Chat Control is back, here's how to stop it (including email addresses) (tuta.com)

The Danish EU Council presidency has revived and intensified “Chat Control”: a draft law that would require messaging and email providers to perform mandatory client-side scanning of private, end-to-end encrypted communications. Unlike earlier proposals aimed narrowly at known child sexual abuse material (CSAM), the 2025 version would let authorities compel providers to scan for “unknown” content using automated AI detectors, exempt state and military accounts, and issue detection orders across services. Danish Justice Minister Peter Hummelgaard has framed this as breaking the expectation of absolute encrypted privacy, and the presidency is pushing for fast votes (key October meetings were scheduled), raising the prospect of a rapid political push. For AI/ML and security communities this is significant because it institutionalizes AI-driven surveillance and undermines end-to-end encryption guarantees: client-side scanning creates practical backdoors, concentrates sensitive plaintext in algorithmic filters, and amplifies false positives from imperfect detectors — with real risks of leakage, misuse, and mass surveillance. Legal counsel inside the EU has flagged likely conflicts with EU fundamental rights (Articles 7 and 8), and leaked memos predict court challenges. Providers face stark choices (comply, litigate, or exit the market), and the proposal would set a precedent for using AI systems to inspect private data at scale — a major technical, ethical and governance crossroads for the AI/ML community.