Tell the EU: Don't Break Encryption with "Chat Control"
91 comments
·September 22, 2025m12k
raxxorraxor
There is a reason why they added exemptions for themselves. Either they believe it is unsafe or perhaps there is a problem with child abuse on the EU legislator level which they want to cover up.
We are at a point where we shouldn't have to justify opposition to it. Just hold legislators of the EU accountable. If that isn't possible, hold the whole EU accountable and if that isn't possible, the EU has no legitimacy for such laws in the first place. Back to those responsible on a national level and repeat.
gloosx
I don't think comparing it to something like camera surveillance inside your home is a good idea.
You kind of own your home – if someone places camera in your property, you can just remove it / obstruct vision / sound etc. If doing that will send you to jail then the level of dystopia around is so big it's irrelevant anyway – you're a slave with no rights and you will do that the shocking stick tells you to do.
Phones are different - you kind of don't own them by default because bootloader is locked so you are not free to execute the code you want on the device, as well as app store exists which it tells you what you can install and what you cannot install. The only leverage they have is to make Apple/Google remove certain apps from the EU stores.
Thorrez
You own your home, but there are still laws regulating what you're allowed to do in your home.
kylecazar
We may be headed that way willingly. It didn't happen overnight but it seems like everyone I know now has Nest and Ring cams at home and dash cams in their car.
Frankly, I can see the value for the individual and am probably going to go the same route. But yes, it makes a Dark Knight style citywide surveillance system a little more practical.
that_guy_iain
How about we compare it with something more realistic? Like https://en.wikipedia.org/wiki/ECHELON. Since 1971, the 5 eyes countries have been spying on people en masse and scanning communications.
You probably don't like the comparission because you want to be an alarmist who is acting like this is new. All the fears you have, have literally been proven to be...
collinmcnulty
... well founded and spurred the widespread adoption of end to end encryption?
that_guy_iain
No, it didn't. It took decades for that to happen.
that_guy_iain
How about we compare it with something more realistic? Like https://en.wikipedia.org/wiki/ECHELON. Since 1971, the 5 eyes countries have been spying on people en masse and scanning communications.
nickslaughter02
I think many outside of EU dismiss this as an EU only thing and don't think much about it.
1. Have you ever texted someone from EU? You are now chat controlled too.
2. EU is pumping billions to foreign countries to promote EU values. How long until they condition this "help" with chat control?
rkomorn
And if other governments see the EU get away with this, they'll also have a blueprint for success.
untrimmed
If the EU, a supposed bastion of human rights, forces this through, what argument do we have when more authoritarian countries demand the same thing from Apple, Google, or Meta?
Balinares
Just because the EU is not as egregiously awful as some other places does unfortunately not make it a bastion of human rights. The same forces are at play there as everywhere else in the West.
sschueller
Why don't we do a trial run first? How about all communication from EU lawmakers is made public. Let's break that encryption.
nickslaughter02
> “The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” commented Pirate Party MEP Patrick Breyer. “They seem to fear that even military secrets without any link to child sexual abuse could end up in the US at any time. The confidentiality of government communications is certainly important, but the same must apply to the protection of business and of course citizens communications, including the spaces that victims of abuse themselves need for secure exchanges and therapy. We know that most of the chats leaked by today’s voluntary snooping algorithms are of no relevance to the police, for example family photos or consensual sexting. It is outrageous that the EU interior ministers themselves do not want to suffer the consequences of the destruction of digital privacy of correspondence and secure encryption that they are imposing on us.”
EU ministers want to exempt themselves (https://european-pirateparty.eu/chatcontrol-eu-ministers-wan...)
kevincox
The fact that they will only pass this law if they exclude themselves from it should be enough to reject the idea without any further consideration.
And of course if you do still consider further it only gets worse.
BSDobelix
What about industrial espionage? Is a technician of Rheinmetal/Dassault/Thales also exempt?
numpad0
Well, the list of exempts is the list of defense contractor employees, and the negative list of non-exempts subtracted from the list of everyone is list of high-value targets.
The locations where exempts are gathered, locations where there are high commerce traffic and/or verified sent-in data, but no sent-out data, or abnormally low traffic altogether, those are all high-value targets as well.
No matter how you slice it, they're creating a list of airstrike targets and means to aid literal foreign spies. If the affected locations and people are as obvious and well guarded as the US DoD headquarters and uniformed guys there, fine, otherwise, they're just creating doors in the wall exclusively open for "enemy" uses.
throw_a_grenade
They probably have internal chat systems (cough matrix cough) that don't go above 50 M MAU which afaik is the threshold of applicability of this law. So this particular is a non-issue, unfortunately.
But then it begs the question, why politicians feel the need to use public (>50MMAU) chat systems to conduct the protected (official) business?
rgblambda
I'd like to know how that exemption would even work in practice. Many politicians happily use WhatsApp etc. on their personal devices with no VPN for official business.
Maybe when they see private conversations with their colleagues being leaked because someone stupidly used their personal account, they'll see the light.
thw_9a83c
> EU ministers want to exempt themselves
"All animals are equal, but some are more equal than others."
..and this was allegedly Orwell's allegory for the Soviet Union. Are we there yet?
martin-t
It's not about people's safety, it's about politicians' safety. See my comment https://news.ycombinator.com/item?id=45331829
Of course they don't need to spy on themselves. The goal is to stop targeted attacks against politicians and any attempts to overthrow the government. The government is uniquely unlikely to overthrow itself.
TehCorwiz
Empirically that’s absurd. The US is currently undergoing an internal struggle that’s exemplified by the agents of change being part of the government AND dangerously hostile to opposition.
hannesfur
Whenever I look at these proposals I am never sure if the people that wrote that law are not aware that you can’t tap one person without making spying on everyone really easy very quickly, they don’t care or they actually want it. Although this seems like a slightly more sensible version of what they proposed years ago (which was essentially adding the government to every chat).
DeepSeaTortoise
I always find it very ironic people apply the "don't attribute to malice what can be explained by incompetence" principle to politicians, who are part of the government.
Have you ever had a really great mentor or teacher who was excellent at explaining things to you? Good news, you've now got a budget to hire several of them in full-time exclusively for yourself.
Unsure about something? Just ask and a huge apparatus of several departments, featuring dozens of expert panels with hundreds of domain specific experts each will sift through huge databases, many of them not available to anyone else but the government, of state-of-the-art research, current events, historic events, standards, whatever ..., they will analyze your problem from every possible perspective and make the result of these efforts available to you, together with several recommendations of actions according to the guidelines you provided.
I highly doubt that there are more than a hundred people on this planet who could be incompetent under these conditions. What we're observing is not incompetence, but a conflict of interests, between what they want and how often they need to throw you a little bone to keep you obedient.
palata
I think they are not in a position where they have to actually solve the technical problem, but rather in a position where they decide what they believe is best for the society.
"If you were able to break encryption only for criminals, it would increase the security of the people. Please try to break encryption only for criminals" is not completely unreasonable.
The problem, of course, is that it's not possible. But for those politicians, cryptography is pretty much magic. Why wouldn't it be possible?
Same thing happens for climate change: instead of understanding the problem and facing reality, politicians (and honestly most people) stop at "scientists just need to find a way to remove CO2 from the atmosphere efficiently". That's not how it works, but it doesn't prevent them from behaving as if it was possible. "It's magic, just do this one more spell".
numpad0
> "... Please try to break encryption only for criminals" is not completely unreasonable.
And the engineers' response is "not our job, it's yours. Please invent and patent such thing yourself, then we MAY execute". As it stands, it is in fact completely unreasonable.
palata
You can't remove 2/3 of my sentence and then say it is completely wrong.
pfortuny
Unfortunately, it is not the point of government to do what is best for society. It is to organize what individuals want but cannot by themselves (emphasis on want). They are not there to “give us the best” but to give us the “minimum”.
palata
I don't understand what you are trying to say.
martin-t
The government is emergent behavior of evolutionary pressures.
For most of human history, war of aggression was a matter of a cost-benefit analysis which often have more benefit than cost. That has changed (relatively) recently because of how destructive it is that even the winner does not gain from it.
Point being, hierarchical authoritarian structures are very good at war (and other kinds of competition). That's why they exist. But they should no longer be needed.
They are entrenched and we need to evolve away from them.
HighGoldstein
> The problem, of course, is that it's not possible. But for those politicians, cryptography is pretty much magic. Why wouldn't it be possible?
Few, if any, politicians are nuclear physicists, and I'd argue nuclear physics is far more complex than cryptography, yet I haven't seen any of them ask the weapons industry to manufacture a nuke for just the bad guys.
Let's not attribute blatant malice to stupidity. People in these positions have the resources and advisors to know exactly what the consequences will be.
martin-t
I say stupidity should be punished the same way as incompetence. Exactly to stop malicious people from faking incompetence to avoid punishment.
And yes, this is an attack on basic human freedoms and should be punished, not just prevented.
palata
> I'd argue nuclear physics is far more complex than cryptography
We're not talking about "being able to do it" but "being able to understand what it can do". Nuclear weapons are a lot easier to grasp than cryptography in that sense: it is a thing that explodes. It is absolutely obvious to everybody that a bomb destroys whatever is in the vicinity.
> Let's not attribute blatant malice to stupidity. People in these positions [...]
It's not people in these positions: the vast majority of the population doesn't understand the limits of cryptography.
> have the resources and advisors to know exactly what the consequences will be.
Seems to me like you haven't been in contact with lobbies and expert advisors. Many times, politicians will have to ask experts from the industry. They would not contact an average engineer for advice, but rather the company itself. If there is money to be made, the CEO or some executive will give their advice. This advice is systematically beneficial for the company. It's not necessarily malice: a CEO has to believe in what they are doing, even if it is objectively bad for society.
It is very hard to find unbiased experts to help you forge policies.
nickslaughter02
Analyzing text is still debated and not ruled out completely.
gloosx
It’s funny — Chat Control is not aimed at people who actually care about privacy. Those will always find a way to keep using encryption. The math doesn’t vanish because a law says so, and the open-source projects aren’t going away.
What it really does is push "regular" people back into surveillance by default. Most already assume their chats might be scanned or their phone might be listening, so they self-censor anyway. The law just bakes that into the mainstream tools, while the rest of us will keep using the same workarounds we always have.
palata
One problem, if I'm being honest, is that whatever you try to do, you will have a vocal group of people who will explain why it will destroy life as we know it. And everybody in that group of people will genuinely believe that it is absolutely insane to not share their beliefs.
Obviously, some groups are more right than others. If you are into cryptography, you know about the risks coming from Chat Control. But politicians are not part of your group. And what they see, from their point of view, is what I said above: whatever they try to do, there will be a vocal group of people who will genuinely believe that it is completely unreasonable.
That, to me, explains why it keeps coming back: because really, if we could break cryptography only for the bad guys, it would help a lot. "Okay, those people say that it is stupid, just like for everything else we try to do. What makes this group of people more right than the others?"
johnisgood
Funny thing is, my private conversations of sexual nature with my 28 years old girlfriend could probably flag "their" system as CSAM. It has happened to a couple of people before from what I recall.
If this passes, just stop using anything inherently insecure. You may want to stop using WhatsApp, Instagram, Facebook, etc. for private conversations. I already do this.
There are alternatives that will not be affected by this, stick to these. I would give you a list, but I should better be quiet about it.
HelloUsername
> There are alternatives that will not be affected by this
An app, in an official app store no less, is not going to be a solution for long. If you want an actual technical attempt at a solution you first need to regain ownership over your computing devices.
johnisgood
It is on F-Droid, not on Play Store. Does that make a difference?
nickslaughter02
> There are alternatives that will not be affected by this
For how long?
Xelbair
i know this is amazing concept but you can just.. not follow the law, and use 'illegal' encrypted communication.
Steganography to do key exchange on any compromised channel using DH, and then you just send normal encrypted messages - their magical idea is to do client side scanning.
this does require control over your device, but such regulations would just spring up black market for such devices.
johnisgood
The alternatives I have in mind, indefinitely (ideally forever the way they work). You could also just continue using older versions, whereas you need to update WhatsApp to continue using it, for example.
sneak
Signal, foolishly, is also time-bombed.
martin-t
If they can be private indefinitely, then you wouldn't need to keep them secret.
These attacks on freedom will continue until every computing device is mandated to have an ML system tracking your every input. And no communication method is safe from that.
Not even steganography would save you because more and more people would do it and they'd make it illegal too.
---
EDIT: Technology can give us tools to fight it but this has to be defeated at the political level, likely by enshrining privacy is a core human right.
deepriverfish
I wonder if they'll insist politicians have backdoors in their chat apps too.
ptman
“The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” commented Pirate Party MEP Patrick Breyer.
deepriverfish
ahh as I expected.
seydor
They aren't really breaking encryption, more like banning it, right?
nickslaughter02
They are breaking the idea that you can have a private conversation without the government spying on you. The how doesn't matter.
permo-w
obviously in a couple of years they'll try again, but it was blocked aready, right?
nickslaughter02
They haven't stopped trying continuously since late 2021. You don't hear about it for a few months only because some countries are more aggressive about it than others.
permo-w
it's not that I didn't hear about it, it's that I did hear about Germany and other countries standing in opposition to it, and the EU requires unanimity
nickslaughter02
- Going one after another for EU presidency since 2022 these countries were in favor: Sweden, Spain, Belgium, Hungary. Poland didn't want to include encrypted communication. Denmark wanted to include everything (text, links, videos, images, calls) but dropped text and calls after criticism (for now).
- Germany is currently not opposed to it (https://news.ycombinator.com/item?id=45273854).
- EU doesn't require all countries to support it on the council level (or parliament level). You just need at least 55% countries (at least 15) that represent at least 65% of citizens. To block it you need at least 4 countries that represent at least 35% of citizens, we are at ≈22%.
amelius
In a couple of years they have backdoors installed in the silicon directly.
bradley13
This is everywhere, in every Western country, somehow all at the same time. Real identities for social media, electronic IDs, electronic currencies run by the government, backdoors in encryption
This is dystopian. Who is behind this coordinated attack?
johnisgood
Not just Western, Chat Control affects whole EU, including Central / Eastern European countries. Fucking Hungary (i.e. Orbán) agreed to it, for one.
nickslaughter02
> Chat Control affects whole EU
It affects everybody in the world messaging a person in EU.
johnisgood
I agree.
fusionadvocate
We enjoyed a peaceful 'air pocket' in tech, but this is over. And it makes sense. Technology is rendering regular people useless. And when they eventually get destitute they will rebel. If I were the ruling elite I too would move fast to increase my control over the masses.
pndy
The politicians from all sides. It appears they want to solidify their power for years, and no matter how ridiculously this may sound like - also introduce some caste system where they're above law and we won't do anything but spend money and consume certified media because anything else is against the law.
I like to compare this to mandating surveillance cameras in every home. It would certainly make detecting and investigating many crimes easier. And the government might pinky swear to never watch without a warrant. They may even keep that promise. But that slippery slope is far from the only issue. Even more damning is that as long as this exists, whether used in official capacity or not, it will be the most sought after thing by hackers from crime organizations and hostile nations. Espionage, blackmail, you name - no person or organization would ever be safe, everybody's privacy and security is undermined.