The EU’s ChatControl proposal is back in the headlines this week, and if you haven’t been following this saga, you should be — because it has the potential to fundamentally undermine end-to-end encryption for hundreds of millions of people. A detailed analysis circulating on Hacker News has pushed the discussion to over 1,100 upvotes and 630 comments, reflecting the intense concern in the technical community.
The proposal, at its core, would require messaging platforms — including those offering end-to-end encryption — to scan private messages for illegal content. Earlier this month, Germany secured a blocking minority against the proposal, but it keeps coming back in modified forms. The latest iteration is particularly concerning for anyone who understands how cryptography actually works.
The Technical Impossibility#
Let me be uncharacteristically blunt: you cannot scan encrypted messages without breaking encryption. This isn’t a political opinion; it’s mathematics.
End-to-end encryption means that only the sender and recipient can read a message. The platform operator cannot. A court order cannot. A government agency cannot. That’s the entire point. If you introduce a mechanism to scan message content — whether on the device before encryption (“client-side scanning”) or through some key escrow arrangement — you have created a vulnerability that can be exploited.
The EU proposal’s supporters argue that client-side scanning is different from “breaking encryption” because the encryption itself remains intact during transit. This is technically true in the narrowest possible sense, and completely misleading in practice. If my device scans my message before encrypting it and reports the content to a third party, the practical effect is identical to having no encryption at all.
Security researchers have been making this argument for years. A 2021 open letter signed by hundreds of cryptographers and security experts laid out the case clearly. Nothing has changed since then — the math hasn’t gotten more cooperative.
Client-Side Scanning: A Closer Look#
The client-side scanning approach deserves particular scrutiny because it’s being presented as a reasonable compromise. The idea is: before you send a message, your device checks it against a database of known illegal content (typically using perceptual hashing) and flags matches.
The problems are numerous:
False positives: Perceptual hashing is imprecise by design. It’s meant to catch variations of known images, but it also matches innocent content. Apple briefly implemented a client-side scanning system for iCloud Photos in 2021 and quickly shelved it after researchers demonstrated concerning false positive rates.
Database integrity: Who controls the hash database? What prevents a government from adding political content, protest images, or journalism to the scanning database? The technical architecture doesn’t distinguish between scanning for illegal content and scanning for dissident content. Authoritarian regimes around the world would love this precedent.
Scope creep: Today it’s one specific category of illegal content. Tomorrow it’s terrorism. Then copyright infringement. Then “disinformation.” The history of surveillance technology is a history of mission creep.
Implementation burden: Every messaging platform would need to implement and maintain scanning infrastructure, creating enormous compliance costs that disproportionately affect smaller and open-source projects. How does Signal, a non-profit, absorb this kind of mandate?
Germany’s Blocking Minority#
The good news this month is that Germany has maintained its opposition to ChatControl, securing enough allied votes to block the proposal at the EU Council level. Germany’s position, influenced by strong privacy advocacy and constitutional protections for communication privacy, has been a crucial counterweight to the proposal’s supporters.
But a blocking minority isn’t a victory — it’s a stalemate. The European Commission can revise and resubmit, and the political dynamics can shift. Some member states remain strongly in favor of mandatory scanning, and the emotional arguments in favor of it are powerful (even when the technical arguments are not).
This is why continued vigilance matters. The technical community needs to keep explaining, clearly and patiently, why this approach cannot work as advertised. Not because the goal is wrong — combating illegal content is a legitimate priority — but because the proposed mechanism would cause far more harm than good.
What Developers Should Understand#
If you build applications that handle private communication — and in 2025, that’s a lot of applications — ChatControl-style regulation could directly affect you. Even if you’re not building a messaging app, any application with user-to-user communication features could potentially fall under such mandates.
Here’s what to think about:
Encryption architecture matters: If you’re designing a system, think carefully about your encryption model. True end-to-end encryption is a feature that users increasingly demand, and any regulation that compromises it will force difficult product decisions.
Regulatory divergence: The EU, US, UK, and other jurisdictions are all pursuing different approaches to encrypted communication. If you operate globally, you may face contradictory requirements. The UK’s Online Safety Act has similar provisions, though implementation details remain unclear.
Open source implications: If you maintain or contribute to open-source messaging tools, mandatory scanning requirements could create compliance obligations that are difficult or impossible to meet without corporate backing.
My Take#
I’ve been in the security space long enough to recognize a pattern: governments periodically demand backdoors in encryption, technologists explain why that’s impossible without compromising everyone’s security, the proposal gets shelved, and then it comes back a few years later with different branding.
The Clipper Chip in the 1990s. The “going dark” narrative in the 2010s. Now ChatControl. The underlying tension is real — law enforcement’s job is genuinely harder when they can’t access communications. But the proposed solution — weakening encryption for everyone — is worse than the problem.
I’m encouraged that Germany is holding the line, and that the technical community continues to engage substantively with this debate rather than dismissing it. But we can’t be complacent. This proposal, or something very like it, will keep coming back until there’s a definitive political resolution.
In the meantime, if you’re building systems that people depend on for private communication, keep building them right. Strong encryption isn’t just a feature — it’s a responsibility.
This post is part of the Security in Practice series, covering real-world security issues that affect developers and the systems we build.