Aletho News

THE CHILDREN GAMBIT

How Europe’s Political Class Weaponises Innocence — and Has Been Building This Machine for Years

Islander Reports | February 17, 2026

Before we start. These platforms aren’t innocent. They’ve extracted billions from our attention, manipulated our children’s dopamine cycles, censored truth tellers, handed our data to surveillance capitalism and slept soundly every night. Hold that. And then read what follows anyway — because what’s happening right now is something else entirely.

Let’s start with the money. Because the money never lies.

€1.2 billion. Ireland’s Data Protection Commission. Meta. May 2023. The largest GDPR fine in history, for routing EU citizen data to the United States without adequate protection. A record that lasted about five minutes.

€530 million. TikTok. May 2025. Same Irish authority. For sending European user data to China and then, this is the part they buried in the press release — lying about it during the inquiry. TikTok told regulators throughout the investigation it wasn’t storing EEA data on Chinese servers. In February 2025, they quietly admitted it had been. All along.

€345 million. TikTok again. 2023. Children’s data. €14.5 million from the UK’s Information Commissioner’s Office on top of that, same year, same issue. €91 million to Meta Ireland in September 2024 — they stored hundreds of millions of user passwords in plaintext. Just sitting there. No encryption. Exposed. €390 million to Meta the year before, for forcing users to accept personalised advertising as a condition of accessing their own accounts.

And then December 5th, 2025. The European Commission handed X — formerly Twitter, now Elon Musk’s megaphone and the primary target of every European leader who’s discovered that their citizens can organise against them online — a €120 million fine. First ever penalty under the Digital Services Act. For misleading users about the blue verification badge, concealing advertiser identities, and blocking government-approved researchers from accessing algorithmic data.

Over €2.5 billion. Just the verdicts. Just the ones that made it to conclusion. Fourteen active DSA proceedings still grinding through the machinery, with Meta and TikTok each facing potential fines of 6% of global revenue. That’s €9.9 billion for Meta. €9.3 billion for ByteDance. Numbers large enough to restructure companies. Numbers designed to make platforms obedient.

So when Pedro Sanchez walked out this morning and announced that Spain’s Council of Ministers would invoke Article 8 of the Organic Statute of the Public Prosecution Service — sic prosecutors onto X, Meta and TikTok for “crimes they may be committing” through AI-generated child pornography — understand what you’re looking at.

This isn’t a regulator at the end of its rope. This is a political class that has already built the machine, tested the machine, extracted billions through the machine — and is now deciding what else the machine can reach.

“May Be Committing”

That’s the phrase. Not “has committed.” Not “is committing.” May be. Sanchez posted it on X — the very platform he’s threatening to prosecute — and the media swallowed it whole, no questions about evidence or methodology or whether a public prosecutor’s office is the right instrument for making technical judgements about AI image generation pipelines.

The Spanish government claims Grok produced three million sexualised images in eleven days, including over 23,000 involving minors. Strong numbers. Specific numbers. Precise to the point of being designed to prevent challenge — because you can’t interrogate evidence you haven’t been shown, and asking to see it means you’re defending the indefensible. Not one published source. Not one independent methodology. They arrived complete, ready-made for outrage.

That’s the genius of it. The children gambit works precisely because you cannot question it without becoming the villain of the story.

Pavel Durov said it plainly — and look, nobody should hold Durov up as a civic virtue. But he’s spent years watching governments use platform regulation as a control mechanism, and when he says Sanchez’s moves aren’t safeguards but steps toward total control, he’s speaking from operational experience. He’s seen this architecture before. From the inside.

Here’s what this moment actually is, in the longer register. Every time a Western liberal government needs to consolidate control over the information environment, it finds a victim group whose protection cannot be questioned. In the 20th century they used communists, terrorists, drug dealers. The 21st century discovered something more powerful — children. Unimpeachable. Unchallengeable. A shield so morally absolute that any surveillance infrastructure built behind it arrives pre-legitimised. Sanchez didn’t invent this playbook. He’s just the current page.

Here’s the question nobody in any press conference asked today. If you actually wanted to protect children from AI-generated abuse material — if that were the genuine, singular, burning priority — what would you do?

You’d hunt the producers. Fund specialist cyber units with the resources and legal powers to identify, locate and prosecute the people who generate and distribute child sexual abuse material. Build better reporting pipelines so victims and witnesses have direct, fast routes to enforcement. Nail the distribution networks — the forums, the channels, the file-sharing infrastructure where this material moves — with targeted operations and international cooperation. Invest in takedown technology that works at scale. These are the unglamorous tools of actual child protection. Forensic. Technical. Expensive. Slow. Not suited to a press conference.

None of that is what Sanchez announced today. What he announced was prosecution of three of the most visible American technology platforms, with unverified statistics, under a legal mechanism designed for emergency government intervention in the public interest — on the same morning Keir Starmer in London announced restrictions on the last tool of genuine online privacy.

That’s not child protection. That’s the political class treating every ordinary user as a pre-suspect, building infrastructure that watches everyone in order to catch a tiny minority — and using the minority as the justification.

When someone says “think of the children,” look at what they’re actually building. Because what they’re building right now, across Europe and Britain, is an internet where you need permission to speak.

The Network They Actually Protected

Let’s be precise about who’s invoking children to demand your identity.

Jeffrey Epstein ran an international child trafficking operation for decades. Not speculation. Court and DOJ documents. Thirty-five girls identified by Palm Beach police in 2005. FBI reports going back to 1996. Federal prosecutors in Florida prepared a 60-count draft indictment in 2007 — conspiracy, sex trafficking of minors, enticement — charging Epstein and three co-conspirators described as employees who “persuaded, induced, and enticed individuals who had not attained the age of 18 years to engage in prostitution.”

The names of those three co-conspirators were in the indictment. Then US Attorney Alexander Acosta gave Epstein 13 months in county jail with work release six days a week and immunity for “any potential co-conspirators” — in direct violation of federal victims’ rights law. The investigation was shut down. Epstein walked. The network persisted.

Fast forward. January 2026. Department of Justice releases 3 million pages (a mere 2% of what they have in possession) under a law Congress passed unanimously demanding transparency. Victims’ names exposed. Driver’s licenses published. Witness statements naming perpetrators? Redacted. Draft indictment naming co-conspirators? Still redacted. Attorneys for over 200 victims called it “the single most egregious violation of victim privacy in one day in United States history” and accused DOJ of “hiding the names of perpetrators while exposing survivors.”

Congressmen like Thomas Massie had to read names aloud on the House floor before DOJ would release them. Rep. Ro Khanna: “The survivor statements to the FBI naming rich and powerful men who went to Epstein’s island, his ranch, his home — who raped and abused underage girls — they were all hidden.”

Now look at who’s demanding you hand over your identity to speak online.

Keir Starmer — the man proposing VPN bans and bypassing Parliament to regulate your thumbs on a screen — appointed Peter Mandelson as UK Ambassador to the United States in December 2024. Mandelson called himself Epstein’s “best pal” in Epstein’s 50th birthday book. Their friendship continued after Epstein’s 2008 conviction. Emails released in the January 2026 DOJ files show Mandelson received £75,000 in payments from Epstein between 2003-2004, leaked classified government information to him while serving as Business Secretary in 2009-2010, and sent messages suggesting Epstein was wrongfully convicted.

Starmer knew about the Epstein connection when he made the appointment. Mandelson had already resigned from government twice before — conflicts of interest, financial misconduct — and the Epstein relationship was public record. Starmer appointed him anyway. Made him Britain’s top diplomat. Gave him the US ambassador post. When the files dropped and the depth of the relationship became undeniable, Starmer’s chief of staff Morgan McSweeney — who recommended Mandelson — resigned. Then Starmer’s communications director. Then his cabinet secretary. Three senior aides gone in days.

Mandelson is now under criminal investigation by the Metropolitan Police for misconduct in public office. US Congress has requested he submit to interview as part of its investigation into Epstein’s co-conspirators and enablers.

And Starmer — whose government just had VPN downloads surge 1,800% because British citizens don’t trust him with their browsing data — is the man now lecturing the public about online child safety.

This isn’t hypocrisy. It’s consistency. The same political class that gave Epstein’s network immunity and protected co-conspirators for two decades is now demanding total visibility over your identity. The same Department of Justice that hid perpetrators and exposed survivors is the one telling you encryption backdoors are necessary to protect children. The same institutions that shut down the Epstein investigation in 2008 and buried the names in 2026 are building the Digital Identity Wallet, the fact-checker networks, the 24-hour removal mandates.

When they say this is about protecting children, look at the Epstein files. Look at who they protected. Look at who they prosecuted. Look at who they gave immunity. Look at whose names are still redacted while survivors’ information gets published.

Then ask yourself why these exact same people need to know who you are before you’re allowed to speak.

What This Actually Is — Unelected, Unaccountable, and Expanding

Here’s what nobody in the mainstream coverage will say: the regulatory apparatus now targeting these platforms was not built by people you voted for.

Picture what happens when a flag arrives. It’s 2am. A compliance officer at a major platform — a 26-year-old in Dublin or Amsterdam with a policy degree and a quota — opens an alert. A Brussels-appointed body has flagged a post as potentially harmful. The DSA gives the platform 24 hours to act or face fines of up to 6% of global revenue. There’s no named accuser. No court order. No adversarial process. Just a designation, a deadline, and a number so large that hesitation is financially irrational. The post gets removed. The writer wakes up to find their words gone. The politician whose opponents wrote it points elsewhere. The regulator points at the law. The compliance officer points at the process.

Nobody elected any of them.

The European Commission is not elected. Its commissioners are appointed by governments, approved by a parliament most Europeans couldn’t name the composition of — and its enforcement apparatus, the officials running fourteen DSA proceedings and handing out nine-figure fines, operates at a distance from democratic accountability that is not incidental but structural. The “trusted flaggers” embedded in the DSA framework, deputised to mark content for priority removal, are appointed bodies. Ofcom in the UK is a regulator, not an elected chamber. The European Board for Digital Services, coordinating enforcement across 27 countries, answers to no electorate anywhere on earth.

Sanchez and Starmer announce the intention. The technocrats execute it. And when it goes wrong — when the journalist’s article vanishes into a compliance process with no appeal, when the civil servant’s flagging of “migrant hotel” videos turns out to be political interference dressed as child protection — there is no one to vote out. The politician points at the regulator. The regulator points at the law. The law was written in workshops whose attendees you’ll never know. Democratic majorities change. Regulatory architecture doesn’t.

That’s not a flaw in the system. It’s the system working exactly as it was designed.

Britain and the VPN — The Moment the Mask Slipped

The week before Sanchez made his announcement, Keir Starmer was in London saying “no platform gets a free pass.” New powers to restrict social media. AI chatbots brought under the Online Safety Act. Infinite scrolling — the physical act of moving your thumb down a screen — to be regulated. Action in “months, not years.” And crucially, explicitly, openly: bypassing the parliamentary scrutiny that would normally apply to legislation this significant. He said it out loud. The urgency is too great for debate.

But the detail that should stop every person who cares about liberty cold is the VPN proposal.

Let’s be clear about what a VPN actually is, because the political class is clearly hoping you don’t know and don’t care to find out.

A Virtual Private Network encrypts your internet connection and masks your IP address — your digital location, the identifying tag that follows you across every website you visit, that your internet service provider logs, that governments can and do compel ISPs to hand over. When you use a VPN, your traffic passes through an encrypted tunnel. Your ISP sees that you’re connected to a VPN server. That’s it. They cannot see where you go. They cannot see what you say. They cannot read your communications.

This is the tool that domestic abuse survivors use to hide their location from abusers. That investigative journalists use to protect their sources. That activists use to organise without government surveillance. VPNs aren’t a loophole. They’re a lifeline.

After the UK Online Safety Act came into force, VPN downloads in Britain surged by 1,800%. Half the top ten apps in British app stores became VPN services. Ordinary British citizens — not criminals, not paedophiles, not terrorists — reached for the exact same tool that people under authoritarian regimes use to avoid state surveillance, because they didn’t want to submit government-verified identity just to browse normally.

Starmer’s response to that 1,800% signal was to propose restricting VPNs.

Not to reconsider whether the surveillance infrastructure was too invasive. Not to ask why a free people felt the need for anonymity tools in a democracy. No — the tool of privacy is the problem. The loophole to be closed.

And here’s the thing that proves this was never about children. Ban commercial VPNs tomorrow and any determined teenager circumvents it within hours — cheap cloud servers, open proxies, custom tunnels for less than a dollar a month. The only people genuinely impacted are the ones relying on them for legitimate safety: the abuse survivor hiding their location, the journalist protecting a source, the person who simply doesn’t want their ISP building a commercial profile of their private reading habits. A VPN ban doesn’t protect children. It closes the last gap in the surveillance infrastructure — means that when the DSA triggers an investigation into your political commentary, when the Brussels-appointed fact-checker flags your article, there’s nowhere left to go. No tunnel. No private space. Just a 1984 dystopian, digitally enhanced.

The Wallet Nobody’s Talking About

Beneath all of this — quieter, slower, more permanent than any headline — is the piece of architecture that makes everything else irrelevant to debate once it’s in place.

By December 2026, every EU member state is legally required to provide its citizens with a European Digital Identity Wallet. Not a proposal. Law — Regulation EU 2024/1183, in force since May 2024. Major platforms will be required to accept it as a login mechanism. The private sector — banks, retailers, online services, social media — can request verified identity information through it.

Brussels will tell you the privacy protections are robust. And it’s worth taking that position seriously, because it isn’t entirely dishonest.

Article 5a of the regulation is real. It states explicitly that relying parties — the companies and platforms using the wallet — “shall not refuse the use of pseudonyms, where the identification of the user is not required by Union or national law.” The Commission points to this as the safeguard. They have a point. It’s in the law. It’s binding. If you want to use your wallet pseudonymously on a platform that has no legal requirement to know who you are, the regulation says you can. Proponents argue this is a meaningful, enforceable right — and that critics conflating the wallet with mandatory real-name requirements are misreading the text.

The problem is the eleven words the Commission would prefer you not to dwell on: where the identification of the user is not required by Union or national law.

That clause means the pseudonymity right exists only in the space where no law has yet required your identity. It is protection that any member state can legislate away, for any service, with a single national law and a stated reason. Child protection. Anti-terrorism. Financial crime. Age verification. The reasons are not hard to find. The EU has no override mechanism — Brussels cannot prevent a member state from passing a law that, in its domestic application, triggers the exception and requires identification. So the right survives only until a government decides it shouldn’t. One parliament. One vote. The pseudonymity is gone for that service, in that country — legally, permanently, with the full blessing of the regulation’s own text.

And there’s something else the Commission won’t volunteer. The architecture meant to enforce the pseudonymity right — the mechanism that would actually prevent platforms from demanding your identity when they have no legal right to — was quietly gutted in implementation. Privacy advocates at epicenter.works, the only civil society organisation that worked on this file throughout the entire reform process, found that the Commission made relying party registration certificates optional rather than mandatory. Without mandatory certificates, the wallet cannot verify whether a company’s request for your real identity is legitimate or overreaching. Tech giants can demand identification in contexts that don’t legally require it. There is no technical mechanism to stop them. The safeguard exists in the legislation. The infrastructure that would make the safeguard real was made optional in the implementing regulations.

The Commission was told this directly. They proceeded anyway.

Civil society organisations warned EU officials in an open letter that the wallet “may eliminate anonymity, leading to over-identification and a loss of privacy.” Unacknowledged. One hundred and thirteen free speech and privacy experts wrote separately to raise similar concerns about the broader regulatory framework. Ignored. The pattern of constructing the infrastructure first and addressing rights concerns later — or not at all — is not a run of oversight failures. It’s a consistent set of choices made by people who understood exactly what they were choosing.

The Machine Is Already Running

People keep framing this as something that might happen. Future concerns. Hypothetical overreach.

It’s not the future.

The European Democracy Shield is operational — fifty action points, a European Centre for Democratic Resilience, a state-funded network of fact-checkers on Brussels money with a Brussels mandate, described in their own documents as “rapid response capacity” for information “crises.” The Commission decides what a crisis is. There is no external appeal. Just a bureaucrat with a mandate to act within 24 hours and a definition of disinformation so broad that it extends, in the Commission’s own telling, to content “that is not illegal.”

How broad? In May 2025, the Commission hosted a closed-door workshop with platform compliance teams. Training exercises. Internal documents. The US House Judiciary Committee obtained these documents under subpoena — you can disagree with the committee’s politics but you can’t argue with what the documents actually show. One exercise asked participants how to handle a post: an image of a teenage Muslim girl in a hijab alongside the text “we need to take back our country.” The exercise classified the combination as “illegal hate speech” requiring removal. Now, a reasonable person might argue about that specific scenario. Fine. Argue it. But the fact that this is the level at which European regulators are working — training platform compliance teams to remove common political sentiment combined with religious imagery, in closed-door workshops, before any court has ruled, before any democratic debate has happened — tells you something important about where the definitions are pointing.

Think about what that means in practice. Not in theory — in practice. A compliance officer at a platform with 400 million users gets a flag from a Brussels-funded body. The post contains a political opinion combined with an image. The body has designated it harmful. The platform has 24 hours. The alternative is a fine that could be measured in billions. Nobody phones a judge. Nobody consults the person who wrote it. The post disappears. And when it does — when that specific combination of political sentiment and religious imagery gets quietly removed from 400 million people’s feeds at 2am by someone following a process designed in a workshop that was closed to the public — that isn’t a transparency obligation. That’s the state deciding what the public is allowed to see. And doing it with plausible deniability built in at every layer.

That fact-checker network plugs directly into DSA enforcement. Platforms — X, Meta, TikTok, and by mid-2026 almost certainly ChatGPT, which already has three times the user numbers needed to trigger Very Large Online Platform designation — will be legally required to act on those findings. Not consider them. Act. Within 24 hours. Or face fines of 6% of global revenue.

The €120 million fine X received in December 2025 wasn’t for hosting child abuse content. It was for opacity — for not giving government-approved researchers access to the recommendation algorithm that determines what information reaches citizens. The Commission called it a transparency obligation. What it actually was: the state asserting the right to see inside the machine that shapes what the public thinks, so it can instruct the machine to shape it differently.

And when the Digital Identity Wallet closes the last gap — when the pseudonymity is quietly legislated away by a member state with a “reason,” when the VPN tunnel gets restricted, when every platform knows exactly who is saying what with a government-verified name attached — the system is complete. Everyone who speaks online, identified. Everything said, attributable. Every flag by a Brussels-appointed body, actionable within a day.

All of it constructed, piece by deliberate piece, in the name of protecting children from harm.

Final thoughts

The Soviet Union had a name for the officials who ran its censorship apparatus. Guardians of the public good. They had fact-checkers — called editors, party reviewers, information officers. Rapid response systems. Legal frameworks for acting on speech that threatened the stability of the state. Most of them genuinely believed they were protecting something real. That’s what makes these systems so durable — the people inside them are sincere.

They didn’t think of themselves as censors either.

What you are watching, from Madrid to London to Brussels, is the construction of a digital order in which the ability to speak freely, anonymously, without state knowledge, is being dismantled — not through jackboots but through frameworks, directives, DSA workshops, government-funded fact-checker networks, and the entirely reasonable-sounding proposition that we must protect our children.

Sánchez is a man whose government has been at war with X since the platform gave his opponents a direct line to Spanish voters that bypassed media institutions his party spent years cultivating. Starmer is a man whose government monitored social media during a domestic political crisis and then moved to expand its legal authority over the very platforms that let citizens talk about what they saw. The European Commission is a body of unelected officials who trained platform compliance teams, in closed-door workshops, to remove political sentiment they’d categorised as harmful — and then ignored 113 experts who wrote to warn them what they were building.

Keir Starmer is a man who appointed an Epstein associate as his personal envoy to Washington, knowing the relationship, knowing the history, and when it collapsed appointed himself the guardian of online child safety

These. Are. The self appointed guardians of the children.

They gave Epstein’s co-conspirators immunity and are still hiding their names two decades later. But they need to know yours before you can post a political opinion. They protected a trafficking network with clients in the highest levels of Western power. But you’re the threat that requires a Digital Identity Wallet. They redacted the men who procured children for a convicted paedophile while publishing the victims’ driver’s licenses. But your VPN is the problem that demands legislative action.

Call that what it is.

They didn’t prosecute the network because they were the network’s best customers. So how dare they invoke children’s safety to strip yours.

€2.5 billion extracted. Fourteen proceedings active. A Digital ID mandate rolling out across 27 countries by year’s end. VPNs under legislative attack in the birthplace of the Magna Carta. Parliamentary scrutiny openly bypassed in London. A Democracy Shield with a rapid response protocol for information crises that no one elected anyone to define.

They’ve been building this for ten years. The fines, the frameworks, the wallets, the fact-checkers, the VPN bans, the bypassed parliaments. Layer by layer. Always with a reason. Always with a child somewhere in the justification.

They’re nearly done.

And when it’s finished — when the wallet is in your pocket, the fact-checkers are wired to the platforms, the pseudonymity has been legislated away in some member state that needed a “reason,” the last encrypted tunnel closed — they will stand in front of all of it and tell you it was always, only, ever about the children.

An internet where you need permission to speak isn’t a safer internet. It’s a controlled one.

Epstein’s co-conspirators walk free while you need state permission to call them what they are.

Believe them if you want. History will know what it was.

February 17, 2026 Posted by aletho | Civil Liberties, Full Spectrum Dominance | European Union, Human rights, Spain, UK | Comments Off on THE CHILDREN GAMBIT