ChatControl: EU wants to scan all private messages, even in encrypted apps (metalhearf.fr)

The EU’s proposed “ChatControl” (Child Sexual Abuse Regulation, CSAR) would force virtually every interpersonal service — from Signal, WhatsApp and Telegram to email, dating apps, gaming chats and cloud drives — to perform mandatory client-side scanning of private messages and images before end-to-end encryption is applied. The system combines hashed matching against known CSAM, AI-driven visual classifiers for “potential” abuse, and NLP-based grooming detection; flagged content would be automatically reported to a centralized EU Centre on Child Sexual Abuse. Supporters frame it as child-protection, but the rule would effectively bypass E2EE, require intrusive age verification and risk institutionalizing mass surveillance across 450M Europeans. For the AI/ML community this raises acute technical and ethical challenges. Client-side models must run at massive scale on devices, yet current classifiers produce high false-positive rates (studies show ~80% of automated reports are false; Irish police found only ~20% of reports contained illegal material), and are brittle to adversarial or simple circumvention (pre-encryption, steganography, link-sharing, custom clients, decentralized platforms). Security researchers warn such designs create systemic vulnerabilities, undermine encryption guarantees, and invite abuse. Practitioners will face pressure to build explainable, privacy-preserving on-device detectors, robust benchmarks for real-world false-positive/false-negative trade-offs, and defenses against evasion — all while navigating legal, ethical and governance risks of weaponizing pervasive content-scanning.