Proposed EU Child Abuse Regulation Seriously Flawed Say 458 Researchers

Joint statement of scientists and researchers on EU’s proposed Child Sexual Abuse Regulation: 4 July 2023

Dear Members of the European Parliament,

Dear Member States of the Council of the European Union,


The signatories of this statement are scientists and researchers from across the globe.

First and foremost, we acknowledge that child sexual abuse and exploitation is a very serious crime which can cause lifelong harm to survivors. It is the responsibility of government authorities, with the support of companies and communities, to undertake effective interventions which prevent this crime and react to it quickly when it does happen.

The European Commission has proposed a law with the stated aim of stopping the spread of child sexual abuse material online and of grooming of children online. To do so, the law allows authorities to compel providers of any apps or other online services to scan the messages, pictures, emails, voice mails and other activities of their users. In the case of end-to-end encrypted apps, the claim is that this scanning can be done on users’ devices – so-called ‘Client-Side Scanning’ (CSS).

The effectiveness of the law (at its stated aims) relies on the existence of effective scanning technologies. Unfortunately, the scanning technologies that currently exist and that are on the horizon are deeply flawed. These flaws, which we describe in detail below, means that scanning is doomed to be ineffective. Moreover, integrating scanning at large scale on apps running in user devices, and particularly in a global context, creates side-effects that can be extremely harmful for everyone online, and which could make the Internet and the digital society less safe for everybody. 

As the problems we describe speak to measures that are at the core of the EU’s legislative proposal, it is our professional recommendation as scientists that such a proposal be not taken forward. It is not feasible or tenable to require private companies to use technologies in ways that we already know cannot be done safely – or even at all. Given the horrific nature of child sexual abuse, it is understandable, and indeed tempting, to hope that there is a technological intervention that can eradicate it. Yet, looking at the issue holistically, we cannot escape the conclusion that the current proposal is not such an intervention.

Passing this legislation undermines the thoughtful and incisive work that European researchers have provided in cybersecurity and privacy, including contributions to the development of global encryption standards. Such undermining will weaken the environment for security and privacy work in Europe, lowering our ability to build a secure digital society.

The proposed regulation would also set a global precedent for filtering the Internet, controlling who can access it, and taking away some of the few tools available for people to protect their right to a private life in the digital space. This will have a chilling effect on society and is likely to negatively affect democracies across the globe. 

We therefore strongly warn against pursuing these or similar measures as their success is not possible given current and foreseeable technology, while their potential for harm is substantial.

1. Detection technologies are deeply flawed and vulnerable to attacks

Tools used for scanning for known Child Sexual Abuse Material (CSAM) must not contain CSAM material itself as this would bring major risks. Thus, the only scalable technology to address this problem is by transforming the known content with a so-called perceptual hash function and by using a list of the resulting hash values to compare to potential CSAM material. A perceptual hash function needs to achieve two goals: (i) it should be easy to compute yet hard to invert and (ii) small changes to an image should result in small changes to the hash output, which means that even after image manipulation the known image can still be detected. While this sounds easy, after more than two decades of research there has been no substantial progress in designing functions that meet these properties. 

Research has shown that for all known perceptual hash functions, it is virtually always possible to make small changes to an image that result in a large change of the hash value which allows evasion of detection (false negative). Moreover, it is also possible to create a legitimate picture that will be falsely detected as illegal material as it has the same hash as a picture that is in the database (false positive). This can be achieved even without knowing the hash database. Such an attack could be used to frame innocent users and to flood Law Enforcement Agencies with false positives – diverting resources away from real investigations into child sexual abuse.

These attacks are not theoretical: for concrete designs such as Photo DNA, Facebook’s PDQ hash function and Apple’s NeuralHash function, efficient attacks have been described in the literature. The only way to avoid such attacks for the time being is by keeping the description of the perceptual hash function secret. This “security by obscurity” not only goes against basic security engineering principles but, in practice, is only feasible if the perceptual hash function is known only to the service provider. In the case of end-to-end encryption, the hashing operation needs to take place on the client device. Thus, keeping the design secret is an illusion.

As scientists, we do not expect that it will be feasible in the next 10-20 years to develop a scalable solution that can run on users’ devices without leaking illegal information and that can detect known content (or content derived from or related to known content) in a reliable way, that is, with an acceptable number of false positives and negatives.

The proposal of the European Commission goes beyond the detection of known content. It also requires that newly generated images or videos with CSAM need to be detected based on “artificial intelligence” tools. In addition, the proposal requires that grooming in communication services including both text and audio should be detected using similar techniques. While some commercial players claim that they have made progress, the designs remain secret and no open and objective evaluation has taken place that demonstrates their effectiveness. Moreover, the state of the art in machine learning suggests that this is way beyond what is feasible today. In fact, any time that client-side designs have been evaluated (as in the case of prototypes funded by the UK Home office) they have been found to be neither effective nor compliant with privacy and human-rights law.

AI tools can be trained to identify certain patterns with high levels of precision. However, they routinely make errors, including mistakes that to a human seem very basic. That is because AI systems lack context and common sense. There are some tasks to which AI systems are well-suited, but searching for a very nuanced, sensitive crime — which is what grooming behaviour is — is not one of these tasks. 

At the scale at which private communications are exchanged online, even scanning the messages exchanged in the EU on just one app provider would mean generating millions of errors every day. That means that when scanning billions of images, videos, texts and audio messages per day, the number of false positives will be in the hundreds of millions. It further seems likely that many of these false positives will themselves be deeply private, likely intimate, and entirely legal imagery sent between consenting adults.

This cannot be improved through innovation: ‘false positives’ (content that is wrongly flagged as being unlawful material) are a statistical certainty when it comes to AI. False positives are also an inevitability when it comes to the use of detection technologies -- even for known CSAM material. The only way to reduce this to an acceptable margin of error would be to only scan in narrow and genuinely targeted circumstances where there is prior suspicion, as well as sufficient human resources to deal with the false positives -- otherwise cost may be prohibitive given the large number of people who will be needed to review millions of texts and images. This is not what is envisioned by the European Commission’s proposal.

The reporting system put forward in the draft CSAM proposal is likely to encourage novel attacks on detection technologies. This is because right now, providers have the discretion to sift out obvious false alerts. Under the new system, however, they would be required to report even content that seems unlikely to be CSAM. Besides the attacks we mention, many more are starting to appear in specialized academic venues, and we expect many more are being prepared by those motivated to share illicit material.

Finally, it has been claimed that detecting CSAM should be feasible as scanning for computer viruses is a widely deployed technology. While superficially both seem similar, there are essential differences. First, when a computer virus is detected, the user is warned and the virus can be removed. Second, a virus can be recognized based on a small unique substring, which is not the case for a picture or video: it would be very easy to modify or remove a unique substring with small changes that do not change the appearance; doing this for a virus would make the code inoperable. Finally, machine learning techniques can sometimes identify viral behaviour, but only when such behaviour can be precisely defined  (e.g. code that copies itself) and thus detected. This is in opposition to defining CSAM for which clear boundaries cannot easily be established. 

 2. Technical Implications of weakening End-to-End Encryption

End-to-end encryption is designed so that only the sender and recipient can view the content of a message or other communication. Encryption is the only tool we have to protect our data in the digital realm; all other tools have been proven to be compromised. The use of link encryption (from user to service provider and from service provider to user) with decryption in the middle as used in the mobile telephone system is not an acceptable solution in the current threat environment. It is obvious that end-to-end encryption makes it impossible to implement scanning for known or new content and detection of grooming at the service provider.

In order to remedy this, a set of techniques called “Client-Side Scanning” (CSS) has been suggested as a way to access encrypted communications without breaking the encryption. Such tools would reportedly work by scanning content on the user’s device before it has been encrypted or after it has been decrypted, then reporting whenever illicit material is found. One may equate this to adding video cameras in our homes to listen to every conversation and send reports when we talk about illicit topics.

The only deployment of CSS in the free world was by Apple in 2021, which they claimed was state-of-the-art technology. This effort was withdrawn after less than two weeks due to privacy concerns and the fact that the system had already been hijacked and manipulated.

When deployed on a person’s device, CSS acts like spyware, allowing adversaries to gain easy access to that device. Any law which would mandate CSS, or any other technology designed to access, analyse or share the content of communications will, without a doubt, undermine encryption, and make everyone’s communications less safe as a result. The laudable aim of protecting children does not change this technical reality.

Even if such a CSS system could be conceived, there is an extremely high risk that it will be abused. We expect that there will be substantial pressure on policymakers to extend the scope, first to detect terrorist recruitment, then other criminal activity, then dissident speech. For instance, it would be sufficient for less democratic governments to extend the database of hash values that typically correspond to known CSAM content (as explained above) with hash values of content critical of the regime. As the hash values give no information on the content itself, it would be impossible for outsiders to detect this abuse. The CSS infrastructure could then be used to report all users with this content immediately to these governments.

If such a mechanism would be implemented, it would need to be in part through security by obscurity as otherwise it would be easy for users to bypass the detection mechanisms, for example by emptying the database of hash values or bypassing some verifications. This means that transparency of the application will be harmed, which may be used by some actors as a veil to collect more personal user data.


3. Effectiveness

We have serious reservations whether the technologies imposed by the regulation would be effective: perpetrators would be aware of such technologies and would move to new techniques, services and platforms to exchange CSAM information while evading detection.

The proposed regulation will harm the freedom of children to express themselves as their conversations could also be triggering alarms. National criminal law enforcement on-the-ground typically deals in a nuanced way with intimate messages between teenagers both around the age of consent. These technologies change the relationship between individuals and their devices, and it will be difficult to reintroduce such nuance. For other users, we have major concerns of the chilling effects created by the presence of these detection mechanisms.

Finally, the huge number of false positives that can be expected will require a substantial amount of resources while creating serious risks for all users to be identified incorrectly. These resources would be better spent on other approaches to protect children from sexual abuse. While most child protection work must be local, one way in which community legislation might help is by using existing powers (DMA/DSA) to require social network services to make it easier for users to complain about abuse, as it is user complaints rather than AI that in practice lead to the detection of new abuse material.



Dr. Shaanan Cohney University of Melbourne

Prof. Vanessa Teague Australian National University & 

Thinking Cybersecurity Pty Ltd



Prof. Dr. Elena Andreeva TU Wien

Univ.-Prof. Dr. Rainer Böhme Universität Innsbruck

Dr. Gaëtan Cassiers TU Graz

Prof. Maria Eichlseder TU Graz

Prof. Daniel Gruss TU Graz

Dr. Stephan Krenn Personal capacity

Prof. Dr. Martina Lindorfer TU Wien

Univ.-Prof. Dr. Matteo Maffei TU Wien

Prof. Stefan Mangard TU Graz

Univ.-Prof. Dr. René Mayrhofer Johannes Kepler University Linz

Prof. Elisabeth Oswald University of Klagenfurt

Dr. Erich Prem University of Vienna

Univ.-Prof. Dr. Christian Rechberger TU Graz

Dr. Michael Roland Johannes Kepler University Linz

Univ.-Prof. Edgar Weippl University of Vienna, SBA Research


Dr. Ir. Aysajan Abidin KU Leuven

Dr. Nicholas Bleisch KU Leuven

Prof. Dr. Rosamunde van Brakel Vrije Universiteit Brussel

Prof. Claudia Diaz KU Leuven

Dr. Benedikt Gierlichs KU Leuven

Prof. Dr. Gloria González Fuster Vrije Universiteit Brussel

Dr. Emad Heydari Beni KU Leuven

Prof. Dr. Joris van Hoboken University of Amsterdam and Vrije Universiteit Brussel

Prof. Jan Tobias Muehlberg Universite Libre de Bruxelles

Dr. Thorben Moos UCLouvain

Prof. Yves Moreau KU Leuven

Dr. Vera Rimmer KU Leuven

Prof. Olivier Pereira UCLouvain

Prof. Thomas Peters UCLouvain

Prof. Bart Preneel KU Leuven Fellow IACR

Prof. Em. Jean-Jacques Quisquater UC Louvain

Prof. Florentin Rochet University of Namur

Prof. Nigel Smart KU Leuven Fellow IACR

Prof. François-Xavier Standaert UCLouvain

Prof. Mathy Vanhoef KU Leuven

Prof. Ingrid Verbauwhede KU Leuven Fellow IACR, IEEE



Mr. Carlos A. Afonso Instituto Nupef & ISOC-Brazil

Prof. Ian Brown Centre for Technology & Society, Fundaçao Getulio Vargas

Prof. Alexandre Augusto Giron Federal University of Technology - Parana

Dr. Jean Martina Universidade Federal de Santa Catarina

Prof. Dr. Marcos Antonio Simplicio Jr Universidade de Sao Paulo



Dr. Konstantin Delchev Institute of Mathematics and Informatics and

Bulgarian Academy of Sciences



Prof. Ron Deibert Citizen Lab at the University of Toronto

Prof. Ian Goldberg University of Waterloo

Prof. Florian Kerschbaum University of Waterloo

Prof. David Lie University of Toronto Canada Research Chair

Dr. Simón Oya University of Waterloo

Prof. Nicolas Papernot University of Toronto and Vector Institute       Fellow Sloan



Prof. Alejandro Hevia University of Chile



Dr. Vit Bukac Masaryk University

Prof. Vashek Matyas Masaryk University

Dr. Kamil Malinka Brno University of Technology

Dr. Petr Svenda Masaryk University

Dr. Martin Ukrop Masaryk University



Prof. Diego F. Aranha Aarhus University

Prof. Carsten Baum Technical University of Denmark

Prof. Joan Boyar University of Southern Denmark

Prof. Ivan Damgård Aarhus University Fellow IACR

Prof. Bernardo David IT University of Copenhagen

Dr. Christian Majenz Technical University of Denmark

Prof. Claudio Orlandi Aarhus University

Prof. Luisa Siniscalchi Technical University Denmark

Prof. Peter Scholl Aarhus University

Prof. Tyge Tiessen Technical University Denmark

Prof. Dr. Emmanouil Vasilomanolakis Technical University Denmark



Dr. Dan Bogdanov Personal capacity Estonian Academy of Sciences



Prof. Kimmo Halunen University of Oulu



Dr. Daniele Antonioli EURECOM

Dr. Daniel Augot Inria

Dr. Gustavo Banegas Independent Researcher

Dr. Benjamin Beurdouche Mozilla

Mr. Karthikeyan Bhargavan Cryspen

Dr. Bruno Blanchet Inria

Prof. Olivier Blazy École Polytechnique

Prof. Christina Boura University of Versailles

Dr. Anne Canteaut Inria

Dr. Veronique Cortier CNRS

Dr. Jannik Dreier Université de Lorraine

Prof. Antonio Faonio EURECOM

Dr. Caroline Fontaine CNRS

Dr. Aurélien Francillon EURECOM

Dr. Aymeric Fromherz Inria

Dr. Pierrick Gaudry CNRS

Prof. Elham Kashefi CNRS and University of Edimburgh

Dr. Jonathan Keller Institut Mines Telecom

Dr. Nadim Kobeissi Symbolic Software

Dr. Steve Kremer Inria

Dr. Gaëtan Leurent Inria

Dr. Pierre Laperdrix CNRS

Dr. Victor Lomné NinjaLab

Dr. P. G. Macioti Medicines du Monde

Dr. Clémentine Maurice CNRS

Hon. Dr. Traian Muntean Aix-Marseille University 

Prof. Melek Önen EURECOM

Dr. Maria Naya Plasencia Inria

Dir. Research Catuscia Palamidessi Inria

Dr. Léo Perrin Inria

Dr. Peter Roenne CNRS

Dr. Yann Rote Université Paris-Saclay

Dr. Emmanuel Thomé Inria

Dr. Anna Weine Mozilla



Dr. Ali Abassi CISPA Helmholtz Center for Information Security

Prof. Patricia Arias Cabarcos Paderborn University

Prof. Dr. Alexander Auch Baden-Wuerttemberg Cooperative State University

Dr. Gilles Barthe Max Planck Institute for Security and Privacy

Dr. Steffen Becker Ruhr University Bochum &

Max Planck Institute for Security and Privacy

Prof. Dr. Bettina Berendt TU Berlin and KU Leuven

Dr. Sebastian Berndt University of Lübeck

Dr. Asia Biega Max Planck Institute for Security and Privacy

Dr. Christopher Blöcker Julius-Maximilians-Universität Würzburg

Dr. Marcel Böhme Max Planck Institute for Security and Privacy

Dr. Harald Böhme ANSYS Germany

Prof. Dr. Kevin Borgolte Ruhr University Bochum

Dr. Sven Bugiel CISPA Helmholtz Center for Information Security

Dr. Rebekka Burkholz CISPA Helmholtz Center for Information Security

Dr.-Ing. Jiska Classen Hasso Plattner Institute

Prof. Dr. Cas Cremers CISPA Helmholtz Center for Information Security

Prof. Dr.-Ing. Alexandra Dmitrienko Julius-Maximilians Universität Würzburg 

Prof. Thomas Eisenbarth University of Lübeck

Prof. Sebastian Faust Technical University of Darmstadt

Dr. Christian Gollwitzer Physikalisch-Technische Bundesanstalt

Dr. Dominik Helm Technische Universität Darmstadt

Prof. Dr. Jeanette Hofmann Berlin Social Science Center

Prof. Thorsten Holz CISPA Helmholtz Center for Information Security

Prof. Matthias Hollick Technical University of Darmstadt

Dr. Julian Hoth Hamburg University of Technology

Prof. Tibor Jager University of Wuppertal

Prof. Dr. Stefan Katzenbeisser University of Passau

Dr. Dietmar Kammerer Weizenbaum Institute for the Networked Society

Dr. Elif Bilge Kavun University of Passau

Dr. Franziskus Kiefer Cryspen

Prof. Dr. phil Thomas Knaus PH Ludwigsburg | FTzM Frankfurt/Main

Dr. Katharina Krombholz CISPA Helmholtz Center for Information Security

Prof. Anja Lehmann Hasso-Plattner-Institute, University of Potsdam

Dr. Ferdinand Lehmann Justus Liebig Universität Gießen 

Prof. Dr. Daniel Loebenberger Fraunhofer AISEC / OTH Amberg-Weiden

Dr. Alexander Loew DWH

Dr. Wouter Lueks CISPA Helmholtz Center for Information Security

Dr. Genia Lücking Technical University of Munich

Dr. Thomas Mager Personal capacity

Dr. Christian Mainka Ruhr University Bochum

Dr. Jens Meier Deutsches Institut für Kautschuktechnologie e.V.

Prof. Dr. Esfandiar Mohammadi University of Lübeck

Dr. Veelasha Moonsamy Ruhr University Bochum

Prof. Dr. Andreas Peter University of Oldenburg

Dr. Giancarlo Pellegrino CISPA Helmholtz Center for Information Security

Dr. Henrich C. Pöhls University of Passau

Prof. Joachim Posegga University of Passau

Prof. Dr. Kai Rannenberg Goethe University Frankfurt

Dr. Elissa Redmiles Max Planck Institute for Software Systems

Dipl. Inf. Rainer Rehak Weizenbaum Institute for the Networked Society

Prof. Konrad Rieck Technische Universität Berlin

Prof. Stefanie Roos University of Kaiserslautern-Landau

Prof. Paul Rösler FAU Erlangen-Nürnberg

Prof. Dr. Christian Rossow CISPA Helmholtz Center for Information Security

Prof. Dr. Christoph Skornia University of Applied Sciences Regensburg 

Dr. Jens Schade TU Dresden

Prof. Dr. Sebastian Schinzel Münster University of Applied Sciences

Prof. Thomas Schneider Technische Universität Darmstadt

Prof. Dr. Marc C. Steinbach Leibniz Universität Hannover

Prof. Dr. Dominique Schröder Friedrich-Alexander Universität Erlangen-Nürnberg

Dr. Peter Schwabe Max Planck Institute for Security and Privacy

Dipl. Ir. Peter Schoo Personal Capacity Fellow ACM

Prof. Dr. Ingo Scholtes Julius-Maximilians-Universität Würzburg

Prof. Juraj Somorovsky Paderborn University

Prof. Dr. Christoph Sorge Saarland University

Dr. Ben Stock CISPA Helmholtz Center for Information Security

Prof. Thorsten Strufe KASTEL/Karlsruhe &

Centre for Tactile Internet with Human-in-the-Loop, Dresden

Prof. Florian Tschorsch TU Berlin and HU Berlin

Dr. Nils Ole Tippenhauer CISPA Helmholtz Center for Information Security

Dr. Anjo Vahldiek-Oberwagner Intel Labs

Dr. Vera Wilde Freelance

Prof. Christian Wressnegger Karlsruhe Institute of Technology

Prof. Dr. Yuval Yarom Ruhr University Bochum

Dr. Xiao Zhang CISPA Helmholtz Center for Information Security

Dr. Yixin Zou Max Planck Institute for Security and Privacy



Prof. Vasiliki Diamantopoulou University of the Aegean

Prof. Christos Kalloniatis University of the Aegean

Prof. Georgios Kambourakis University of the Aegean

Dr. Platon Kotzias Norton Research Group

Prof. Costas Lambrinoudakis University of Piraeus

Prof. Emmanouil Magkos Ionian University

Prof. Stefanos Gritzalis University of Piraeus and 

Hellenic Authority for Communication Security and Privacy

Prof. Panagiotis Rizomiliotis Harokopio University of Athens



Dr. Gergely Biczók Budapest Univ. of Technology and Economics

Dr. Balazs Pejo Budapest Univ. of Technology and Economics



Dr. Stephen Farrell Trinity College Dublin

Dr. Aikaterini Kanta University College Dublin

Prof. Douglas Leith Trinity College Dublin

Dr. TJ McIntyre University College Dublin Sutherland School of Law &

Digital Rights Ireland

Dr. Kris Shrishak Irish Council for Civil Liberties



Dr. Chaya Ganesh Indian Institute of Science



Prof. Orr Dunlekman University of Haifa

Dr. Yossi Oren Ben-Gurion University

Dr. Eyal Ronen Tel Aviv University

Dr. Mahmood Sharif Tel Aviv University



Prof. Stefano Calzavara Università Ca' Foscari Venezia

Prof. Mauro Conti University of Padua

Prof. Bruno Crispo University of Trento

Prof. Paolo Falcarin University of Venice

Prof. Fabio Massaci University of Trento/Vrije Universiteit Amsterdam

Dr. Daniela Morpurgo Politecnico di Torino

Prof. Giuseppe Persiano Università di Salerno

Dr. Dario Stabili University of Bologna

Prof. Daniele Venturi Sapienza University of Rome

Prof. Stefano Zanero Politecnico di Milano



Prof. Em. Toshimaru Ogura Toyama University

Prof. Kazue Sako Waseda University



Prof. Giovanni Apruzzese University of Liechtenstein



Dr. Orham Ermis Luxembourg Institute of Science and Technology

Dr. Aditya Damodaran University of Luxembourg

Prof. Dr. Gabriele Lenzini University of Luxembourg

Prof. Peter Y A Ryan University of Luxembourg



Prof. Alejandro Pisanty Universidad Nacional Autónoma de México 


The Netherlands

Dr. Gunes Acar Radboud University Nijmegen

Prof. Dr. Lejla Batina Radboud University Nijmegen

Prof. Dr. LLM Frederik Z. Borgesius iHub, Radboud University

Prof. Dr. ir. Herbert Bos Vrije Universiteit Amsterdam

Dr. Corinne Cath Delft University of Technology

Dr. Andrea Continella University of Twente

Prof. Ronald Cramer CWI & Leiden University

Dr. Lorenzo Dalla Corte Tilburg University

Prof. Joan Daemen Radboud University Nijmegen

Prof. Dr. Arie van Deursen Delft University of Technology

Dr. Ir. Roel Dobbe Delft University of Technology

Dr. Zekeriya Erkin Delft University of Technology

Prof. Cristiano Giuffrida Vrije Universiteit Amsterdam

Dr. Seda Gürses Delft University of Technology

Dr. Florian Hahn University of Twente

Prof. Jaap-Henk Hoepman Radboud University Nijmegen

Prof. Andreas Hülsing Eindhoven University of Technology

Dr. Georgy Ishmaev Delft University of Technology

Prof. Bart Jacobs Radboud University Nijmegen

Dr. Konrad Kollnig Maastricht University

Prof. Eleni Kosta Tilburg University

Prof. Dr. Tanja Lange Eindhoven University of Technology

Dr. Luca Mariot University of Twente

Dr. Laurens Naudts University of Amsterdam

Prof. Georgios Smaragdakis Delft University of Technology

Prof. Ot van Daalen University of Amsterdam

Prof. Michel van Eeten Delft University of Technology

Dr. Jeroen van der Ham University of Twente

Prof. dr. Ir. Roland van Rijswijk-Deij University of Twente

Dr. Heloise Vieira Eindhoven University of Technology

Prof. Ben Wagner Delft University of Technology


New Zealand

Prof. Steven Galbraith University of Auckland



Prof. Danilo Gligoroski Norwegian University of Science and Technology

Dr. Erik Hjelmås Norwegian University of Science and Technology 

Prof. Helger Lipmaa Simula UiB

Prof. Sokratis Katsikas Norwegian University of Science and Technology

Prof. Paweł Morawiecki Polish Academy of Sciences

Dr. Vinit Ravishankar University of Oslo

Prof. David Palma Norwegian University of Science and Technology

Prof. Tjerand Silde Norwegian University of Science and Technology

Prof. Mohsen Toorani University of South-Eastern Norway

Prof. Øyvind Ytrehus Simula UiB and University of Bergen

Prof. Thomas Zinner Norwegian University of Science and Technology



Prof. Stefan Dziembowski University of Warsaw

Prof. Wojciech Jamroga Institute of Computer Science, Polish Academy of Sciences

Dr. Dariusz Kalociński Institute of Computer Science, Polish Academy of Sciences

Dr. Anna Ratecka Jagiellonian University in Krakow



Ms. Sofia Celi Brave

Prof. Manuel Eduardo Correia University of Porto

Prof. Manuel Barbosa University of Porto and INESC TEC

Prof. Hugo Pacheco University of Porto

Prof. Bernardo Portela University of Porto

Prof. Henrique Santos Universidade do Minho

Prof. Nuno Santos INESC-ID and University of Lisbon


Republic of North Macedonia

Hristina Mihajloska Trpcheska Ss. Cyril and Methodius University



Prof. Thomas Peyrin Nanyang Technological University


South Korea

Prof. Sang Kil Cha KAIST



Dr. Jorge Blasco Alis Universidad Politécnica de Madrid

Prof. Pino Caballero-Gil University of La Laguna

Dr. Ignacio Cascudo IMDEA Software Institute

Prof. Josep Domingo-Ferrer Universitat Rovira i Virgili Fellow IEEE

Dr. Dario Fiore IMDEA Software Institute

Prof. Jose Maria de Fuentes Universidad Carlos III de Madrid

Dr. Gemma Galdon Clavell Eticas Tech

Prof. Maribel González Vasco Universidad Carlos III de Madrid

Prof. Lorena González Manzano Universidad Carlos III de Madrid

Dr. Marco Guarnieri IMDEA Software Institute

Prof. Simona Levi Xnet and University of Barcelona

Dr. Jordi Herrera-Joancomartí Universitat Autònoma de Barcelona

Prof. Llorenç Huguet Balearic Island University

Dr. Guillermo Navarro-Arribas Universitat Autònoma de Barcelona

Prof. Fernando Pérez-González University of Vigo Fellow IEEE

Dr. Cristina Perez-Sola Universitat Autònoma de Barcelona

Dr. Helena Rifà-Pous Universitat Oberta de Catalunya

Dr. Guillermo Suarez-Tangil IMDEA Networks Institute

Prof. Jose Such Universitat Politecnica de Valencia

Dr. Carla Ràfols Universitat Pompeu Fabra

Prof. Josep Rifà Universitat Autònoma de Barcelona

Prof. Juan Tapiador Universidad Carlos III de Madrid

Dr. Narseo Vallina-Rodriguez IMDEA Networks Institute



Prof. Simone Fischer-Hübner Karlstad University & Chalmers University of Technology

Prof. Dr.-Ing.Meiko Jensen Karlstad University

Dr. Victor Morel Chalmers University

Prof. Panos Papadimitratos KTH Royal Institute of Technology Fellow IEEE

Dr. Pablo Picazo-Sanchez Halmstad University 

Dr. Tobias Pulls Karlstad University

Dr. Iraklis Symeonidis RISE

Prof. Vicenç Torra Umeå University Fellow IEEE


Dr. Anthony Boulmier OptumSoft Inc.

Prof. Jonathan Bootle IBM Zurich

Prof. Srdjan Capkun ETH Zurich Fellow IEEE

Prof. Bryan Ford EPFL

Dr. Jens Groth DFINITY

Dr. Julia Hesse IBM Zurich

Dr. Kari Kostianen ETH Zurich

Dr. Anil Kurmus Personal Capacity

Dr. Siniša Matetić ETH Zurich

Prof. Marc Langheinrich Università della Svizzera italiana

Dr. Onicio Batista Leal Neto ETH Zurich

Prof. Rebekah Overdorf University of Lausanne

Prof. Kenneth Paterson ETH Zurich Fellow IACR

Prof. Mathias Payer EPFL

Dr Ivan Pudd ETH Zurich

Dr. Apostolos Pyrgelis EPFL

Prof. Kaveh Razavi ETH Zurich

Dr. Raphael M. Reischuk National Test Institute for Cybersecurity NTC

Dr. Benjamin Rothenberger Zühlke Engineering AG

Dr. Alessandro Sorniotti Personal capacity

Prof. Shweta Shinde ETH Zurich

Prof. Dr. Florian Tramèr ETH Zurich

Prof. Carmela Troncoso EPFL



Dr. Lorenz Panny Academia Sinisa



Prof. Cihangir Tezcan Middle East Technical University

United Arab Emirates

Prof. Michail Maniatakos New York University Abu Dhabi

Dr. Victor Mateu Technology and Innovation Institute

Prof. Chirstina Pöpper New York University Abu Dhabi

United Kingdom

Dr. Ruba Abu-Salma King’s College London

Prof. Martin Albrecht King’s College London

Dr. Panagiotis Andriotis University of Birmingham

Prof. Ross Anderson Universities of Cambridge and Edinburgh

Dr. Andrea Basso University of Bristol

Dr. Pascal Berrang University of Birmingham

Prof. Alastair Beresford University of Cambridge

Prof. Reuben Binns University of Oxford

Prof. Ioana Boureanu University of Surrey

Dr. Jaya Klara Brekke Nym Technologies

Prof. Lorenzo Cavallaro University College London

Dr. Michele Ciampi University of Edinburgh

Dr. George Chalhoub University of Oxford

Prof. Liqun Chen University of Surrey

Dr. Richard Clayton University of Cambridge

Dr. Kovila Coopamootoo King’s College London

Prof. Angela Daly University of Dundee

Dr. Partha Das Chowdhury University of Bristol

Dr. Santanu Dash Royal Holloway, University of London

Dr. Benjamin Dowling University of Sheffield

Dr. François Dupressoir University of Bristol

Dr. Tariq Elahi University of Edinburgh

Dr. Pooya Farshim Durham University

Prof. Hamed Haddadi Imperial College London

Prof. Julio Hernandez-Castro University of Kent

Dr. Alice Hutchings University of Cambridge

Dr. Martin Husovec London School of Economics and Political Science

Dr. Dennis Jackson Mozilla

Dr. Rikke Jensen Royal Holloway, University of London

Dr. Vitor Jesus Aston University

Prof. Adam Joinson University of Bath

Dr. Philipp Jovanovic University College London

Prof. Vasilis Katos Bournemouth University

Prof. Markulf Kohlweiss University of Efinburgh

Dr. Kopo Marvin Ramokapane University of Bristol

Prof. Aggelos Kiayias University of Edinburgh

Dr. Bernardo Magri University of Manchester

Prof. Corinne May-Chahal University of Lancaster

Prof. Keith Martin Royal Holloway, University of London

Dr. Maryam Mehrnezhad Royal Holloway, University of London

Prof. Sarah Meiklejohn University College London

Prof. Steven Murdoch University College London

Prof. Douwe Korff London Metropolitan University

Dr. Daniel Page University of Bristol

Dr. Claudia Peersman University of Bristol

Prof. Andy Phippen Bournemouth Universiy

Dr. Fabio Pierazzi King’s College London

Prof. Awais Rachid University of Bristol

Dr. Luc Rocher University of Oxford

Dr. Kaspar Rosager Ludvigsen University of Edinburgh

Dr. Christos Sagredos King’s College London

Dr. Siamak Shahandashti University of York

Prof. Tom Stoneham University of York

Dr. Jose Tomas Llanos University College London

Dr. Michael Veale University College London

Dr. Niovi Vavoula Queen Mary University of London

Dr. Christian Weinert Royal Holloway, University of London

Prof. Alan Woodward University of Surrey

Dr. Joss Wright University of Oxford


United States of America

Prof. Giuseppe Ateniese George Mason University

Prof. Adam J. Aviv George Washington University

Prof. Steven Bellovin Columbia University

Prof. Matt Blaze Georgetown University         McDevitt Chair of CS and Law

Prof. Kevin Butler University of Florida 

Mr. Jon Callas Personal capacity

Prof. Álvaro Cárdenas University of California, Santa Cruz

Prof. Chandrasekaran University Illinois Urbana-Champaign

Prof. David Choffnes Northeastern University

Prof. Nicolas Christin Carnegie Mellon University

Mr. Roger Dingledine The Tor Project

Prof. Tudor Dumitras University of Maryland

Prof. Zakir Durumeric Stanford University

Prof. Joan Feigenbaum Yale University ACM Fellow

Prof. Michael J. Fischer Yale University ACM Fellow

Dr. Kelsey Fulton Colorado School of Mines

Dr. Simson L. Garfinkel Digital Corpora Project Fellow AAAS, ACM, IEEE

Prof. Christina Garman Purdue University

Prof. Matthew D. Green Johns Hopkins University

Prof. Daniel Genkin Georgia Tech

Prof. Paul Grubbs University of Michigan

Dr. Joseph Lorenzo Hall Internet Society

Dr. Britta Hale Independent researcher

Prof. Emeritus Martin Hellman Stanford University Turing Award

Prof. Nadia Heninger University of California, San Diego

Prof. Amir Herzberg University of Connecticut

Prof. Peter Honeyman University of Michigan

Prof. Nicholas Hopper University of Minnesota

Prof. Gabriel Kaptchuk Boston University

Prof. Vasileios Kemerlis Brown University

Dr. Jennifer King Stanford University

Prof. Engin Kirda Northeastern University

Prof. Susan Landau Tufts University Fellow AAAS, ACM

Prof. Anna Lysyanskaya Brown University

Prof. Abigail Marsh Macalester College

Prof. David Mazières Stanford University

Prof. Michelle Mazurek University of Maryland

Prof. Ian Miers University of Maryland

Prof. Prateek Mittal Princeton University

Prof. Guevara Noubir Northeastern University

Dr. Amy Peikoff Bit Chute Limited

Ms. Riana Pfefferkorn Stanford University

Dr. Amreesh Phokeer Internet Society

Prof. Michalis Polychronakis Stony Brook University

Dr. Niels Provos Independent researcher

Prof. Sazzadur Rahaman University of Arizona

Prof. Amir Rahmati Stony Brook University

Prof. Aanjhan Ranganathan Northeastern University

Prof. Franziska Roesner University of Washington

Prof. Ronald L. Rivest MIT Turing Award

Dr. Sarah Scheffler Princeton University

Prof. Barbara van Schewick Stanford University

Prof. Bruce Schneier Harvard Kennedy School

Prof. Adam Shostack University of Washington

Dr. Christian Straka Yale University

Mr. Nick Sullivan Independent

Dr. Gilian Tenbergen Prostasia Foundation

Dr. Alin Tomescu Aptos Lab

Dr. Santiago Torres-Arias Purdue University

Prof. Blase Ur University of Chicago

Prof. Ersin Uzun Rochester Institute of Technology

Prof. Daniel Votipka Tufts University

Prof. David Wagner UC Berkeley

Prof. Daniel J. Weitzner MIT

Dr. Lian Wang Princeton University

Prof. Christo Wilson Northeastern University Sloan Fellow

Prof. Matthew Wright Rochester Institute of Technology

Signatures on 17 July @ 12am

Signatories: 458

Countries: 38


For press inquiries please contact:

Carmela Troncoso - (Spain, Switzerland)

Bart Preneel - (Belgium)

Michael Veale - (UK)

Eyal Ronen - (Israel)

TJ McIntyre - (Ireland)

Jaap-Henk Hoepman - (The Netherlands)

Aurelien Francillon - (France)

Anja Lehmann - (Germany)

René Mayrhofer - (Austria)

Diego Aranha - (Denmark)

Cihangir Tezcan - (Turkey)

Mauro Conti - (Italy)

Stefan Dziembowski - (Poland)



We continue the signature collection. If you are a scientist or researcher and would like to add your name please fill this form: (PhD or demonstrated research track record required)


Submitted by radio on