Indiscriminate messaging and chatcontrol: Last chance to protest(patrick-breyer.de)
patrick-breyer.de
Indiscriminate messaging and chatcontrol: Last chance to protest
https://www.patrick-breyer.de/en/indiscriminate-messaging-and-chatcontrol-last-chance-to-protest/
89 コメント
No. It will mean that criminals can protect their communications better than law-abiding citizens.
Of the various objections, many of which I agree with, this one is nonsense. If a communications can not be scanned because of E2E encryption, and if E2E encryption is banned, that's evidence of a crime all on it's own. That would have to be a pretty dumb criminal.
Just because you are using E2E you don't have to make it blatantly obvious.
Backdoored E2E (with an added government decryption key) will look just like proper E2E until you attempt to decrypt it.
You can also put your secure E2E communications inside backdoored E2E communications. The possibilities are endless.
Backdoored E2E (with an added government decryption key) will look just like proper E2E until you attempt to decrypt it.
You can also put your secure E2E communications inside backdoored E2E communications. The possibilities are endless.
Right, until you analyze it, it won't look encrypted. But pretending or wrapping it in backdoored E2E doesn't change that. If I labeled it "plain text" it also wouldn't look encrypted until the results are analyzed. If the authorities want to read it (either as an individual message or scanning all messages) either they can or you're a criminal. The only difference your "hiding" has is how many CPU cycles it takes them to check.
It's not black and white. I'm sure you've heard about steganography.
That's the weakest of arguments. I don't trust that governments _can_ protect my data better than us nerds.
If there is a backdoor, it will only be a matter of time before the criminals get access to it. It would be the holy grail of data. If I were a foreign regime with bad intentions, I would put a lot of resources into getting access to those chats.
You could probably ruin anybody's life with access to their personal chats by extorting them, etc. It's going to create a whole new criminal sector. People sifting through other people's personal lives.
I'm not implying that these people may have committed an offence, there are many things I don't want anyone else to see other than the person I'm sending the message to. The "law-abiding citizen" / "Only criminals have something to hide" argument is complete bullshit.
With access to personal chats you can ruin careers, families, relationships, etc, etc. And what can happen, will -most likely- happen. E2EE prevents that.
Edit: Sorry, I misread the parent comment!
If there is a backdoor, it will only be a matter of time before the criminals get access to it. It would be the holy grail of data. If I were a foreign regime with bad intentions, I would put a lot of resources into getting access to those chats.
You could probably ruin anybody's life with access to their personal chats by extorting them, etc. It's going to create a whole new criminal sector. People sifting through other people's personal lives.
I'm not implying that these people may have committed an offence, there are many things I don't want anyone else to see other than the person I'm sending the message to. The "law-abiding citizen" / "Only criminals have something to hide" argument is complete bullshit.
With access to personal chats you can ruin careers, families, relationships, etc, etc. And what can happen, will -most likely- happen. E2EE prevents that.
Edit: Sorry, I misread the parent comment!
You misread the parent comment. It didn't say the government could protect data well.
I'm not sure you understand the argument you're replying to. The grandparent is saying "if you ban E2EE only criminals will have E2EE"
It's a variation on "if you ban guns only criminals will have them."
It's a variation on "if you ban guns only criminals will have them."
> It's a variation on "if you ban guns only criminals will have them."
Most countries have banned guns and there are way less problems with guns than those countries that haven't banned guns.
Is this an argument for or against the EU proposal?
Most countries have banned guns and there are way less problems with guns than those countries that haven't banned guns.
Is this an argument for or against the EU proposal?
I think it's a funny argument to make after months of stories about how criminals have extra wide backdoors in their crypto. I guess nobody here saw them?
> So if I understand correctly, this will be the end of E2E encryption?
No, that is not what the law is about. Nobody in the EU is about to prohibit encryption, in fact some projects rely on it (https://en.wikipedia.org/wiki/EIDAS).
The law lifts the prohibition to service providers to indiscriminately scan messages for the specific purpose of scanning for dangerous content. The idea that service providers will not be able to provide E2E encryption is speculative, some people just assume it will follow.
In any case relying on proprietary software for secure communication is not a good idea anyway, and you can still do E2E encryption yourself with open source software, nobody is going to come for you if you do.
I don't support this law by the way, I think that privacy regulation is a good thing, and it is not a good reason to weaken it.
No, that is not what the law is about. Nobody in the EU is about to prohibit encryption, in fact some projects rely on it (https://en.wikipedia.org/wiki/EIDAS).
The law lifts the prohibition to service providers to indiscriminately scan messages for the specific purpose of scanning for dangerous content. The idea that service providers will not be able to provide E2E encryption is speculative, some people just assume it will follow.
In any case relying on proprietary software for secure communication is not a good idea anyway, and you can still do E2E encryption yourself with open source software, nobody is going to come for you if you do.
I don't support this law by the way, I think that privacy regulation is a good thing, and it is not a good reason to weaken it.
(17b) End-to-end encryption is an important tool to guarantee secure and confidential communications of users, including those of children. Any weakening of encryption could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or weakening end-to-end encryption.
https://www.patrick-breyer.de/wp-content/uploads/2021/05/202...
https://www.patrick-breyer.de/wp-content/uploads/2021/05/202...
Last chance to protest
Perhaps I have a lot of stubborn blood in me, but I never see a date or a law as a last chance. Protesting can also take the form of people adding witty footers to their emails such as old propaganda slogans from WWII, periodic messages to chat or chat server status, links to simple how-to's for E2EE that maybe your non technical friends can follow. Put your E2EE solutions to the test. Have your child and a grand-parent follow the instructions. If a provider rejects your encrypted messages, switch providers. Money talks. This is just my opinion based on my limited anecdotal life experiences.
Perhaps I have a lot of stubborn blood in me, but I never see a date or a law as a last chance. Protesting can also take the form of people adding witty footers to their emails such as old propaganda slogans from WWII, periodic messages to chat or chat server status, links to simple how-to's for E2EE that maybe your non technical friends can follow. Put your E2EE solutions to the test. Have your child and a grand-parent follow the instructions. If a provider rejects your encrypted messages, switch providers. Money talks. This is just my opinion based on my limited anecdotal life experiences.
Last chance to protest against the passing of that law. Repealing laws is harder than stopping them from becoming passed.
"Principiis obsta" [Ovid]. -> To Nip things in the bud. Hard to change afterwards...
You're right. I know what they meant, I just refuse to accept or acknowledge a bad law. In my view, protesting also means going against something even if it means stepping outside the boundary of the law. Taking one for the team so to speak.
In practice this will only affect services provided by large entities like Facebook. If you encrypt your email on your own device there is no way they can make entities like GnuPG add in some sort of mandatory pre-screening system.
This question comes down to who or what controls the software on your device. The very existence of the proposal implies that the user of the device does not have this control. That is the real fight here.
This question comes down to who or what controls the software on your device. The very existence of the proposal implies that the user of the device does not have this control. That is the real fight here.
> In practice this will only affect services provided by large entities like Facebook
Which covers a huge percentage of the private communications on the planet. That should not be overlooked.
It takes at least 2 people to communicate. What are you going to do, when you have to communicate with a non-technical user who has a gmail address?
Which covers a huge percentage of the private communications on the planet. That should not be overlooked.
It takes at least 2 people to communicate. What are you going to do, when you have to communicate with a non-technical user who has a gmail address?
This may not work for everyone. If I must email documents that I do not wish Google to see, I call the person and say "The password to that 7-zip file is fartbubble, all one word, lower-case." I can put a text file in the .7z file that has additional context that would have been in the email body.
Encrypt an email with what key? It takes two to communicate.
i fear a little that it might mean doing this is just not legal no matter if its still possible to do yourself.
Here's the the original text https://www.patrick-breyer.de/wp-content/uploads/2021/05/202...
Might I suggest that people check that before jumping to conclusions. My reading is that the main issue is putting limits on the companies that were already doing this (as mentioned, Google, fb, etc) and that's already privacy violating.
Protecting privacy and encryption is important, but I really think the Pirates cry wolf more often than not. I might be wrong, of course.
> In the case of technology used for identifying solicitation, such concrete elements of suspicion should be based on objectively identified risk factors such as age difference and the likely involvement of a child in the scanned communication.
> (17b) End-to-end encryption is an important tool to guarantee secure and confidential communications of users, including those of children. Any weakening of encryption could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or weakening end-to-end encryption.
Might I suggest that people check that before jumping to conclusions. My reading is that the main issue is putting limits on the companies that were already doing this (as mentioned, Google, fb, etc) and that's already privacy violating.
Protecting privacy and encryption is important, but I really think the Pirates cry wolf more often than not. I might be wrong, of course.
> In the case of technology used for identifying solicitation, such concrete elements of suspicion should be based on objectively identified risk factors such as age difference and the likely involvement of a child in the scanned communication.
> (17b) End-to-end encryption is an important tool to guarantee secure and confidential communications of users, including those of children. Any weakening of encryption could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or weakening end-to-end encryption.
The EU always says this. Then they point at that one sentence and say: "See, we're protecting end-to-end encryption!"
If the EU were an oil company they'd write: "Our oil is not allowed to be used in activities that are harmful to the climate." Then they'd go on to sell oil as usual while constantly claiming to protect the environment.
If the EU were an oil company they'd write: "Our oil is not allowed to be used in activities that are harmful to the climate." Then they'd go on to sell oil as usual while constantly claiming to protect the environment.
> Through a second piece of legislation to be proposed soon, the EU Commission intends to oblige all providers of chat, messaging and e-mail services to deploy this mass surveillance technology.
So they're going to require Signal to break their E2E encryption if the app is to remain legal and readily available? Wow.
Regardless of what intentions the EU bureaucrats have, there's no way these requirements won't be abused. Imagine what insights could be gained from applying a little ML to the real-time chat of an entire continent. Who would you trust to have access to data like that?
So they're going to require Signal to break their E2E encryption if the app is to remain legal and readily available? Wow.
Regardless of what intentions the EU bureaucrats have, there's no way these requirements won't be abused. Imagine what insights could be gained from applying a little ML to the real-time chat of an entire continent. Who would you trust to have access to data like that?
What the fuck is wrong with governments?
If you really want to converse with governments then it helps to steelman their position before arguing it. Bear in mind I am against weakening cryptography when reading this:
I am a government. 20% of my population are tech savvy, a different very minorly overlapping 20% are criminals. Given the law of distributions this is probably pretty close to true.
Now, those 20% of criminals are very varied in their delights, violent, sexual or theft. Serious crime such as pedophilia or terrorism is very low probability overall.
However, as a government, I can't be seen to be weak on those extreme positions because they are highly visible; the 80% population simply will not allow me to argue in good faith for protections which _might_ help such extreme criminals operate easier.
The technical feasibility of good opsec for criminals is usually very low, and the FBI has a decent track record of targeted surveillance.
But I, the politician, cannot communicate effectively with 80% of people, when the populist says that I am weak on terrorists and pedophiles. I only weaken my own position and allow the populist access to power, because 80% > 20%.
--
The biggest benefit and the biggest problem with democracy is that everyone has a voice, even the uninformed.
If you listen to all politicans by numbers there will be liars and opportunists among them; then you're not uninformed, you're misinformed, and that's arguably worse.
I am a government. 20% of my population are tech savvy, a different very minorly overlapping 20% are criminals. Given the law of distributions this is probably pretty close to true.
Now, those 20% of criminals are very varied in their delights, violent, sexual or theft. Serious crime such as pedophilia or terrorism is very low probability overall.
However, as a government, I can't be seen to be weak on those extreme positions because they are highly visible; the 80% population simply will not allow me to argue in good faith for protections which _might_ help such extreme criminals operate easier.
The technical feasibility of good opsec for criminals is usually very low, and the FBI has a decent track record of targeted surveillance.
But I, the politician, cannot communicate effectively with 80% of people, when the populist says that I am weak on terrorists and pedophiles. I only weaken my own position and allow the populist access to power, because 80% > 20%.
--
The biggest benefit and the biggest problem with democracy is that everyone has a voice, even the uninformed.
If you listen to all politicans by numbers there will be liars and opportunists among them; then you're not uninformed, you're misinformed, and that's arguably worse.
What you've described often goes hand-in-hand with a two-party system. That way everyone finds themselves voting for what they believe to be the lesser of two evils.
Alternative voting systems (e.g. ranked choice systems) aren't some sort of political panacea, but they could help a lot with this issue. A populist thrives in an environment that does not support nuance. It would be harder for them to be successful if they were running against, say, 6 viable opponents rather than 1.
I hope we can address some of these major problems with democracy, because the alternatives generally aren't great.
Alternative voting systems (e.g. ranked choice systems) aren't some sort of political panacea, but they could help a lot with this issue. A populist thrives in an environment that does not support nuance. It would be harder for them to be successful if they were running against, say, 6 viable opponents rather than 1.
I hope we can address some of these major problems with democracy, because the alternatives generally aren't great.
I would agree with you, but Australia [0] is an authoritarian, privacy hellhole compared to the EU.
[0] Mandatory voting, ranked choice, etc - Australia's voting system is as close to ideal as you can get
[0] Mandatory voting, ranked choice, etc - Australia's voting system is as close to ideal as you can get
The original post is about the EU.
Indeed, bad voting systems are not an issue regarding the EU because the EU is not democratic in the first place.
> the EU is not democratic in the first place
EU Election system is _literally_ one of the fairest systems in existence[0] ensuring that every party get some measure of proportional representation. Compared to English First Past the Post (minority rule, and 2 party systems) or Scotlands Single-transferrable vote (which is still winner take all); but D'Hondts method means that people can be safe in the knowledge they'll be represented and it's proportional to the input.
It's not "perfect" but it's _literally_ the best humans have come up with.
[0]: https://en.wikipedia.org/wiki/D%27Hondt_method
[0.1]: https://www.youtube.com/watch?v=yhO6jfHPFQU
CGP Grey did some videos on these:
FPTP (England): https://www.youtube.com/watch?v=s7tWHJfhiyo&list=PLNCHVwtpeB...
STV (Scotland): https://www.youtube.com/watch?v=l8XOZJkozfI&list=PLNCHVwtpeB...
D'Hondt-esque (EU): https://www.youtube.com/watch?v=QT0I-sdoSXU&list=PLNCHVwtpeB...
EU Election system is _literally_ one of the fairest systems in existence[0] ensuring that every party get some measure of proportional representation. Compared to English First Past the Post (minority rule, and 2 party systems) or Scotlands Single-transferrable vote (which is still winner take all); but D'Hondts method means that people can be safe in the knowledge they'll be represented and it's proportional to the input.
It's not "perfect" but it's _literally_ the best humans have come up with.
[0]: https://en.wikipedia.org/wiki/D%27Hondt_method
[0.1]: https://www.youtube.com/watch?v=yhO6jfHPFQU
CGP Grey did some videos on these:
FPTP (England): https://www.youtube.com/watch?v=s7tWHJfhiyo&list=PLNCHVwtpeB...
STV (Scotland): https://www.youtube.com/watch?v=l8XOZJkozfI&list=PLNCHVwtpeB...
D'Hondt-esque (EU): https://www.youtube.com/watch?v=QT0I-sdoSXU&list=PLNCHVwtpeB...
>It's not "perfect" but it's _literally_ the best humans have come up with.
Picking nits, but isn't Sainte-Laguë better?
Anyway, I think GP was arguing that no matter how fair your voting method, it's of limited use if important concentrations of power are not covered by it.
Picking nits, but isn't Sainte-Laguë better?
Anyway, I think GP was arguing that no matter how fair your voting method, it's of limited use if important concentrations of power are not covered by it.
1. The voting system isn’t really important, if the voters themselves are restricted to a chosen few who are themselves elected using inferior methods.
2. Range voting is the best humans have come up with.
2. Range voting is the best humans have come up with.
How is it populist if, per the article, 72% of the population oppose the measure?
The general public have shown time and again that they don't really care about privacy. And the movies have convinced them that the government can monitor anything at any time already (but only use it for catching crooks), so what's to lose?
The minority of the population who are tech-savvy enough to know this is going to be a complete disaster are unimportant in politician's eyes - no-one listens to us nerds in the corner doing nerd stuff.
The minority of the population who are tech-savvy enough to know this is going to be a complete disaster are unimportant in politician's eyes - no-one listens to us nerds in the corner doing nerd stuff.
They are run by humans who are seeking power over other humans. Easy.
Things like these tends to be backed by pressure from the US. It would surprise me if it wasn't the case here.
By definition, a government has a monopoly on the legitimate use of violence within its jurisdiction. And, as any other monopolist, they'll do whatever it takes to maintain that position.
Just another proof that the EU has run its course. It was good while it lasted, but they can't stop themselves from getting bigger and bigger and overreaching.
What this proposal does is to create an exemption from EU privacy regulation for the purpose of allowing mostly U.S based service providers to continue doing what they're already doing on a global basis.
I'm sure you can find examples of EU overreach and a desire to get bigger, but this isn't that.
I'm sure you can find examples of EU overreach and a desire to get bigger, but this isn't that.
How worrisome is this? And what can a normal person do while maintaining normal communications (to a degree) with people they love but who do not (seem to) care about this stuff?
Switch to email providers outside the EU like Protonmail, but I fear you are right. The main problem of this is that both sides of a given communication have to be outside the EU for this to work.
>The main problem of this
What is “this” — the EU parliament proposal? Or your workaround? Why would both have to be outside the EU?
What is “this” — the EU parliament proposal? Or your workaround? Why would both have to be outside the EU?
> Why would both have to be outside the EU?
Because email/chat is rarely a monologue
Because email/chat is rarely a monologue
Obviously, but that misses the essence of the question.
> What is “this” — the EU parliament proposal? Or your workaround?
The workaround.
> Why would both have to be outside the EU?
Because if one party is within the EU then the contents of the message will be scanned even if one party is outside of the EU.
The workaround.
> Why would both have to be outside the EU?
Because if one party is within the EU then the contents of the message will be scanned even if one party is outside of the EU.
My observation is that, sadly, "Normal person" probably does not care... For a long time I try to self-host communication channels that matter to me, that is at least email and communicators. That means support burden, since my family is not technical. Not easy but worth it..
> And what can a normal person do
Prevent this law from passing. Call your MEP.
Prevent this law from passing. Call your MEP.
The article claims:
> your private communications can be searched by error-prone artificial intelligence technologies. Although these algorithms are meant to search for potential child pornography and grooming, up to 86% of the correspondence reported to the police is not criminally relevant and users are falsely being reported – including many minors.
> This takes place in a fully automated process and using error-prone “artificial intelligence”. If an algorithm considers a message suspicious, its content and meta-data are disclosed automatically and without human verification to a private US-based organization and from there to national police authorities worldwide.
The proposed legislation contains:
> (ac) the provider of the number-independent interpersonal communications services ensures human oversight of, and, where necessary, intervention in the processing of personal data using technologies falling under this Regulation, and ensures that no report of material not previously identified as child sexual abuse or of solicitation is sent to law enforcement authorities or organisations acting in the public interest against child sexual abuse without prior human confirmation
> (b) the technology used is in itself sufficiently reliable in that it limits to the maximum extent possible the rate of errors regarding the detection of content representing child sexual abuse, and where such occasional errors occur, their consequences are rectified without delay;
My conclusion as a layman: This is problematic, but if you wanted to write "good" anti-child-pornography legislation, this might be close to it?
> your private communications can be searched by error-prone artificial intelligence technologies. Although these algorithms are meant to search for potential child pornography and grooming, up to 86% of the correspondence reported to the police is not criminally relevant and users are falsely being reported – including many minors.
> This takes place in a fully automated process and using error-prone “artificial intelligence”. If an algorithm considers a message suspicious, its content and meta-data are disclosed automatically and without human verification to a private US-based organization and from there to national police authorities worldwide.
The proposed legislation contains:
> (ac) the provider of the number-independent interpersonal communications services ensures human oversight of, and, where necessary, intervention in the processing of personal data using technologies falling under this Regulation, and ensures that no report of material not previously identified as child sexual abuse or of solicitation is sent to law enforcement authorities or organisations acting in the public interest against child sexual abuse without prior human confirmation
> (b) the technology used is in itself sufficiently reliable in that it limits to the maximum extent possible the rate of errors regarding the detection of content representing child sexual abuse, and where such occasional errors occur, their consequences are rectified without delay;
My conclusion as a layman: This is problematic, but if you wanted to write "good" anti-child-pornography legislation, this might be close to it?
Why is it always the EU that comes up with these moronic laws and regulations?
Three reasons:
1) They don't get tech. They are luddites. IT came from the US and they regard it suspiciously because it causes disruption, while EU is all about preserving the status quo and old money. Europe does not appreciate new money, self-made businessmen and entrepreneurship.
2) The two-level government. It should work in theory (after all, EU representatives are directly elected) but in practice it just removes any responsibility from those bureaucrats.
3) West European countries are oriented to the past. They can't innovate and evolve. Their rules and regulations are simply meant to preserve that past and stave off the future bringing all these damn changes.
In the end, it's about control. EU is obsessed about controlling its people and is horrified by those it can't control. Because they bring change, something unacceptable to the good old boys of Europe...
1) They don't get tech. They are luddites. IT came from the US and they regard it suspiciously because it causes disruption, while EU is all about preserving the status quo and old money. Europe does not appreciate new money, self-made businessmen and entrepreneurship.
2) The two-level government. It should work in theory (after all, EU representatives are directly elected) but in practice it just removes any responsibility from those bureaucrats.
3) West European countries are oriented to the past. They can't innovate and evolve. Their rules and regulations are simply meant to preserve that past and stave off the future bringing all these damn changes.
In the end, it's about control. EU is obsessed about controlling its people and is horrified by those it can't control. Because they bring change, something unacceptable to the good old boys of Europe...
That seems a bit too simplistic and extreme.
More likely, it's because the EU feels too removed from the people. There are plenty of reasons for that, and we're stuck in the pessimum place where democratic reform of the EU which would help bring it more in line with what people want is prevented because too many people don't like the EU.
This is basically what happened with the Treaty of Maastricht, and three decades later the situation has if anything gotten worse.
More likely, it's because the EU feels too removed from the people. There are plenty of reasons for that, and we're stuck in the pessimum place where democratic reform of the EU which would help bring it more in line with what people want is prevented because too many people don't like the EU.
This is basically what happened with the Treaty of Maastricht, and three decades later the situation has if anything gotten worse.
As opposed to the US, which just goes ahead and lets the NSA siphon all traffic?
They want to lift some restrictions, not add them. Pretty sure indiscriminate e-mail/chat scanning is already legal in the U.S.
While I'm opposed to this legislation, how is it "always the EU" exactly? As opposed to what, the US or the rest of the world always getting it right or not passing moronic laws and regulations?
Have the US already forgotten who's at the helm of the FCC for example?
I also suspect there's a lot of hate for GDPR, even though it was a mostly good thing. It's just extremely poorly implemented by websites, and sure there are loopholes that should be plugged (the """legitimate interest"""), but it was a good first step which I'd like to see be developed further and enforced more systematically.
Have the US already forgotten who's at the helm of the FCC for example?
I also suspect there's a lot of hate for GDPR, even though it was a mostly good thing. It's just extremely poorly implemented by websites, and sure there are loopholes that should be plugged (the """legitimate interest"""), but it was a good first step which I'd like to see be developed further and enforced more systematically.
As opposed to the national EU governments themselves. Why does this idiocy always have to come up at the EU level? The general monitoring that the EU implemented more than a decade ago was also an EU level initiative.
If this is a topic you (reader) care deeply about, I have been building an open source project to avoid having a centralized authority on messaging while also keeping out the endless spam you'd get on an unmoderated system:
https://www.stampchat.io/whitepaper.pdf
https://www.stampchat.io/whitepaper.pdf
https://oeil.secure.europarl.europa.eu/oeil/popups/ficheproc...
> Use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting [SIC] child sexual abuse online (temporary derogation from certain provisions of Directive 2002/58/EC)
Who believes the sincerity behind this? Children's rights? Child protection? Do they not see the violation of rights and the potential abuse this law would effectuate, or is it just intentionally designed for it?
I cannot believe anyone would be so brazen to give up a core right that is already established as part of 2002/58/EC, aka "ePrivacy directive", https://ec.europa.eu/digital-single-market/en/news/eprivacy-.... So, let's look into the proposal more closely, which is available in the top URL.
> CONTENT: the proposal aims to introduce a temporary and strictly limited derogation from the applicability of certain obligations of the ePrivacy Directive to enable providers of number-independent interpersonal communications services to continue using specific technologies and continue their current activities to the extent necessary to detect and report child sexual abuse online and remove child sexual abuse material on their services from December 2020, pending the adoption of the announced long-term legislation.
In case you are wondering, "number-independent interpersonal communications services", apparently covers communication technology and services that not explicitly rely on public identifiable numbers. So, any communication service that you can have separate from a personally identified user.
> As a reminder, the proposal aims to introduce limited and temporary changes to the rules governing the privacy of electronic communications so that over the top (OTT) communication interpersonal services, such as web messaging, voice over Internet Protocol (VoIP), chat and web-based email services, can continue to detect, report and remove child sexual abuse online on a voluntary basis.
The language here comes across as particularly dishonest. You cannot introduce "limited" ability to circumvent privacy. In order to monitor something, services will need to be able to monitor everything.
It goes on to mention safeguards:
> - a mandatory prior data protection impact assessment pursuant and a mandatory consultation procedure, prior to the use of the technology;
> - human overview and intervention is ensured for any processing of personal data, and no positive result is sent to law enforcement authorities or organisations acting in the public interest without prior human review
> - appropriate procedures and redress mechanisms are in place
> - no interference with any communication protected by professional secrecy
> - effective remedies provided by the Member States at national level.
> When no online child sexual abuse has been detected, all data should be deleted immediately, according to Members. Only in confirmed cases can the strictly relevant data be stored for use by law enforcement for a maximum of three months
---
It honestly strikes me as one of the worst proposals I've seen in a long time. I cannot imagine that child porn is regularly transmitted through chatting services on a p2p basis. Especially not to the extent that it vindicates an end of E2E encryption. Giving up such a core component of ePrivacy, you would think that a report that documents what the problem currently is, would be in order.
The document attached to this proposal, and the article on HN documents the issues quite well. https://www.europarl.europa.eu/doceo/document/LIBE-AM-661791...
> The proposal does not protect children but exposes law-abiding citizens to major risks (such as AI algorithms falsely flagging legal intimate depictions and conversations of children and adults relating to their health and sexual life) and violates the fundamental rights of millions of children and adults according to relevant jurisprudence. Analysing the content of all private messages is as unacceptable as if the post office opened all letters to check for illegal content. According to EDPS, neither the necessity nor the proportionality of the instrument have been demonstrated
---
A very important and separate issue to E2E discussion is the violation of privacy for whom this is intended to protect.
> Teenagers have the right to discover their sexual identity in a safe and private environment. The rise in reported numbers of online child sexual abuse material is also partially due to the emerging practice of teenagers who, in the development of their sexual identity and experiences, take explicit pictures of videos of themselves and send them to peers, or share such material without a sexual motivation. In addition, the age of sexual consent differs across Member States. If users have reached the age of sexual consent under national law, no reporting on solicitation of children should not be reported to law enforcement authorities
> Notwithstanding their legitimate objective, these activities constitute an interference with the fundamental rights to respect for private and family life and protection of personal data of the individuals concerned, namely all users, potential offenders and victims. Any limitation to the fundamental right to respect for private and family life, including the confidentiality of communications, cannot be justified merely on the ground that certain technologies were previously deployed when the services concerned did not, from a legal perspective, constitute electronic communications services.
https://www.europarl.europa.eu/doceo/document/A-9-2020-0258_...
---
I must say I am pleasantly surprised as to how transparent this process is, and it shows that the "common sense" objections are voiced and brought up.
> Use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting [SIC] child sexual abuse online (temporary derogation from certain provisions of Directive 2002/58/EC)
Who believes the sincerity behind this? Children's rights? Child protection? Do they not see the violation of rights and the potential abuse this law would effectuate, or is it just intentionally designed for it?
I cannot believe anyone would be so brazen to give up a core right that is already established as part of 2002/58/EC, aka "ePrivacy directive", https://ec.europa.eu/digital-single-market/en/news/eprivacy-.... So, let's look into the proposal more closely, which is available in the top URL.
> CONTENT: the proposal aims to introduce a temporary and strictly limited derogation from the applicability of certain obligations of the ePrivacy Directive to enable providers of number-independent interpersonal communications services to continue using specific technologies and continue their current activities to the extent necessary to detect and report child sexual abuse online and remove child sexual abuse material on their services from December 2020, pending the adoption of the announced long-term legislation.
In case you are wondering, "number-independent interpersonal communications services", apparently covers communication technology and services that not explicitly rely on public identifiable numbers. So, any communication service that you can have separate from a personally identified user.
> As a reminder, the proposal aims to introduce limited and temporary changes to the rules governing the privacy of electronic communications so that over the top (OTT) communication interpersonal services, such as web messaging, voice over Internet Protocol (VoIP), chat and web-based email services, can continue to detect, report and remove child sexual abuse online on a voluntary basis.
The language here comes across as particularly dishonest. You cannot introduce "limited" ability to circumvent privacy. In order to monitor something, services will need to be able to monitor everything.
It goes on to mention safeguards:
> - a mandatory prior data protection impact assessment pursuant and a mandatory consultation procedure, prior to the use of the technology;
> - human overview and intervention is ensured for any processing of personal data, and no positive result is sent to law enforcement authorities or organisations acting in the public interest without prior human review
> - appropriate procedures and redress mechanisms are in place
> - no interference with any communication protected by professional secrecy
> - effective remedies provided by the Member States at national level.
> When no online child sexual abuse has been detected, all data should be deleted immediately, according to Members. Only in confirmed cases can the strictly relevant data be stored for use by law enforcement for a maximum of three months
---
It honestly strikes me as one of the worst proposals I've seen in a long time. I cannot imagine that child porn is regularly transmitted through chatting services on a p2p basis. Especially not to the extent that it vindicates an end of E2E encryption. Giving up such a core component of ePrivacy, you would think that a report that documents what the problem currently is, would be in order.
The document attached to this proposal, and the article on HN documents the issues quite well. https://www.europarl.europa.eu/doceo/document/LIBE-AM-661791...
> The proposal does not protect children but exposes law-abiding citizens to major risks (such as AI algorithms falsely flagging legal intimate depictions and conversations of children and adults relating to their health and sexual life) and violates the fundamental rights of millions of children and adults according to relevant jurisprudence. Analysing the content of all private messages is as unacceptable as if the post office opened all letters to check for illegal content. According to EDPS, neither the necessity nor the proportionality of the instrument have been demonstrated
---
A very important and separate issue to E2E discussion is the violation of privacy for whom this is intended to protect.
> Teenagers have the right to discover their sexual identity in a safe and private environment. The rise in reported numbers of online child sexual abuse material is also partially due to the emerging practice of teenagers who, in the development of their sexual identity and experiences, take explicit pictures of videos of themselves and send them to peers, or share such material without a sexual motivation. In addition, the age of sexual consent differs across Member States. If users have reached the age of sexual consent under national law, no reporting on solicitation of children should not be reported to law enforcement authorities
> Notwithstanding their legitimate objective, these activities constitute an interference with the fundamental rights to respect for private and family life and protection of personal data of the individuals concerned, namely all users, potential offenders and victims. Any limitation to the fundamental right to respect for private and family life, including the confidentiality of communications, cannot be justified merely on the ground that certain technologies were previously deployed when the services concerned did not, from a legal perspective, constitute electronic communications services.
https://www.europarl.europa.eu/doceo/document/A-9-2020-0258_...
---
I must say I am pleasantly surprised as to how transparent this process is, and it shows that the "common sense" objections are voiced and brought up.
It's hard to organize protests for free speech. If you ask people if people should be free to express their opinions, most people would agree. But then, if you ask people if it should be possible to block content doubting the scale of pandemic or efficiency of the vaccines, most people would also agree.
This article is about private communication, however. And that one does not necessarily contradict current pandemic measures.
Most of the harm of content with anti-vaccination stuff or whatever comes when it becomes publicly available. We could still have private communications but block (or annotate with "see COVID Center with actual science") those conspiracy videos when they get posted on public feeds, such as youtube, instagram or whatever. Until the pandemic subsides, that is.
Most of the harm of content with anti-vaccination stuff or whatever comes when it becomes publicly available. We could still have private communications but block (or annotate with "see COVID Center with actual science") those conspiracy videos when they get posted on public feeds, such as youtube, instagram or whatever. Until the pandemic subsides, that is.
another great thing the EU is doing for us... wonderful! The bureacracy appartus works perfectly well, far away from any accountability.
Its the perfect system actually. Let everyone fight their local nationwide politics and in the meanwhile implement those life changing things from an appartus far away.
The EU commission is voted in by the EU governments.
The EU council is made by the EU governments.
EU citizens elect MEPs.
There is no accountability because no one holds them to account and people repeat what you just wrote like gospel, including people writing for newspapers - and that has to stop.
You can pressure the EU as much as you can pressure your national government, all you need to do is put the pressure on your national government. Add your MEP on top, but the national governments are enough if you don't want to go the extra step.
There is no accountability because no one holds them to account and people repeat what you just wrote like gospel, including people writing for newspapers - and that has to stop.
You can pressure the EU as much as you can pressure your national government, all you need to do is put the pressure on your national government. Add your MEP on top, but the national governments are enough if you don't want to go the extra step.
i know how the EU works. on paper its nice. but in reality, 99% of people can't even name 5 EU politicians or more than 2 EU parties (if they even can name 1) or even which national party is part of which EU party.
the whole thing is a huge black box IN PRACTICE and thats why it is so powerful and uncontrolled.
And why is that? That is because national media cover only national politics in 99% of cases. The EU is only mentioned when the national politicians blame the EU for some of their own failings.
It’s far too easy to regard the EU as some distant entity that doles out laws. Who is in the EU? People. People from where? The countries within the EU. Often the diplomats were politicians in their own country before going to the European Parliament.
So who should you be angry at? Some make believe distant evil council, or your local parties? They are the ones sending over the people who vote on these things, you can complain locally about the policies “far away”.
So I am not saying laws like these aren’t wrong, they are and it is very frustrating that wrong decisions like these might influence stuff happening in my own country, but let’s not pretend that the EU is run by aliens from some sort of Death Star. Pretending like that is the case is what makes accountability seem impossible.
So who should you be angry at? Some make believe distant evil council, or your local parties? They are the ones sending over the people who vote on these things, you can complain locally about the policies “far away”.
So I am not saying laws like these aren’t wrong, they are and it is very frustrating that wrong decisions like these might influence stuff happening in my own country, but let’s not pretend that the EU is run by aliens from some sort of Death Star. Pretending like that is the case is what makes accountability seem impossible.
of course its not run by aliens from some sort of death star. stop being ridiculous. i never even implied that.
but the whole circus in Brussel is a huge black box bureacracy run by politicians that no one really knows. the politicans that are sent there by local parties are usually not very well known by the local populace, and even if, their doings are not really of influence on how poeple view their local parties. heck I bet 95% of voters cannot even name 5 eu politicians in the parlament and to which local party they belong to.
and thats the power. the citizens are busy with national politics and in the meanwhile the death star aliens can do whatever they want.
and yes. its not an unsolvable problem. people could educate themselves. all the info is there. but its a very laborous job. so maybe the media is just doing it wrong?
but the whole circus in Brussel is a huge black box bureacracy run by politicians that no one really knows. the politicans that are sent there by local parties are usually not very well known by the local populace, and even if, their doings are not really of influence on how poeple view their local parties. heck I bet 95% of voters cannot even name 5 eu politicians in the parlament and to which local party they belong to.
and thats the power. the citizens are busy with national politics and in the meanwhile the death star aliens can do whatever they want.
and yes. its not an unsolvable problem. people could educate themselves. all the info is there. but its a very laborous job. so maybe the media is just doing it wrong?
[deleted]
> and yes. its not an unsolvable problem. people could educate themselves. all the info is there. but its a very laborous job. so maybe the media is just doing it wrong?
EU Parliament is by-in-large more transparent and direct than the UK one (not sure where you're from, but I'm from the UK so that's the lens I have).
But you're absolutely right, for some reason the EU "feels" quite closed off, and it's almost entirely the medias fault. Media is driven on eyes, and the further away a thing is the more difficult it is to have eyes on it.
It takes huge issues to get international attention, natural disasters that kill hundreds in another EU country are barely mentioned on british media.
It's also very boring, so it's not surprising.
But, it's actually very easy to read the EU parliamentary, commission documents, and the documentation on how all the processes work is quite clear (even if it's a bit alien on first look because you're taught your own system and have to "unlearn" that a bit first).
I'd give it a go, it's not as intimidating as it first appears. But I fully agree that the media should do this, it's literally their job.
EU Parliament is by-in-large more transparent and direct than the UK one (not sure where you're from, but I'm from the UK so that's the lens I have).
But you're absolutely right, for some reason the EU "feels" quite closed off, and it's almost entirely the medias fault. Media is driven on eyes, and the further away a thing is the more difficult it is to have eyes on it.
It takes huge issues to get international attention, natural disasters that kill hundreds in another EU country are barely mentioned on british media.
It's also very boring, so it's not surprising.
But, it's actually very easy to read the EU parliamentary, commission documents, and the documentation on how all the processes work is quite clear (even if it's a bit alien on first look because you're taught your own system and have to "unlearn" that a bit first).
I'd give it a go, it's not as intimidating as it first appears. But I fully agree that the media should do this, it's literally their job.
Speaking from a UK perspective: we ke{ep,pt} sending eurosceptics to the EU because "they'll hold them to account!", and populism is surprisingly effective.
The truth is usually that eurosceptics have no desire to see the EU work and they will support legislature that makes the EU look untenable, stupid and bureaucratic.
I suspect this is true for other countries.
The truth is usually that eurosceptics have no desire to see the EU work and they will support legislature that makes the EU look untenable, stupid and bureaucratic.
I suspect this is true for other countries.
Yeah, makes sense. But the likes of SPD are too happy to vote together with CDU on any stupid proposal
When did UK eurosceptics vote for legislature like that?
Well, Farage himself has the second to lowest voting record , only beaten by Brian Crowley of Ireland who has never at all voted.
I’m going to just grab a couple from my phone but I’m sure it would be easy to dig into many others, it’s not a hidden thing really but most people don’t even check who their MEPs are let alone hold them to account on voting records:
Tim Aker, voted against subsidising farmers from volatility (a key impact for UKIP voter base and a campaign promise of UKIP: protecting British farmers) and voted for renegotiating to give Greece more capital: https://yourvotematters.eu/en/profile/ec/tim-aker
and Stuart Agnew, a prominent UKIP MEP has intentionally slowed things down with farcical no confidence resolutions https://www.europarl.europa.eu/meps/en/96897/JOHN+STUART_AGN...
I’m going to just grab a couple from my phone but I’m sure it would be easy to dig into many others, it’s not a hidden thing really but most people don’t even check who their MEPs are let alone hold them to account on voting records:
Tim Aker, voted against subsidising farmers from volatility (a key impact for UKIP voter base and a campaign promise of UKIP: protecting British farmers) and voted for renegotiating to give Greece more capital: https://yourvotematters.eu/en/profile/ec/tim-aker
and Stuart Agnew, a prominent UKIP MEP has intentionally slowed things down with farcical no confidence resolutions https://www.europarl.europa.eu/meps/en/96897/JOHN+STUART_AGN...
Dumb legislature is not unique to the EU, blaming them specifically is misguided.
Please use arguments that arent fundamentally based on biases. There is definitely value in a European government, even if the way it's currently setup is very questionable, as the citizens have no realistic way to influence decisions on that level.
Please use arguments that arent fundamentally based on biases. There is definitely value in a European government, even if the way it's currently setup is very questionable, as the citizens have no realistic way to influence decisions on that level.
> as the citizens have no realistic way to influence decisions on that level.
They could stop voting for parties/MEPs that have mass surveillance and weakening of civil rights as part of their election programs and core identities. Alas a majority of European citizens doesn't seem to care.
They could stop voting for parties/MEPs that have mass surveillance and weakening of civil rights as part of their election programs and core identities. Alas a majority of European citizens doesn't seem to care.
The EU is special when it comes to high-tech though. Just try to browse the web normally from inside any EU country to see how much they managed to f-up the Internet.
I browse the web all day, every day from within the EU and I don't know what you are talking about.
Never noticed that huge cookie popup smack in the middle of every single damn new website you visit huh?! Lucky you...
Yea, I see those but only the first time I visit a website. Lucky you... thinking that a notice that a web page is storing data on your computer is fuckig up the internet.
Oh no, the fist and most important thing I need to know when I visit a website is not whatever reason I came there for, but if that website is saving some goddamn bits of data on my machine. It’s really my first priority! Nothing else matters until I answer the existential question if I consent or not. Nothing!
That's the thing with cookie banners, they're not necessary if you only use them for site specific reasons.
They only become necessary if you're using something like Google analytics, which documents every action taken.
The fact that almost all pages have to show them is another sad example how broken our current internet culture is.
Btw, you can actually delete most banners with the ublock origin annoyances filters, that makes me forget that they exist sometimes
They only become necessary if you're using something like Google analytics, which documents every action taken.
The fact that almost all pages have to show them is another sad example how broken our current internet culture is.
Btw, you can actually delete most banners with the ublock origin annoyances filters, that makes me forget that they exist sometimes
Oh no, a notice on web pages is fucking up the internet.... just listen to yourself. It is pathetic.
Well excuse me for having a preference on how to spend my time and what I want to do on the Internet. Did not realize how pathetic this pretension of mine was to the eyes of the wise bureaucrats in Brussels. I am so lucky they knew better and decided for me how to best start my online experience.
Please accept my humble apologies. I am not worthy of your sublime attention. I am so lucky you exist and are leading me to new heights of progress and civilization. Thank you, sir.
Please accept my humble apologies. I am not worthy of your sublime attention. I am so lucky you exist and are leading me to new heights of progress and civilization. Thank you, sir.
Perhaps you could give some examples.
SESTA / FOSTA laws in US?
my friend. i haven't said the EU needs to go. I just stated that the whole setup is terribly wrong.
anyway. it needs to go. and then its need to be re-implemented differenlty. no idea how. but not in this way.
anyway. it needs to go. and then its need to be re-implemented differenlty. no idea how. but not in this way.
Someone was telling me the other day that censoring communication in Germany is just fine.
Hopefully he's right.
Hopefully he's right.
So if I understand correctly, this will be the end of E2E encryption? That would probably be the stupidest decision of the century. Governments are always lagging behind in terms of 'cyber' security, so my guess is that it will only be a matter of time before we can expect data leaks from widely used private chat services.