[heavyset_go]

> This could also lead to large spam campaigns of CP being sent to random people, either to just fuck with them, or to undermine the system/overwhelm investigators with a bunch of false positives.

If you're a nation-state that wants to sow discord and distrust in another nation's society, what better way than to frame random, respected or important people?

The attacker wouldn't need to worry about being arrested, due to being in a foreign country and most likely associated with foreign intelligence agencies. Those same agencies would have the evidence they could plant on people's devices or cloud storage, and the resources not to get caught.

They wouldn't even have to burn zero days or accounts/numbers to send messages, just look for database dumps of services that the target country uses, and then log in and upload the evidence.

It could be cheap, easy and scalable.