The EU’s Chat Control law would scan private messages and weaken encryption. Sign Mozilla Foundation’s petition to defend privacy and protect our digital future.
Check this map to see where your country stands: fightchatcontrol.eu
Each EU country has taken a different stance — and the debate is shifting fast. Some governments oppose it, some are undecided, and others are pushing hard to pass it.
No matter your government’s position right now, adding your voice will help protect our right to private communications. Members of the European Parliament (MEPs) and national ministers will decide this law. Contact your representatives today and tell them: protect encryption, reject client-side scanning, and defend our rights online.
Client-side scanning means your messages, photos, or files are scanned on your device before they’re encrypted.
Client-side scanning (CSS) is often promoted as a child safety measure — but in reality, it undermines the very promise of encryption. Detection tools, especially those meant to identify “unknown” content, are error-prone and create new security vulnerabilities.
Even if scanning starts with one type of content (like CSAM), it sets a dangerous precedent: the scope can easily be expanded to monitor other kinds of conversations. And once encryption is weakened, the risks multiply — hackers can steal sensitive data, abusers can track vulnerable people, and authoritarian regimes can spy on journalists, activists, and citizens.
CSS doesn’t make people safer. It makes everyone less secure.
If passed, Chat Control would apply to messaging and storage services operating in the EU — even those using end-to-end encryption.
Apps like WhatsApp, Signal, Telegram, iMessage, and Messenger, plus cloud services like iCloud, Google Drive, and Microsoft OneDrive, could all be forced to scan your private messages, photos, and files before they’re sent or stored.
That means no matter which service you use, your conversations and data could be opened up to surveillance.
Read the original article
Comments
I like to compare this to mandating surveillance cameras in every home. It would certainly make detecting and investigating many crimes easier. And the government might pinky swear to never watch without a warrant. They may even keep that promise. But that slippery slope is far from the only issue. Even more damning is that as long as this exists, whether used in official capacity or not, it will be the most sought after thing by hackers from crime organizations and hostile nations. Espionage, blackmail, you name - no person or organization would ever be safe, everybody's privacy and security is undermined.
By raxxorraxor 2025-09-2212:291 reply There is a reason why they added exemptions for themselves. Either they believe it is unsafe or perhaps there is a problem with child abuse on the EU legislator level which they want to cover up.
We are at a point where we shouldn't have to justify opposition to it. Just hold legislators of the EU accountable. If that isn't possible, hold the whole EU accountable and if that isn't possible, the EU has no legitimacy for such laws in the first place. Back to those responsible on a national level and repeat.
By fauigerzigerk 2025-09-2213:22 >We are at a point where we shouldn't have to justify opposition to it. Just hold legislators of the EU accountable.
I have no idea what this means.
I don't think comparing it to something like camera surveillance inside your home is a good idea.
You kind of own your home – if someone places camera in your property, you can just remove it / obstruct vision / sound etc. If doing that will send you to jail then the level of dystopia around is so big it's irrelevant anyway – you're a slave with no rights and you will do that the shocking stick tells you to do.
Phones are different - you kind of don't own them by default because bootloader is locked so you are not free to execute the code you want on the device, as well as app store exists which it tells you what you can install and what you cannot install. The only leverage they have is to make Apple/Google remove certain apps from the EU stores.
By 1718627440 2025-09-2214:19 That's exactly the thing. Legally you own your phones. You are responsible for what they do.
We are now kind of a the crossroad. Either we expand the SaaS model to everything, or we enforce the until-now rules of ownership of the law.
By Thorrez 2025-09-2213:15 You own your home, but there are still laws regulating what you're allowed to do in your home.
By rnhmjoj 2025-09-2221:48 Yes, exactly. This proposal is just free riding on the sadly enstablished conception that you don't really own your device: it doesn't work in your interest but in those of the manufacturer, the developer of the programs you use and, if this becomes law, your government.
If we really want to stop chat control and all the other proposals that will inevitably come after, we should really work hard to try to reverse this. I think asking "don't break encryption, please" is really the wrong way to go about it.
By Kim_Bruning 2025-09-2216:19 That really depends on the phone. There's definitely phones where you can unlock the bootloader. It's not as common as it should be though, for sure.
By that_guy_iain 2025-09-2212:391 reply How about we compare it with something more realistic? Like https://en.wikipedia.org/wiki/ECHELON. Since 1971, the 5 eyes countries have been spying on people en masse and scanning communications.
You probably don't like the comparission because you want to be an alarmist who is acting like this is new. All the fears you have, have literally been proven to be...
By collinmcnulty 2025-09-2212:461 reply ... well founded and spurred the widespread adoption of end to end encryption?
By that_guy_iain 2025-09-2212:501 reply No, it didn't. It took decades for that to happen.
By collinmcnulty 2025-09-2212:542 reply These programs really entered the public consciousness with the Snowden leaks in 2013. Signal was released in 2014.
By ysnp 2025-09-2219:51 TextSecure (which later merged with RedPhone to become Signal) had existed since 2010. So it would be interesting to know if there were many other end-to-end encrypted services and products at the time since this was pre-leaks.
By that_guy_iain 2025-09-2213:012 reply I only mentioned one program. A program that is literally comparable because it's literally what is being replaced. That program has been public knowledge in media such as TV shows and movies for decades. So when we're fear-mongering, we should only compare with that, and we should see what effects it had and the nonsense being used for fear-mongering.
Also, Signal was released not because of end-to-end encryption but because the founder sold WhatsApp and wasn't happy with the direction.
By ysnp 2025-09-2219:48 You're confusing the founding of the Signal Foundation with the release of Signal. Textsecure/Redphone which Signal came from existed in some part around 2010 or thereafter. Their merging and re-release as an all-in-one IP-based encryption app also came before WhatsApp was sold to Facebook.
> That program has been public knowledge in media such as TV shows and movies for decades.
Nobody I know heard about it before Snowden. You need to provide some statistics to demonstrate it was a common knowledge.
By that_guy_iain 2025-09-238:531 reply > You need to provide some statistics to demonstrate it was a common knowledge.
It was referenced in popular media for decades... So people knew about it and it was public knowledge. The reason no one cared is that the outcome of it wasn't the horror story being repeated constantly.
The funny thing is, if you think this law would affect you, it will probably reduce the amount of data they get. Why? Because they still spy on you with end-to-end encryption, it's just more work and they hack the shit out of you.
By fsflover 2025-09-2319:29 > Because they still spy on you with end-to-end encryption
What are you talking about?
> and they hack the shit out of you
Good luck. I'm using Qubes OS btw.
By sschueller 2025-09-2210:361 reply Why don't we do a trial run first? How about all communication from EU lawmakers is made public. Let's break that encryption.
By nickslaughter02 2025-09-2210:495 reply > “The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” commented Pirate Party MEP Patrick Breyer. “They seem to fear that even military secrets without any link to child sexual abuse could end up in the US at any time. The confidentiality of government communications is certainly important, but the same must apply to the protection of business and of course citizens communications, including the spaces that victims of abuse themselves need for secure exchanges and therapy. We know that most of the chats leaked by today’s voluntary snooping algorithms are of no relevance to the police, for example family photos or consensual sexting. It is outrageous that the EU interior ministers themselves do not want to suffer the consequences of the destruction of digital privacy of correspondence and secure encryption that they are imposing on us.”
EU ministers want to exempt themselves (https://european-pirateparty.eu/chatcontrol-eu-ministers-wan...)
By kevincox 2025-09-2212:16 The fact that they will only pass this law if they exclude themselves from it should be enough to reject the idea without any further consideration.
And of course if you do still consider further it only gets worse.
What about industrial espionage? Is a technician of Rheinmetal/Dassault/Thales also exempt?
By numpad0 2025-09-2211:38 Well, the list of exempts is the list of defense contractor employees, and the negative list of non-exempts subtracted from the list of everyone is list of high-value targets.
The locations where exempts are gathered, locations where there are high commerce traffic and/or verified sent-in data, but no sent-out data, or abnormally low traffic altogether, those are all high-value targets as well.
No matter how you slice it, they're creating a list of airstrike targets and means to aid literal foreign spies. If the affected locations and people are as obvious and well guarded as the US DoD headquarters and uniformed guys there, fine, otherwise, they're just creating doors in the wall exclusively open for "enemy" uses.
By throw_a_grenade 2025-09-2211:411 reply They probably have internal chat systems (cough matrix cough) that don't go above 50 M MAU which afaik is the threshold of applicability of this law. So this particular is a non-issue, unfortunately.
But then it begs the question, why politicians feel the need to use public (>50MMAU) chat systems to conduct the protected (official) business?
>But then it begs the question, why politicians feel the need to use public (>50MMAU) chat systems to conduct the protected (official) business?
It also begs the question why CSAM "distributors" would use those ;)
By throw_a_grenade 2025-09-2212:301 reply Because they don't know better (see also: criminals are stupid).
I think politicians should not be stupid and isolate their official business from the private one. (That would be ideal, anyway).
By Phemist 2025-09-2214:20 Stupid criminals disproportionally get caught.
Selective pressure on the intelligence of criminals will cause them to become more intelligent.
You now need even more draconian legislation to disproportionally keep catching the intelligence-wise lowest quantile of criminals.
It's not about people's safety, it's about politicians' safety. See my comment https://news.ycombinator.com/item?id=45331829
Of course they don't need to spy on themselves. The goal is to stop targeted attacks against politicians and any attempts to overthrow the government. The government is uniquely unlikely to overthrow itself.
Empirically that’s absurd. The US is currently undergoing an internal struggle that’s exemplified by the agents of change being part of the government AND dangerously hostile to opposition.
By akimbostrawman 2025-09-2312:581 reply the theater that is US Dem-Rep politics would never threaten its own existence regardless how much one side screams the other will be the end of democracy when the stage changes. Maybe bookmark this thread and come back next term when the next play hast started.
By TehCorwiz 2025-09-2418:24 If you had said that 30 years ago I might have agreed with you. But I don't because in the last 30 years I've watched both parties drift farther right until one decided to team up with actual nationalists (project 2025, they wrote a book about it and several of the authors work for this administration https://en.wikipedia.org/wiki/Project_2025 ) that intend to undermine the foundation of the government in order to enforce a white christian nationalist order.
I don't remember Democrats ever conducting a legal (fake elector scheme) or extralegal attempt (insurrection) to overthrow an election. I don't remember any leader ever saying the kinds of hateful things Trump does. Even Reagan and Bush 1 who peddled the whole "welfare queen" bullshit. I don't remember any admin prior to this one that removed research and published number wholesale from government website.
This is not normal and hasn't been for some time. I don't have a comprehensive list right now of all the ways this is batshit crazy because keeping track would be a full time job.
But sure, let's bookmark this thread and come back to it.
By rgblambda 2025-09-2212:29 I'd like to know how that exemption would even work in practice. Many politicians happily use WhatsApp etc. on their personal devices with no VPN for official business.
Maybe when they see private conversations with their colleagues being leaked because someone stupidly used their personal account, they'll see the light.
By thw_9a83c 2025-09-2211:48 > EU ministers want to exempt themselves
"All animals are equal, but some are more equal than others."
..and this was allegedly Orwell's allegory for the Soviet Union. Are we there yet?
If the EU, a supposed bastion of human rights, forces this through, what argument do we have when more authoritarian countries demand the same thing from Apple, Google, or Meta?
By Balinares 2025-09-2211:48 Just because the EU is not as egregiously awful as some other places does unfortunately not make it a bastion of human rights. The same forces are at play there as everywhere else in the West.
By sunaookami 2025-09-2215:15 >supposed bastion of human rights
Ever wondered why they position themselves like that? Because they repeated it so often that everyone believes it now.
