From the article, the current flavor of "threat" this is being positioned to fight is CSAM.
Does anyone believe that predators commit those heinous offenses because of the availability of encrypted channels to distribute those products of their crimes? I sure don't. The materials exist because of predators' access to children, which these surveillance measures won't solve.
Best case scenario (and this is wildly optimistic) the offenders won't be able to find any 'safe' channels to distribute their materials to each other. The authorities really think every predator will just give up and stop abusing just because of that? What a joke.
More likely of course, those criminals will just use decentralized tools that can't be suppressed or monitored, even as simple as plain old GPG and email. Therefore nothing of value will be gained from removing all privacy from all communication.
This has nothing to do with csam and arguing that point is on purpose, to distract people and the politicians can say “xp84 supports child pornography!”
It has everything to do with censorship and complete control over people’s ability to communicate. Politicians hate free speech and they want to control their citizens completely including their thoughts. This is true evil.
But politicians are - in general - neither evil, nor do they have any real incentive to ”control citizens’ thoughts”. It doesn’t make sense. They can be gullible. Non-Technical. Owned by lobbyists. Under pressure to deliver on the apparent problem of the day (csam, terror, whatever). But I don’t think there is a general crusade against privacy. That’s why I think it’s so infuriating: I’m sure it’s not even deliberately dismantling privacy. They’re doing it blindly.
This is pushed by parties that have a good track record of preserving integrity. That’s why it’s so surprising.
> Does anyone believe that predators commit those heinous offenses because of the availability of encrypted channels to distribute those products of their crimes?
Who says that? I don't think they say that.
> The authorities really think every predator will just give up and stop abusing just because of that?
Nope, they think they will be able to arrest more predators.
> More likely of course, those criminals will just use [...]
You'd be surprised how many criminals are technically illiterate and just use whatever is the default.
The thing that is crazy to me is that they choose to go after Signal of all things. Certainly there would be higher priority targets than a messaging app that has no social networking features to speak of, if child predators were really the target here.
This is nonsense. Anyone who has the smallest clue would use Signal for anything sensitive. Of course people would use Signal to talk about illegal stuff.
I am against ChatControl. But I am amazed by all the bullshit arguments that people find to criticise ChatControl.
If you have more control, obviously it's easier to track criminals. That's not the question at all. The question is: what is the cost to society? A few decades ago, all communications were unencrypted and people were fine. Why would it be different now? That's the question you need to answer.
> Best case scenario (and this is wildly optimistic) the offenders won't be able to find any 'safe' channels to distribute their materials to each other.
The theory is based on the documented fact that most crime is poorly thought through with terrible operational security. 41% is straight up opportunistic, spur of the moment, zero planning.
It won't stop technologically savvy predators who plan things carefully; but that statistically is probably only a few percent of predators; so yes, it's probably pretty darn effective. There are no shortage of laws that are less effective that you probably don't want repealed - like how 40% of murderers and 75% of rapists get away with it. Sleep well tonight.
Exactly. Econ 101: why do consumption taxes work at all? By increasing the amount of pain associated with purchasing a particular indulgent product, you decrease the consumption of that product on the margin. When you increase the price of cigarettes by 20%, cigarette smoking in a society decreases. But for the most addicted, no consumption tax will probably act as a deterrent.
Some individuals will find a way to distribute and consume child pornography no matter the cost. But other addicted individuals will stop consuming if doing so becomes so laborious because they are consuming or distributing on the margin. I.e, imagine the individual who doesn't want to be consuming it, who knows they shouldn't—this type of deterrent may be the breaking point that gets them to stop altogether. And if you reduce the amount of consumption or production by any measure, you decrease a hell of a lot of suffering.
But anyway, the goal of this legislation is not to drive the level of distribution to 0. The goal of policymakers could be seen charitably as an attempt to curtail consumption, because any reduction in consumption is a good thing.
Absolutely, evidence of abuse is secondary to the actual abuse.
Plus, the fact you could use/make AI/LLM/etc generate nefarious content that is hard to tell is fake, tells you the abuse isn't even what they are interested in.
No, you don’t get it. Hosting or possessing CSAM has criminal penalties even if no children were involved. For example AI generated imagery.
In fact, even if zero children are ever trafficked or abused going forward, and pedophiles only use old photos of children from 30 years ago, merely having these images is still an issue.
Conversely, the vast majority of sexual abuse of minors doesn’t involve images and goes unreported. "Considerable evidence exists to show that at least 20% of American women and 5% to 10% of American men experienced some form of sexual abuse as children" (Finkelhor, 1994). "Most sexual abuse is committed by men (90%) and by persons known to the child (70% to 90%), with family members constituting one-third to one-half of the perpetrators against girls and 10% to 20% of the perpetrators against boys" (Finkelhor, 1994).
In short - if they wanted to reduce child abuse, scanning everyone’s communications for CSAM would not be the most straightforward way to go about it.
Well, what is "the problem"? Is it children being abused, or is it the distribution of CSAM?
And if you say both - how would you rate the relative severity of the two problems? Specifically, if you had to pick between preventing the rape of a child, and preventing N acts of CSAM distribution, how big would N have to be to make it worth choosing the latter?
> You're seriously suggesting that any policy that doesn't 100% eliminate a problem is a joke?
I think a more charitable reading is that any policy that doesn't 100% _target_ a problem is a joke. This policy doesn't have a plausible way that it will protect children from being victimized, so I think it's reasonable to remove the "think of the children" cloak it's wearing and assess it on the merits of whether encryption is beneficial for the social discourse of a society.
- People who go into government want power over others, and they'd therefore prefer more power than less at every junction
- The population put up very little resistance in general - e.g. as we saw with COVID, they'll freely let the government put them under house arrest and destroy their businesses, to protect them against a bug only slightly deadlier than the flu
- However they do need some pretext - with none at all, impinging on people's civil liberties would cause confusion, and the people might even ponder grumbling about it, which would be unnecessarily messy for everyone involved
- Hence they simply need to lay out some half-assed pretext, just to make it easy for people to internally justify their further loss of rights, so that they don't have to have any uncomfortable thoughts like "maybe I should disagree with this?"
- "Think of the children" is a nice easy one. It's basically a farcical meme at this point, but that doesn't affect its effectiveness, for the reasons described. You could use this for literally anything, no matter how extreme (I'm sure for instance the Nazis used it as one reason for exterminating Jews - to protect "Aryan" children & their future etc)
I think the challenge for society here is not to simply reject attempts like this, but how to prevent them from being pushed over and over until a specific context allows it to be approved.
The accepted solution is to have a constitution that says otherwise.
Which is a bit complicated here, as the EU has no real constitution and this 'law' (really a regulation) is a blatant violation of the constitutions of countries that did choose to establish secrecy of correspondence.
> The accepted solution is to have a constitution that says otherwise
And the willingness and ability to enforce it. The current iteration of ChatControl is pushed by Denmark, which is at present the President of the Council of the European Union. The Danish Constitution itself enshrines the right to privacy of communication [0], but this is not stopping Denmark from wanting to ratify ChatControl anyway.
You are most definitely not right. The EU charter of fundamental rights is an agreement that holds legal binding. The institutions who are supposed to uphold the charter are CJEU, European Commission, FRA, NHRIs.
The people who wrote this proposal said it themselves - "Whilst different in nature and generally speaking less intrusive, the newly created power to issue removal orders in respect of known child sexual abuse material certainly also affects fundamental rights, most notably those of the users concerned relating to freedom of expression and information."
This proposal is illegal. The fact that CJEU at least haven't issued a statement that this is illegal tells you everything you need to know about the EU and its democracy.
> The accepted solution is to have a constitution that says otherwise.
Constitutions don't enforce themselves. The US constitution has a crystal clear right to bear arms but multiple jurisdictions ignore it and multiple supreme court rulings and make firearm ownership functionally impossible anyway. Free speech regulations have, thankfully, been more robust.
The only thing that stops bad things happening is a critical mass of people who believe in the values the constitution memorializes and who have enough veto power to stop attempts to erode these values.
The US has such a critical mass, the gun debate notwithstanding. Does the EU have enough people who still believe in freedom?
Plenty of EU states already have a constitution in which this proposal would be de facto unconstitutional.
The issue is what is the European Commission willing to do in order to guarantee that fat contract check goes to Palantir or Thorn or whoever has the best quid pro quo of the day.
This is not Stasi this is Tech billionaires playing kings and buying the EC and Europol for pennies on the dollar and with it the privacy of virtually every citizen of zero interest for law enforcement or agencies.
I've commented this elsewhere, but rights in the US are generally much more absolute than here in Europe.
For example, in the EU you technically have the right to freedom of expression, but you can also be arrested if you say something that could offend someone.
Similarly rights to privacy are often ignored whenever a justification can be made that it's appropriate to do so.
I don't know about elsewhere in the world, but here in the UK you don't even have a right to remain silent because the government added a loophole so that if you're arrested in a UK airport they can arbitrarily force you to answer their questions and provide passwords for any private devices. For this reason you often here reports of people being randomly arrested in UK airports, and the government does this deliberately so they can violate your rights.
The only way I see to prevent the constant pushing is that every single time some council or committee presents something like this every single of one of their private communication gets leaked for everyone to peruse at their leisure from whatsapp to bank statements.
They want to erode people's privacy? Let them walk their talk first and see how that goes.
Tempting though that is, I think that's the wrong way to resolve it: The people proposing it (law people) are a different culture than us (computer people), and likely have a funamental misunderstanding about the necessary consequences of what they're asking for.
> how to prevent them from being pushed over and over until a specific context allows it to be approved.
We need more diverse mobile OSes that can be used as daily drivers. Right now, it's almost a mono-culture with the Apple-Google duopoly. Without this duopoly, centralization and totalitarian temptations would be less likely.
There's GrapheneOS, which is excellent and can be used without Google, but it relies on Google hardware and might be susceptible to viability issues if/when Google closes down AOSP. Nevertheless, they are working on their own device that will come with GrapheneOS pre-installed, which is exciting.
There's also SailfishOS, which has a regular GNU/Linux userland and almost usable at this stage with native applications. As a stopgap, it can also run Android applications with an emulation layer, and plenty of banking ones work just fine.
Already so much embarrassing information about the people in power is leaked or uncovered by investigative journalists and organizations, who exist to uncover these things, that the despicable character of those people is something people can look up rather easily. I am not convinced, that we even collectively still possess one brain cell to let consequences follow, such as voting radically differently, starting a democratic process to vote or indirectly vote their arses out of office. Instead it seems like we have tons of non-democratic mindset people in our society, who don't inform themselves, don't care about other generations, are too uninformed to understand the consequences of their vote, and simply every time vote the same shit into office.
Take Germany for example. For decades now we have let SPD, CDU, Greens, FDP ruin our country. AFD won't be better by the way. Again and again we vote against our own interest out of stupidity, complacency, or whatever it is. Oh, they want to raise pensions? What a coincidence just before the elections! Aaaand all the pensioners votes are secured for a party that will further ruin the country and line their own pockets. We do the same frickin shit every single time. And now it is so bad, that if we don't do it, then we will get right extreme AFD, that has even less a clue of what should be done, is paid by Pootin, and would fuck up things even faster.
The basic premises, that you are voted out of office, if you do badly does no longer hold here. It's all money and population brainwashing, to vote against our own interest. What our ancestors have built up from the ruins of WW2, we throw out of the window in ever election that we elect the same shitty parties again: CDU/CSU, SPD, Greens, FDP, AFD, Linke, BSW... None of these deserve our trust and vote. It apparently is asking too much of the citizens of a wannabe democratic country to check alternative parties in a Wahlomat before an election, to decide what fits best ones ideas.
>The only way I see to prevent the constant pushing is that every single time some council or committee presents something like this
Yes but.. it can't just be vague exhortations and generalities. I didn't know the pertinent bodies previously, but after GPT'ing on it, it looks like they include:
One is "DG Home," an EU department on security that drafts legislation.
Another is Europol, a security coordination body that can't legislate but frequently advocates for this kind of legislation.
And then there's LEWP, The law enforcement working party, a "working group" comprised of security officials from member EU states, also involved in EU policy making in some capacity.
I think the blocking states should be resisting these at these respective bodies too.
I would argue that a surefire way of guaranteeing the right to privacy is to instead continuously push for absolute-transparency laws for politicians and governments. If they’re going to demand every private citizen’s records are always open for view, then the same should be said for governments - no security clearances, no redactions, no “National Security” excuse.
Is it patently unreasonable? Yes, but cloaked in the “combat corruption” excuse it can be just as effective in a highly-partisan society such as this - just like their “bUt WhAt AbOuT tHe ChIlDrEn” bullshit props up their demands for global surveillance.
I'm convinced the people suggesting this type of thing are influenced or even compromised by their constituent's enemies and NOT the result of poor education on the topic.
This policy for example would be most helpful to enemies to the EU. It would lower the cost of acquiring the data for China and Russia as it allows them to mass acquire data in transmission without incurring the cost of local operations. The easiest system in the world to hack is that of a policy maker.
> It would lower the cost of acquiring the data for China and Russia
Yes, it would lower such barriers for countries that are commonly seen today as Europe's adversaries. But in this case, the U.S. (or rather, U.S. organisations and corporations) might be the primary bad actor pushing for ChatControl. See e.g.:
"Thorn works with a group of technology partners who serve the organization as members of the Technology Task Force. The goal of the program includes developing technological barriers and initiatives to ensure the safety of children online and deter sexual predators on the Internet. Various corporate members of the task force include Facebook, Google, Irdeto, Microsoft, Mozilla, Palantir, Salesforce Foundation, Symantec, and Twitter.[7] ... Netzpolitik.org and the investigative platform Follow the Money criticize that "Thorn has blurred the line between advocacy for children’s rights and its own interest as a vendor of scanning software."[11][12] The possible conflict of interest has also been picked up by Balkan Insight,[13] Le Monde,[14] and El Diario.[15] A documentary by the German public-service television broadcaster ZDF criticizes Thorn’s influence on the legislative process of the European Union for a law from which Thorn would profit financially.[16][17] A move of a former member of Europol to Thorn has been found to be maladministration by the European Ombudsman Emily O'Reilly.[18][19]"
Additionally, it would not surprise me at all if Palantir is lobbying for this either. Many EU countries, like Germany and Denmark, have already integrated Palantir's software into the intelligence, defence, and policing arms of their governments.
But at the end of the day, while it is convenient to blame external actors like U.S. corporations, ultimately the blame lies solely on the shoulders of European politicians. People in positions of power will tend to seek more, and I'm sure European politicians are more than happy to wield these tools for their own gain regardless of whether Palantir or Thorn is lobbying them.
you have left out how it can be used to monitor violation of corporate copyright materials.
And what it means for silencing political speech is enormous.
It's incredibly difficult to stop a well-funded, 50-year plan to subvert a democracy. The attention spans of politicians, corporations, and the public are measured in days, months, or years, not decades.
After 9/11, the Bush administration was accused of abusing the crisis to expand executive power and the national security state. Those who raised the alarm about things like the Patriot Act were often dismissed as fringe alarmists.
Now, nearly 25 years later, we're seeing the downstream effects of that gradual degradation of democratic pillars.
On both sides, voters and politicians can be influenced by propaganda and campaign finance to accept small, incremental changes that don't seem dangerous in isolation, but can cumulate to crush an empire.
Every democracy carries these risks. Do we think our opponents haven't noticed?
This is why the right to protected communication, as well as the right to control the software running on general purpose computing devices that you own (i.e. no remote attestation), must be adopted as human rights.
If only we could show them how this kind of things may go wrong. I don't know, the case of some leader of a nation they are having trouble with, abusing of a similar access with their data.
But they will probably think that is only bad when others do it to them.
> If only we could show them how this kind of things may go wrong.
We can. This has already happened with the fairly recent SALT TYPHOON hacks. China (ostensibly) abused lawful wiretapping mechanisms to spy on American (and other) citizens and politicians. The news at the time wasn't always explicit about the mechanism, but that's what happened.
China wouldn't have been able to do this if those mechanisms didn't exist in the first place.
The prevention has to be in the underlying layer of physics / math / the internet such that the state is _unable _ to make (or at least enforce) such laws.
We need to accept and celebrate a world in which the capabilities of states are constrained by our innovations, not merely the extremely occasional votes we cast.
By implementing direct democracy via internet, which creates laws which disallow that.
But, amongst a few others, there is a technical problem, how do we log in to vote? That mechanism must be unhackable, configurable by computer illiterates, and it must not invade privacy.
This has to be written in the constitution somehow ; it has to comes down to the values of everyone - and i believe a lot of education has to do with it. Currently people are simply not tilted by it as much - or not in a way comparable to other topics.
The only real option is to get your country to leave the EU. An unelected cabal of people making sweeping decisions for countless member states isn't democratic, so yeet it while you can.
There are no solutions to that which wouldn't sound absurd. But if you could get past absurdity...
Politicians should agree to to be executed if they lose an election. Only those willing to risk their lives should be allowed to legislate. This also gives the voters the option of punishing those who pass onerous laws at the next election.
If you need extra zing, this would also apply to recall elections, so they could even be punished early.
I think it would be better if they agree to be executed if they win the election, after serving their term.
Maybe a less extreme version of this is that if you become president you are stripped of all property and become the ward of the state after your term is over, enter a monastery sort of situation, for the rest of your life.
Or as someone put it, "People shouldn't fear the government. The government should fear the people."
I feel like we've lost the vocabulary we ought to be using to talk about the legitimacy and role of the state. More people need to read J.S. Mill (and probably Hobbes.) Even today, works by both are surprisingly good reads and embed a lot of thoughtful and timeless wisdom.
Governments need privacy. They literally investigate child mollestation cases. They hunt spies. They handle all sorts of messy things like divorce between couples with abuse.
I'm not commenting on the government coming in at unveiling encrypted communications, but certainly a better approach than "governments should be transparent and the people should be opaque" would be "governments should be translucent and the people should be translucent too".
There is a clear difference between specific activities that need privacy (especially if it is temporary privacy or cases where it is protecting the privacy of the citizens not the government itself) and privacy by default for most or all government work.
> the proposed legislation includes exemptions for government accounts used for “national security purposes, maintaining law and order or military purposes”. Convenient.
Ah, so we will fight child porn by detecting family pics of children in the shower (or w/e) and sending them off to a "trusted" 3rd party who will no doubt leak them at some point. Also, if I were a pedophile I know where I'd send my resume...
I regularly see similar articles with similar comments here, but there's one thing I still don't understand:
From the European Convention on Human Rights[1]:
ARTICLE 8
Right to respect for private and family life
1. Everyone has the right to respect for his private and family
life, his home and his correspondence.
2. There shall be no interference by a public authority with the
exercise of this right except such as is in accordance with the
law and is necessary in a democratic society in the interests of
national security, public safety or the economic well-being of the
country, for the prevention of disorder or crime, for the protection
of health or morals, or for the protection of the rights and freedoms
of others.
So I wonder, what is the legal argument solid enough to justify interfering with everybody's right to privacy?
My layman understanding of the usual process is like, we want surveillance over those people and if it seems reasonable a judge might say ok but for a limited time. Watching everyone's communications also seems at odds with the principle of proportionality[2].
> what is the legal argument solid enough to justify interfering with everybody's right to privacy?
"... except such as is in accordance with the law"
And the "interfering" coming from ChatControl is that "some algorithm" locally scans and detects illegal material, and doesn't do anything if there is no illegal material.
> Watching everyone's communications also seems at odds with the principle of proportionality
It's a bit delicate here because one can argue it's not "watching everyone's communications". The scanning is done locally. Nobody would say that your OS is "watching your communications", right? Even though the OS has to "read" your messages in order to print them on your screen.
Note that I am against ChatControl. My problem with it is that the list of illegal material (or the "weights" of the model deciding what is illegal) cannot be audited easily (it won't be published as it is illegal material) and can be abused by whoever has control over it.
I understand but frankly "doesn't do anything if there is no illegal material" reminds me too much of the old anti-privacy argument "nothing to hide, nothing to fear".
It is about control and purpose, "my OS watches my communications" is true but weird to say because there's an expectation, unless compromised, that the OS is under my control so no problem. A third-party controlling the local scan of all my data specifically to report whatever it wants is a huge problem.
Too often are some specific issues left insufficiently addressed for too long and it seems like the answer ends up like, ok we give up, here's some collective punishment, that should do the trick.
I wonder where platforms like slack would land in all of this, and how would they go about akeeping people from just using their own encryption e.g. pgp over unencrypted channels? Is public key cryptography too weak to matter?
Slack is not end-to-end encrypted and belongs to a US company. So there is no need for ChatControl there: the US government already has access to everything that is written on Slack.
I believe they are referring to using GPG to encrypt data before putting it into Slack, much like using the out of band OTR. In that case all the data shared between those using GPG or OTR would only be accessible to those with the right out of band keys. There are probably not a lot of people doing this, or not enough for governments to care. I do this in IRC using irssi-otr [1].
If that ever became illegal because encryption then groups of people could simply use scripts or addons to pipe through different types of encoding to make AI fuzzy searches harder. They can try to detect these chains of encoding but it will be CPU expensive to do every combination at scale given there are literally thousands of forms of encoding that could be chained in any order and number.
Readit News
Does anyone believe that predators commit those heinous offenses because of the availability of encrypted channels to distribute those products of their crimes? I sure don't. The materials exist because of predators' access to children, which these surveillance measures won't solve.
Best case scenario (and this is wildly optimistic) the offenders won't be able to find any 'safe' channels to distribute their materials to each other. The authorities really think every predator will just give up and stop abusing just because of that? What a joke.
More likely of course, those criminals will just use decentralized tools that can't be suppressed or monitored, even as simple as plain old GPG and email. Therefore nothing of value will be gained from removing all privacy from all communication.
It has everything to do with censorship and complete control over people’s ability to communicate. Politicians hate free speech and they want to control their citizens completely including their thoughts. This is true evil.
This is pushed by parties that have a good track record of preserving integrity. That’s why it’s so surprising.
Dead Comment
> Does anyone believe that predators commit those heinous offenses because of the availability of encrypted channels to distribute those products of their crimes?
Who says that? I don't think they say that.
> The authorities really think every predator will just give up and stop abusing just because of that?
Nope, they think they will be able to arrest more predators.
> More likely of course, those criminals will just use [...]
You'd be surprised how many criminals are technically illiterate and just use whatever is the default.
gmail? google drive?
I am against ChatControl. But I am amazed by all the bullshit arguments that people find to criticise ChatControl.
If you have more control, obviously it's easier to track criminals. That's not the question at all. The question is: what is the cost to society? A few decades ago, all communications were unencrypted and people were fine. Why would it be different now? That's the question you need to answer.
More likely it's ironically so that the people cannot oppose such policies as they won't be able to organize when all comms are tapped.
The theory is based on the documented fact that most crime is poorly thought through with terrible operational security. 41% is straight up opportunistic, spur of the moment, zero planning.
It won't stop technologically savvy predators who plan things carefully; but that statistically is probably only a few percent of predators; so yes, it's probably pretty darn effective. There are no shortage of laws that are less effective that you probably don't want repealed - like how 40% of murderers and 75% of rapists get away with it. Sleep well tonight.
Some individuals will find a way to distribute and consume child pornography no matter the cost. But other addicted individuals will stop consuming if doing so becomes so laborious because they are consuming or distributing on the margin. I.e, imagine the individual who doesn't want to be consuming it, who knows they shouldn't—this type of deterrent may be the breaking point that gets them to stop altogether. And if you reduce the amount of consumption or production by any measure, you decrease a hell of a lot of suffering.
But anyway, the goal of this legislation is not to drive the level of distribution to 0. The goal of policymakers could be seen charitably as an attempt to curtail consumption, because any reduction in consumption is a good thing.
Plus, the fact you could use/make AI/LLM/etc generate nefarious content that is hard to tell is fake, tells you the abuse isn't even what they are interested in.
In fact, even if zero children are ever trafficked or abused going forward, and pedophiles only use old photos of children from 30 years ago, merely having these images is still an issue.
Conversely, the vast majority of sexual abuse of minors doesn’t involve images and goes unreported. "Considerable evidence exists to show that at least 20% of American women and 5% to 10% of American men experienced some form of sexual abuse as children" (Finkelhor, 1994). "Most sexual abuse is committed by men (90%) and by persons known to the child (70% to 90%), with family members constituting one-third to one-half of the perpetrators against girls and 10% to 20% of the perpetrators against boys" (Finkelhor, 1994).
In short - if they wanted to reduce child abuse, scanning everyone’s communications for CSAM would not be the most straightforward way to go about it.
Yes, the framing is disingenuous, but so is yours. You're seriously suggesting that any policy that doesn't 100% eliminate a problem is a joke?
I have a hard time imagining this will be more than 10% effective.
This proposal is a joke
And if you say both - how would you rate the relative severity of the two problems? Specifically, if you had to pick between preventing the rape of a child, and preventing N acts of CSAM distribution, how big would N have to be to make it worth choosing the latter?
I think a more charitable reading is that any policy that doesn't 100% _target_ a problem is a joke. This policy doesn't have a plausible way that it will protect children from being victimized, so I think it's reasonable to remove the "think of the children" cloak it's wearing and assess it on the merits of whether encryption is beneficial for the social discourse of a society.
- People who go into government want power over others, and they'd therefore prefer more power than less at every junction
- The population put up very little resistance in general - e.g. as we saw with COVID, they'll freely let the government put them under house arrest and destroy their businesses, to protect them against a bug only slightly deadlier than the flu
- However they do need some pretext - with none at all, impinging on people's civil liberties would cause confusion, and the people might even ponder grumbling about it, which would be unnecessarily messy for everyone involved
- Hence they simply need to lay out some half-assed pretext, just to make it easy for people to internally justify their further loss of rights, so that they don't have to have any uncomfortable thoughts like "maybe I should disagree with this?"
- "Think of the children" is a nice easy one. It's basically a farcical meme at this point, but that doesn't affect its effectiveness, for the reasons described. You could use this for literally anything, no matter how extreme (I'm sure for instance the Nazis used it as one reason for exterminating Jews - to protect "Aryan" children & their future etc)
Which is a bit complicated here, as the EU has no real constitution and this 'law' (really a regulation) is a blatant violation of the constitutions of countries that did choose to establish secrecy of correspondence.
And the willingness and ability to enforce it. The current iteration of ChatControl is pushed by Denmark, which is at present the President of the Council of the European Union. The Danish Constitution itself enshrines the right to privacy of communication [0], but this is not stopping Denmark from wanting to ratify ChatControl anyway.
[0]: https://danskelove.dk/grundloven/72
In the charter, the protection of personal data and privacy is a recognized right. So chat control is also probably against the EU law.
The people who wrote this proposal said it themselves - "Whilst different in nature and generally speaking less intrusive, the newly created power to issue removal orders in respect of known child sexual abuse material certainly also affects fundamental rights, most notably those of the users concerned relating to freedom of expression and information."
This proposal is illegal. The fact that CJEU at least haven't issued a statement that this is illegal tells you everything you need to know about the EU and its democracy.
Constitutions don't enforce themselves. The US constitution has a crystal clear right to bear arms but multiple jurisdictions ignore it and multiple supreme court rulings and make firearm ownership functionally impossible anyway. Free speech regulations have, thankfully, been more robust.
The only thing that stops bad things happening is a critical mass of people who believe in the values the constitution memorializes and who have enough veto power to stop attempts to erode these values.
The US has such a critical mass, the gun debate notwithstanding. Does the EU have enough people who still believe in freedom?
The issue is what is the European Commission willing to do in order to guarantee that fat contract check goes to Palantir or Thorn or whoever has the best quid pro quo of the day.
This is not Stasi this is Tech billionaires playing kings and buying the EC and Europol for pennies on the dollar and with it the privacy of virtually every citizen of zero interest for law enforcement or agencies.
For example, in the EU you technically have the right to freedom of expression, but you can also be arrested if you say something that could offend someone.
Similarly rights to privacy are often ignored whenever a justification can be made that it's appropriate to do so.
I don't know about elsewhere in the world, but here in the UK you don't even have a right to remain silent because the government added a loophole so that if you're arrested in a UK airport they can arbitrarily force you to answer their questions and provide passwords for any private devices. For this reason you often here reports of people being randomly arrested in UK airports, and the government does this deliberately so they can violate your rights.
They want to erode people's privacy? Let them walk their talk first and see how that goes.
Two cultures: https://benwheatley.github.io/blog/2024/05/25-12.04.31.html
We need more diverse mobile OSes that can be used as daily drivers. Right now, it's almost a mono-culture with the Apple-Google duopoly. Without this duopoly, centralization and totalitarian temptations would be less likely.
There's GrapheneOS, which is excellent and can be used without Google, but it relies on Google hardware and might be susceptible to viability issues if/when Google closes down AOSP. Nevertheless, they are working on their own device that will come with GrapheneOS pre-installed, which is exciting.
There's also SailfishOS, which has a regular GNU/Linux userland and almost usable at this stage with native applications. As a stopgap, it can also run Android applications with an emulation layer, and plenty of banking ones work just fine.
Take Germany for example. For decades now we have let SPD, CDU, Greens, FDP ruin our country. AFD won't be better by the way. Again and again we vote against our own interest out of stupidity, complacency, or whatever it is. Oh, they want to raise pensions? What a coincidence just before the elections! Aaaand all the pensioners votes are secured for a party that will further ruin the country and line their own pockets. We do the same frickin shit every single time. And now it is so bad, that if we don't do it, then we will get right extreme AFD, that has even less a clue of what should be done, is paid by Pootin, and would fuck up things even faster.
The basic premises, that you are voted out of office, if you do badly does no longer hold here. It's all money and population brainwashing, to vote against our own interest. What our ancestors have built up from the ruins of WW2, we throw out of the window in ever election that we elect the same shitty parties again: CDU/CSU, SPD, Greens, FDP, AFD, Linke, BSW... None of these deserve our trust and vote. It apparently is asking too much of the citizens of a wannabe democratic country to check alternative parties in a Wahlomat before an election, to decide what fits best ones ideas.
Dead Comment
Yes but.. it can't just be vague exhortations and generalities. I didn't know the pertinent bodies previously, but after GPT'ing on it, it looks like they include:
One is "DG Home," an EU department on security that drafts legislation.
Another is Europol, a security coordination body that can't legislate but frequently advocates for this kind of legislation.
And then there's LEWP, The law enforcement working party, a "working group" comprised of security officials from member EU states, also involved in EU policy making in some capacity.
I think the blocking states should be resisting these at these respective bodies too.
Is it patently unreasonable? Yes, but cloaked in the “combat corruption” excuse it can be just as effective in a highly-partisan society such as this - just like their “bUt WhAt AbOuT tHe ChIlDrEn” bullshit props up their demands for global surveillance.
This policy for example would be most helpful to enemies to the EU. It would lower the cost of acquiring the data for China and Russia as it allows them to mass acquire data in transmission without incurring the cost of local operations. The easiest system in the world to hack is that of a policy maker.
Yes, it would lower such barriers for countries that are commonly seen today as Europe's adversaries. But in this case, the U.S. (or rather, U.S. organisations and corporations) might be the primary bad actor pushing for ChatControl. See e.g.:
Thorn (organization) - https://en.wikipedia.org/wiki/Thorn_(organization)
"Thorn works with a group of technology partners who serve the organization as members of the Technology Task Force. The goal of the program includes developing technological barriers and initiatives to ensure the safety of children online and deter sexual predators on the Internet. Various corporate members of the task force include Facebook, Google, Irdeto, Microsoft, Mozilla, Palantir, Salesforce Foundation, Symantec, and Twitter.[7] ... Netzpolitik.org and the investigative platform Follow the Money criticize that "Thorn has blurred the line between advocacy for children’s rights and its own interest as a vendor of scanning software."[11][12] The possible conflict of interest has also been picked up by Balkan Insight,[13] Le Monde,[14] and El Diario.[15] A documentary by the German public-service television broadcaster ZDF criticizes Thorn’s influence on the legislative process of the European Union for a law from which Thorn would profit financially.[16][17] A move of a former member of Europol to Thorn has been found to be maladministration by the European Ombudsman Emily O'Reilly.[18][19]"
Additionally, it would not surprise me at all if Palantir is lobbying for this either. Many EU countries, like Germany and Denmark, have already integrated Palantir's software into the intelligence, defence, and policing arms of their governments.
But at the end of the day, while it is convenient to blame external actors like U.S. corporations, ultimately the blame lies solely on the shoulders of European politicians. People in positions of power will tend to seek more, and I'm sure European politicians are more than happy to wield these tools for their own gain regardless of whether Palantir or Thorn is lobbying them.
After 9/11, the Bush administration was accused of abusing the crisis to expand executive power and the national security state. Those who raised the alarm about things like the Patriot Act were often dismissed as fringe alarmists.
Now, nearly 25 years later, we're seeing the downstream effects of that gradual degradation of democratic pillars.
On both sides, voters and politicians can be influenced by propaganda and campaign finance to accept small, incremental changes that don't seem dangerous in isolation, but can cumulate to crush an empire.
Every democracy carries these risks. Do we think our opponents haven't noticed?
But they will probably think that is only bad when others do it to them.
We can. This has already happened with the fairly recent SALT TYPHOON hacks. China (ostensibly) abused lawful wiretapping mechanisms to spy on American (and other) citizens and politicians. The news at the time wasn't always explicit about the mechanism, but that's what happened.
China wouldn't have been able to do this if those mechanisms didn't exist in the first place.
If you want to be a servant to the public be one.
As the old saying goes, the price of freedom is eternal vigilance.
We need to accept and celebrate a world in which the capabilities of states are constrained by our innovations, not merely the extremely occasional votes we cast.
But, amongst a few others, there is a technical problem, how do we log in to vote? That mechanism must be unhackable, configurable by computer illiterates, and it must not invade privacy.
Serious question.
European Commission: Commissioners are nominated by elected national governments and must be approved by the directly elected European Parliament.
Council of the EU: Ministers are accountable to their national parliaments, which are elected by citizens.
European Council: Composed of heads of state/government who were elected in their own countries.
European Parliament: Members are directly elected by EU citizens every five years.
Priva rights are already there in most countries constitutions, but maybe adding the digital part will make it harder to push back.
Politicians should agree to to be executed if they lose an election. Only those willing to risk their lives should be allowed to legislate. This also gives the voters the option of punishing those who pass onerous laws at the next election.
If you need extra zing, this would also apply to recall elections, so they could even be punished early.
Maybe a less extreme version of this is that if you become president you are stripped of all property and become the ward of the state after your term is over, enter a monastery sort of situation, for the rest of your life.
Hitler knew if he had lost, he would have been executed. Didn't stop him from going war.
Solve the problem it's trying to solve, then it won't be proposed again.
I'm going to add this to my repertoire since it's a lot more concise than most of my rantings on the topic
Dead Comment
I feel like we've lost the vocabulary we ought to be using to talk about the legitimacy and role of the state. More people need to read J.S. Mill (and probably Hobbes.) Even today, works by both are surprisingly good reads and embed a lot of thoughtful and timeless wisdom.
I'm not commenting on the government coming in at unveiling encrypted communications, but certainly a better approach than "governments should be transparent and the people should be opaque" would be "governments should be translucent and the people should be translucent too".
> the proposed legislation includes exemptions for government accounts used for “national security purposes, maintaining law and order or military purposes”. Convenient.
https://www-dr-dk.translate.goog/nyheder/viden/teknologi/ana...
It is very obvious that he doesn't understand e2e, yet he will not listen. Bro couldn't even read the Wikipedia page
From the European Convention on Human Rights[1]:
So I wonder, what is the legal argument solid enough to justify interfering with everybody's right to privacy?My layman understanding of the usual process is like, we want surveillance over those people and if it seems reasonable a judge might say ok but for a limited time. Watching everyone's communications also seems at odds with the principle of proportionality[2].
[1]https://www.echr.coe.int/documents/d/echr/Convention_ENG
[2]https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12...
"... except such as is in accordance with the law"
And the "interfering" coming from ChatControl is that "some algorithm" locally scans and detects illegal material, and doesn't do anything if there is no illegal material.
> Watching everyone's communications also seems at odds with the principle of proportionality
It's a bit delicate here because one can argue it's not "watching everyone's communications". The scanning is done locally. Nobody would say that your OS is "watching your communications", right? Even though the OS has to "read" your messages in order to print them on your screen.
Note that I am against ChatControl. My problem with it is that the list of illegal material (or the "weights" of the model deciding what is illegal) cannot be audited easily (it won't be published as it is illegal material) and can be abused by whoever has control over it.
No what? Everyone has been hating on the spying Microsoft has been doing in windows for years. How do you ask this with a straight face.
The phoning home part is the key difference.
It is about control and purpose, "my OS watches my communications" is true but weird to say because there's an expectation, unless compromised, that the OS is under my control so no problem. A third-party controlling the local scan of all my data specifically to report whatever it wants is a huge problem.
Too often are some specific issues left insufficiently addressed for too long and it seems like the answer ends up like, ok we give up, here's some collective punishment, that should do the trick.
If that ever became illegal because encryption then groups of people could simply use scripts or addons to pipe through different types of encoding to make AI fuzzy searches harder. They can try to detect these chains of encoding but it will be CPU expensive to do every combination at scale given there are literally thousands of forms of encoding that could be chained in any order and number.
Mon -> base64 -> base2048 [2]
Tue -> base2048 -> base131072 [3]
...and so on.
[1] - https://irssi.org/documentation/help/otr/
[2] - https://github.com/qntm/base2048
[3] - https://github.com/qntm/base131072
This is completely unacceptable.