This rise, especially in material produced and shared by pre-teens and teenagers, highlights how the borderless internet magnifies the suffering endured by victims, intensifying the need for urgent, collective action.

There is no question that as a society, we have a moral and ethical obligation to do everything possible to prevent the spread of child sexual abuse material and bring its perpetrators to justice. 

However, our response must remain rooted in the core values of democracy and fundamental human rights. Powerful emotional appeals must not lead us into policies that erode the very freedoms and protections that make justice and safety possible for everyone.

Chat Control Regulation

The EU’s proposed Chat Control legislation, formally the CSAM Regulation, is potentially an unprecedented policy shift against the democratic values treasured by the European Union. Chat Control would require all messaging and chat providers operating within the EU to scan all user content for suspected CSAM and to automatically report suspicious messages and material to police. 

Importantly, this scanning will not be performed on the messaging providers’ systems but instead it is proposed it will be included in the messaging app itself installed on every phone, tablet, or computer. 

This means that every message having a photo, video, URL, or multimedia file would be scanned before it is sent from the device. This scanning will happen even when using secure messaging systems with built-in encryption to provide security and protect privacy. 

There is no requirement for suspicion or the issuance of a warrant to perform this scanning as it will be scanning everyone’s messages all of the time. In effect, this could result in our phones, tablets, and computers being turned into potential mechanisms of mass surveillance.

Such a sweeping mandate introduces profound dangers. Not only does it threaten individual privacy and undermine public trust in digital life, it also opens an enormous attack surface intentionally built into every European device that hostile states, authoritarian governments, and cybercriminals could exploit for their own nefarious means. 

Indeed, the Dutch Intelligence and Security Service and other leading digital rights experts have warned that client-side scanning, as proposed in Chat Control, makes our entire digital infrastructure more vulnerable to espionage and attack.

No effect on criminals

The proposed regulation also appears to ignore that criminals who produce and distribute CSAM are highly adaptive and technically astute. Criminals who are not already using messaging platforms and anonymous networks beyond the regulatory reach of the EU, will quickly shift to do so. 

Technologies such as encrypted apps outside EU jurisdiction, such as darknet services, and decentralised content-sharing networks, allow offenders to evade detection, rapidly migrate to new platforms, and continue their activities unchecked. 

This will seriously undermine the goals of mandatory scanning, as criminals will move further away from the grasp of police leaving law-abiding citizens to bear the burden of invasive surveillance while the actual perpetrators exploit new, unregulated channels.

Scope for mass surveillance

Furthermore, the proposed scope of Chat Control is not fixed. The proposed regulation includes provisions which will allow governments to expand the type of content that gets scanned to include other content that may be declared inappropriate or illegal in the future. 

In effect, the infrastructure for mass surveillance will exist from day one, and history clearly warns us that such powers will be abused. The US National Security Agency’s (NSA) PRISM programme, revealed by Edward Snowden in 2013, showed how legitimate tools and systems can become mechanisms for widescale, warrantless interception of personal communications.

Similarly, in a recent attack against US telecommunication providers dubbed Salt Typhoon, China has been accused of conducting a comprehensive and sophisticated espionage campaign by exploiting the lawful intercept technology built into the telecommunications networks.

Even those supporting the proposed regulation acknowledge the risks. Governments and military accounts are set to be exempt from this mandatory scanning, a tacit admission that the systems are dangerous if misused. 

The legislation’s technical reality is also grim as the proposed scanning algorithms are unproven and error prone. Innocent photos, harmless personal messages, of sensitive business communications could be falsely flagged, leading to police investigation, public shame, or other unwarranted consequences.

The path forward

In the political realm, divisions are still sharp. While countries such as Austria, the Netherlands, Belgium, Poland, and the Czech Republic oppose Chat Control, with Belgium stating it is a “monster that invades your privacy and cannot be tamed”, the majority of member states, including Ireland, France, Spain, and Sweden, remain supportive or undecided, leaving Europe’s digital rights at a critical crossroads.

What, then, is the right path forward? Genuine solutions must be both effective and just. 

The billions earmarked for rolling out this proposed surveillance infrastructure would be better spent on what truly works, such as comprehensive training, resourcing, and support for police, social workers, educators, parents, and caregivers, so they can detect, prevent, and respond to abuse in the real world and online. 

International co-operation must be modernised and strengthened, closing legal loopholes that abusers exploit to evade justice or outdated laws that hinder police investigations. 

We must also hold vendors that provide the messaging platforms to account by compelling them to remove illegal content rapidly, co-operate better with law enforcement, and implement transparent reporting and moderation tools in line with the requirements of the EU Digital Services Act.

Finally, effective sanctions must be developed for countries and companies that do not tackle child sexual abuse material or provide safe havens for criminals involved in it. The internet’s borderless nature will always challenge law enforcement, but co-ordinated global action, not mass suspicion of every citizen, offers the best hope to bring those individuals to justice.

In sum, confronting child sexual abuse material demands nothing less than a collective, sustained, and principled response. But in meeting this crisis, we must not abandon the liberties, the rights, and the checks and balances that are the essence of our democratic society. 

Let us protect children with targeted, robust, and effective action while preserving the trust and privacy of all. Only by holding ourselves to this higher standard can we protect both those most vulnerable and the digital future we all share.

If you have concerns about this proposed regulation you can share those concerns with your MEP with just a few clicks using this website: fightchatcontrol.eu/.

• Brian Honan is a recognised international expert on cybersecurity. He is chief executive of BH Consulting, an independent advisory firm on cybersecurity and privacy based in Dublin