Chat Control Is Back on the Menu in the EU. It Still Must Be Stopped (www.eff.org)

The EU Council is reopening debate on the so-called “Chat Control” proposal, a push by the Danish Presidency to require service providers — including end-to-end encrypted (E2EE) messaging and storage services — to perform client-side scanning of communications and files for “abusive material.” Client-side scanning runs detection on the user’s device before messages are sent or encrypted; proponents claim this preserves E2EE, but critics argue that giving authorities access to one “end” of an encrypted channel effectively breaks its guarantees and turns phones and laptops into pervasive surveillance endpoints. Technically and politically, this is consequential: mandating device-side scanning creates a universal attack surface (vulnerable to leaks, misuse or state overreach), undermines protections for journalists, whistleblowers and activists, and could force major apps (Signal has warned it would withdraw from the EU) to choose between privacy and market access. The latest compromise even exempts state communications, signaling recognition of the risk. If passed on October 14th at the Justice and Home Affairs Council, the rule would not only affect EU residents but anyone communicating with them, and set a dangerous global precedent for authoritarian surveillance — a practical reminder that “only for the good guys” systems are brittle, as incidents like Salt Typhoon illustrate.