Secure and private digital communications are under fire again in Europe, where authorities continue to put pressure on messaging apps that use end-to-end encryption (E2EE).
One such measure is the European Union’s “Chat Control” proposal, which is a response to the horrific problem of child abuse material transmitted over digital channels. Its official name is Regulation to Prevent and Combat Child Sexual Abuse or CSAR, and the proposal’s been in the pipeline since 2022.
In simple terms, “Chat Control” would entail automated scanning of users’ devices and what they send, before it is encrypted. If objectionable content is found, it is automatically forwarded to the police. This is a way to get around secure E2EE protected communications, and to tackle abusive content right at the source.
That may seem reasonable at first glance, but it only takes a moment to realise that “Chat Control” would severely harm people’s online privacy, and create an enormous state surveillance apparatus.
No technology is perfect, and there’s every reason to believe that “Chat Control” scanning would make errors and automatically dob in the innocent. Mission creep beyond searching for child abuse material is likely, data breaches ditto, and of course, “Chat Control” would break E2EE.
App providers such as Signal have made it clear that they will leave the EU rather than compromise their users’ privacy but that might not help as “Chat Control” would have global reach.
Despite a huge amount of warning flags going up, 12 EU countries support “Chat Control”. Nine EU nations oppose it, and the latest is that Germany, which obviously carries a huge amount of weight in the bloc, has come out against “Chat Control” as it doesn’t think private communications should be under blanket suspicion.
The German federal justice minister Stefanie Hubig said on social media that mass scanning of private messages must be taboo in a constitutional state, and the country will not agree to the EU “Chat Control” proposals.
Massenhaftes Scannen privater Nachrichten muss in einem Rechtsstaat tabu sein. "Solchen Vorschlägen wird Deutschland auf EU-Ebene nicht zustimmen", betont Bundesjustizministerin Stefanie Hubig. (1/2) pic.twitter.com/74cWYOy9TX
— BMJV (@bmjv_bund) October 8, 2025
We’ll see where this goes, but it’s unlikely to be the last such attempt by the authorities. Apple is sparring with the United Kingdom, where the government is using legal means to demand the tech company maintains encryption but provides a backdoor for authorities.
Apple has already disabled its Advanced Data Protection feature that provides E2EE for iCloud backups for British users, rather than providing backdoor access.
Why does encryption matter?
Encryption of data and communications going over the Internet is hugely important. The Internet is a very hostile environment these days, and it doesn’t matter how innocuous you think the data you share across it is, you do not want to transmit or receive anything in clear text that others can and will intercept.
E2EE takes that security feature further. It ensures that your endpoint, be it an application or a device, scrambles network data communications. That data can then only be decrypted by the intended recipient; and vice versa for data reaching you.
Even if your data is intercepted, E2EE protection means it can’t be read by others.
Undermine encryption and E2EE and you can forget about a great many things that we take for granted, like secure Internet banking, e-commerce, social media, government sites and even working online.
It just wouldn’t be safe anymore. The risks of compromised encryption aren’t theoretical as a recent major law enforcement operation illustrates.
How criminals ratted on themselves through an app
Is E2EE the ultimate in bulletproof security and privacy, a system that ensures all your communications are kept safe from whatever prying eyes that would like to see what you’re saying?
It’s certainly a great tool for that, but never underestimate the power of human ingenuity when it comes to getting around seemingly impenetrable digital defences. Criminals in New Zealand, Australia and the United States who were using the AN0M encrypted messaging app, thinking there was no way their chats could be intercepted, experienced just this.
Unknown to the criminals, the US Federal Bureau of Investigation and Australia’s Federal Police had seized the opportunity to take control of the development of AN0M, after the app’s main coder faced legal trouble.
Long story short, AN0M had a secret encryption bypass. The app would forward copies of the criminals’ messages to police in Australia and the US. There were lots of AN0M users, including 65 in NZ, and the captured messages volume over three years is massive.
Prosecutions in the AN0M cases look set to continue after the High Court of Australia validated retrospective legislation confirming the evidence was lawfully obtained.
There are other cases of encrypted apps being compromised, like EncroChat and SkyECC, by the authorities who were able to listen in on criminals’ uninhibited communications.
Also known as Operation Ironside in Australia and Operation Trojan Shield in the US, it was the biggest of its kind in the world. Around 12,000 devices were distributed in over 100 countries, 28 million messages were intercepted, and 390 were arrested.
Nobody should feel sorry for the criminals getting caught in the AN0M operation, but at the same time, it shows the power of breaking encryption. It is power that can be aimed at anybody.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.