Encryption, which scrambles data to prevent unauthorized access, is fundamental to digital trust. It secures personal communications, financial data, and medical records, forming a critical safeguard for individuals and institutions alike. Yet, several democratic governments, including those within the EU, have begun questioning its use, framing strong encryption as an obstacle to law enforcement. This false dichotomy—between privacy and public safety—has led to proposals that inadvertently endanger both.
At the center of the EU’s approach is client-side scanning, a technology that scans messages on users’ devices before encryption. Critics compare it to having someone read over your shoulder as you type a private letter. While intended to detect child sexual abuse material (CSAM), the system effectively eliminates confidentiality. Moreover, it can be easily circumvented—offenders can hide files by zipping, renaming, or converting them to other formats, undermining the entire purpose of the regulation.
Beyond its inefficiency, client-side scanning opens the door to mass surveillance. Once such systems exist, experts fear they could be repurposed to monitor political dissent, activism, or journalism. By introducing backdoors—intentional weaknesses that allow access to encrypted data—governments risk repeating mistakes like those seen in the Salt Typhoon case, where a Chinese state-sponsored group exploited backdoors originally built for U.S. agencies.
The consequences of weakened encryption are vast. Journalists would struggle to protect sources, lawyers could no longer guarantee client confidentiality, and businesses risk exposure of trade secrets. Even governments rely on encryption to protect national security. For individuals—especially victims of domestic abuse or marginalized groups—encrypted communication can literally be a matter of life and death.
Ironically, encryption also protects children. Research from the UK’s Information Commissioner’s Office found that encrypted environments make it harder for predators to access private data for grooming. Weakening encryption, therefore, could expose children to greater harm rather than prevent it.
Public opposition to similar policies has already shifted outcomes elsewhere. In Australia, controversial encryption laws passed in 2018 have yet to be enforced due to political backlash. In the UK, public resistance to the Online Safety Act led major tech companies to threaten withdrawal rather than compromise encryption.
Within the EU, member states remain divided. Poland, Finland, the Netherlands, and the Czech Republic have opposed the CSAR for privacy and security reasons, while France, Denmark, and Hungary support it as a necessary tool against abuse. Whatever the outcome, the effects will extend globally—forcing tech companies to either weaken encryption standards or risk losing access to the European market.
As the world marks Global Encryption Day, the debate surrounding CSAR highlights a broader truth: safeguarding the internet means preserving both safety and privacy. Rather than imposing blanket surveillance, policymakers should focus on targeted investigations, rapid CSAM takedown measures, and support for victims.
Encryption remains the cornerstone of a secure, trustworthy, and free internet. If the EU truly aims to protect children and its citizens, it must ensure that this foundation remains unbroken—because once privacy is compromised, safety soon follows.
