New ITU Podcast: The IT security expert on the political desire for mass surveillance?
In a pilot episode of the IT University’s new podcast series, Tech-away, Carsten Schürmann, Head of the Centre for Information Security and Trust, discusses the CSA Regulation, under which the EU wants to require all messaging services to scan our digital communications. Although the proposal was blocked by German politicians, the political desire for mass surveillance is far from dead.
Written 21 December, 2025 17:07 by Jari Kickbusch
Carsten Schürmann, professor and head of the Centre for Information Security and Trust, has several claims to fame on his CV. In 2017, he made headlines worldwide by hacking a digital voting machine used in several U.S. elections. The following year, he again attracted global media attention when he, in front of the popular American TV host Nathan Fielder, demonstrated how one could manipulate the results of the Emmy Awards. Now, Carsten Schürmann appears in a pilot episode of ITU’s new podcast series, Tech-away.
Together with the podcast’s two hosts, Schürmann discusses Denmark’s failed attempt to push through a revised version of the CSA Regulation, also known as “chat control.” Originally introduced by the European Commission in 2022, the regulation would require all encrypted messaging services such as WhatsApp and Signal to scan all messages for child pornography. Although the proposal was blocked by German politicians, the political desire for mass surveillance is far from dead, Schürmann explains in the podcast:
“There’s a conflict here. When is something about privacy, and when is it about protection? If it’s about a terrorist attack, I’d be glad if authorities find out that it’s being planned before it happens. To do that, they need access to certain information. On the other hand, the secrecy of correspondence is protected by the Constitution, which means authorities are not allowed to look into my communication. So where’s the balance? It’s difficult.”
Over the years, politicians who provide law enforcement with tools to fight crime have faced serious challenges in cyberspace, which largely gives individuals, networks, and hostile states new opportunities to commit, organize, and spread crime. Drug and human trafficking, violence, terrorism, and misinformation have become serious threats to both our security and the democratic process. In addition, cybercrime is an urgent economic problem. Globally, Cybersecurity Ventures estimates that damages from cybercrime will amount to $10.5 trillion by 2025—that is a staggering 66,952,201,866,627 Danish kroner.
Given this, it is deeply concerning that cybercriminals can operate and grow with minimal risk of being held accountable. For cybercrime alone, the World Economic Forum’s Global Risks Report estimates that the likelihood of a cybercriminal being punished in the U.S. is about 0.05 percent—meaning 99.95 percent get away with committing crimes online. This is unsustainable, and we will very likely see politicians once again trying to address the problem by demanding more surveillance, according to Carsten Schürmann:
“I think the authorities want to do it the right way, but they lack the technical knowledge and understanding of how to do it properly. Many critics of the CSA Regulation are opposed to it because of how the proposal is formulated and how they want to control things. But there are other approaches that don’t involve scanning all images,” says Schürmann.
Listen to the podcast here (in Danish).