TZUTC: -0500   
   MSGID: 1777.consprcy@1:2320/105 2d96e4cb   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   "A disaster waiting to happen"  The privacy tech world reacts to the new Chat   
   Control bill   
      
   Date:   
   Wed, 03 Dec 2025 17:37:15 +0000   
      
   Description:   
   While an agreemnet on "voluntary" chat scanning has now been reached, Italy,   
   the Czech Republic, Poland, and the Netherlands are still against the   
   compromise. And privacy experts aren't celebrating.   
      
   FULL STORY   
      
   After three years of back-and-forth, the EU Council finally agreed on the   
   controversial Child Sexual Abuse Regulation (CSAR) bill on November 26, 2025.   
   The bill  which has gained the nickname, Chat Control  is now likely to    
   become law.    
      
   Despite winning the majority, the compromise on voluntary chat scanning did   
   not garner support from all states, with Italy, the Czech Republic, Poland,   
   and the Netherlands still in opposition to the current text. And privacy   
   experts aren't ready to celebrate, either.    
      
   "A very sad day for privacy and a missed opportunity to invest in efforts to   
   effectively protect children," commented Belgian cryptographer Bart Preneel    
   on LinkedIn . Preneel was among the scientists who signed an open letter a    
   few days before the vote to warn that the compromise still " brings high    
   risks to society ."    
      
   According to former MEP for the German Pirate Party and digital rights    
   jurist, Patrick Breyer, the EU Council has endorsed a Trojan Horse rather    
   than fixing previous issues with the bill.    
      
   "By cementing 'voluntary' mass scanning, they are legitimizing the   
   warrantless, error-prone mass surveillance of millions of Europeans by US   
   corporations," he said. "This is not a victory for privacy; it is a disaster   
   waiting to happen."    
      
   Despite the privacy backlash, the November 26 agreement means that the Danish   
   proposal will continue to the final step of the legislative process. The EU   
   Council, Parliament, and Commission are set to begin the trialogue   
   negotiations to confirm the final text, with adoption expected by April 2026.   
      
   "Voluntary mass surveillance"   
      
   The biggest change with the new Danish Chat Control text is in its approach    
   to chat scanning. From forcing messaging services  including those using   
   end-to-end encryption  to perform indiscriminate scanning on the lookout for   
   child sexual abuse material (CSAM), providers will now have the option to   
   choose whether to scan all users' chats or not.    
      
   This has been considered a victory by many, as it saves encryption from being   
   undermined with a backdoor. Director of Government Affairs and Advocacy at    
   the Internet Society, Callum Voge, told TechRadar it was "a positive step   
   forward for the security of communications of European residents."    
      
   But the devil may be in the details. The text does include a provision that   
   could force companies to scan messages if their services are deemed to be   
   "high-risk." The bill also includes the possibility for the European   
   Commission to review the law every three years, so widespread scanning could   
   be implemented at a later date.    
      
   And while Recital 17a says that "Nothing in this Regulation should be   
   understood as imposing any detection obligations on providers," it's yet to    
   be seen how this wording is interpreted at the trialogue negotiations.    
      
   What's certain is that, for Breyer, "voluntary" scanning still fails short in   
   protecting EU citizens from mass surveillance. He said: "Calling this   
   voluntary does not make the violation of the digital secrecy of    
   correspondence any less severe. We must stop pretending that 'voluntary' mass   
   surveillance is acceptable in a democracy."    
      
   This stance is also shared by one of the best VPNs on the market, Mullvad VPN   
   . "The EU Council failed to implement mandatory mass surveillance. However,    
   in its proposal, they are laying the groundwork for mass surveillance in the   
   future."   
      
   Beyond scanning and encryption    
      
   While the new Chat Control has tried to fix existing privacy and security   
   issues around mandatory encryption backdoors, it has also added other   
   provisions that experts fear could jeopardize EU citizens' digital rights.    
      
   Under the November 13 proposal , messaging service providers must take all   
   necessary measures to protect children, including performing age verification   
   checks to "reliably identify child users."    
      
   While the Council stressed that age verification methods must be   
   "privacy-preserving," many think this will be impossible to achieve in   
   practice.    
      
   "Even if age verification is done in a privacy-friendly way (unclear that    
   this is how it will work), it is easy to bypass (just check what happened in   
   the UK)," Preneel wrote on LinkedIn. He was likely referring to the spike in   
   VPN usage linked to age verification laws.    
      
   All in all, Preneel says: "Age assessment is highly problematic for privacy.   
   There is no scientific study demonstrating that these technologies are   
   effective."    
      
   The bill's new text also contains provisions on website blocking obligations   
   that worry the team at Mullvad. "Once this infrastructure is in place, it    
   also opens the door to a slippery slope when it comes to censorship," said    
   the Swedish VPN firm.   
      
   What's next?    
      
   Despite the controversy, the Danish Presidency managed to convince the   
   majority of EU members to support its compromise, paving the way for the   
   trialogue negotiations to finally kick off.    
      
   This means that the EU Parliament, Council, and Commission are now set to    
   work together to agree on a final, binding text.    
      
   "My expectation is that there will be strong pressure to conclude these   
   negotiations quickly," Voge told TechRadar. However, he said the April   
   deadline may be too soon to finalize the bill.    
      
   As discussions are set to start soon, Mullvad is urging the Parliament to   
   stand firm and not deviate from previous positions, urging MEPs to say "no to   
   mass surveillance whatsoever without suspicion and a court order, no   
   ID-verification requirements, and no censorship of legal content."    
      
   According to Voge, however, the EU Commission is most likely to put its foot   
   down if needed. He said: "The Commission is the one that has an opposing view   
   when it comes to encryption. We will need to watch the trilogue closely to    
   see what trade-off the three parties might agree to."    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/vpn/vpn-privacy-security/a-disaster-waiting-to-happe   
   n-the-privacy-tech-world-reacts-to-the-new-chat-control-bill   
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426