Chat Control: Is the EU using child abuse as an excuse to check your messages?

European legislation and Ashton Kutcher are not words normally uttered in the same sentence. To many, Kutcher is known for his roles in Two and a Half men, That 70’s Show and Dude, Where’s my car?

But for European law makers, a lobby he used to lead and now supports in the background, Kutcher is the reason behind blown up email inboxes, angry citizens and calls for a less intrusive Europe.

A number of European citizens are up in arms over the proposed law, and while many including Maltese MEPs are against it, the concerns remain. So, what is the Chat Control law? Will it bring down end-to-end encryption?

Thorn and its rise

In 2009, Ashton Kutcher and fellow actor Demi Moore founded the DNA Foundation. The foundation, which later rebranded to Thorn, is a tech-focused non-profit aimed at fighting child sex abuse. To end such practices, the foundation has been developing technology to empower platforms and users to protect children.

Fast-forward to 2020, and first reports on Thorn and Kutcher’s lobby in European fora begin to emerge. As the COVID pandemic took over the globe, Thorn and its lobbying, often over looked, began to ramp up.

Kutcher was seen speaking publicly about his support to first drafts of the proposed law, with articles on CNN, Euronews and Le Monde.

Also in 2020, Thorn was involved in meetings with EU bodies, and was lobbying and engaging with decision-makers.

To EU institutions, Thorn presents itself as a charity organisation that fights against child abuse. Meanwhile, the organisation repeatedly brought up its proprietary child abuse tracking software in meetings with EU officials.

Thorn has continued its lobbying campaign ever since. According to a report on its website, the organisation met with 20 EU lawmakers in 2021 alone. Thorn lobbyists have been canvassing the most important digital policy decision makers in Brussels, including staff from European Commission President Ursula von der Leyen’s office.

In March 2021, the organisation met staffers of then-Home Affairs Commissioner Ylva Johansson, who was responsible for the EU legislative proposal against child abuse.

What was discussed there remains a secret—he meeting minutes provided by the Commission were heavily redacted. Disclosure would have a negative impact on its internal decision making, the commission had argued.

In March 2023, European Parliament President and Nationalist MEP Roberta Metsola uploaded a photo to her Instagram page with Kutcher after he addressed the European Parliament.

Chat control law takes shape

The law, known as “chat control,” was first put forward in 2022 and remained inactive for much of the next three years until Denmark revived it, putting it back on the agenda when it assumed the EU presidency in July.

The proposed legislation would require technology platforms, once ordered by a judge through a detection order, to carry out blanket scans of private chats, messages and emails to detect material linked to child abuse, including pornographic content and grooming attempts by sexual predators.

This would also apply to encrypted communications, such as WhatsApp messages, which would be scanned on a user’s device before encryption.

End-to-end encryption is a security method that keeps communications private by scrambling a message on the sender’s device and only decrypting it on the recipient’s device, ensuring that the message’s content is inaccessible to anyone in between, including service providers like Meta and Signal. This process uses cryptographic keys unique to the sender and recipient.

Supporters of the bill argue it is essential for identifying illicit material before it causes harm, with law enforcement agencies across Europe pushing to restrict end-to-end encryption, citing its widespread use by criminal networks.

According to Internet Watch Foundation, the EU remains a prime destination for offenders determined to share, sell and buy sexual images and videos of children. In 2024, 62% of all child sexual abuse webpages found by the IWF were traced to an EU country. That is a 28% increase on the previous year

Privacy advocates, however, have condemned the proposal as an assault on citizens’ privacy and fundamental rights, warning that it would effectively open the door to mass surveillance by law enforcement authorities.

In November 2023, the European Parliament (EP) adopted its position on a new proposal for regulation to prevent and combat child sexual abuse material (CSAM), also known as the CSAM Regulation. This report, from the Civil Liberties Committee (LIBE), sought to establish permanent rules for how companies detect CSAM online, building on temporary rules previously allowed by the e-Privacy Directive.

On 14 November 2023, the LIBE committee also voted to remove indiscriminate chat control and allow for the targeted surveillance of specific individuals and groups which are reasonably suspicious. Moreover, Members of the European Parliament voted in favour of the protection of encrypted communications.

After proposed legislation was revived by the Danish European presidency but Europe-wide plans to require technology companies to monitor the contents of encrypted messages have been delayed after diplomats were unable to agree on the proposals.

A planned vote on the controversial proposals, known as Chat Control, on 14 October, is now unlikely to go ahead, but Denmark or another European Union (EU) presidency may introduce revised plans at a later date.

A decision by Germany on 7 October not to back the law was a kick to the stomach for the proposed legislation, meaning EU member states were unable to reach an agreement.

Malta united against Chat Control

MaltaToday reached out to Labour MEP Alex Agius Saliba and Nationalist MEP Peter Agius, who were both in agreement in their opposition and concern over the proposed law.

They explained how since the movement against the law gained traction over the summer, they have been bombarded by emails to prevent it from being enacted.

Appointed as S&D negotiator on the topic, Agius Saliba explained how this law, and others similar to it, are being pushed by Nordic countries.

“The Scandinavians are all in on the protection of children. They have even introduced age verification not to allow children to have access to social media in their respective countries,” Agius Saliba said.

But he insisted the EP has already voted to protect end-to-end encryption, and the European Council cannot force the law through.

Describing it as “crazy legislation” the Labour MEP said he understands it stems from a genuine concern, but there are still a lot of unaddressed and unknown problems.

“The issue lies with the false positives. If a parent is abroad, and the other parent sends a photo of their child in the bathtub for example, without their knowledge, the image could be sent to the country’s authorities for them to investigate the case,” he said. “This is a normal situation, and I am not comfortable with allowing such cases to happen.”

Peter Agius was also in agreement the EP would not allow end-to-end encryption to be meddled with.

He also said he understands the genuine concerns which arose over the law.

“People want privacy, and that is why they use such technologies. It is no secret that people feel they are constantly having their privacy invaded. That concern is rooted in genuine fears, seeing pattern recognition all around them through social media algorithms,” he said.

Rather than introducing “invasive” technologies to combat child sex abuse material, Agius said he would prefer to streamline the work of investigative authorities.

“Let’s instead empower the police,” he said.