- More than 500 scientists and cryptography researchers have signed a joint letter against the controversial proposal for child sexual abuse (CSAM) of the EU
- Experts warn that the Danish version of the text does not yet address concerns about encryption, indiscriminate surveillance and precision
- The members of the EU council must share their final positions in the so -called Chat Control Law on September 12
More than 500 scientists and cryptography researchers have signed a joint open letter to share their concerns about the controversial Proposal for the EU Child Sexual Abuse (CSAM). For the third time since 2022.
Considered by his critics as chat control, the bill seeks to introduce new obligations for all messaging services operating in Europe to scan user chats, even when they are encrypted, in the guard of the CSAM material.
The members of the EU council are scheduled to share their final positions in the Danish version of the proposal on Friday, September 12, and adoption is expected in early October 2025 if an agreement is located.
Although it includes some improvements from previous versions, experts believe that the last iteration of the text does not yet addresses concerns about encryption, indiscriminate surveillance and the accuracy of detection.
“I think many of the changes that occurred are only smoke and mirrors,” Bart Prenel, the Belgian cryptographer and professor at the Loavaina University behind the open letter told Techradar.
The main contentious points highlighted by experts in the open letter are presented below.
The Danish chat control version still breaks the encryption
The risk of breaking the encryption has been the main objection against the proposal from the beginning.
The encryption is responsible for maintaining our private and safe communications. WhatsApp, Signal, Protonmail and the best VPN applications use end -to -end encryption (E2E) to stir the content of users’ messages in an illegible way and avoid unauthorized access.
If the Danish chat control text passes, all multimedia and URL files that sent through WhatsApp and similar services would have to be mandatory for CSAM materials.
Crucially, the proposal requires that CSAM detection technology should not lead to a weakening of protection provided by encryption. However, according to experts, this cannot happen without undermining E2E protections, since any detection technology inevitably “introduces a single failure point” in encrypted communications.
In addition, “the new proposal does not address our concerns regarding the potential for creep of the detection of the device,” experts wrote.
Accuracy remains a problem, and AI cannot avoid
Another great concern for experts surrounds the lack of precision of detection technology, something that could de facto fail the objective of increasing the effectiveness of the law’s application investigations.
“The existing research confirms that avant -garde detectors would produce unacceptably high rates of false positives and false negatives, making them inadequate for large -scale detection campaigns on a scale of hundreds of millions of users as required by the proposed regulation,” reads the open letter.
Experts also suggest that IA -based technologies cannot be the solution, taking into account the “huge attack surface” they have. “We hope that these technologies are highly ineffective in the case of CSAM detection,” they conclude.
What follows?
On Friday, September 12, EU members are expected to share their positions on the Council.
Did you know?
A source with knowledge of the matter told Techradar that Germany, a decisive country to block or support the bill, may be considering refraining from taking a position. Germany is among the members still undecided at the time of writing, along with Estonia, Greece, Luxembourg, Romania and Slovenia.
Despite the list of countries that oppose the growth of the law, support for chat control remains strong, with 15 countries that support the proposal against six opposites and six still undecided, according to the latest data.
If the 500 signatories are enough to turn the undecided members into the ranks of the opposition is too early to know. However, what is certain is that chat control is far from being the only proposed regulation that could endanger encrypted communications as we know them.
When commenting on this point, Pre -nel told Techradar: “There is enormous pressure to get access to encrypted data: it is not only the CSAM case, there is also the proteteu document. That is the real debate, and I think CSAM is used as an excuse to open the door.
“However, I believe that the police should have more power to investigate whether suppliers do not take the correct measures. In my opinion, they could afford to make infiltrations and fight against these groups with specific investigations, if there are real suspicions. However, what I think is not acceptable is to break the encryption for all.”
