If facebook always scanned it's not encrypted content, why is chat control 2.0 so serious to users?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
Facebook (Meta) has long scanned unencrypted content and some non‑end‑to‑end‑encrypted messaging for safety and commercial purposes, but EU “Chat Control 2.0” alarmed critics because it sought to extend scanning into encrypted spaces or impose client‑side measures that weaken encryption — risks that experts say would be more systemic than existing practices (available sources do not detail Facebook’s full scanning history; reporting notes that some services voluntarily scan unencrypted messages) [1] [2] [3].
1. Why users see a big difference: centralized scanning versus breaking encryption
Companies scanning unencrypted content at scale (for ads, moderation or CSAM detection) operates within a server‑side model where the provider has access to plaintext because messages are not end‑to‑end encrypted; several platforms already do this voluntarily for certain message types [1] [3]. Chat Control 2.0 raised alarm because it moved beyond that status quo: earlier drafts and critics framed it as requiring measures that would scan end‑to‑end encrypted messages or force technical changes that amount to “encryption‑breaking,” making the surveillance model systemic and unavoidable [2] [4].
2. Client‑side scanning is a game changer, not just “more of the same”
Tech experts and digital‑rights advocates emphasize the distinction between providers scanning unencrypted server data and mandated client‑side scanning or backdoors. Client‑side scanning requires analysis on a user device before encryption is applied, or altering encryption schemes — changes that, according to industry groups cited in coverage, inherently weaken security and can introduce new vulnerabilities for everyone [1] [5].
3. Error rates, false positives and societal risk
Chat Control 2.0 proposed automated detection—often using AI—to flag “suspicious” communications such as grooming. Critics, including a coalition of cybersecurity experts and former MEP Patrick Breyer, warned these algorithms are inaccurate and could generate massive false positives, producing a flood of reports and surveillance without clear evidence of improved child protection [6] [1]. The Commission itself expected a large increase in scanning reports under mandatory regimes — a projected 3.5‑fold rise cited in campaigning material [1].
4. Political framing and democratic debate
Opponents argue Chat Control 2.0 was repackaged to avoid democratic scrutiny: Patrick Breyer called it “a deception aimed at avoiding democratic debate,” and critics note approvals in EU preparatory bodies happened quietly, prompting outcry that policybuilders sidestepped public deliberation [6] [7]. Supporters (not detailed in these sources) framed the proposals as necessary to combat child sexual abuse material; available sources do not quote proponents’ technical rebuttals in detail.
5. Recent softening, but controversy remains
By late 2025 the Council reportedly removed the most controversial mandatory requirement to scan encrypted messages from its draft, and some presidencies withdrew aggressive proposals under public pressure, yet observers caution that the compromise still pursues broad detection and age‑verification mechanisms and remains politically live [4] [8] [9]. EFF and other digital‑rights groups continued to treat the issue as unresolved and dangerous even after procedural retreats [2] [8].
6. Why Facebook’s existing scanning practice doesn’t quiet these fears
Even if Meta already processes many unencrypted chats for moderation or ad signals, that practice occurs within the provider’s operational model and user expectations differ when encryption promises are at stake; Chat Control 2.0 threatened to convert encryption into an ineffective shield by legal or technical fiat, shifting trust in a structural way rather than extending current moderation [3] [1]. The prospect of mandatory, state‑driven client‑side measures raises different legal, security and democratic stakes than voluntary provider scanning.
7. What to watch next
Watch for final legislative texts from the trilogue process and any specific provisions on client‑side scanning, age verification, and scope of automated detection; expert open letters and digital‑rights groups flagged high risks and urged further scrutiny, and national presidencies have shifted positions repeatedly — the policy is fluid and outcomes depend on technical drafting as much as political headlines [6] [1] [8].
Limitations: reporting in the sources focuses on EU proposals, civil‑society reaction and technical risk arguments; available sources do not provide a full catalogue of which Facebook/Meta message types have been scanned historically nor detailed defenses from proponents in the legislative texts [3] [1].