- Over 500 cryptographic researchers and researchers have signed a common letter against EU’s controversial sexual abuse of children (CSAM)
- Experts warn that the Danish version of the text is still failing to tackle concerns about encryption, arbitrary monitoring and accuracy
- EU council members must share their final positions on the so-called chat control bill on September 12
Over 500 cryptographic researchers and researchers have signed a joint open letter to share their concerns about the EU’s controversial sexual abuse (CSAM) scan proposals. For the third time since 2022.
Wested is considered by its critics as chat control and seek to introduce new obligations to all messaging services operating in Europe to scan users’ chats, even when encrypted, looking for CSAM material.
The EU council members are ready to share their final positions on the Danish version of the proposal on Friday, September 12, with adoption expected as early as October 2025, if an agreement exists.
While they include some improvements from previous versions, experts believe that the latest iteration of the text still fails to tackle concerns about encryption, arbitrary monitoring and the accuracy of the detection.
“I think many of the changes that happened are just smoke and mirrors,” Bart Preenel, Belgian cryptographer and professor at Leuven University behind the open letter, told Techradar.
Below are the most important disputed points highlighted by the experts in the open letter.
The Danish Chat Control Version is still breaking encryption
The risk of breaking encryption has been the greatest objection to the proposal since the beginning.
Encryption is responsible for keeping our communication privately and secure. Such as WhatsApp, Signal, ProtonMail and the best VPN apps use end-to-end encryption (E2E) to crawl the contents of users’ messages in an ulcerous form and prevent unauthorized access.
If the Danish chat control text passes, all multimedia files and URLs you sent via WhatsApp, and similar services to be scanned for CSAM materials.
Of crucial importance, the proposal requires that the CSAM detection technology must not lead to a weakening of the protection provided by encryption. According to experts, this cannot happen without undermining E2E protection, as any detection technology inevitably “introduces a single error” in encrypted communication.
Furthermore, “the new proposal does not relate to our concerns about the potential of functioning of detection on units,” experts wrote.
Accuracy remains a problem – and AI cannot help
Another major concern for experts surrounds the lack of accuracy of detection technology – something that can de facto fail the goal of increasing the effectiveness of law enforcement surveys.
“Existing research confirms that advanced detectors would provide unacceptably high false positive and false negative prices, making them unsuitable for large detection campaigns in the scope of hundreds of millions of users required in the proposed regulation,” the open letter reads.
Experts also suggest that AI-based technologies cannot be the solution, nor considering the “huge attacking surface” they have. “We expect these technologies to be very ineffective in the case of CSAM detection,” they conclude.
What is the next?
On Friday, September 12, EU members are expected to share their positions in the Council.
Did you know?
A source of knowledge about the case told Techradar that Germany, a crucial country to either block or support the bill, may consider failing to take a position. Germany is among the members still indefinite at the time of writing, along with Estonia, Greece, Luxembourg, Romania and Slovenia.
Despite the list of countries that oppose the law that is growing, support for chat controls is strong, with 15 countries supporting the proposal against six opposite and six still indecisive, according to the latest data.
Whether 500 signatories are enough to turn the indecisive members in the opposition ranks are too early to know. What is certain, however, is that chat control is far from the only proposed regulation that can jeopardize encrypted communication as we know them.
By commenting on this point, Preenel said to Techradar: “There is tremendous pressure to gain access to encrypted data: It is not only the CSAM case that is also the Proteceu document. That’s the real debate and I think CSAM is used as an excuse to open the door.
“I believe, however, that law enforcement should have more power to investigate if providers do not take the right measures. In my opinion, they could be allowed to do infiltrations and fight these groups with targeted studies if there is real suspicion. What I think is not acceptable, breaking encryption for everyone.”
