Large organizations will always try to grow in size and power.
We need some sort of human right for digital privacy to make this sort of thing illegal.
Hopefully with more tech-savvy generations gradually taking power, this will happen without too many painful lessons.
Did we though? Unfortunately outside the US and a handful of other places free speech doesn't seem to be valued that much, often it's even viewed as a threat (and I'm not talking about authoritarian regimes). It's a double-edged sword to be fair, enabling misinformation and chaos.
I think one of the main problems "free speech absolutist" have is that they chose such an awkward phrase to self-identify themselves. The word "absolutist" is so unambiguous that it implies that seemingly no one would qualify for it besides true loons which makes the whole idea easy to dismiss.
When you really get down to it, almost everyone supports some type of restriction on speech. This should be especially apparent when discussing legislation like this in which the goal is preventing the distribution of child porn. How can a "free speech absolutist" be okay with a government making certain images and videos illegal to share? Wouldn't a true absolutist fight for people's right to distribute child porn?
The ambiguity of "absolutist" ends up making any reasonable "free speech absolutist" debate the meaning of the word "speech". Suddenly things like child porn, defamation, threats, fraud, and/or the location of Elon Musk's private plane need to be debated as whether they qualify as "speech". The chosen phrase necessitates that the "absolutist" need to weaken the idea of "free speech" in order to seem reasonable. Which in turn makes people who are ostensibly pro-free speech start to question whether something like hate speech should even qualify for free speech protections.
So a "free speech absolutist" either needs to argue some truly extreme views like why child porn should be legal or they weaken the overall pro-free speech side of the whole debate.
So the free speech absolutist groups got infiltrated by those that wanted to dog whistle and (almost) never tailored arguments to those who were strongly opposed; and worse, those who need free speech the most.
The same often goes for encryption. And we have to deal with adversaries that are willing to straight up lie and promise things that sound nice and sound accurate (things that follow when using basic logic but don't if nuance is incorporated). There are no universal optimas, things with no downsides/costs. But most importantly we have to tailor arguments to audiences, not expect them to be just taken and understood like we do. The priors are different and their objective functions may be different as well. So often people will argue what they think is most important to fall of deaf ears because people don't consider that thing important (at least in context).
How about just political opinions? How quickly we forgot "free speech zones." This is the government actually limiting public speech in the USA.
https://en.wikipedia.org/wiki/Free_speech_zone
BTW, I am not for this regulation in any way. I just don't see the connection to hate speech.
I’m also in this camp and have been down-voted into oblivion many times for just saying something like “I disagree with what you say but I will defend to the death your right to say it”.
It’s not fun to be a defender of truly free speech because you get painted into the same camp as the bad guys.
And turns out very few people want actually free speech. We're in a forum with strong moderation and the discussion is better for it. Most communities self-enforce norms even without central moderation. There's no easy answers when you have to reckon with the real effects speech has. Germany wasn't special, they weren't even alone at the time. What folks call "fascism" naturally precipitates under the right conditions and I can't think of any time in history where it's been dealt with by the socratic method and not violence of a kind.
But once you have a word you can accuse someone of with actual repercussions folks acting in bad-faith try to fit people they don't like into the mould. We think ourselves so much better than those silly puritans accusing people of witchcraft but we just changed the words. I'm sure you could name five off the top of your head that people level without any kind of justification.
Free speech absolutism is also known as 'Meiklejohnian absolutism' which pertains to the 1st amendment with a particular opposition to the liberal interpretation of 'clear and present danger'. Heather Lynn Mac Donald is prominent person who holds similar views on speech and she makes the case that calling for end of Israel is protected free speech since there is not a 'clear and present danger'. The people calling for that genocide are presently unable to carry it out. It's actually one of the things I agree with Claudine Gay about. The problem in Harvard's case is that it's selective free speech but that is a different issue.
The liberal interpretation of the 'clear and present danger' carve out for the 1st amendment is the reason why there is so much emphasis on tying speech to violence. This is why safe spaces must be created where views that could make things unsafe are not permitted. For example, misgendering people could cause them to commit suicide therefore you are in effect murdering people with your words. It's a total stretch of the 'clear and present danger' but it is done at such a scale that is has been effective.
The last thing I fought against was the removal of The Daily Stormer from the internet. I figured it set a bad precedent which was sure to be abused. Once services have signaled that they can be swayed then immense pressure would be brought to bear to sway them further. Another reason is that I think it's important to hear what people say instead of what some people say about what some other people say. I think the Taliban and ISIS should also have websites. I also figured it was very counter productive. If you're going to do it once, fine, but don't keep doing it. By first forcing the most extreme people out of mainstream and onto alternate sites the character of those sites will change to be more extreme. By subsequently forcing less extreme people out of mainstream these people have no where to go except for the already extreme sites where they will be outnumbered and they will see the existing extreme views as the new consensus. Slowly salami-slicing the mainstream fosters the creation of a large and very extreme population which is extremely counter productive. A similar effect can be seen in prison populations where many people who go to prison are forced to join dangerous gangs for their own protection and instead of becoming rehabilitated they become far more dangerous than when they went in.
I think cynical political operatives knew this and did this intentionally as part of the 'pied piper' strategy where the 'basket of deplorables' needs to both be large and unpalatable to the rest of the population in order for that group to be effectively disenfranchised. The problem is when that basket gets too big and is no longer able to be disenfranchised and instead elects the pied piper president. I think Q-anon is an soviet style 'Operation Trust' that basically sent a substantial portion of the population insane - intentionally. One would think that they would have learned their lesson the first time when Trump got elected, but having succeed the second time they're going to try for a third time. This whole process is immensely damaging. Even now the attempts to destroy Trump are counter productive and instead helping him.
My primary concern is for the health of the middle class and I worry about mass immigration undermining that. I say this as an immigrant with the understanding that I would be personally worse off were it not for immigration. I think those in the middle class have legitimate grievances and ignoring the issue of mass immigration and deriding those opposed to it as hateful bigoted stay at home xenophobes has lead to the success of populists parties. Attempts at disenfranchising those populists parties with coalitions has only delayed the now seemingly inevitable.
I'm vehemently against hate speech laws, they start out as hate speech modifiers and through that simple existence now require the courts to establish thoughts through invasions of privacy. I think this rises to the level of thought crime in effect and is of course very Orwellian. Once the notion of hate speech crimes has been established it was just a matter of time before legislation makes it official, if not at the federal level then at the state level. I think the new 'anti-Zionism is antisemitism' conflation in combination with 'antisemitism is hate speech' in effect now makes criticism of Israel illegal, it'll be interesting to see how that is enforced as it's such a ridiculous notion. Predictably the left is now on the receiving end of the very policies there were instrumental in establishing. They have been hoisted by their own petard.
The attempt to stamp out 'hate' makes as much sense as the Soviet attempts in their creation of the 'New Soviet man' free from 'greed'. There are already proposals to stop companies from being 'greedy' though legislation.
I find it rather interesting that Popper's paradox espouses the idea that one must be 'intolerant of the things that threaten tolerance' sounds really similar to George Lincoln Rockwell's philosophy of 'you must hate the things that threaten what you love.' In both cases giving people license to do what they wanted to do anyway.
For me the battle is over, limited to posts like this, my focus these days is to avoid the crushing of the middle class by being as economically far away from the middle class as possible.
The government should not make any speech illegal on a federal level, but individual private businesses or websites (like HN) can still decide what's tolerated on their property.
And the corollary -- I believe in free speech but there are some people I'll never listen to, even though I believe in their right to speak.
Many free speech absolutists would agree that Hacker News should not be compelled to publish off-topic or rule-breaking discussions any more than a cake shop owner should be compelled to sell you a cake displaying a message that the cake shop owner doesn't agree with.
https://en.wikipedia.org/wiki/Masterpiece_Cakeshop_v._Colora...
https://en.wikipedia.org/wiki/Lee_v_Ashers_Baking_Company_Lt...
The entities that need to be circumscribed need to enforce a law that circumscribes themselves? Those incentives do not seem to align to form a stable structure.
There's a strong and widespread expectation among many that it's morally imperative for them to be able to elect their own government. So any moves by the government to limit this will be met by fierce resistance.
If a similar idea existed about privacy, these sneaky moves wouldn't be feasible and would leave a bad taste in the mouths even of the perpetrators. Unfortunately, many among us are of the "But I've got nothing to hide" persuasion.
That's not really true as far as it comes to the EU though? The EU parliament has always been a joke with limited power (both because of structural reasons and because most of it's members are clueless and extremely easy to influence) and besides that the EU population has no way to exert any direct influence on EU policies (they could do that through the council but they'd have prioritize the EU over domestic issues when voting in national elections which will never happen)
The second your only recourse against authority is to politely ask it not to do something bad to you (maybe, for instance, on a piece of paper with multiple choice questions), you have no real autonomy.
WalMart is the largest private spender in the world at around ~$400B per year. The US Federal Government alone spends >$400B per month...
That doesn't even include state and local governments which basically doubles that.
This already exists in the EU, the EU charter of Fundamental Rights https://fra.europa.eu/en/eu-charter/article/7-respect-privat.... states "Everyone has the right to respect for his or her private and family life, home and communications", however it seems to have been ignored.
That's how you get another level of super-government, i.e. one more tyrant in the chain
Historically the circle breaks only with revolution and violence .
Maybe checks and balances would work as a system, but the EU has neither
This sort of rhetoric is dangerous.
> Maybe checks and balances would work as a system
It does seem to be working well in America.
For governments.
> It does seem to be working well in America.
They say ignorance is bliss.
The administrative budget of the EU should be cut by 3-4x times and the money should be spent on something more useful because clearly they are out of control and have nothing better to do. While we're at turning Belgium into something like DC and disenfranchising their government/people living there wouldn't be the worst idea since they clearly have been co-opted into propagating this nonsense.
Seems like a good thing. If nothing else works at least that might bring some attention to this nonsense..
And so, 96% of people now think Signal is evil.
They'll just be blocked from the app store for EU users and their user base in the EU will drop to near zero within a year.
They are not somehow bluffing or threatening this simply to try to change the law. It's a principled stance that they simply cannot provide E2E encrypted chat under such conditions. So either they break their protocol in which case their claimed offer would be a lie, or they leave.
Seems like the only choice they have, really. Also, by "leave EU" I'm pretty sure they mean not offer their app in the EU, so yes I think they expect their EU user base to be zero in this scenario.
There are already anti-circumvention mechanisms built into Signal to facilitate use in places like China and Iran, so they've shown no interest in compliance where that goes directly contrary to their mission. Should they be removed from the App Store in Europe, I imagine they'll work on making use of the EU's own push to open iOS up for alternative app stores / PWAs. (It's clear that the EU is unhappy with Apple's current take on compliance, so we can expect that to open up further.)
The hardest to convince would be Whatsapp, but I think that Zuckerberg is one of the few big tech CEOs that still has principles, at least sometimes. I think it could happen.
"Still"? I'm not aware of a time when he's publicly shown any sort of principles.
Hint: I'm taking Simons' role in this: They won't drop to zero.
Can GrapheneOS prevent detection of somebody sideloading Signal?
EU politicians should keep their over inflated salaries, and stick to what they are good at. Meeting with Google and Microsoft lobbyists at the best Brussels luxury restaurants.
Yes and it was/is very successful at that. The overpaid and incompetent bureaucracy in Brussels seems to be mostly tangential if not detrimental to that.
Also to be fair your take is also very shallow and provides little value.
Wasn't that NATO (aka mostly the US)?
If a Member State is the victim of armed aggression on its territory, the other Member States shall have towards it an obligation of aid and assistance by all the means in their power, in accordance with Article 51 of the United Nations Charter. This shall not prejudice the specific character of the security and defence policy of certain Member States.
Commitments and cooperation in this area shall be consistent with commitments under the North Atlantic Treaty Organisation, which, for those States which are members of it, remains the foundation of their collective defence and the forum for its implementation.
The previous Portuguese PM António Costa, who had to resign amid a corruption inquiry...Has just been announced today for an EU role that will triplicate his previous annual salary as Portuguese prime minister
"Portuguese PM António Costa resigns amid corruption probe" - https://www.politico.eu/article/portugal-prime-minister-anto....
"Portugal's Antonio Costa expected to be next head of European Council" - https://www.reuters.com/world/europe/portugals-antonio-costa...
"...Costa's appetite for a top European position has been an open secret for years. In March 2022, amid speculation Costa was angling for a Brussels job, Portuguese President Marcelo Rebelo de Sousa warned him that he would call an election if he were to leave his post early..."
It is a graft and of the worst kind, and naive takes like yours is what led to scenarios like Brexit. It's a jobs for the boys organization and you are not part of the club.
The EU's mutual defense clause is an empty shell
Are you talking about the same EU that just passed the DMA? That must have been some really nasty food poisoning then!
If Chat Control goes ahead long-term that will outweigh any benefits DMA might have.
My bet is that they'll only allow "Trusted Partners" to interact with their network, and you'll need to sign a contract with one of these partners to connect to WhatsApp. This contract will have pretty much the same terms as signing up with Meta directly.
No they should be kept accountable for their actions and the money they waste. Currently there is no mechanism for that, but i m sure hordes of them would quit if we made one
Only this isn't something which can be solved by technical measures without abandoning "Liberté, égalité, fraternité". This is something for China/Russia/Iran/North Korea/England, not France.
I sent something I composed myself, but this template looks good if you need inspiration.
https://nextcloud.pp-eu.eu/index.php/s/cwyRic7cC5zcfHk?dir=u...
It's really disappointing that Sweden are behind this as they have some extremely talented people only they aren't being listened to.
[1] https://cdn.netzpolitik.org/wp-upload/2024/05/2024-05-28_Cou...
Apple: Their CSAM detection system that was lambasted not too long ago[0]
[0] https://www.apple.com/child-safety/pdf/Expanded_Protections_...
The Apple system was pretty much the best way this could be done short of having a 100% reliable "AI" system on-device detecting bad stuff.
It wasn't 100% reliable and in fact people quickly found collisions. Which you should expect to be able to with an even more advanced system.
> Ahh, the Misunderstanding Olympics of 2021
There's much nicer ways to say this that is congruent with community standards[0]. If you believe I have misunderstood then try pointing out specifically what I have misunderstood instead of just making an assertion.
But the question was if anyone was aware of any client side scanning technology that could in fact check for stuff such as CSAM. In fact, the Apple system was developed explicitly for this purpose, so yes, this does exist. While Replay doesn't have this explicitly feature stated (that I'm aware of), it is not a big step to think that you can just smash the two things together. As Apple shows a system detecting based on images and Replay is taking images of one's computer.
This may be true, and yet it's also true that it was still a terrible plan. This is exactly why it simply shouldn't be done at all.
In the "think of the children" scenario the parents are incentivized to consent to some filter. (So they or someone(!!!) gets an alert if the boogeyman is talking to their kids, asking them to send nudes, or sending dick pics.)
See recital 13 on top of page 7 for the definition.
And see 17 on bottom of page 8 for this:
"To allow for innovation and ensure proportionality and technological neutrality, no exhaustive list of the compulsory mitigation measures should be established"
and
(page 46) "... measures shall be ... targeted and proportionate in relation to that risk, taking into account, in particular, the seriousness of the risk as well as the provider’s financial and technological capabilities and the number of users; ..."
This is a framework. It seems to be coming from overly-anxious law nerds who can't stop thinking of the children. (And yes, this usually makes them a problem, because they're nigh unreasonable.)
It seem to be set up as a DIY thing for providers. And, again, for parents it makes sense, let your kids surf on the marked-safe-for-kids part of the Internet. (And nowadays kids really spend most of their time on (in!) certain apps, not in a web browser.)
The ugly part is that there are fines to compel the providers to adjust their risk metrics. (page 104, page 110 mentions max 6% of global turnover)
This clearly seems to be a softish push to assign a cost to internet ecosystems for online child sexual abuse.
On page 45 there are some requirements.
The provider needs to think about risks (but guidelines will come from authorities anyway), have some appropriate budget to actually work on this it the context of its own service, and then if it looks like there are problems it should spend money on remediation. (Ie. spend on content moderation, work with other providers in the industry, have a team and provide UX to notify that team, and allow users to limit what they share with others based on age.)
A pretty common example in my circle is parents taking pictures of baby rashes/pimples/blisters etc to send to family doctor or doctor friends.
It sounds like a situation where every parent with a toddler will end up on some list.
One page 17 section 28 says "... constantly assess the performance of the detection technologies and ensure that they are sufficiently reliable, as well as to identify false positives and avoid to the extent erroneous reporting to the EU Centre, providers should ensure human oversight and, where necessary, human intervention, adapted to the type of detection technologies and the type of online child sexual abuse at issue. Such oversight should include regular assessment of the rates of false negatives and positives generated by the technologies, based on an analysis of anonymised representative data sample"
and for the draft law language see page 60 which says that after the user reported something the provider forwards is anonymized to this new EU Centre, where there human verification has to take place.
So supposedly this means our tax will pay for folks to look at a ton of rashes and pimples.
Will TLS have to be redone with a third snooping party in the mix? Is that what we're going for here?
So regular folks would get scanned, but the bank's private messaging service isn't included. Just like the child pornographer's private messaging service won't be included either.
So app developers would be required to add code that will scan every message you send for "sensitive" content (which can be defined however the politicians like and be changed any time), and the app will report your message to the government.
https://www.patrick-breyer.de/en/majority-for-chat-control-p...
- providers spend money on having a counter-abuse team
- providers and authorities cooperate to identify risks
- providers implement proportional controls based on the risks
users can continue to run their own private stuff.
it seems this has almost nothing do with the organized sex crime stuff, it's about catching those lone pervs who realized they can send dick picks to minors all day.
see page 45 and 46 https://cdn.netzpolitik.org/wp-upload/2024/05/2024-05-28_Cou...
"... measures shall be ... targeted and proportionate in relation to that risk, taking into account, in particular, the seriousness of the risk as well as the provider’s financial and technological capabilities and the number of users; ..."
So whenever you send anything to example.com you also send it to government-snooping-service.org?domain=example.com.
And if you refuse to adjust your app you will get fined I guess.
Will curl have to self report every request? Lol...
Every client? Like will axios need to self report?
https://cdn.netzpolitik.org/wp-upload/2024/05/2024-05-28_Cou...
for more details on this thing see page 45 and 46
in general this is a framework to
- have big players to spend money, have a team that for this, and have effective "parental controls" (have more age-appropriatedness controls, more tagging options for users/content, etc)
- have an EU center that works on the technological part of the problem
https://dsa-observatory.eu/2023/02/21/the-dsas-crisis-approa...
Not to mention that under the DSA plattforms have to delete "misinformation" in a short time span, whatever that is.
"... As services which enable direct interpersonal and interactive exchange of information merely as a minor ancillary feature that is intrinsically linked to another service, such as chat and similar functions as part of gaming, image-sharing and video-hosting are equally at risk of misuse, they should also be covered by this Regulation. "
https://cdn.netzpolitik.org/wp-upload/2024/05/2024-05-28_Cou...
Arguably North Korea since their RedStar OS had a kernel module that scanned all files and text looking for keywords like 'torture'. And if you're being compared to one of the most brutal and isolated dictatorships on Earth, things are not good.
The justification is obviously a lie anyway. If CSAM were such a huge concern, you wouldn't have member states where distributing CSAM is about as severe of a crime as theft, which is the case in Germany.
Surely the first step would be to have actual significant criminal charges for these crimes in all member states.
self hosted chats included? ;)
.
.
It's a big framework to push the industry to have more "parental controls".
Everything is covered, but there the actual requirements make sense. See page 45.
It's still bad, because it's extremely tone-deaf (and playing with fire is bad), but it's written by and for policy idiots, who live in Word documents, and (un)fortunately rarely have contact with the outside world.
Preventing the spreading of CSAM is one of the key ideas behind the regulation.
I wonder what happens with pictures sent as base64 text blobs though.
Welcome all ye bards!
Ahem what? Last I checked any EU country can veto anything on its own.
> Belgian EU Council presidency
It's Council of the EU, not EU Council, that's the heads of state who don't have any legislative role. But the Council only does inter-country treaties, how is this even their thing?
Only on certain topics, which have been narrowed down over time. For most areas (including something like chat control), it comes down to Qualified Majority Voting, which needs at least 55% of countries representing at least 65% of EU population.
https://en.wikipedia.org/wiki/Voting_in_the_Council_of_the_E...
Feels like they did this shit deliberately though, as it would never pass the Parliament for sure.
Other matters, notably foreign policy, require unanimity.
Here's the only relevant section, which links to an article [1] that says only that discussion will continue on the 19th June:
According to documents leaked by netzpolitik.org, the COREPER 2 meeting in which they will put it [compromise proposal] to a vote will already take place on Wednesday, 19 June.
[1] https://netzpolitik.org/2024/anlasslose-massenueberwachung-f...
> If Chat Control is endorsed by Council now, experience shows there is a great risk it will be adopted at the end of the political process.
meaning: there will be little opposition to the proposal once it reaches the MEPs.
meaning: because the dust hasn't settled on the EU parliamentary elections, MEPs could vote without giving full attention to the law.
Call me an optimist, but I still hold hope that that's not the case.
Some questions I have from reading Patrick's website:
- How do you even ensure a client is actually self-reporting? On-device attestation doesn't really work.
- As a provider of E2EE chats, should the client report to you or to a third-party (Who?)? If the client reports to you, you are now possessing CSAM. Since even possession of CSAM is illegal, how does that work?
- If a photo are flagged, will it appear in a GDPR access request?
see page 39 "5. Without prejudice to Article 10a, this Regulation shall not prohibit or make impossible end-to-end encryption, implemented by the relevant information society services or by the users"
https://cdn.netzpolitik.org/wp-upload/2024/05/2024-05-28_Cou...
see also page 46
"... measures shall be ... targeted and proportionate in relation to that risk, taking into account, in particular, the seriousness of the risk as well as the provider’s financial and technological capabilities and the number of users; ..."
also, it's a big framework without any tech requirements (see page 8 recital 17)
> Only non-commercial services that are not ad-funded, such as many open source software, are out of scope
> How do you even ensure a client is actually self-reporting?
This is an interesting technical question whether or not it's covered by the actual proposal. How do you ensure that Messenger for instance is
1. actually doing the reporting, and not someone simply bypassing the app to keep sending e2ee chats without them being client-side scanned. That would most likely be against ToS and accounts would maybe get banned if doing so
2. prevent against spam reporting, where someone could basically DoS the reporting service with false positives
> If a photo are flagged, will it appear in a GDPR access request?
There are a bunch of dispositions in the draft concerning personal data protection (ctrl+f personal data to find the relevant articles). It also states pretty much everywhere that processing should be done in accordance with Regulation (EU) 2016/679, more commonly known as GDPR.
[0] https://www.patrick-breyer.de/en/posts/chat-control/
What really bugs me though, is this:
> Having regard to the availability of technologies that can be used to meet the requirements of this Regulation whilst still allowing for end-to-end encryption, nothing in this Regulation should be interpreted as prohibiting, requiring to disable, or making end-to-end encryption impossible. Providers should remain free to offer services using end-to-end encryption and should not be obliged by this Regulation to decrypt data or create access to end-to-end encrypted data
I believe this was added as a request from France, which didn't want E2EE to be undermined by this proposal. However, the provider would need to "create access to end-to-end encrypted data" to report it to the EU Centre. Although the following article states that E2EE can still be used if you don't send images, videos and URLs, so I guess that's the compromise?
Sorry, I don't follow. Am I misreading something? To me the the quoted text says the opposite.
"Providers should remain free to [...] and should not be obliged by this Regulation to [...] create access to end-to-end encrypted data"
> prevent against spam reporting, where someone could basically DoS the reporting service with false positives
Yep, probably there's no way to do this. (Likely this whole thing will be a lot of money spent to realize this.)
It's going to be awful not having Patrick Breyer reporting these activities.
Really his snide at the right gaining traction in his post shows that he still doesn't get it.
I know there are alternatives to Facebook - I've pitched all of them to my friends, but people my age are still only on Facebook.
The relentless push, I feel may mean some American contractors are demanding their pound of flesh.
https://mullvad.net/en/why-privacy-matters/going-dark
They should be checking the bank statements of those on the EU payroll, and who are relentlessly pushing this. Make sure everything is above board.