The Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted a "draft Parliament position" [0] and that's that.
This still needs to go through so-called "tri(a?)logue negotiations", held between the EU parliament, commission and council. [1]
Still a tad early for calling this a win!
[0] - https://www.europarl.europa.eu/news/en/press-room/20231110IP...
[1] - https://netzpolitik.org/2023/ueberwachung-eu-innenausschuss-... (German)
The heading indicates a committee adopted a position, and that's true.
https://web.archive.org/web/20231114102908/https://news.ycom...
It’s not a trial-ogue. It’s a tri-logue because it involves three parties.
* https://dictionary.cambridge.org/dictionary/english/trialogu...
We need some laws to swing our way; enshrine our rights to privacy in clear terms so implementing laws like chat control become a non-starter.
In my opinion you should be upset at the EU commission, and especially commissioner Ylva Johansson from Sweden who seems to be the one pushing this stupid stuff.
I think those are already in place - one major point against the previously suggested approach was that it would conflict with a bunch of existing regulation, and so it would never get past the courts even if it was passed.
Two convenient examples:
- Article 8 of the EU convention of human rights guarantees a right to privacy, specifically that "Everyone has the right to respect for his private and family life, his home and his correspondence": https://en.wikipedia.org/wiki/Article_8_of_the_European_Conv.... Clearly conflicts with "let's scan everybody's correspondence".
- The E-Commerce Directive defined the rules for online business in the EU back in 2000, and specifically prohibits states from ever imposing general monitoring obligations: https://en.wikipedia.org/wiki/Electronic_Commerce_Directive_....
For all its problems, in areas like this the EU is actually pretty well set up.
Worth noting that this isn't just a regulation; since the Lisbon Treaty it is effectively part of the EU's _constitution_, and can't simply be regulated or legislated away.
Though also note that it's the European convention on human rights, not the EU one. It's from the Council of Europe, a separate body, but the Lisbon Treaty effectively enshrined it in EU law.
EDIT: Nope, see comment below. The terminology is a bit of a mess...
So it doesn't have de-jure legislative powers, but de-facto it does.
I think you see this dynamic in action more with the commission vs EU parliament dynamic than you do with national government vs national parliament because in many countries there are, in practice, consequences to the government losing a vote in parliament, so governments will generally mostly restrict themselves to bills that they think they can win. There are no such consequences in the EU system, so you see a lot of this.
> Chat control - one of the worst EU plans that is also being described as a surveillance monster - must be stopped. And the EU Parliament has just decided to do so! In a historic agreement on the EU Commission's Child Sexual Abuse Regulation (CSAR) the European Parliament wants to remove chat control requirements and safeguard secure encryption. The decision came after extensive backlash against the original proposal from technology and security experts, to international scientists and to citizens across Europe. This is a great win for our right to privacy and for upholding our democratic values in Europe, but the fight continues!
What did the EU Parliament decide?
Breyer writes on his website that internet services and apps must be "secure by design and default". The EU Parliament has agreed to:
"safeguard the digital secrecy of correspondence and remove the plans for blanket chat control, which violate fundamental rights and stand no chance in court. The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material."
In contrast to the original chat control proposal, the version of the EU Parliament wants that a new EU Child Protection Centre proactively searches publicly accessible parts of the internet for child sexual abuse material with automatic crawling, which can also take place in darknet and would be much more efficient than private surveillance measures by providers. Found abuse material must be reported and taken down by the provider. Fight is not over
While the EU Parliament's decision is a huge win, the fight is not over. It is expected that the EU Commission will continue to push for general surveillance chat control measures. Now is the time for each and everyone of us to join this fight!
Thankfully the EU still has the European Convention on Human Rights and an associated court which individuals can go to and sue their state: the European Court of Human Rights. This is unlike the European Court of Justice which cannot directly be seized by individuals.
That EU Convention on Human Rights contains the "right to privacy" (art. 8).
This may be what they meant by saying that this horrible text stood no chance in court: a deluge of individual going to to the EU Court of Human Rights invoking article 8.
Now I don't doubt that the sold outs and enemy of the EU states at the European Commission are going to come back with other horrible measures.
As a sidenote this whole "good cop (European Parliament) / bad cop (European Commission)" is a bit of a farce played on the EU people too.
That's why we have strong checks and balances, the commission (made up of appointees of the 26 EU government heads) will push things, the council (made up of those heads) have to agree, and the Parliament (made up from a popular vote) has to agree, then if all that fails the courts step in
But the fight isn't as much against the government, it's the hearts and minds of the people to make them care more about their own privacy and security rather than "someone think of the children".
Checks and balances are working this time hopefully. Regardless our (good) multi-stage processes and multi-chamber structure and even, regardless matters of lobbying and money - in the moment of quiet while smoke is still on the wind - look for the shooter. "Who wants this?" and "What are their fears?" leads to a better leverage point closer to values than parameters.
There are a lot of people in the world right now anxious about the digital future. The EU Commission seem to hear too much from Chicken-Licken's gang of sky-repellant gizmo salesmen and not from calmer humane optimists.
[1] https://www.thorn.org/partnerships/
[2]https://web.archive.org/web/20130420162917/http://www.wearet...
Naively I thought it would cost millions to get a politician to support you but actually it's cheap enough a FAANG engineer could individually pay enough to lobby someone lol.
Edit: Literally the user base on HN would be able to crowdfund and organise a lobbying group greater than the NRA ($2.93M in 2022) if we wanted to - lobbying is such a smaller industry than I intuitively expect
This is... a little misleading. They also have at least two PACs (here's the big one: https://www.opensecrets.org/political-action-committees-pacs...)
Now, you could claim, though not particularly credibly, that money spent on PACs is not lobbying money.
I'm sure there is additional money for lobbying that is not on the books. Holidays, houses, good bullion, crypto, free memberships to exclusive clubs and the like that is gifted to politician's and their spouses by big industry.
Knowing you are losing an election and getting dumped into a $350k/yr easy-mode job takes the edge off.
"Be thankful for your government, it's the best that money can buy"
In the EU, a lot of laws are effectively written or co-authored by companies, which saves the politicians and their staffs incredible amounts of time and expertise. This must be quite expensive, just to have the lawyers on payroll who are able to do that.
https://youtu.be/1nBx-37c3c8?si=vA0IIew7ripABUTD
I think the idea that if an opposing idea went to an NRA friend and offered more money, in almost all cases they would refuse because the lobbying dollars aren’t to convince but to support someone who asked believes what you do.
In some cases, probably like crypto laws, a politician might think “sure I don’t care or have an opinion, you bought some donations and I don’t hate your opinion so I’ll help out”, but that is a lot different than “you pay me x and I vote y.”
I think taking the agency out of the politicians hands, in most cases, is the wrong perspective.
2) You aren’t going to move the needle much with 5 figures for anything at a national level.
The real work comes when you hire the congressman’s favorite PR firm for X and their cousins polling firm for Y and their former chief of staff for $15k a month retainer and so on. The vast majority of this gets done via “consulting” agreements and public relations firms and law firms, where the nominal work is irrelevant and the relationships and introductions are the product.
It just happens that most lobbyists are paid by groups who are seeking to enrich themselves at the cost of everyone else.
However, there are some lobbyists who work for organizations that attempt to guide policy that helps under-represented groups (like nature, animal welfare, human welfare). Those lobbyists are fewer and poorly paid (as their "clients" typically have little or no money), but they work hard to at least inform policymakers of their perspective.
Same with "expats" vs "immigrants".
Lobbying I'd argue is an essential part of democracy because it allows groups of people that have a shared concern to come together and make their case to the politicians.
page 26 (or page 24 in in-document numbering) ... amazing that Thorn was just an "NGO" .. instead of the company that wants to sell filtering tech.
so, can we get the actual expert opinion of these wonderful folk?
I'm sure it'll get reintroduced in a year or so, and if it doesn't get enough media attention, it'll pass.
They only have to win once, we have to win every goddamn time.
If you look at the developments in Hungary and Poland (or the polls in Austria), any form of surveillance will be just used as another vehicle to keep autocrats and would-be dictators in power.
I doubt that the election in Poland in 2023 would have turned out like this if the PiS had seamless protocols of the opposition's communication.
If legislators feel strongly ideologically about an issue, no amount of lobbying will make them vote the other way.
https://www.reuters.com/business/healthcare-pharmaceuticals/...
I don't think there's a topic where lobbying doesn't work to at least some degree. Or do you have an example?
Well maybe a tiny bit of doubt.
Which moreover came with a fineprint specifying that it'd be illegal for browsers to warn users about certificate being swapped?
Is that out of the window for now too?
That was a (probably) unintended consequence of the eIDAS legislation, where specific Certificate Authorities must be trusted by browsers to enable digital certificates and signing to work EU-wide. This has since been corrected and the legislation explicitly states that those CAs and the regular CAs can and should be kept separate, thus MITM won't be possible unless the browser chooses to mix things.
Let's see how quickly it'll resurface again
GDPR, forced interoperability from gatekeepers, the 2 year warranty on anything bought online
This attempt at breaking encryption completely stood out with the usual things
The EU seems like the only governmental organization that's working well to improve my life, in my country. Everything else is either decaying or opposing my values.
That'll have a massive (I think positive) effect on the digital economy.
That will be a lot harder though cause way more people actually pay attention to what their governates are doing compared to the EU (assuming of course a significant proportion of the population actually cares and opposes stuff like this).
The EU Parliament giveth and taketh away.
When you compare how scandalous and impossibly excessive was looking the story of "1984" a few dozen years ago and that now it is the new normal. In a lot of countries, even democratic ones, we are already far worse than what was described in the book. But very little persons are shocked about that...
This is a good start, if it is sufficiently well-funded and appropriately staffed.
I hope that they crawl much more than the public "clearnet" and "darknet", since a lot of media is shared inside the various walled gardens that make up the internet here in the '20s.
I know about statewatch and some individuals I follow who do a pretty good job, but feels like there is a gap for an organization to step and replicate what EFF does in the US.
I would happily support with money and time.
I used to have Stylebot pinned to my extensions to fix it, but haven't had to do it in ages. Designers - please don't do this.
(I think it comes from people designing on much higher contrast Apple monitors and not testing on anything else)
But you are right, the Tuta article has a contrast ratio of 4.35:1, which doesn't pass even the lower WCAG level (AA = 4.5:1).
Accessibility is important. We are all going to depend on it if we live long enough.
Some politician gets the genius idea to have backdoors in encryption, initial support, then reality sets in and the plans are abandoned.
There is just no sensible way to implement this, therefore it's not going to happen.
This iteration did go a bit further than usual.
The "Mandatory government-issue SSL certificate" is still on the table.
When I heard an interview with a Swedish EU politician, I thought it was a lost cause. She was completely blinded by the possibilities and saw no downside whatsoever.
It's all well and good to consider user privacy and user safety but not when it stifles the market.
[Please note that this is a satirical comment based on some of the arguments I've seen here in the past]
In the USA it's easy for a new tech company to put out a commercial to target the entire US population of more than 300 million people. This is practically impossible in the EU. The market here is actually very fractured.
We have "big" tech companies in each EU nation, but they cater only to the domestic market. "Big" as in they are dominant in their field inside their nation.
Take online payment systems for instance. While there are global EU companies like Klarna, most EU nations has their own system that everyone uses. So while you usually have a bunch of payment options to chose from, 99% picks the national one (usually no processing fees).
This also applies to a bunch of other apps in the EU.
If you create an app or a service in the EU and you want it to succeed, you need to target your domestic market first. However chances are there's already an app or service for your idea and you'll have zero chance to compete on the international market, even if you translate your service to as many languages you can think of.
doh, ARM?
edit: please add "edit" when you edit
Open standards, open-source code. That's really the only option for code people are supposed to trust.
Do I trust Apple and Microsoft? I think sort of.
I don’t trust them to be perfect, but if your prior is to say that you don’t trust them at all, then it means you basically can’t use them at all bc no amount of security will get around an untrustworthy OS.
They control what gets displayed on screen, they control how memory is laid out and accessed for a program. There are already so many more important things we entrust to them. So, yeah, I prefer OS’s (all vendors) to provide APIs, and for app stores to enforce their use. I especially would trust this more than EU laws, and I certainly would trust that more than everyone doing their own thing, regardless if it’s open source.
If for no other better reason I trust the OS more, since all of these open solutions will still run on those supposedly untrustworthy os vendors.
You basically have to trust your OS, Don’t you think? Otherwise, the answer is you do nothing.
I mean if they are claiming their messaging system is E2E and it turns out it isn't the cost to them (not only financial) would be much higher than whatever they earn from having access to your data.
If EU would introduce such legislation, it could potentially make software doing end2end encryption illegal. In such case, google would be removing it from EU Play Stores, and this would be more/less end of such messaging apps unless they comply. :-)
This is why it's important to have a reasonable legislature and laws.
And multiple points of control. In the EU the council acts as a check on populism through parliament (even if the nazis took over parliament it wouldn't give them a lot of power), parliament acts as a check on the council (even if the heads of 70% of EU countries decided something, parliament gets its say). Neither of those are the executive so they would be unable to push through laws which favour specific countries or groups of countries (as the commission are supposed to act primarily on behalf of the union, in the same way the US president is supposed to not favour his home state). Then outside of government you have the judiciary who look at the laws passed and interpret them in line with other laws, throwing out ones which are incompatible.
If you have to ask governments for permission then that's a bad design and your system will be taken away from you when the next think-of-the-children populists are elected
If you work on the assumption all governments are eternally nice and well interventioned .. then E2E chat systems aren't all that necessary in the first place