Could this campaign serve as a template for others aimed at blocking similar dystopian measures, not just in the EU but in other ostensible liberal democracies?
We all need a good news story from time to time, especially given the current state of world affairs, and this one seems to fit the bill. You never know, it may even provide a wee dose of inspiration for similar grassroots campaigns in other parts of the world trying to resist the overarching shift towards digital authoritarianism.
This past Monday (Oct 13), the EU Justice and Home Affairs Council was set to vote on a bill that would have forced messaging apps in the EU to scan every private message, driving another big nail through online privacy. At least that was the goal. However, the vote was taken off the agenda at the last minute, mainly due to a grassroots campaign launched by an anonymous Danish citizen.
“Chat Control”
A little background: as we reported a few weeks ago, in our post, “The EU’s Latest Plan to Stifle Online Privacy Is Terrifying“, EU authorities, led by Denmark’s rotating six-month presidency of the EU council, recently began a new push to approve the so-called Regulation to Prevent and Combat Child Sexual Abuse. That regulation, first drafted in 2022, is essentially a crude attempt to drive a crowbar through end-to-end encrypted communications:
Dubbed the “Chat Control” law, the proposal seeks to curb the spread of child sexual abuse material (CSAM) online. While this is a commendable goal, the way the EU is going about it not only threatens fundamental rights and protections for everyone; it risks transforming the Internet into an even more centrally controlled, surveilled environment.
In its current form, the Chat Control law effectively mandates the scanning of private communications, including those currently protected by end-to-end encryption. If enacted, messaging platforms, including WhatsApp, Signal and Telegram, would have to scan every message, photo and video sent by users, even when encrypted, starting in October.
…
[T]he mechanism at the heart of the proposal is called client-side scanning, and Denmark’s rotating six-month presidency of the EU council is determined to push it through. From Brussels Signal:
Through [client-side scanning], content is analysed on a user’s device before encryption. What this means, for the less tech-savvy reader, is opening a permanent backdoor that bypasses the privacy guarantees of secure communication. This would be like having the state read your letters before you seal the envelope, and would subject every EU citizen’s private messages to automated scrutiny. East German readers may find such Stasiesque instruments familiar; most wouldn’t want them making a grand comeback, either in Germany or elsewhere.
Unfortunately, instead of reading the room and studying alternative, milder versions of the legislation, (Danish prime minister Mette) Frederiksen has instead chosen to double down on this major political and historical mistake. As many as 19 EU states now apparently back the proposal. Germany remains uncommitted for the moment, but will likely be pivotal. Indeed, if Berlin joins the “yes” camp, a qualified majority vote—requiring 15 states representing 65 per cent of the EU population—could see the law passed by mid-October…
Once it is in place, the system’s scope could expand beyond CSAM to virtually any other content, [including] political dissent… Indeed, even as the Eurocrats are trying to snoop into your online conversations, Brussels is also pushing for aggressive content moderation under the Digital Services Act.
So the downsides are self-obvious, and should by themselves illustrate why this legislation should be soundly rejected by European nations. How about its advantages? They’re way less clear. A year ago, Europol noted in a report that sophisticated criminals often use secretive, unregulated platforms, rendering mass scanning ineffective against the intended targets while burdening ordinary citizens with the full weight of a repressive Leviathan. Confidentiality-focused platforms like Signal have threatened to exit the EU market rather than comply.
That won’t be necessary, at least for now. Nine days ago, German officials announced that it was withdrawing its backing for the EU’s controversial Chat Control regulation after facing massive public pressure.
“Taboo in a Constitutional State”
“Random chat monitoring must be taboo in a constitutional state,” German Federal Justice Minister Stefanie Hubig said in translated remarks posted to social media by the ministry. “Private communication must never be placed under general suspicion… Germany will not agree to such proposals at the EU level.”
Hubig said she is committed to battling child pornography but added that “even the worst crimes do not justify surrendering basic civil rights.”
Regular NC readers will no doubt appreciate the irony. This is, after all, the same government that was just singled out by UN human rights experts for its “persistent pattern of police violence and apparent suppression of Palestine solidarity activism” — actions that undermine fundamental democratic freedoms. Anyway, I digress…
Germany is not the only EU Member State that has expressed opposition to the Chat Control Law. So, too, have the Netherlands, Poland, Austria, the Czech Republic, Finland, Estonia and Slovenia. Meanwhile, as the infographic below shows, many other countries are on the fence — hence the reason why the European Council ending up pulling the vote on Monday.
We did it: 🇩🇪Germany will OPPOSE Chat Control! 🥳
Thanks everyone for writing to the ministers. 🫶#ChatControl will not get a majority in the EU Council – at least for now. pic.twitter.com/f2qr0mbTuY
— Tuta (@TutaPrivacy) October 7, 2025
As mentioned, one of the main reasons for this volte-face was a one-man grassroots campaign that brought pressure to bear on Europe’s elected representatives by leveraging the Internet’s unparalleled network effects. From POLITICO Europe:
A website set up by an unknown Dane over the course of one weekend in August is giving a massive headache to those trying to pass a European bill aimed at stopping child sexual abuse material from spreading online.
The website, called Fight Chat Control, was set up by Joachim, a 30-year-old software engineer living in Aalborg, Denmark. He made it after learning of a new attempt to approve a European Union proposal to fight child sexual abuse material — a bill seen by privacy activists as breaking encryption and leading to mass surveillance.
The site lets visitors compile a mass email warning about the bill and send it to national government officials, members of the European Parliament and others with ease. Since launching, it has broken the inboxes of MEPs and caused a stir in Brussels’ corridors of power…
Joachim himself declined to provide his last name or workplace because his employer does not want to be associated with the campaign. POLITICO has verified his identity. Joachim said his employer has no commercial interest in the legislation, and he alone paid the costs associated with running the website.
The impact of this one-man grassroots campaign has been huge, and serves as a timely reminder of how digital technologies can, and are, being leveraged by governments not only to surveil and control populations in ways that the Stasi could only have dreamt of, but also by members of the public to resist those very efforts. Back to the POLITICO Europe piece:
Joachim’s mass email campaign is unconventional as a lobbying tool, differing from the more wonky approach usually taken in Brussels. But the website’s impact has been undeniable.
The Polish government responded directly to the campaign in a statement last month, reassuring Poles it’s against mass scanning of messages. A Danish petition, pushed by the Fight Chat Control campaign, now has more than 50,000 signatures, meaning it can be discussed in parliament. Irish national lawmakers asked questions in parliament in September about “Chat Control,” the name for the legislation adopted by its critics and used by Joachim.
As of early October, nearly 2.5 million people had visited his website, Joachim said, with most coming from within the EU. The emails are sent from visitors’ own email clients, meaning Joachim doesn’t know how many have been sent, but he estimated that it has triggered several million emails.
One imagines that this was the first time ever that many of these EU citizens had contacted their respective MEOs. Digital freedom fighter and former Member of the European Parliament Dr. Patrick Breyer (Pirate Party) hailed the campaign as a huge victory but warned that the fight is far from over:
“This is a tremendous victory for freedom and proves that protest works! Facing a wave of calls and emails from the public, the Social Democrats are holding their ground, and for the first time, even the conservative leadership is voicing criticism. Without the tireless resistance from citizens, scientists, and organizations, EU governments would have passed a totalitarian mass surveillance law next week, spelling the end for digital privacy. That we stopped this—for now—is a moment to celebrate.”
Unsurprisingly, some EU apparatchiks are far less enthused by this latest example of direct democracy, reports POLITICO Europe:
The campaign has irked some recipients. “In terms of dialog within a democracy, this is not a dialog,” said Lena Düpont, a German member of the European People’s Party group and its home affairs spokesperson, of the mass emails.
Joachim’s campaign is blocking more traditional lobbyists and campaigners, too, they said. Mieke Schuurman, director at child rights group Eurochild, said the group’s messages are no longer reaching policymakers, who “increasingly respond with automated replies.”
Joachim, who said he has not paid to promote the site, said it is “regrettable” that child rights campaigners’ emails have received automated responses. But the flood of emails sent by his website visitors is “a quite clear indication that people really care about this … I would actually argue this is as democratic as it gets,” he said.
It goes without saying that EU authorities will regather their forces and try again to bulldoze this through, with the next vote apparently scheduled for December. As POLITICO Europe notes, national governments are “attempting — for the fifth time, at least — to hash out a compromise”:
However, according to an EU diplomat, “some EU member countries are now more hesitant to support Denmark’s proposal, at least in part because of the campaign”:
Ella Jakubowska, head of policy at digital rights group EDRi, said “This campaign seems to have raised the topic high up the agenda in member states where there was previously little to no public debate.”
Broader Applications
All of this invites the question: could Joachim’s Fight Chat Control website serve as a template for other online campaigns aimed at preventing similar dystopian measures from becoming law, not just in the EU but also in other ostensibly democratic jurisdictions in Europe and beyond?
After all, this is not the first time we’ve seen this kind of thing happen. Over a decade ago, popular grassroots movements in the US were able to halt the passage of the SOPA and PIPA bills that threatened free speech, internet security and online innovation. Once again, the unparalleled network effects of the internet were used as a powerful weapon against government’s repressive designs for the internet.
One obvious place where this sort of campaign is much needed is the UK, where almost 3 million people have signed a petition calling for the Keir Starmer government to immediately commit to not introduce a digital ID system that was not once mentioned in his party’s election manifesto. That is 30 times the number needed to trigger a debate on the issue in the House of Commons.
However, the Starmer government has responded by simply carrying on regardless. Indeed, his government’s line on digital ID has since shifted from it being necessary to combat illegal migration, which it won’t, to it being used for just about everything, including even accessing your bank accounts.
Starmer reveals that digital ID will control access to your own personal funds.
Starmergeddon incoming.
Dont say you weren't warned. pic.twitter.com/OeoJCbkhcJ
— Chay Bowes (@BowesChay) October 11, 2025
The fact that Starmer is now lauding India’s Aadhaar, the world’s largest digital identity system, as an example to follow is even more concerning given all the security breaches it has suffered as well as the scale and scope of the coercive measures implemented around it. Put simply, life in India without Aadhaar is one of near-total exclusion. As even the FT reported in 2021, “India’s all-encompassing ID system holds warnings for the rest of world.”
The UK’s digital identity system is not yet fully operational, though it is far closer than many realise, yet the mission creep is already off the charts, and the data breaches have already begun. Perhaps it’s time for British MPs to receive their own avalanches of emails from their respective voters — for if one thing is clear, it is that the window for action is rapidly closing.
Digital ID is a tool of dictatorship.