ChatControl: EU wants to scan all private messages, even in encrypted apps

Original Article ↗ Hacker News Discussion ↗

Recurring Push and Political Strategy

  • Many see ChatControl as the latest in a 10–15 year sequence of “try until it passes” surveillance proposals (often wrapped in “think of the children” rhetoric).
  • Concern that opponents must win every round, while proponents only need one success for an effectively irreversible change.
  • Some argue only a constitutional‑level “privacy bill of rights” or equivalent could stop this cycle, but others note constitutions are only as strong as courts and political will.

Legal and Constitutional Tension

  • Multiple comments say the proposal conflicts with EU’s Charter of Fundamental Rights (privacy, data protection) and national constitutions that protect secrecy of correspondence.
  • Others point out large carve‑outs in Articles 7/8 (crime prevention, national security), suggesting a narrowed or reworded version might be made to pass.
  • Even EU Council’s own legal service reportedly called the 2022 variant a “particularly serious limitation” on rights.
  • Example given: Denmark pushes ChatControl while its own constitution explicitly protects private communications.

Surveillance, Abuse, and Authoritarian Drift

  • Core worry: client‑side scanning plus OS‑level mandates, app notarization and hardware attestation turn general‑purpose devices into government sensors.
  • Exemptions for “national security / law and order / military” accounts are widely read as “privacy for the powerful, transparency for everyone else.”
  • Many fear future repurposing: from CSAM to copyright, “hate speech,” political dissent, anti‑war stances, or tax enforcement, enabled by secret hash lists and opaque ML models.
  • Several frame the proposal as structurally indistinguishable from terrorism or coercive control: using fear to intimidate a population into compliance.

Effectiveness Against CSAM and Crime

  • Strong skepticism that mass scanning addresses root causes of child abuse, which often occurs offline and within families.
  • Critics argue real predators will quickly migrate to PGP, steganography, self‑hosted tools or custom hardware; only naïve users get caught.
  • Supporters of scanning counter that most criminals have poor operational security, and catching “unsophisticated” offenders still saves children and generates deterrence.
  • Others warn that statistical false positives at scale will generate huge numbers of innocent flags, with serious collateral damage.

Technical Feasibility and Circumvention

  • Discussion of workarounds: self‑written crypto tools, PGP over email/IRC/Slack, layered encodings, steganography in images or media, p2p systems, alternative OSes (GrapheneOS, SailfishOS).
  • Many expect next steps to be OS‑level scanners, trusted boot, restrictions on sideloading, and EU Cyber Resilience Act–style controls on unsigned or “non‑accredited” binaries, making circumvention harder and more legally risky.
  • Some note that enforcement will hit mainstream platforms and ordinary users first; sophisticated actors will remain hard to monitor.

Corporate and Institutional Interests

  • Several comments link the push to vendors like Palantir and Thorn, citing reports of opaque lobbying, “revolving door” hires from Europol, and Ombudsman findings of maladministration in the CSAM legislative process.
  • View that this is not “Stasi 2.0” alone, but a convergence of state security agencies and surveillance/scan‑software vendors seeking regulation that guarantees them markets.

Broader Democratic Concerns

  • Many see this as part of a longer erosion of civil liberties post‑9/11 and post‑COVID, aided by short public attention spans and fear‑based politics.
  • Some argue citizens are already behaving like those under authoritarian regimes: self‑censoring online, normalizing ID checks and speech restrictions, and tolerating mass data collection.
  • A minority argue that in an era of terrorism and future high‑impact weapons, societies may rationally trade privacy for perceived safety, pointing to China’s feeling of physical security—but others respond that total surveillance never delivers “absolute safety” and always creates a severe power imbalance.