Chat control in Europe, an open letter to the Irish Minister who wants to scan all our messages

by Maria on October 7, 2025

I’m publishing an email I just sent to Ireland’s Minister for Justice, Jim O’Callaghan, on a truly hideous and anti-democratic European law that Ireland is strenuously supporting. It’s looking like Germany, which was strong on data protection, may crack and support this law, too. This week is make or break week for ‘chat control’, a proposal to insert message-scanning software on every European’s phone, ostensibly to scan for child sexual abuse material.

(I say ‘ostensibly’ because I cannot tell you how many times I’ve seen a draconian surveillance introduced “for investigating serious crime only” that is used within a few years to check if people are putting their bins out on the right day or sending their kids to the school in the right catchment area. Oh how fondly I remember the time, fighting the UK’s appalling, Labour-introduced surveillance regime in the early 2000s, when we scored a victory to reduce the acceptable reasons for broad surveillance to investigating murders and such, only for the Home Office to say ‘well, we can’t collect the data for use on less serious offences, but if we’ve already got it sitting there for the serious crime, nothing says we can’t use it for everything else, and boo to you too!)

Nowadays, I rarely use arguments of principle, because few justice ministers really have any. Nowadays, I try to have them imagine what it would and will feel to be in the maw of the monster they’re feeding. Sooner or later, we all will.

Dear Minister O’Callaghan,

As you may know, on 13-14 of October, EU governments will vote on the EU’s new Chat Control legislation (EU Regulation to Prevent and Combat Child Sexual Abuse (CSAR)).

As an international technology policy expert with over twenty years of experience, this is by my count the fifth time I’ve been through the encryption debate. Yet again, misinformed governments are attempting to destroy end to end encryption for everyone, based on the obvious and proven fallacy that you can weaken encryption to allow government access without destroying security for everyone.

Do you use a mobile phone, Minister? I expect you do, and I also expect that you take reasonable steps to ensure the privacy and security of your communications. If, however, you vote for the “chat control” proposal, you will break the secure, end to end encryption you personally rely on. And not just once, but for good. When it’s gone, it’s gone. And all of our security goes with it.

Client-side scanning, i.e. surveillance of your content on your phone before you upload or send it, means adding a new layer of vulnerability to your device. Put simply, the software used to read everything you post or send will now become the target for hackers.

If you use Signal (the only messenger endorsed by the European Commission as sufficiently secure) or WhatsApp, they will no longer be secure. Foreign state actors will be more likely to intercept your messages. The most likely consequence of this for you as a government minister would be for a paid criminal syndicate linked to an enemy state – for example, Russia or North Korea – to hack into your messages and images before you send them. They would then use what they find for blackmail or sell it to the highest bidder, or simply publish it to embarrass you, as part of ongoing hybrid warfare to sow discontent and distrust of politicians in countries like ours.

Of course, if you use Signal, well, better stop using it now as it will cease to operate in the EU if governments try to force it to break its core product. You cannot expect companies to want to do business in jurisdictions that break their product and wreck their trustworthy USP globally.

We all rely on the privacy of our communications. Remember that perfectly legal and legitimate communications can be extremely embarrassing, hurtful and even career-ending when published. Over the years I have heard so many government ministers imply or just say outright that “if you have nothing to hide, you have nothing to fear”. However, that’s simply not true; conversations and messages about topics like internal party decisions, government discussions, gossip, speculation, shared photos and memes, and even harmless flirtations can be incredibly damaging when taken out of context. Breaking encryption for governments to snoop means breaking it for anyone with enough money and motivation to snoop, too.

Minister, I know you are not naive. But at the same time, you are probably involved in the encryption debate for the first time. Law enforcement will tell you they can securely break encryption. They’ll say that companies can ‘work around’ any new vulnerabilities they impose on our messenging services. That simply isn’t true. Encryption isn’t magic. It’s mathematics. When you require service providers to intentionally weaken their product’s encryption, or insert unencrypted stages into the process, you break encryption for everyone, not just the ‘bad guys’.

A state-backed hacker will always gain access to unencrypted software – like client-side scanning – to spy on high-value targets like you and the rest of the cabinet, and on judges, activists, and even on their own citizens, often political refugees, who live in Ireland. We see the government of China doing this kind of surveillance in other countries all the time.

We live in a moment when our national and regional security has never been under more sustained attack. We rely on you, Minister, to protect us all, not to impose ineffective and damaging measures that child protection experts, cyber security experts, and legal experts all say will do far more harm than good.

Frankly, it is embarrassing that a supposedly ‘tech-friendly’ country like Ireland is at the forefront of such an ignorant and damaging policy.

Weakening encryption leaves us all open to spying, surveillance, blackmail, and other forms of malicious interference. Europe simply doesn’t have time for you as a minister to repent at leisure, when the extent of these well-proven harms become manifest to everyone else.

Hundreds of cybersecurity experts have given their expertise and testimony on this. But yet again, the justice ministries who want to weaken encryption for everyone are relying on bedtime stories about technologies to weaken encryption “just for government use” that simply do not exist.

Chat control is pre-emptive surveillance of everybody’s phone forever. It’s the most extreme surveillance proposal I personally have seen in any democracy. It will be used against journalists, politicians, activists, judges, teachers, lawyers – everyone who increasingly authoritarian governments want to crush. Is that what you want your legacy to be?

Is this a power you want to see in the hands of Victor Orban? Or the new far-right president in the Czech Republic? Or the next time the far-right get back into power in Poland. Or, God forbid, France? Or indeed, perish the thought, Sinn Féin, when they continue their virulently anti-democratic campaign against Irish journalists and and carry out deeply personalised campaigns against political enemies, as Trump does today?

One thing I’ve learnt in the decades I’ve seen this ridiculous policy keep coming back is that these powers are always used by the worst possible people against the best. How would they be used against you, Minister? What perfectly ordinary, lawful things have you put in your own private messages that would be negatively life-changing if they became public? We are all in the same boat. But that’s the world we will all be living in shortly, if Ireland supports these deeply anti-democratic, authoritarian policies.

Don’t think about how you would use these powers, Minister. Think of how your enemies would use them against you. Because that’s the boat we will all be in, if Ireland supports this outdated and authoritarian law. Please take this last chance to defend our individual and collective security.

Yours sincerely, etc. etc.

(P.S. CT readers, to learn more: https://edri.org/our-work/most-criticised-eu-law-of-all-time/)

{ 11 comments }

1

Sashas 10.07.25 at 10:31 pm

Well said!

2

Austin Loomis 10.07.25 at 11:17 pm

Over the years I have heard so many government ministers imply or just say outright that “if you have nothing to hide, you have nothing to fear”.

I want to tell the yipyops who spout this “Everybody’s got something to hide except Sir Paul and his monkey. If you have curtains on your windows, you have something to hide. If you wear clothes on a regular basis, you have something to hide. If you understand, unlike Mil Millington’s girlfriend Margret and that woman who was always shouting at the pigeons in Tesco’s car park, that one may have a thought and not say it, you have something to hide.”

3

Maria 10.08.25 at 7:51 am

Ha! Indeed, Austin. I may steal a couple of your lines for the next time I encounter one.

4

Laban 10.08.25 at 11:05 am

I may be misinformed (it’s often happened before) but my understanding (from the wikileaks/Snowden/Five Eyes sagas) was that GCHQ and the NSA had a deal by which GCHQ would scan American emails (so the NSA wouldn’t break US laws) while the NSA scanned everything else. You are obviously better informed, where am I wrong? Does said scanning not include content decryption (obviously it’s still useful for establishing links between individuals or organisations)?

If unbreakable encryption exists, why did major criminals all head for Encrochat, which they thought secure?

5

Maria 10.08.25 at 12:23 pm

@Laban, you’re talking about two different things; interception of messages and pre-sending scanning. Different technologies, different actors. Interception requires decryption, hence the decades long attempt by intelligence and law enforcement to block encryption or weaken it. pre-encryption client-side message scanning is what’s in the chat control proposal. additionally, re. criminals’ app choices, encryption of messages in transit is relatively easy to access. we all have that on Signal and even on WhatsApp. but encryption is only as effective as the weakest link; so unencrypted devices, e.g. render it ineffective. And also, some services also hide the metadata of communication – who you’re talking to, where you are, who’s in your network and what time you talk – which can be additionally very useful to criminal investigations and which on the whole is not and cannot be encrypted. to understand the topic more broadly I’d recommend any of Bruce Scheier’s books.

6

Ray Corrigan 10.08.25 at 4:47 pm

Brilliant letter, Maria. If it reaches the minister, unfiltered and he takes the time to read and consider it, you might even get through to him.

Have to say I laughed out loud at your intro: “Nowadays, I rarely use arguments of principle, because few justice ministers really have any.” And there are not many things in the tech policy space that can raise a smile these days.

Just one note on the poisonous but seductive “nothing to hide” soundbite. Every journalist worthy of the name should blast this toxic meme and all its derivatives into discredited oblivion, immediately and every time a talking head tries to use it to rig a discussion on surveillance or other privacy issues.

No one should accept the demonstrably false premise that privacy is EXCLUSIVELY sought or needed by evil people wanting to hide nefarious deeds and intentions. That unstated, underlying assumption is, frankly, ludicrous.

No one should accept the demonstrably false and equally ridiculous underpinning premise that destroying privacy will solve the complex socio-technical-economic-environmental-justice-immigration-terrorism-[choose your issue] problem/mess du jour. It has not and will not, as a cursory consideration of the impact, on those problems, of the construction and deployment of the infrastructure of mass surveillance throughout the 21st century, will demonstrate.

“Nothing to hide” is nothing but a vicious, sleazy, lazy, ignorant, sophistic but powerful propaganda/disinformation/indoctrination trick.

FWIW, I’m feeling pretty old and tired rehashing the “don’t break encryption” debate again too. But your continuing efforts and resilience are mightily appreciated. :-)

7

Ron Raskin 10.08.25 at 4:56 pm

This law seems just as terrible as it sounds. For those who still believe in free speech, I have bad news — censorship is everywhere. It’s already deeply affecting most social media platforms and even Google search. Should we fight misinformation? Yes. Should we do it through censorship? Definitely not!

8

Laban 10.08.25 at 8:04 pm

Right, so they are asking the app providers to monitor what’s typed in and ping some agency if a suspect string or (with AI) a suspect intention is detected … thanks.

I can just remember the early days of the commercial internet (maybe 1992/3) when we discovered we could send an email to a server in Germany and we’d get an acknowledgement a few minutes later. Seemed a miracle. Then the days of 9600 modems, Netscape Navigator and dial-up.

9

Moz of Yarramulla 10.08.25 at 9:06 pm

The common thread is that secretive ‘security’ agencies hate and fear other people having effective security of any sort, so they brief governments against it. Whenever some brain fart like this proposal comes along they mostly support it*. While the originator quite probably is upset about CSAM and is willing to burn the world down if that means making CSAM less obvious, there’s a whole pile-on of other people and organisations that share the goal but not the motivation.

One thing I ask MP’s during these discussions is that they proactively release all their personal communications from the last month. Quoting their “nothing to hide” when possible. Putting in a freedom of information request for their communications is generally worth while. Publishing their response even more so.

* kudos to the occasional brave soul who objects on the basis that removing security and asking enemy organisations to please not take advantage is a strategy that we know does not work.

(the Utopia TV series has an episode on an “Australia Card” that would allow everyone to be tracked everywhere, with the final suggestion that the trial take place around Parliament ending the idea … https://www.youtube.com/watch?v=FBpJkVdT2Jg “nothing to hide”?)

10

KT2 10.09.25 at 5:41 am

A maw generator.
“Nowadays, I try to have them imagine what it would and will feel to be in the maw of the monster they’re feeding.”

“One-man spam campaign ravages EU ‘chat control’ bill
A software developer from Denmark is having an outsized influence on a hotly debated law to break open encrypted apps.

OCTOBER 8, 2025 BY SAM CLARK

“BRUSSELS — A website set up by an unknown Dane over the course of one weekend in August is giving a massive headache to those trying to pass a European bill aimed at stopping child sexual abuse material from spreading online.
The website, called Fight Chat Control, was set up by Joachim, a 30-year-old software engineer living in Aalborg, Denmark. He made it after learning of a new attempt to approve a European Union proposal to fight child sexual abuse material (CSAM) — a bill seen by privacy activists as breaking encryption and leading to mass surveillance.
The site lets visitors compile a mass email warning about the bill and send it to national government officials, members of the European Parliament and others with ease. Since launching, it has broken the inboxes of MEPs and caused a stir in Brussels’ corridors of power.

https://www.politico.eu/article/one-man-spam-campaign-ravages-eu-chat-control-bill-fight-chat-control/
Via…
“One-man campaign ravages EU ‘Chat Control’ bill(politico.eu)491 points by cuu508 16 hours ago | hide | past | favorite | 172 comments
Related: https://fightchatcontrol.eu/
https://news.ycombinator.com/item?id=45514433

“Suspicionless ChatControl must be taboo in a state governed by the rule of law 
(digitalcourage.social)
259 points by nabla9 13 hours ago | hide | past | favorite | 120 comments
https://news.ycombinator.com/item?id=45517642

11

Matt 10.09.25 at 3:43 pm

I once idly imagined that we could get rid of support for the death penalty by limiting its use only to its supporters. “To show your support, add your name to the legally-binding list of people who agree to be put to death if convicted of a crime.”

Comments on this entry are closed.