Suppose we take the pessimistic path and the EU really mandates all encrypted chat apps to do client side scans of messages that are being sent prior to encryption. What could a citizen do to mitigate the issues?
Depends how they want to enforce it.
If they stay in EU then no they’re not trustworthy.
Most likely yes but depends how the EU enforce it.
Yes
Pls no that will be a sad day. 
I would like to know why all so called “free ccountry’s“ all at ones starting going full 1984. I personally think they are prepping for war.
Various answers before here:
Interesting question. Probably many & multiple reasons.
One of the reasons could be authoritarians pushing for it behind the scenes.
Authoritarian (adjective)
- Characterized by or favoring absolute obedience to authority, as against individual freedom.
Why now? This docudrama “2073 (2024)” 2073 (2024) - IMDb have many good scenes about those people consolidating power today.
I guess its beneficial to have private communication including during war.
As said above, your options for mitigation are going to depend on how this is enforced.
Everything I say after this assumes you care enough to put in the effort and are trying to talk to someone who also cares enough to do so.
If we assume your operating system and hardware can be trusted, but the apps themselves cannot, you can encrypt your messages externally with something like PGP - before the app ever has a chance to see them. (we are also assuming that PGP either still will be safe OR you downloaded it ahead of time)
If we assume your operating system and/or hardware could be compromised but not to a degree where it could compromise other machines, you’d want to set up a device you CAN trust BEFORE this becomes an issue, and keep it offline. Use that for encryption/decryption and move ciphertexts between the offline machine and the online machine using a USB or similar.
If we assume the compromised machine can compromise others via USB, you’ll need to transfer using your eyeballs. Type very carefully. I think this is realistically as bad as it could get, but I’d think it’d come after the first two have been around for a while.
If we assume all hardware/software has been compromised somehow, you could try doing some cipher by hand. You and your friend would need to write down or memorize the process and be confident in your math skills, and you’d need to agree on conventions like what cipher to use. If using a symmetric cipher, you’d need to agree on a shared secret ahead of time (or meet in person and do so). I think AES-128 is pretty reasonable. It wouldn’t be fun (unless you’re into that, in which case, have fun), but based on my own experience, I think it’s in the realm of possibility - something you could do in a few hours, perhaps.
The best thing you can do right now is use your freedom today to protect your freedom tomorrow. Generate your keypairs NOW. Exchange them NOW. I don’t think it’s likely they’ll try to Man-In-The-Middle, at least to start, but there’s no harm in preparing for the possibility.
Well, let’s hope we won’t have to resort to manually doing it 
I think if it did come to that, things would probably be bad enough that there’d be a civil war (even if most people don’t care about encryption as much as they should, I doubt it’d be the ONLY thing going on). It’s not really something to worry too much about, I’m just trying to think about the "what-if"s. After all, if it WERE to get that bad… there’d probably be no one who could safely answer the question!
This KryptEY sounds like a viable solution. I, too, think this is the execution of some long due authoritarian agenda. I guess it’s a response of old demented power hungry people unable to understand boundaries
I suppose another thing a citizen could do is find other like-minded citizens and create change!
Tell me about it, my friends are very much uninterested about doing anything meaningful. One day I decided to buy a camera cover for my phone and, since I could only buy in a batch, I decided to distribute it to them for free. They didn’t give a shit. The impression I have around is that most people feel defeated and compliant to whatever any government tries to shove down their throat.
Another big reason is this Crypto Wars - Wikipedia (this article lists long history of agencies sabotaging encryption technology since the start)
What changed today is that encryption finally became very popular, so agencies are unhappy that they can no longer read what many people talk about.
So as popularity of encryption grows, so does the push back from the corridors of government agencies.
I have similar experience, maybe keep trying to educate one step at the time… About camera in particular, I myself don’t yet have a cover for a phone and I am unsure about the necessity (will research one day why its good to have).
Hm, maybe I am just getting too paranoid
Maybe not, I simply don’t know about necessity yet, but maybe it is necessary, because I see this being recommended by some knowledgeable people too, but don’t know yet why.
I’ve put my thoughts in another thread (linked below). Feel free to read them and keep an eye on it for responses from others - hopefully you’ll get the answers you’re looking for.
Yes, because the official Android fork would probably comply with client side scanning but GrapheneOS will not comply.
Prepping for war would mean to increase security, not to weaken it by implementing backdoors.
bluetooth nodes hopping over the internet
Meshtastic or other LoRa implementations
I guess that mmessengers such as Facebook Messenger, Instagram, Snapchat, twitter and maybe Whatsapp would prefer to comply instead of pulling out of EU. Signal sais they would pull out of EU.
As @user53 said, I think that using GrapheneOS would help. In all cases, I believe that the probability is near 0 that they would include this in the OS. This is inimaginable. Google and Apple would probably comply imo (at which level? Google Play Services I guess?).
In the case you can trust the phone and that messengers that don’t want to comply cease operations in EU (Signal, SimpleX, Session, …), you should probably get a good VPN or use Tor and maybe a foreign phone number if services like signal use this to ban EU users 
BUT, if your contacts continue to use compromised messengers, you’re doomed 
Relates to : http://www.youtube.com/watch?v=PXJYazkg7JE
Hear from people living in Ukraine, on how end-to-end encryption is critical for keeping themselves and their loved ones safe in times of war.
This is why decentralized, open source systems are so important. There is no one a government can turn to when the “app” is a community-maintained project.
Assuming that Signal does not modify their source code, and that I live in a country where this law is officially implemented, will it be illegal for me to use Signal? Or would it be Signal that would be in legal trouble? How does all of this work?
I am just a layman and I have not read the bill/law/whatever it is called or know much about how laws work. I had a similar question to this when there was word on TikTok being banned in the US. If I were a US citizen and had installed TikTok directly via an APK file, for example, would I be in trouble? or what?
The bigger loss is that Signal was relatively easy to persuade others to join. All my friends and family members are on it now. That took a year or so, but now we are there. I don’t see that happening with decentralised messengers. Signal as a product effectively competes with WhatsApp on all levels and offers privacy.