Against “Chat Control” – For a Free, Secure, and Private Internet

The European Union is currently working on a legislative proposal known as the Child Sexual Abuse Regulation (CSAR) – often referred to in public debate as Chat Control.
Officially, the proposal aims to combat the spread of child sexual abuse material online. However, the measures it introduces – particularly the use of Client-Side Scanning (CSS) – would, in effect, endanger the privacy of all citizens, the security of digital communication, and the confidentiality of encrypted services.
This article explains why the planned measures are disproportionate, what risks they entail, and why the protection of children must be achieved through targeted, lawful means rather than surveillance.

1. What Does “Chat Control” Mean?

At its core, “Chat Control” refers to a mechanism that scans digital communications – such as messages, photos, or videos – for potentially illegal content before they are sent or received.

Technically, this happens through Client-Side Scanning: software on a user’s device scans private messages, images, and files for patterns or hash values that may match known abuse material.

This means that every message, every photo, every voice note could be scanned for illegal content before encryption takes place – even in private chats that have so far been considered end-to-end encrypted.

What is presented as a measure against child abuse would, in reality, establish widespread, indiscriminate mass surveillance of private communications.

2. The Conflict: Protecting Children vs. Protecting Privacy

No one disputes that protecting children from sexual violence must be a top priority. However, any measure must be proportionate.

The proposed system interferes with several fundamental rights:

• The right to respect for private and family life (Article 7 of the EU Charter of Fundamental Rights)
• The right to protection of personal data (Article 8)
• Freedom of expression and freedom of the press (Article 11)

The indiscriminate scanning of private communications represents a serious intrusion into these rights.
The EU Court of Justice has already ruled that blanket data retention is unconstitutional. The proposed Chat Control would take this even further.

3. Why Client-Side Scanning Is Problematic

a) Technical Risks

Client-Side Scanning breaks a core principle of digital security:
Only the sender and the recipient should be able to read the plaintext of a message.

If messages are scanned on the device before encryption, that means software or services gain access to sensitive content. This creates:

• New attack vectors: Malware or state actors could exploit the scanning system.
• False positives: AI models and hash databases may wrongly flag harmless content as suspicious.
• Potential for abuse: Once a scanning infrastructure exists, it can easily be expanded – for example, to detect politically undesirable content.

In short: opening a backdoor “for a good cause” creates a permanent doorway for misuse.

b) Societal Risks

A system that treats all citizens as potential suspects undermines trust in digital communication.

Journalists, activists, lawyers, and doctors would be particularly at risk, as they depend on confidentiality.

Moreover, public confidence in encryption as a whole could erode – with long-term consequences for cybersecurity, innovation, and freedom of expression.

4. Consequences for the Economy and Digital Sovereignty

In recent years, Europe has positioned itself as a global leader in data protection – most notably through the GDPR.
A law that mandates surveillance would severely damage this reputation.

Small and medium-sized enterprises (SMEs) providing secure communication services would face a dilemma:
Either they implement costly and insecure scanning systems, or they risk being unable to legally operate within the EU.

The result would be a weakening of European privacy-focused providers and a strengthening of non-European platforms that often have lower data protection standards – thereby undermining the EU’s own digital sovereignty.

5. Legal Concerns and Fundamental Rights

Several independent legal analyses have pointed out that mandatory Client-Side Scanning raises serious constitutional concerns.

The EU Charter of Fundamental Rights and the Court of Justice of the European Union (CJEU) both emphasize that surveillance measures must be necessary, proportionate, and targeted.

An indiscriminate search of all communications meets none of these conditions.

Furthermore, from a data protection perspective, it is questionable how such measures could comply with the GDPR.
Processing private content without consent or specific suspicion contradicts the principles of data minimization and purpose limitation.

6. The Principle of Proportionality

The political goal – protecting children – is undisputed.
But a measure that increases the risk of abuse for everyone cannot be proportionate.

The European Convention on Human Rights (ECHR) permits interference with privacy only if it:

• serves a legitimate aim,
• is necessary in a democratic society, and
• does not exceed what is required to achieve that aim.

The proposed law would overstep these boundaries, as it applies universally – regardless of suspicion, context, or connection to a crime.

7. Technically Better Alternatives

Instead of monitoring private chats, the EU should focus on the following approaches:

1. Strengthening specialized investigative authorities to target existing child abuse networks.
2. Improving international cooperation and law enforcement against perpetrators and platforms hosting or distributing abuse material.
3. Promoting education and prevention through digital literacy and child protection initiatives.
4. Supporting secure technologies that combine privacy with child protection, such as controlled reporting mechanisms based on concrete suspicion rather than mass scanning.

These measures are effective, lawful, and strengthen trust in digital infrastructure.

8. The Danger of “Mission Creep”

Once introduced, surveillance technologies tend to expand their scope over time.
What begins as a tool against child abuse could later be used to detect copyright violations, “fake news,” or politically undesirable content.

This risk is real – and history shows it has happened repeatedly.
The introduction of Chat Control would set a dangerous precedent for future restrictions on digital freedoms.

9. The Role of Civil Society

Data protection organizations, lawyers, IT security researchers, and civil rights groups have already published numerous statements warning about the dangers of Chat Control.

Their core message is clear: Security and freedom are not opposites.
A safe society requires both – protection from crime and protection from surveillance.

It is now up to civil society to repeat this message loudly and clearly.
Only through public pressure can we prevent a well-intentioned initiative from becoming a dangerous surveillance instrument.

10. A Call to Action

The political debate is not yet over! Now is the time to act:

• Contact Members of the European Parliament and urge them to reject the current proposal.
• Support organizations defending digital rights – such as European Digital Rights (EDRi), Digitalcourage, or the Electronic Frontier Foundation (EFF).
• Raise awareness by sharing information, engaging in discussions, and participating in public campaigns.

Every voice counts – and every informed decision can make a difference.

The proposed Chat Control law represents a massive intrusion into fundamental rights and the technical integrity of the Internet.
It treats everyone as a suspect, weakens encryption, creates security vulnerabilities, and threatens to destroy Europe’s leadership in data protection.

Protecting children is a goal that deserves universal support – but not at the cost of everyone’s freedom and privacy.

A democratic Europe must find solutions that ensure both: security and privacy.

No law that legitimizes mass surveillance can guarantee freedom.
Those who sacrifice privacy will ultimately lose both – security and trust.

Where do EU countries stand on the proposed Chat Control law?
fightchatcontrol.eu