The disguised return of EU Chat Control
235 comments
·November 14, 2025tomsmeding
> According to Breyer, the existing voluntary system has already proven flawed, with German police reporting that roughly half of all flagged cases turn out to be irrelevant.
A failure rate of only 50% is absurdly good for a system like this. If we have to:
> Imagine your phone scanning every conversation with your partner, your daughter, your therapist, and leaking it just because the word ‘love’ or ‘meet’ appears somewhere.
then apparently either there are so many perpetrators that regular conversations with partners etc. are about as common as crime, or such regular conversations don't have such a high risk of being reported after all.
I don't think chat surveillance is a good idea. But please use transparent and open communication. Don't manipulate us just like the enemy does.
Humorist2290
It is probably a reference to the report mentioned in this article from September https://reclaimthenet.org/germany-chat-control-false-reports...
According to the Federal Criminal Police Office (BKA), 99,375 of the 205,728 reports forwarded by the US-based National Center for Missing and Exploited Children (NCMEC) were not criminally relevant, an error rate of 48.3%. This is a rise from 2023, when the number of false positives already stood at 90,950.
Presumably the actual number of criminals caught by this would remain constant, so the FP rate would increase. Unless of course, the definition of criminal expands to keep the FP rate low...
anonym29
A false positive rate of 50% is absurdly good?
I've got an offer for you: Let's toss a coin.
Heads, we give your name and address to your federal law enforcement authorities and tell them you MIGHT be a violent, dangerous pedophile. Tails, your privacy has been violated, but you're not put on a secret child sex offender watchlist, so you have nothing to worry about!
How soon are you ready to take up this bet? It's an absurdly good bet for you, after all, isn't it?
This isn't a caching system for a CDN, this is for a system that's going to be telling glorified police officers that innocent people MIGHT be guilty of some of the most reprehensible crimes on the planet.
50% false positive rate is literally orders of magnitude higher than any sane person should be comfortable with. Anyone who disagrees with that should take me up on that coin flip offer.
null
pcrh
The right to privacy is enshrined in the European Convention on Human Rights, article 8 [0].
It escapes me how politicians can repeatedly attempt to violate this.
[0] https://fra.europa.eu/en/law-reference/european-convention-h...
karhuton
”2 There shall be no interference by a public authority with the exercise of this right EXCEPT such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
Are we reading the same thing?
This linked statement clearly authorizes invasion of privacy by public authorities, in the name of any of the very vaguely listed reasons – as long as there’s some law to allow it.
pcrh
Mass surveillance has already been ruled to be in contravention of the Human Rights act:
https://en.wikipedia.org/wiki/Article_8_of_the_European_Conv...
>A 2014 report to the UN General Assembly by the United Nations' top official for counter-terrorism and human rights condemned mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions and makes a distinction between "targeted surveillance" – which "depend[s] upon the existence of prior suspicion of the targeted individual or organization" – and "mass surveillance", by which "states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites". *Only targeted interception* of traffic and location data in order to combat serious crime, including terrorism, is justified, according to a decision by the European Court of Justice.[23]
spwa4
A decision by the European Court of Justice or any other court does not apply to any legislative branch like the EU commission (not parliament), when making new laws. New laws simply override old laws (to be interpreted as specializations, more or less exceptions, to the old laws)
wmf
The loophole there is "targeted" so they'll declare that Son of Chat Control is to be targeted.
marginalia_nu
Yeah the whole thing is full with these loopholes. Your rights are rights only as long as we wish at some point to add laws that inhibit them.
yesco
It's weird how "rights" went from "the government can't do X to you" to "the government can force private actors to do Y (but these rules don't apply to us)."
ekianjo
Basically a useless document.
Muromec
The way it's written and the way ECHR court works, the government has to actually argue it's way, not just say "national secirity".
ECHR court however can't repeal the law, only fine the governmemt for actual violation of convention rights.
pcrh
Is there any mechanism for preventing the introduction of a law that violates the ECHR? It would seem obvious that that should be the case, no?
null
jayess
Good god what a meaningless "right" where all of the exceptions eat the rule.
realusername
It depends the version of the declaration, the french one has zero exception listed.
pcrh
It's the same in French (obviously), though equally this does not permit mass surveillance:
>Article 8 de la Convention européenne de sauvegarde des droits de l'homme et des libertés fondamentales:
>Droit au respect de la vie privée et familiale
>1. Toute personne a droit au respect de sa vie privée et familiale, de son domicile et de sa correspondance.
>2. Il ne peut y avoir ingérence d'une autorité publique dans l'exercice de ce droit que pour autant que cette ingérence est prévue par la loi et qu'elle constitue une mesure qui, dans une société démocratique, est nécessaire à la sécurité nationale, à la sûreté publique, au bien-être économique du pays, à la défense de l'ordre et à la prévention des infractions pénales, à la protection de la santé ou de la morale, ou à la protection des droits et libertés d'autrui.
—
hunterpayne
Is that the same France which arrested the CEO of a E2E chat provider (without even trumped up charges) and forced them to make backdoors for them?
Muromec
ECHR is a convention with a court hearing the cases, as opposed to declarations which is just good vibes PR. Of course the actual working instrument has loopholes.
WhyNotHugo
> It escapes me how politicians can repeatedly attempt to violate this.
There is no penalty for doing so.
If something is outlawed but there is no negative consequence for doing it, then it’s not really outlawed in practical terms.
rambojohnson
it escapes you because all these treaty clauses read like safeguards, but in practice they’re just friction. Once a government decides it needs mass surveillance for ‘security,’ the law bends. The real question isn’t what the ECHR allows... it’s why people still think legal frameworks can meaningfully restrain a state that has already decided not to be restrained.
it escapes me hwo so many can be so naive.
aleph_minus_one
> It escapes me how politicians can repeatedly attempt to violate this.
You make use of the silent assumption that politicians are not criminals. :-(
encom
First time?
pfortuny
Think of the children.
You want the police to solve crimes, right?
If you are against this it is because you have something to hide.
Also it is more than possible that those politicians do not agree with that Convention.
ntoskrnl_exe
Wow, it’s always crazy how the folks who have nothing to hide get mad when the lock on the stall door in a public bathroom doesn’t work…
sitzkrieg
"having something to hide" or defending a human right. who cares. easy to tell where this one gets their feed
0_gravitas
I assumed the post was sarcastic, but Poe's Law I suppose, sadly..
crest
Only boring people have nothing to hide.
pigpag
[dead]
Am4TIfIsER0ppos
Gotta find those with illegal opinions somehow.
TacticalCoder
[dead]
rambojohnson
the comment thread here is obnoxiously naive, and speaks to the privilege some people having been raised under the calm of supposedly democratic societies.
you're all arguing about the syntax of rights while governments rewrite the grammar. once a state decides ubiquitous surveillance is necessary, it’ll find or fabricate a justification. the "law" doesn’t restrain power, power instructs law where to kneel.
stop treating the ECHR like some talisman that keeps the wolves at bay, as if authoritarian drift politely obeys paperwork. stop playing with this whole “actually, the loophole is X,” “no, the loophole is Y,” like you're debugging a bad API instead of staring at the obvious: when a state wants to expand surveillance, it does, and the justifications are retrofitted later, be it "public safety", or "keeping your children safe."
JumpCrisscross
> once a state decides ubiquitous surveillance is necessary, it’ll find or fabricate a justification
This is defeatist, fatalist nonsense.
squigz
How?
JumpCrisscross
It’s had to return. “Disguised.”
It was defeated once. It can be again. What might change that is lazy nihilism masquerading as wisdom.
Humorist2290
(6) Online child sexual abuse frequently involves the misuse of information society services offered in the Union by providers established in third countries. In order to ensure the effectiveness of the rules laid down in this Regulation and a level playing field within the internal market, those rules should apply to all providers, irrespective of their place of establishment or residence, that offer services in the Union, as evidenced by a substantial connection to the Union.
btown
From https://docs.reclaimthenet.org/council-presidency-lewp-csa-r... pp 35:
(f) ‘relevant information society services’ means all of the following services: (i) a hosting service; (ii) an interpersonal communications service; (iii) a software applications store; (iv) an internet access service; (v) online search engines.
And via https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELE... pp 8:
(2) ‘internet access service’ means a publicly available electronic communications service that provides access to the internet, and thereby connectivity to virtually all end points of the internet, irrespective of the network technology and terminal equipment used
===
Calling it Chat Control is itself an understatement, one that evokes "well I'm not putting anything sensitive on WhatsApp" sentiments - and that's incredibly dangerous.
This bill may very well be read to impose mandatory global backdoors on VPNs, public cloud providers, and even your home router or your laptop network card!
(Not a lawyer, this is not legal advice. But it doesn't take a lawyer to see how broadly scoped this is.)
chimeracoder
> (6) Online child sexual abuse frequently involves the misuse of information society services offered in the Union by providers established in third countries.
It's quite wild to see child sexual abuse continue to be cited as a justification for far-reaching, privacy-invading proposals, allegedly to empower government actors to combat child sexual abuse.
Meanwhile, we have copious and ever-increasing evidence of actual child sexual abuse being perpetrated by people with the most power in these very institutions, and they generally face few (if any) consequences.
layer8
> worldwide
Laws targeting service providers usually always apply to all providers providing services in the respective jurisdiction. It would be unusual if it was any different.
josteink
So they’re asking American companies to repeal the first amendment rights of American citizens on all websites accessible in the EU.
How this not a declaration of war?
latchup
I am going to assume your question is genuine and not rethorical hyperbole.
Every sovereign nation has legal supremacy over its own territory. Any company doing business in the EU, no matter its origin, must follow EU laws inside the EU. However, these laws do not apply anywhere else (unless specified by some sort of treaty), so they are not forced to comply with them in the US when dealing with US customers.
If they still abide by EU law elsewhere, that is their choice, just like you can just choose to abide by Chinese law in the US — so long as it does not conflict with US law. If these rules do conflict with the first amendment, enforcing them in the US is simply not legal, and it's up to the company to figure out how to resolve this. In the worst case, they will have to give up business in the EU, or in this case, prohibit chat between US and EU customers, segregating their platform.
SunshineTheCat
I mean this (mostly) as a joke, however, I kinda wish US businesses would just firewall off the EU at this point (yes, I know this would mean losing some customers/marketshare and thus would never happen).
But the near daily proposals getting tossed out in their desperate attempt to turn their countries into daycare centers is just annoying to people trying to build things for other adults.
eptcyka
I was under the impression that the strong and independent Americans had thicker skin than this.
sitzkrieg
luckily, this is a sample size of one (1)
b59831
[dead]
progval
Neither the EU nor American companies are Congress, so they are not bound by the 1st amendment.
petcat
"First Amendment Rights" only applies to the State, not private companies.
For example, Hacker News has no obligation to preserve your "First Amendment Rights" on this website. They are free to mute you, ban you, or even just surreptitiously change what you say without you knowing.
josteink
That’s just semantics.
If a website which otherwise wouldn’t censor you begins to censor you because of threats from foreign nations, that’s a foreign nation pressuring an American company into suppressing rights of American citizens.
That’s a foreign nation imposing on your rights. In the past that used to require an invasion, so it was a bit more obvious what was happening, but the result is still the same.
Yes it’s through a website, which is owned by a company, which technically speaking owes you nothing.
In the digital age though, where are you going to use your speech, if not on a website?
What you (and others) are doing is trying to reduce the significance of a major transgression over a minor technicality. Way to miss the forest for trees.
The EU can stuff it on this one. And I supported (still support!) the GDPR.
ghurtado
[flagged]
Cupprum
I sort of hope someone will leak all private information about Peter Hummelgaard. He is one of the people behind this proposal, just so he would get a taste of his own medicine.
wmf
That would only "prove" that government officials should be exempt from government surveillance.
mszcz
Isn’t it (ChatControl) also „marketed” as „safe and secure”? If they (politicians) don’t have their comms backdoored and still get their data stolen, then why would I trust them to secure (read „safely snoop on”) mine or even know what they’re talking about?
PeterStuer
Eternal vigilance is needed to stop this. Good luck! It will take just one (manufactured) crisis.
ryandrake
We have to win every time. They only have to win once and it's game over.
ambicapter
Why can't we put up legislation to repeal over and over until it is repealed?
soulofmischief
Power/wealth asymmetries. The incumbent organizations are powerful, have many resources and actively work to prevent other organizations from achieving the same level if competency.
JumpCrisscross
> Why can't we put up legislation to repeal over and over until it is repealed?
We can. It’s just easier to throw a wrench in a legislative process than to start it. (By design.)
dymk
Because legislation like this is a ratchet.
PeterStuer
"Over and over" is the hint.
pembrook
The number of laws/rules added vs. removed in any given year is like 100:1.
New rules lead to profitable business opportunities (and future lobbies), incumbents get to entrench their positions using the new rules, and people get stockholm syndrome and just end up accepting the new normal.
Modern representative democracy is Parkinson's law at work. Government is the purest form of bureaucracy and monopoly. Thus, it finds ways to grow itself every year regardless of what happens.
latexr
That argument is so tiring. Yes, we know, we all understand this, that’s true of every draconian law proposal. What’s the point of repeating that over and over every time? If you want to give up, do, but let others fight without needless discouraging. If everyone thought like you, this would have passed first time.
zelphirkalt
There is also an alternative, which is the way problems with governments used to get solved in the past. Not that we should aim for that to be necessary, but it often seems that our politicians are hellbend on getting there quickly. I guess it's all "to hell with the consequences!" for them.
oever
The original article says: "The legislative package could be greenlit tomorrow in a closed-door EU working group session." That was November 12th.
On the 13th, Breyer wrote:
> Yesterday, EU gov'ts rejected changes to mandatory backdoor #ChatControl & anonymity-destroying age checks.
https://digitalcourage.social/@echo_pbreyer/1155418089245415...
isodev
Nothing greenlit in a “closed-door EU working group session” can become law. These things need to go through all phases of legislation including the approval of parliament.
So yes, if you don’t like chat control, talk to your MEPs and stop voting in populist ministers and council members/presidents.
mrtksn
Denmark has a month and a half as EU presidency to go. I still don't get why they want this to be their legacy so badly.
throw-qqqqq
Denmark mostly has authoritative politicians in government. Pragmatic and without ideology. The misguided tools believe they are doing us all a big favor.
They handwavingly dismiss all privacy-related criticism with “well our experts say something else!” and insist there are no privacy issues - but at the same time require exemption for their own caste.
dmix
The EU and European parliaments are very much on the technocracy side, where they defer to experts and studies for everything instead of focusing on the popular interests of the public
throw-qqqqq
I would not categorize Denmark as particularly technocratic, on the contrary. Many politicians here go against science and research because “I simply disagree”.
Populism largely runs Denmark.
squigz
Look at America to see what happens when things are decided based on the popular interests vs actual data and expertise.
Y-bar
Denmark is a strange nation with regards to liberty and personal belongings:
https://euromedmonitor.org/en/article/4963/Denmark:-Exemptin...
throw-qqqqq
This was done to appease the racist voters, who are unfortunately a relatively big factor here.
The law was installed in 2016, (colloquially called “Smykkeloven”/The Jewelry Law) after Syrian refugees walked up through Europe and Denmark, and a myth arose about super rich refugees with bags full of gold.. in 2022 this law had been used in 17 instances.
I cannot roll my eyes enough at the policians here.
eastbound
Denmark is pretty famous for the fact that people consider themselves pretty centrist and moderate, while the policies they implement, each analyzed separately, are the most leftist of all the EU on all modern topics (ie not classical communism of course - just climate change, women, immigration etc). But when you’re surrounded with likeminded people and little diversity of the press, it sounds logical.
WinstonSmith84
Genuine question: is that Denmark reintroducing this proposal? It's not clear when it's mentioned "the EU commission's revised proposal..." - and second question, if it's "Denmark", who from Denmark has the authority to do so? Any elected Danish member from the EU council?
throw-qqqqq
Denmark holds the EU Presidency. That means they chair the Council of the EU, set the agenda, organize meetings, and drive forward legislative work in that period.
Muromec
EU council works like US senate worked before senators were elected. So the right answer for who is Danish PM.
Not to be confused with EU parliament which is elected by popular vote and EU comission, which is the executive branch of EU and us voted in by Parliament
thewebguyd
There are monied interests and special interest groups behind it. No matter who is at the head, it will continue to be pushed by these interests.
Europol, Julie Cordua (CEO of Thorn), Cathal Delaney, former Europol who now is on Thorn's board, Alan Parker, billionaire and founder of the Oak Foundation that's been bankrolling the fake charities lobbying for chat control, Chris Cohn, another billionaire and hedge fund manager who has been funding anti-encryption lobbying in both the US and the EU, Sarah Gardner, former Thorn employee and part of the network of fake charities lobbying to ban encryption. SHe also focuses on lobbying in the US as well, and Maciej Szpunnar, Polish Advocate General and the European court of justice, wants to use chat control for prosecuting copyright infringement.
And don't forget Peter Hummelgaard: "We must break with the totally erroneous perception that it is everyone's civil liberty to communite on encrypted messaging services."
So you have a few billionaires running lobbying organizations disguised as fake "for the children" charities that operate in both the EU and the US, Europol, and a group of powerful people that are fundamentally opposed to privacy.
phba
Adding to that from https://en.wikipedia.org/wiki/Thorn_(organization):
> Thorn works with a group of technology partners who serve the organization as members of the Technology Task Force. The goal of the program includes developing technological barriers and initiatives to ensure the safety of children online and deter sexual predators on the Internet.
> Various corporate members of the task force include Facebook, Google, Irdeto, Microsoft, Mozilla, Palantir, Salesforce Foundation, Symantec, and Twitter.
Apparently Thorn scratched that list from their current website, but the Wiki page has an archive link.
thewebguyd
Worth noting that Thorn also makes scanning software and would stand to profit greatly from chat control.
As with all these types of legislation, always follow the money.
zelphirkalt
Presumably someone is paying really well to push this over and over again.
layer8
Article on Breyer’s own site: https://www.patrick-breyer.de/en/chat-control-2-0-through-th...
dang
Thanks, we'll put that in the toptext as well.
nmeofthestate
I guessed the term Chat Control had to be made up by opponents of the legislation, so searched for the real name. The official name of the legislation is: “Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse” (COM/2022/209 FINAL). It is often referenced more simply as the “Child Sexual Abuse Regulation” (CSA Regulation).
MrNeon
How Could You Possibly Be Against This?!?!? Regulation
cheschire
Oof good luck trying to convince a popular vote against that.
klabb3
This can backfire bigly for the EU. The whole union is sustained on shared values and interests. Sneaking in surveillance is extremely offputting for the sentiment towards EU in many circles. Every member state has plenty of skeptics who want to brexit and this is gasoline for them. And rightly so. This isn’t a fluke from some misinformed non-technical stray politician who ”wants to save the children” (yes, they exist too), but rather a deliberate anti-democratic sabotage of core human rights.
In a nation state, it’s easier to pull off authoritarian shifts, because citizens will not usually revolt over such things alone. But the EU relies on sustained support and a positive image. There are already at the very least 10s of thousands EU skeptics created from the last wave alone, and probably much much more to come.
Zooming out, I think this is the time when the EU is needed the most, given the geopolitical developments. Both Russia and China are drooling about a scattered Europe consisting of isolated small states. That makes it more infuriating. Someone, ideally the press, needs to dig into the people behind this and expose them.
ThrowawayTestr
After Brexit no one's ever leaving the EU
ntoskrnl_exe
This legislation has a potential to "radicalize" a lot of people. I don't agree with many of the decisions by the EU, but at the end of the day the pros do outweigh the cons and in a hypothetical Brexit-like referendum I wouldn't consider agreeing with leaving.
If this passes, however, the pencil in my hand would definitely hover above the YES checkbox for a while and, actually, maybe even tick it. This alone would be enough of a straw to break the camel's back.
0dayz
Unfortunately I don't think so, it'll be more the writing on the wall or the canary ik the coal line but it wont radicalize a lot of people I think because this legislation won't rock the boat enough unless they fuck it up a la UK age verification law.
andix
The UK normalized surveillance for decades. In most other European countries this is a completely different story. The backlash would be far stronger than in the UK.
andix
If they really ban everyone under 16 from texting, this would also become kind of a time bomb. A lot of those affected teens will be allowed to vote very soon. And they might have a very different mental image of the EU than the generations before. The EU used to be a gate to all of Europe, free traveling, no cell roaming fees, Erasmus student exchange. The next generation of voters might perceive the EU as some dystopian institution that takes away fun and freedom.
pcrh
Agreed.
The strength of the EU is based on the EU institutions not having too much power. It's why the EU does not attempt to expel, hopefully temporarily, reprobate nations such as Hungary.
andix
I just don't believe they would be able to roll it out. A lot of messaging services won't implement chat control. If half of the messaging apps are getting blocked, people will get angry.
There will be massive backlash towards EU. Texting is just so embedded to the daily life, if the EU causes inconveniences or trouble with texting, this might create massive anger. It could start off Brexit-like campaigns in some countries.
I'm not saying that it is impossible this is going to be implemented. But I think it's just some bureaucrats dreaming.
ThrowawayTestr
>A lot of messaging services won't implement chat control.
Why not?
https://www.patrick-breyer.de/en/chat-control-2-0-through-th...