws are already under discussion in India, Australia, and the UK.
We risk global normalization of mass surveillance, all under the guise of "child protection".
The End of online anonymity
Chat Control also mandates identity verification for encrypted messaging. Meaning :
- No more anonymity for whistleblowers.
- No more protection for domestic abuse victims seeking help.
- No more safety for journalists communicating with sensitive sources.
In some countries, Encrypted messengers like Signal are often the last line of defense for activists.
Why it won’t work — Even for its stated goal
The EU’s own legal service has acknowledged that Chat Control breaches multiple articles of the Charter of Fundamental Rights, including:
- Article 7 (right to privacy).
- Article 8 (data protection).
- Article 11 (freedom of expression).
Worse, the proposal contradicts the GDPR, which requires minimal and secure data collection. Yet Chat Control mandates indiscriminate, mass surveillance.
Paradoxically, Chat Control may fail to stop CSAM while weakening everyone’s security.
CSAM offenders ain’t naive. They sure already use obscure unregulated messaging apps, private networks or else to hide their activity. As a Result, Chat Control will only catch ordinary users, while real criminals evade detection.
A Hacker’s Dream
Finally, and because I happen to know a bit about them, I'm sure blackhats will be thrilled to know that every fucking flagged content would be stored in a centralized EU database. Already in 2021, Interpol’s CSAM database was hacked, why won't they try this one ?
And who ensures this data won’t be misused? Authoritarian regimes could demand access under "judicial cooperation" pretexts.
What You can do
The good news? It isn’t over yet. Here’s how you can take action.
Pressure Your Political Representatives
If you’re in the EU:
- Contact your MEP
- Demand a vote against Chat Control or, at minimum, strong safeguards for encryption.
If you’re outside the EU:
- Monitor similar laws in your country (e.g., U.S. EARN IT Act).
Support Organizations Leading the Resistance
You can:
Sign the petition at Fight Chat Control.
Donate to:
- EDRi (European Digital Rights) – Defending digital rights in Europe.
- EFF (Electronic Frontier Foundation) – Global leader in digital freedoms.
- La Quadrature du Net – French digital rights advocacy.
Switch to Privacy-Focused Tools
Even if Chat Control passes, you can limit its impact by using secure alternatives:
- Messaging: Signal, SimpleX, or Matrix (with E2EE).
- Email: ProtonMail or Tutanota.
- VPN: Mullvad or IVPN (no-logs, based outside the EU).
Spread the Word
Many still don’t know about Chat Control. Share this article, discuss it with peers, and explain why this law affects everyone—not just savvys.