Besides that, all they will end up with is more information on how to make chocolate cookies and who is sleeping with who, it won't tell them where the next terror attack is going to take place or who will do it.
No, but I'm convinced this isn't the goal. The goal is to monitor the unrest of the people.
The rest of it is likely the "ability to just pull up data on anyone at any time just cause".
The old school, "we know where you live, what you said to your husband, and that you had marmalade jam with your toast this morning" spy insider knowledge gambit is a strong manipulation tactic whenever you need to convince someone to "just comply".
Having inside knowledge of mundane things that are assumed to be private hold a lot more sway than you'd think. It can make threatening ordinary people a lot easier. Do governments do this often? Probably not, but when they want to interrogate someone, I can almost guarantee they like to be able to pull up everything private they can as leverage in an interrogation.
Is this useful for national security? Probably not, but since when do governments actually care about national security when they can roll around on a power trip and feel big and godly?
pitchforks coming near.
Need to hold on to power,
hide secret contracts and manipulation,
threaten incarceration,
to anyone daring to question,
their legitimation.
Control is their only salvation.
We've already seen plenty of examples of that irl.
This is an impossible task. There is no way they will be able to enforce this. It would literally require them to stick their dirty fingers into every piece of software built in the EU.
They can attack large corporations like ISPs and such and force them to do certain things, sure, but there is no way they can "ban" any kind of encryption with any real success, because, as the OC said, it's basically trying to outlaw mathematics. Forcing ISPs to perform deep packet inspection or whatever won't change the axioms of mathematics or fundamentally alter computer science so that they can suddenly break encrypted data coming from their clients.
You are not interested in just "people". You are interested in very specific subgroup of those (1-x)% that already operate outside the law.
Now that math, logic and reason are outlawed, soon I expect ethics and metaphysics to also be outlawed. Of course these fundamental ideas still exist, but if you use them they’ll throw the book at you!
A nonsensical book full of gobbledegook.
It's about control of dissent, about data mining, about preventing unrest. We have seen tiny glimpses of what can happen with France's Yellow Vests... and there is massive potential for unrest: socio-economic differences (wealth disparities), prices of must-have goods (energy, food, housing), corruption in all its forms, political ineptitude and incompetence, discrimination issues, climate protection measures (Yellow Vests) or the lack thereof (Extinction Rebellion), and sadly also measures to fight the coronavirus pandemic (e.g. the current riots in the Netherlands and Belgium, the near-storming of the German parliament).
Don't be fooled that it won't work. It works in China and they have math there too.
The only thing China will succeed in is extending the gerontocracy for a little bit longer. But eventually the cost of strongly encrypted communications will drop to zero and then the information advantage that the government has is over.
Think 'Starlink' + a couple of rounds of tech improvement and the GFOC might as well not exist. The question is will the people care? In China, I'm not so sure. In the West, maybe they will, maybe they won't, but I for one will be happy to utterly ignore this if it ever makes it into law. Right now I don't bother encrypting my mail, but if this happens I might drop off the grid entirely, and I'll make it my mission to spread strong crypto as far and as wide as I can.
But for now it's just a misguided proposal by a clueless bunch of bureaucrats.
In this case, it's simply a matter of crafting the law in such a way that, say, possession or use of strong encryption without government backdoors automatically makes you a terrorist, the same way that possessing lockpicking tools automatically makes you a thief in Illinois. Then, once your communications become a little too random, the authorities can raid your computer and that of everyone you're connected with, arrest you and take you to a black site, and squeeze you for information (including rubber-hose cryptanalysis). And they're bound to find something juicy because most of the people going to the trouble of illegally using unbackdoored crypto are indeed terrorists, pedophiles, and other criminals. Using the "once X is outlawed, only outlaws will use X" effect to good effect.
I'm sure some people have been arrested and prosecuted but that's just symbolic scapegoat tactics and a pebble trying to stop the tide.
The laws you are describing are never going to be put into effect. It's just not going to happen. I don't believe the EU is full of people stupid enough to let it happen.. and even if it did, all the member states don't just automatically adopt and enforce every law immediately without thought. There are plenty of reasonable member states that just wouldn't accept these insane laws, or have populations which wouldn't accept them.
Note that you are comparing a proposal on the one side with a law on the other.
Or, to be clear, it isn't.
For this to be turned into a law it would need to go through several steps, and currently there really isn't any reason to think that it will.
Maybe this is why we are reading this on a blog from an email provider and not the front page of a newspaper.
Jan Philipp Albrecht was appointed as rapporteur of the European Parliament for the process of the GDPR law making. His job was to take care of the process to find compromises between many opinions and fill them into law. Since he actually cares about privacy, he was in a position to make sure that the compromises keep a certain level of privacy protection. He's from the german "green/environmental" party. There is an interesting documentary about his role and the process: "Democracy: Im Rausch der Daten". I don't know if there is an english version. There is a german version on youtube. The "mistake" was to appoint him as rapporteur.
The "mistake" was not repeated, when Axel Voss from the german conservative party was appointed as rapporteur for the "Directive on Copyright in the Digital Single Market (2019)".
(Note: The law making process in the EU is long and complicated and I do not know where this draft is currently in the process.)
-
I am sure there are some people who clearly enjoy pressing on the cookie popups when they travel to Europe like popping zits. Maybe it is the Eurocrats in Brussels.
In what way?
[1] https://www.statista.com/chart/19256/the-most-surveilled-cit...
[2] https://en.wikipedia.org/wiki/Encryption_ban_proposal_in_the...
[3] https://www.wired.co.uk/article/uk-encryption-facebook-home-...
[4] https://www.gov.uk/government/publications/international-sta...
[5] https://techcrunch.com/2021/06/30/uk-tells-messaging-apps-no...
I also support brexit. I would prefer for the UK to be in the EU because it would make all of us stronger and closer, as I think we should be, but I have to accept that current UK culture is just not compatible with the European project.
Good luck to my British friends, who I know see me as "foreigner". I don't see you as foreigner.
I guess that must be true of the political elite in the major (remaining) EU countries, or it wouldn't be the policy, right?
But for, say, Hungary, where I have a lot of experience, I'm pretty sure basically nobody thinks "increasing integration" should be the goal. Well maybe some tiny minority who happen to work for the EU itself.
The integration everyone cared about already happened, except for the currency integration which will never happen. (IMO good that it won't.) Now you have one side that would like to use the EU as a cudgel for rule-of-law questions but only without interrupting the flow of money; and another, more powerful side that uses the EU as a dog-whistle for nationalists as long as it doesn't interrupt the flow of money.
I can't speak for "Europe" (neither can Brussels) but I know a lot of people in Germany who also think there has been quite enough integration already, thank you. Try ordering an espresso in Berlin without speaking English.
(I neither supported nor opposed Brexit as I'm just a dirty foreigner in the EU either way, but I have sympathy for those who did so on principle.)
Doesn't make much sense.
The threat of federalisation being imposed on the UK was just another lie.
That aside, if UK voted to support federalisation, what would be your principal fear?
The Tories seem mostly to have gone about increasing wealth disparity (dodgy contacts, corruption in parliament, tax breaks for the rich, pay freezes [ie real terms pay cuts] for the poor). What's their next move?
That's an interesting take because I've always thought, as an outsider, that the British population seems strangely accepting of authoritarian governments.
The EU's democratic deficit, and the fact that these regulations can be rolled out to most of the world's major economies without any proper debate or (likely) checks and balances, proves the dangers of political organizations that are bigger than "human sized". How do you even protest this? Any country is forced to listen to mass protests, but there's no such thing for the EU.
Surely, taking your argument as truth, Scotland is smaller than the UK and therefore stronger than the UK?
A world is essentially impossible to achieve anyway, because super powers don't want anyone to dictate rules.
The EU is not a mini-world government. it's an attempt at unifying many small nations to achieve peace and World power status. on their own, European countries are at the mercy if the US and China.
The EU is not just a commercial organization. It is an actual political union. The English-speaking press tends to hate mentioning this, but it is the truth. The treaty of Lisbon says that the goal of the European Union is to create an "ever closer" union between the member states. Every member state signed up for this.
> I would've thought that this was outside the scope of the EU
Few things are outside the scope of the EU.
> was power constitutionally transferred to the EU parliament at some point?
It is a very complex topic, but the short answer is "yes". Member states agree to translate EU parliament decisions into national law at their own time. They have the ability to veto any initiative through other channels.
> If a member nation refused to obey an EU law (or whatever it is), what sort of punishment or sanction could be applied to them?
This things are usually dealt with through diplomacy. There is a lot of tolerance. Often nothing happens but many types of sanctions (usually economical) are possible.
The EP has yet to vote on this.
And the EU also has mechanisms to impose penalties for countries that fail to comply, but in practice this is rarely done for political reasons.
If it turns into law I'll stop going to work. If I do that the project I'm in will fail, followed by my team collapsing, followed by my whole office revolting, followed by my employer crashing, followed by several Swedish cities turning to the streets in anger, followed by the whole of Sweden disintegrating, followed by the whole of Europe proclaiming "our know-it-all moral compass is gone" followed by Europe wide collapse, then American collapse.
Don't you worry for once second, peps, I got this.
- Very powerful EU citizen
I can't help but to think they are two sides of the same coin. Meaning that consumer friendly internet regulations we can all more or less agree on (e.g. let me cancel subscription online), is very correlated to consumer hostile ones (e.g. banning encryption and restricting ISPs).
Am I thinking about this wrong?
Cryptography, in particular strong cryptography has become essential for business, a good chunk of our economy now has a cryptographic element to it. You can't expect that to survive without giving the baddies the same level of access that the government is demanding, besides that, the amount of noise they will have to deal with far outweighs any possible advantage.
At best there will be some drop in crime because of people being more aware of the chance of being caught but in the past such differences did not seem to make much impact. People will do what they will do, irrespective of the chance of getting caught.
All of these things are operating as points between two different extremes, the 'good balance' usually lies somewhere in the middle between the protection of rights on the one end and the ability of the authorities to do the jobs we entrust them with. A lot of these technical ideas originate from the perspective that if it can be automated it will be cheap and if it is cheap then they'll be able to fund it. Whereas good intelligence is super expensive, it requires boots on the ground in greater numbers than is currently possible within the budget constraints that there are. Europe is in this sense much more stingy than say the USA and that alone is a big driver behind all these digital tricks.
Also: do note that this is a proposal.
I feel journalists and in-hostile-nation citizens are a smokescreen for more monied interests.
Just about 32 years ago the Berlin Wall fell and shortly after the Stasi files were proudly presented as an example of tyranny. Now the German government wants to do the same.
But I very much doubt actual such legislation will get enacted. There is not even an actual proposal yet, only articles like this saying one is coming soon.
We do know CSAM screening legislation is coming as the current voluntary rules have a 3-year time limit - but it is, in my opinion, very unlikely there will be mandatory screening, despite some people reportedly pushing for it.
I still vote but I don't really see the point anymore either. The game seems rigged.
They just want to add a de jure veneer to it.
For de facto leadership follow the US example. For de jure leadership follow the Australian/Chinese model.
But there is another big difference: Currently services they can't tap into will be forced to make arrangements for this to be possible. Not sure how they will do this with the more decentralised platforms like Matrix but they will probably find a way :(
You don't have secret courts.. yet. Anyway, it doesn't actually matter if you have secret courts or not, for high profile targets. The US has them and the US also has extradition treaties. And if you do have legislation against spying on your own citizens, your allies don't, they can do it for you and then share intelligence.
This whole effort is to short-circuit all of that and streamline an existing process.
In exchange, the police staff, their corporate friends and their political masters can know what you are doing in the restroom when you take a roll of toilet paper with you, or when you negotiate a business agreement in a bar.
In my opinion, such legislation would be unlikely to pass EU parliament. It is more likely that the current temporary rules allowing voluntary screening get reworked into a permanent legislative proposal.
AFAIK the only relevant official procedure here is this initiative that sought feedback from affected parties (and it does not mention mandatory screening - instead it asked for opinions on what should be done): https://ec.europa.eu/info/law/better-regulation/have-your-sa...
In my opinion it is not a fiasco at all. It simply allows the current pre-Dec-2020 practice of voluntary screening to continue for a limited period of 3 years (so they have time to get a proper permanent legislation in place). Privacy rules changed in Dec-2020 that made voluntary screening effectively illegal, hence the stopgap.
It just avoids GDPR unintentionally making it illegal for service providers to scan for CSAM without opt-in user consent from every user involved, and only does so for a temporary period until legislation that formally defines service provider responsibilities is ready.
Personally, I'm fine with that. I firmly agree that private E2E messaging should not be banned (the suggestion in this post, which as noted above is not currently a real proposal) but I don't think that means service providers should be forced to blindly host user data that may contain CSAM against their will.
to the people who complain, we didn't hear you when the US kept (is still is) massively tracking you
and let's not talk about all free apps on your favorite smartphone, they track you to death
but who cares, nobody should track me for everyone safety! only for everyone's lack of privacy!
Note that in a very large number of terrorist attacks the knowledge was already available, but it either wasn't acted on, communicated improperly, not given enough urgency or lost because too much time was spent looking at spurious signals. Every time the amount of information available goes up that last factor will grow. Signal vs noise is the main contributor in why 9/11 happened, and the same goes for a lot of other terror attacks as well. But that sort of admission requires a complete review of how this is all practiced, would require an end to the security theater and would cut a whole lot of pork. I'm somewhat skeptical that this will happen.
But more security theater moves to appease Joe Public and look tough, of course.
9/11 happened because they let it happen
Jets would come at you if you flew over cities without permissions
Why do we encrypt things in the first place? because lack of trust
Maybe let's fix that instead of expecting society should lack "trust" between actors
You weren't listening then.
And it's not exactly a ban either. It's about a mandatory backdoor in encrypted communication.
Not that makes it any less bad but it's important to clarify. The title is not clear about this.
Why the disconnect? That's my fundamental question.
And the pro-surveillance push sadly is fairly endless, see also countries trying to introduce general recording of internet metadata despite the EU top court repeatedly having made clear that that's not going to be a thing that survives a legal challenge.
There is no such proposal as of yet.
In my opinion, the last regulation applied in July 2021 was sound (final text: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A...), allowing a 3-year extension to the existing practice of voluntary screening until a proper legislation can be finalized.
Some would have wanted to completely disallow voluntary screening (which would have been the case had the regulation not been adopted, due to privacy law changes in Dec 2020), too, and I can understand that position. But that is seemingly not shared by European Parliament who voted to allow voluntary screening to continue (they did shorten the time period to 3 years from the original 5, though, by an amendment).
This has worked reasonably well for decades, in Europe's liberal democracies, for pain old telephone, mail, searching apartments, etc. Yes, there have been mistakes and failings, but by and large this system works, and prevents substantial harm.
These powers need an actually independent judiciary in a strong legal system (ie. not the us). And they need to be kept out of the hands of secret services (as opposed to genuine police work overseen by judges in the public record).
You're basically describing some magical fantasy land where the ability to utilize the backdoor could be restricted to "genuine police work" by the legal system. Here in reality, we have to acknowledge that it's impossible to do that.
EU interior ministers welcome mandatory chat control for all smartphones - https://news.ycombinator.com/item?id=29200506 - Nov 2021 (59 comments)
EU Chatcontrol 2.0 [video] - https://news.ycombinator.com/item?id=29066894 - Nov 2021 (197 comments)
Previously:
Messaging and chat control - https://news.ycombinator.com/item?id=28115343 - Aug 2021 (317 comments)
EU Parliament approves mass surveillance of private communications - https://news.ycombinator.com/item?id=27759814 - July 2021 (11 comments)
European Parliament approves mass surveillance of private communication - https://news.ycombinator.com/item?id=27753727 - July 2021 (415 comments)
Indiscriminate messaging and chatcontrol: Last chance to protest - https://news.ycombinator.com/item?id=27736435 - July 2021 (104 comments)
IT companies warn in open letter: EU wants to ban encryption - https://news.ycombinator.com/item?id=26825653 - April 2021 (217 comments)
Others?
It would literally be less bad for all display and input devices to have a (password protected, randomly created at time of manufacture) police access mode, than to ban cryptography.
I talked to my local MP about the UK’s Investigatory Powers Act when that came up. I still don’t understand why the UK decided to allow the Welsh Ambulance Service in particular to access, without a warrant, the recent “internet connection records” of everyone except sitting MPs and certain protected professions.
GCHQ even proposed a 'ghost protocol'[0] so they can play Mallory in your comms. Infact I don't even trust the phone itself, since they /ship/ with Google/Apple-sponsored malware and phones are being hacked all the time.
Messenger apps are strange because they all have different caveats to each, and I've tried them all. For example: Signal requires a phone number, which by design, can leak your 'meatspace' identity. Some people don't like that, so they use Matrix (which has its own caveats too).
Personally, if the authorities go after messaging apps, it's not a big hit for me, since I don't use them heavily. I can see why businesses would take a hit since they want to protect business secrets, and protestors would take a hit & can't organize etc, but it won't affect me heavily. YMMV.
[0] https://www.wsws.org/en/articles/2019/07/06/gchq-j06.html
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELE... is the strategy document.
So far, there is a temporary derogation from the ePrivacy Directive (https://www.europarl.europa.eu/RegData/docs_autres_instituti...). The ePrivacy directive as part of the EECC forbids (for the sake of discussion) email providers from scanning Maildirs, even if those maildirs are cleartext (as is the case for the majority of providers, s/Maildir/backend storage). The temporary derogation lets them scan for CSE in these sources.
I don't see any proposed regulation explicitly targeting end-to-end encryption, but their strategy document does seem to label end-to-end as a problem, citing the NCMEC (US). The project is here: https://ec.europa.eu/info/law/better-regulation/have-your-sa... .
The real danger of encryption, and in particular blockchains, is that it can subordinate the legitimacy of the state and its policies and actions to a test of truth, and this is why they hate it. The abuse and terrorism arguments are red herrings for this to distract from this fundamental dynamic.
These attempts at outlawing encryption of any form should be met with a lot more pushback from now on.
Additionally, service providers MUST inform you that you they have scanned your data for CSAM: "Service providers should inform users in a clear, prominent and comprehensible way that they have invoked the exemption provided for in the Regulation"
The EU should either reform or it will die off, and for good reasons.Obviously if the latter is to happen it will take at least a decade or two, but the cracks have begun to show frankly since it stopped being merely an economic union.
