179 comments

[ 2.6 ms ] story [ 204 ms ] thread
Politicians should consult with experts. They almost never actually do. We shouldn't tolerate this. And yet, we always will.
Shouldn't experts be more politically active?
It's on the people making the laws to make sure that said laws are up-to-date and appropriate. It's literally their job. Blame them for not doing it well.
It's the politicians responsibility.

If you are say, writing IP and finance code, is it your responsibility to seek legal counsel or is it the legal profession's responsibility to somehow find you, discover what you are doing, and then impose themselves upon you?

In public companies, the process is a bit different, but the idea is the same. Say the CEO or other senior management "writes" a press release...

(I put this in quotes because they don't put pen to paper, it's done by someone else obviously, but these are their words)

It may be copyedited by Comms for tone and grammar, as well as fact checked by someone who is an expert in the subject - but also by Legal if it touches on relevant issues. In that case, they will seek you out, if only for CYA reasons, before it goes out the door.

Why? Expertise within a specific field does not equal political ambitions.
Why does political activism have to be related to political ambitions? (I'm assuming you mean personal ambitions). Of course you could be an expert within a field but also try to promote or intervene in some decisions with your knowledge, without greater political aspirations. Is not a requirement, but if you're interested in providing useful insights from your field, just go for it.
Well, having a political goal and actively pursuing that goal counts as political ambition in my book, regardless if the motivation is personal gain or not.

Regardless, I didn't mean that experts shouldn't get involved in politics. It's just that experts care and don't care about politics to the same extent everyone else does. There's no reason why an expert within a given field should be expected to care more than anyone else.

Hard to be more active when the architects of Brexit have strongly made clear that they’ve “had enough of experts” when they failed to find a single expert economist who thought Brexit was a good idea[1].

I don’t know which is sadder that our current leaders are so incompetent or that people must have known that and voted them in with a big majority anyway. Speaks to how poor the opposition were too.

A pox on both your houses! :P

1. https://www.indy100.com/people/coronavirus-advice-experts-mi...

Full Gove quote: "I think the people in this country have had enough of experts with organisations from acronyms saying that they know what is best and getting it consistently wrong."

The ones _getting it consistently wrong_ being key... yet rarely quoted.

We should be keeping track of predictions from those who want to be called experts, and retrospectively grading them/enumerating their successes and failures.

Politics is for those who want to control other people
Likewise, experts (here: we, the people of hackernews) should consult with other experts. Like those diplomats that write agreements like this.

It seems to me that the purpose of ANNEX LAW-1 is to incorporate existing EU law into this agreement. It seems like they wanted to avoid creating a new text, just because the old one was, well, old.

We probably have something similar in our programming professions: If I am to split a monolith into microservices, I'd avoid rewriting the business logic at the same time. Reuse the existing business logic, and then revisit it once the architecture itself is stable.

The professional consequences can be dire if your advice isn't what the politicians want to hear. E.g. David Nutt in the UK.
Seems taken from wikipedia (an earlier redaction probably). Today wikipedia says “ S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced electronic signature”, which is the same as in the OP but without NS/Outlook, etc.
Pretty sure it's copied from here:

https://www.legislation.gov.uk/eudn/2008/616/annex/chapter/1...

Still not really a good showing to just copy and paste previous laws without considering whether or not its out of date.

> Still not really a good showing to just copy and paste previous laws without considering whether or not its out of date.

otoh wouldn't it take something like 30 years to review every single line again ? everything would have to be vetted, which means full parliamentary sessions, no ? While outdated, but accepted law, does not need to go through the whole process again.

We are in a time when parliamentary scrutiny means “vote whichever way your party whips tell you under any circumstances”. This is no doubt partly owing to the generally low abilities of contemporary members of Parliament, but also because it’s almost always the case that a majority government can get whatever it wants through parliament by definition of the numbers.
> I believe this looks like a standard copy-and-paste of old standards, and with little understanding of the technical details.

Exactly. I’ve seen people who work like that. Copy-paste a bunch of stuff that they don’t understand and betting that the people that read it don’t understand or don’t care either. And worse yet it turns out that often they are right. No one cares anyway. So the people that do this get away with it. And the people that do care are spending their time writing stuff that in the end most other people that don’t care aren’t even going to give more than a cursory glance anyways.

That describes half the web developers I've worked with too.
Isn't that a little true of every abstraction? yum is shorthand for "I trust you, please give me something"
Isn't that a little bit different though? yum/apt-get/etc are designed to be used this way while legislation isn't.
For a direct example, take a block of code copied from StackOverflow and then search for it on GitHub.
Does anybody know if there's an "official" term for this sort of behavior beyond laziness or apathy?
Expedited legislation
Pretty sure this is the only way to even get a 1246 page long 'agreement', because that amount of text is well beyond what any reasonable person could carefully read and agree to.
Doesn't mean that the "Sherpas" team, should not have picked that up earlier on.

Sherpas in this sense is the actual career diplomats who do the hard work - but I suspect they did not have subject matter experts to pick this up.

Oh yeah this definitely should have been picked up, all I'm saying is that I'm not surprised it wasn't. The sheer size makes it nigh impossible for anyone to fully understand what it says, so to the extent that there is any democratic control it's essentially based on hearsay.
Lawmakers need to do their job. They need to read and vet this stuff, not go on junkets and play golf with lobbyists.
Lobbyists are the ones who are reading and vetting it.

Lawmakers are not and can never be experts in your preferred subject, so they talk to people who are - either by retaining them as bureaucrats, or by asking lobby groups as-needed. I've not seen armies of programmers clamour for the former, so honestly, what on Earth do you want?

> I've not seen armies of programmers clamour for the former

You can count me out of that - I'm from governments that have the size they need to properly function and I'm happy to pay taxes to fund that.

I'd be happier if people richer than me paid their fair share but, unfortunately, due to budget cuts, a lot of tax legislation was written by their lobbyists instead of actual experts and, therefore, they don't.

It's written and read by lots of people working in parallel.
...over multiple decades
Brexit takes ages, but not decades.

(And yes, the original text is decades old and it's quite obvious that the negotiation team stldecided to keep the existing process and therefore take the same legal framework)

Original text being collection of decades of individual collective works is key here. If we update this part to modern standards, why wouldn't we update all of the others too? And how long that process might take...
The point where is: The brexit agreement is not the forward looking thing, it is taking the status quo and extending it. The EU can go and improve it (if they see need) but requiring something differently/newer in Brexit negotiations causes more trouble. It is a complex transition already and brexit negotiators don't have a mandate to renegotiate EU treaties (which would be the consequence)
The negotiation teams had years to come up with it, vet it, understand it and discuss it with the other side. The problems only come when the various parliaments have to understand the fruits of all that labor in a much shorter timeframe.
It's almost like the Brexiters had no clear idea of what exactly they wanted and how to achieve that.
The negotiators had 11 months not "years". The UK left the UK on 31st January 2020 and negotiations on this agreement didn't start (and couldn't legally begin) until then. The negotiations around the "withdrawal agreement" were a completely different thing and were solely about what the EU / UK relationship would be during the transition period which ends at midnight on 31st December this year. As part of that withdrawal agreement the UK government specifically negotiated a short transition period (off the top of my head the initial EU offer was five years), presumably because they thought that the increased time pressure on the EU would work to their advantage. Whether that has worked out as Boris and co hoped I'll leave as an exercise for the reader.
Well, also the UK had to keep paying in during the transition period.

> negotiations on this agreement didn't start (and couldn't legally begin)

This could have easily been worked around had there been any (good) will in Brussels (or more importantly in the washing machine!)... but there wasn't. Certainly the UK government at the time were desperate to negotiate everything in one go since, as the saying goes, "nothing is agreed until everything is agreed".

If the withdrawal agreement had been 2 years we can be sure it would have taken precisely 2 years to compile the agreement.

I'm afraid you have it backwards if you think the UK government were "desperate to negotiate everything in one go". "Nothing is agreed until everything is agreed" was a core principle of the EU negotiating guidelines[1] on the withdrawal agreement and was precisely what the UK were trying to avoid. The UK strategy was to try and cherry pick, or in the words of Boris, have our cake and eat it. This tendency was so strong among the British negotiators that "cakeism" is now a genuine term used across the continent to describe the tactics of an unreasonable negotiating partner who doesn't understand the need to make trade offs. I'd say it was amusing watching the Rupert's and their admirers screw up so badly and then pretend they've won a glorious victory except I actually have to live in this country.

[1]https://www.consilium.europa.eu/en/press/press-releases/2017...

npm install comprehensive_multilateral_free_trade_agreement && npm run brexit
hah! but perhaps closer to reality:

npm run brexit; npm install comprehensive_multilaterial_free_trade_agreement

There's not any particular reason why they shouldn't copy and paste this, from a technical perspective. Everyone involved has clearly accepted that they're quite happy with SHA-1 and 1024-bit RSA being mandated as the standard for exchanging this information within the EU, and there isn't any reason why this would suddenly be more insecure now the UK isn't a member.

Of course, politically speaking there are obvious reasons why journalists at organisations like the BBC would kick up more of a fuss about this as part of the Brexit deal than as an EU rule, and indeed conspiciously neglect to mention the EU is presumably already using this insecure cryptograpy internally. Writing the article in this misleading way plays nicely into existing anti-Brexit narratives about it being an incompetent attempt to return the UK to the past and about Brexiters screwing things up by not listening to experts. That doesn't make requiring every EU state to upgrade their systems at the last minute any more practical though.

Well, they goal quite certainly was "keep existing process and legal framework" maybe they have noted that they have to rework the corresponding EU agreement, but the Brexit agreement isn't the place to renegotiate EU-internal things.
I am surprised to see a trade deal include the transfer of "DNA data". My guess its for people since it also mentions fingerprints.

Hopefully this is only applies to criminals or hippies.

You hope in vain; DNA is taken from everyone arrested in the UK and retained for 3-5 years if not convicted (indefinitely if convicted).
It only applies to criminals and others whose biometrics has been collected by the police. The point of the section of the agreement to which this excerpt is attached is to:

"establish reciprocal cooperation between the competent law enforcement authorities of the United Kingdom [...] and the Member States [...] on the automated transfer of DNA profiles, dactyloscopic data and certain domestic vehicle registration data"

This already happens under existing arrangements between EU Member States, and all this does is continue those mutual arrangements with the UK.

One of those days when your mother emails you the article that's #1 on HN...
Sounds like a huge assumption about 'mothers'.
As per the article, looks as if it has been taken from earlier legislation. Noted here in 2008 [1] but wouldn’t surprise me if it dates back much further.

Given the size of the legal document (~2000 pages) I’m hardly surprised that this sort of boilerplate gets copy/pasted.

The real question is whether this sort of oversight is indicative of the quality of the rest of the text - though I suspect time and effort will have gone into the substantial “non-boilerplate” parts (with any luck).

Either way, the European Parliament won’t be debating this until February so it’s only provisional until then meaning there’s plenty of time to comb through it and make adjustments.

[1] https://www.legislation.gov.uk/eudn/2008/616/annex/chapter/1...

Hard to blame non-technical people when even programmers happen to use md5.

Anyway, why such documents don’t refer to auxiliary standards with big ass year of creation somewhere on top? That might ring a bell if you’re about to use something from 3 decades ago and you have a hint it’s security related.

There's a big difference between still using a very-common hashing algorithm that happens to no longer be secure, and discussing the use of programs that haven't actually existed in decades.
Oh I was referring to the other part of article about document recommending usage of algorithms such as 1024 bit RSA and SHA-1.
A more charitable interpretation is that the copy/paste isn't because the authors are hopelessly out of touch: instead, they're seeking to enable the direct re-use of all of the executive policy and judicial precedent which has developed around those legal particulars since they were first codified.
That's how I understand it. If you take for granted that the existing corpus already has multiparty agreement, and that any changes you make need the agreement of 28(?) countries - then you change as little as possible.

Especially since this isn't some hand-wavy-future agreement, it comes into force (provisionally) in 3 days.

It’s basically when you have depend on a 3p library that you discover 3 days before release has a crucial bug and the only way to deal with it is to copy and paste huge swathes of library code into your app, tweaking the bits you need to while leaving the rest there, that you don’t understand, possible bugs and all ... but don’t worry there will be 1.1 in a couple of months ...
This seems like a good explanation to me, thanks! One question though - why have the EU texts themselves not been updated since 2008?
Probably because legislators have better things to do.
No need. The intend is clear and there are more important things to do.
In reality more modern communication techniques will be in use now. The legislation is in effect setting a minimum standard for implementation.
Better question, why was it not written so it could be updated by security experts without requiring new legislation.
Because it is not necessary. The actual parties involved know what is meant and intended, so adding some ongoing and constant amendment process is counter-productive.
> The actual parties involved know what is meant and intended

Trying to keep lawyers in business it sounds like. “Intent” is one of the trickiest things in the world when you want it to be.

Speaking from personal experience, it is necessary to update these references, because people implementing them have no choice but to follow the letter of the law. I have worked on govt projects where we had to downgrade to an insecure cipher suite to comply with outdated regulations.

Putting on my govt contractor hat, there may be a business opportunity here to set up VMs running Win95/Netscape Communicator for use by all the civil servants looking to comply with the law. Could charge a pretty penny too - it’ll all get budgeted as “Brexit compliance” costs.

> there may be a business opportunity here to set up VMs running Win95/Netscape Communicator for use by all the civil servants looking to comply with the law.

The text quoted in the linked article in no way mandates the use of Netscape Navigator or Mozilla Mail - it merely references them as being widely distributed software capable of using RSA 1024 and SHA-1 (which it does appear to mandate).

It does mention AES-256. The pairing of that with SHA-1 and RSA-1024 is peculiar.
> Speaking from personal experience, it is necessary to update these references, because people implementing them have no choice but to follow the letter of the law.

That reminds me of FIPS for some reason...

Then why give specifics at all? Why not say something like "use industry best practices for encryption" or equivalent legalese?
Best practice most likely wasn't good enough back when the original text was written. But yeah, they should have made it a bit more future-proof, and they definitely shouldn't have copy/pasted the text into new treaties 12 years later.
Because there isn't a Big Book of Industry Best Practices everybody can trivially agree to use?

Sometimes they don't exist - who maintains a sufficiently reputable list of safe email clients and web browsers?

Sometimes they exist but they carry some baggage - the FIPS standards for cryptography are probably fine, certainly better than hardcoding a couple of algorithm names, but they're also controlled by a foreign government.

Wasn’t “best practice” back then MD5 even though it was known to be insecure?
(comment deleted)
Acts and regulations (to use the UK legal parlance) perform different functions. Legislators will write a law (primary legislation) via an Act (of parliament) and powers are delegated to a regulator (or minister) who will then set regulations (secondary legislation) that fit within the power of the Act.

The secondary legislation is the bit that can be updated without requiring a new Act. If EU law is set up in the same manner, (and no doubt it will be similar as not only is this method good when meeting the ideal but useful for corrupt politicians to write law with less scrutiny) then the copy and paste is from secondary legislation. It may well need an update but that doesn't mean it can't be updated in the manner you advocate.

https://en.wikipedia.org/wiki/Delegated_legislation_in_the_U...

That really brings question will all of those experts be trusted? Or might they be swayed by a hostile party like NSA? So the updated version would be more insecure than the existing one...
It's not even a question of being swayed. I don't know about the process in the UK, but regulation writing is so slow in the US that being FIPS compliant usually means you're actually less secure since you're behind the latest in security.
Law moves slowly, this is a feature, not a bug.
Charitable indeed. Friar Occham awaits you in the parlour to delight you with a most fascinating piece of cutlery....

On the one hand, a legislative body so recklessly plunged the nation into chaos through its own incompetence that the parliament changed hands thrice, each assembling with a new headmaster more incompetent than the last. That it, in its eminence and wise foresight, divined it prudent to carefully and diligently craft both in word and in meaning a strong and thorough treatise that on its face may seem silly yet upon only the most assiduous review is the machination of a truly divine primium mobile into which this nation will resume its normal course...

or..

the same bumbling octogenarian landed gentry that put everything from food security to the protestant catholic truce in jeopardy has somehow forgotten the year again.

Let's keep political cheerleading off HN.
(comment deleted)
In this case Brexit is going to have a huge and damaging effect on the UK's IT industry.

Not only will some corps leave for Ireland taking their jobs with them, not only will small businesses and consultants find it far harder to sell services in the EU, not only will the UK be excluded from cutting edge research programs and funding, and not only will UK students be excluded from the international Erasmus scheme - but the current government literally has no idea why these losses even matter, never mind why it's important to mitigate them.

The absence of No Deal means the UK will tend towards slow decay rather than instant crash and burn, but the medium/long term prospects of almost everyone working in IT are now significantly diminished.

Perhaps so, but none of this is relevant to jgraettinger1's subthread.
Or, you know, they're trying to quickly forge an agreement that's as similar as possible to the previously-agreed legal, economic, and governmental frameworks under which they've been operating for decades ? An agreement that avoids rehashing settled issues of law that neither side cares to change?

Applying that razor, it seems a mite more likely to me than some octogenarians forgetfully bumbling their way into a thousand page agreement.

The charitable interpretation is that the people who insisted that it would be better for Britain to leave the onerous regulatory regime of the EU have put their country in a position where the best option is to intentionally copy/paste 20-year-old EU regulations into a binding treaty?
When those regulations are about the exchange of information with other EU countries and everyone involved seems to have decided that it is absolutely, totally crucial for that exchange of information to continue uninterrupted? Absolutely.
Isn't the whole point of Brexit that no, we've decided that it's not actually totally crucial to continue Britain's relationship with the EU the way it has been in the past, and disruptions are totally fine and perhaps to be desired if they are in the service of Britain being free of EU regulation?

(I mean, I certainly am of the opinion that allowing that exchange to be uninterrupted is very important, but I also have that opinion about everything else Brexit wants to sever. I'm definitely not the person you need to convince that maintaining relationships with the EU is worth doing even if the cost is abiding by EU regulations.)

> Isn't the whole point of Brexit that no, we've decided that it's not actually totally crucial to continue Britain's relationship with the EU the way it has been in the past, and disruptions are totally fine and perhaps to be desired if they are in the service of Britain being free of EU regulation?

You answered your own question with "and perhaps to be desired if they are in the service of Britain". That's what sovereignty is and that's what the whole point has been - or at least a very large part - not to disrupt things for the sake of it. Does leaving the EU mean the UK must become its enemy?

You'll have to ask the people who have been threatening gunboat action against foreign fisherman and have spent the best part of the last year threatening to tear up any and all existing agreements with the EU.

Sovereignty apparently means whatever they want it to mean. If it means trashing the 80% of GDP devoted to services, strangling small businesses with expensive and time consuming red tape, trampling all over the goodwill that Europe used to have towards the UK by creating a hostile environment for EU citizens, and wasting everyone's time and money on vapid nationalistic posturing - then apparently that's "in the service of Britain."

Except it isn't. It's really only in the service of a corrupt, delusional, entitled, and frankly rather stupid rump aristocracy who saw their so-called sovereign power - and ability to evade taxes - being diminished by EU membership and decided to do something about it.

The idea that anyone could argue that low-rent cut and paste legal boilerplate is somehow evidence of national sovereignty is - really quite strange.

I don't think there will be many statues of David Cameron once all the scores are tallied up.
> and ability to evade taxes

I would say this claim has been debunked, but in fairness the debunk is talking about reality while many of the most famous Leave campaigners have explicitly claimed they want to leave because of what they incorrectly believe about what EU law does.

https://fullfact.org/online/brexit-not-concealing-offshore-a...

> The idea that anyone could argue that low-rent cut and paste legal boilerplate is somehow evidence of national sovereignty is - really quite strange.

Indeed, which is why no one is. You’ve also got a reply that shows you’re incorrect on the tax claims, and the part about trashing the economy could be pulled from the writings of Nostradamus it needs that much clairvoyance and doom-mongering.

When I find I haven’t researched a topic properly and I’m demonising people based on malicious rumour and a mind reading ability I’m not even sure I’d want, that’s a good time to reconsider my opinion.

I guess I don't see the sense in which Britain did not already have its sovereignty and now gains it by this move. If it's in Britain's interest to have binding treaties that include outdated and unwanted EU regulatory text, wasn't that the status quo? Or if it's in Britain's interest to not be bound by EU bureaucracy, doesn't that mean Britain should not be bound by this treaty? Which of the two is it?

What is the principle that determines that this treaty is worth signing but also determines that staying in the EU is not worth it?

(Maybe the answer is just "The people demanded Brexit out of a sense of identity, but they don't want Brexit as an actual policy, and so this preserves national morale without affecting anything else"?)

The EU created this legislation, Britain nolonger has to have the archaic restrictions of this legislation with other trade agreements, which it is now able to negotiate independently (an actual benefit of Brexit it can be argued). It seems logical to me the agreement between the two parties inherits from the previous relationship, it's the lowest friction option and these negotiations will be ongoing for years as the UK/EU relationship evolves.
> What is the principle that determines that this treaty is worth signing but also determines that staying in the EU is not worth it?

That question cannot be answered to your satisfaction without answering this:

> I guess I don't see the sense in which Britain did not already have its sovereignty and now gains it by this move.

The easy way to distinguish the level of sovereignty is not to compare UK/EU treaties before and after Brexit, but to compare them with the treaties and level of sovereignty between the EU and Canada or Japan. The treaty we’re discussing now is of that ilk, and clearly, the level of sovereignty of those countries is of a different level to that of one in the EU. Can the EU make a law that Japan must implement domestically? No, they are covered by international law as a sovereign state. Same goes for Canada, and now the UK.

The argument that the UK had full sovereignty in the EU was a popular argument by those opposed to leaving but it was obviously false, which is surely one of the reasons their arguments were unpersuasive. From 22:31 of Vernon Bognador's talk[0] at Yale (which is fascinating from start to finish, by the way):

> When Harold Macmillan sought to join, he encountered fundamental difficulties, difficulties which probably have never been resolved, and the essence of the problem was one of fitting Britain into a continental system whose assumptions about constitutions, politics and economics was so different from those held in Britain.

> The most fundamental problem, perhaps, was that of fitting a constitutional system based on the sovereignty of parliament and the absence of a codified constitution into one based on a written constitution, the separation of powers, and subordination of the legal systems of the member states to superior system of European law.

Vernon Bognador is British Research Professor at the Institute for Contemporary British History at King's College London and Professor of Politics at the New College of the Humanities. He is also Emeritus Professor of Politics and Government at the University of Oxford and Emeritus Fellow of Brasenose College, Oxford, and has written several books on the British constitution and Brexit. He voted to remain in the EU[1].

[0] https://www.youtube.com/watch?v=WMV9wSSLcCY

[1] https://www.telegraph.co.uk/politics/2019/10/10/second-refer...

Edit: formatting, will I ever get used to this flavour of markdown? </lament>

> people who insisted that it would be better for Britain to leave the onerous regulatory regime of the EU

You mean the electorate.

In fairness, the electorate was repeatedly lied to and misinformed about the situation by the people who actually insisted it would be better, baselessly - that is, politicians.
Indeed. If Brexit was such a good idea Team Leave could simply have told the truth.

They didn't. Ever.

At no point have any of their many promises - to stay in the Single Market, to eliminate red tape, to pay an extra £350m a week to the NHS, to be able to trade globally without restrictions, to continue Erasmus membership, and on and on and on - been in any danger of coming true.

So the voters voted for the most ridiculous lies, and apparently that's "democracy."

No, it isn't. It's fraud - plain and simple.

Even if people are misinformed, it’s still democracy. There’s simply no other way. Maybe it will destroy the country, but at least they will have done it themselves.
You're right that it's technically democracy. You're wrong that there's simply no other way. I don't know what that other way is, but the society needs to keep evolving.

The current state of democracy in countries like UK and US brings to mind that famous Churchill quote:

"No one pretends that democracy is perfect or all-wise. Indeed, it has been said that democracy is the worst form of government except all those other forms that have been tried from time to time."

The common conclusion seems to be "oh, okay, guess that's it, then" rather than "maybe it's time to try something we haven't yet".

...and perhaps we could make it better
You are confusing democracy and elections.

Elections are some times a democratic institution, but not always.

Democracy is government for and by the people. Considered decision making is a very important part of it.

By fetishising voting proponents of referendums cast aside all the important bits of democracy - consultation, consideration, listening to other views, expressing dissent.... and replace it with a brutal contest of propaganda.

Voting is important, but it is not the most improtant part of a democracy and if all yu have is voting and elections you do not have democracy.

Those are some nice and lofty ideals, but I’m talking about the implementation and not the ideal. It’s implemented according the constitution which is just a piece of paper and as such cannot make anyone consider or consult about anything. Instead, it does the next best thing and says “One man, one vote*” regardless of how misinformed anyone thinks they are. There are no provisions for “the electorate was misled” scenario because nobody can be trusted to determine that. So you don’t think that’s democracy? Well, that’s totally fine, it doesn’t care what you call it. To me, if people just voted for whoever was the sexiest, that would still be democracy.
What you are describing is not democracy.
I disagree with the sibling, it's not technically democracy to coerce a vote through fraud.

If you tell people R will give them S, and they vote to get S, but it turns out R doesn't give S at all and you knew it all along; that doesn't mean people voted to get R. They voted to get S, giving them R is not therefore "technically" democracy (or any other weasel way of saying it).

I don't think it's quite as clear as that.

Let's start with the simple case: in a democracy, people vote to affect policy. There's a referendum, and the will of the majority of the people voting in it determines the outcome. Easy.

Now, going in a more sci-fi direction, as a thought experiment: imagine that an evil mastermind invented mind control, and used it to ensure the majority of people voted a certain way in said referendum. Technically, I guess this would still be a democracy -- but in name only. In reality, the will of a single person determines the outcome.

Pulling back into reality, obviously we don't have mind control, nor an evil mastermind concocting schemes. We do know that if trusted people in positions of power abuse that power to outright lie, and spend very large sums of money to pursue a specific goal, then the will of these people will end up having a noticeable effect on the will of the population. If someone manipulated you and convinced you of something that wasn't true for their own hidden goals, is it still really your will that you're enacting by voting for it? or have you been tricked into enacting someone else's will?

So while by a surface definition of democracy, any of the above processes are democratic because they allow people to vote, a functional democracy relies on a well-informed populace -- we knew this even in Jefferson's time ("wherever the people are well informed they can be trusted with their own government").

Notably it was a very small proportion of MPs, the large majority backed Remain, including ex-PM May.

The current PM was one of the relatively few political voices supporting Brexit.

Seems that with enough money from oligarchs you can make enough lies stick to swing a simple majority.

We have to try and move on from this; the next decade is going to make some rich people incredibly wealthy at the expensive of many, many people becoming poorer in the UK - not just by financial measures, but in terms of opportunity, health, quality of life. It's grim.

Exactly. Besides the fact that the need to copy and paste such asinine, archaic terms and details in an agreement is exactly why a country shouldn’t want to be ruled by the Vogons in Brussels. It’s Pournelles Law on steroids.
I don’t think Douglas Adams was talking about eurocrats.... everything in HHGTTG was far closer to home than that. Never once did Arthur blame the EU for the demolition of his house. Prosser was the name of the official overseeing it ... and if I recall correctly he was a reincarnation of Genghis Khan?

I often wonder what Douglas Adams would have thought of all this. The quintessential intersection of proud Englishman and citizen of the world.

He would have had some choice words for this whole mess I am sure.

"Keep your pull requests as small as possible".
Wow. It's such an eloquent way to describe dumpster-fire. If you're not in the word-smithing business already you may want to give it a second look.
Friar Occham knows how to use wc and votes for option two.
Most likely a case of "if you don't change the text you don't need to change the system". You have to remember that this is not actually a new agreement. EU countries and the UK are already exchanging this data and have been doing so for decades.
In Britain we have a phrase to describe silly outrage news like this: "Storm in a teacup".

This, combined with "Signal hacked by cellebrite" last week (bullshit: https://signal.org/blog/cellebrite-and-clickbait/) means the BBC is on a roll lately.

Are you sure that this is the not the editorial staff of the BBC News trying to present some illusion of balance in its (hopeless) Keunnsberg-led coverage of Brexit, instead?
I think it's poor journalism without due diligence verging on clickbait.
Is it though?

Is the fact that parts of this agreement, that means so much for so many, is nonsensical worthy of a journalist's attention and a paper's publication?

I agree with OP's interpretation:

> A more charitable interpretation is that the copy/paste isn't because the authors are hopelessly out of touch: instead, they're seeking to enable the direct re-use of all of the executive policy and judicial precedent which has developed around those legal particulars since they were first codified.

I mean honestly if this is the most egregious thing they have found in the agreement so far, it doesn't sound that bad (and I voted to remain)

It's not even charitable, more likely it's true.

Commercial agreements are complicated, if you can re-use text, you do.

I suggest the lawyers may not view the 'examples of tech' as we do, after all 'Mozilla' is still a 'browser'.

Brexit was never so much about commercial terms, it was about political ones. There would be no 'Brexit' from the EEC.

So if the mandate is 'keep the trade stuff the same as possible so 28 different countries can just say yes quickly' - then this snafu would seem more than rational.

(comment deleted)
Among other interesting things: "for the exchange of DNA profile information [...]: Data are exchanged by Simple Mail Transfer Protocol (SMTP) and other state-of-the-art technologies, using a central relay mail server provided by the network provider. The XML file is transported as mail body"

Well, this is not good

Why? XML in S/MIME over SMTP might not be cutting edge, but it's still state-of-the-art. I would be hard pressed to come up with something better that's equally based on open, established standards. XML is the only thing I would like to replace, but that's probably not worth it given the number of existing legacy systems
> for the exchange of DNA profile information

So you're fine that your DNA information is transmitted in clear in an email?

It’s not “in clear” though, is it? It’s encrypted.
Of course it's encrypted, the deal reads "The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information" (highlight mine). Then it goes on with technical details (that could be updated a bit), then the mention that common email software already supports this (including those from the headline, which is how we got this headline).

https://assets.publishing.service.gov.uk/government/uploads/... page 921

Except...not. HTTP is also cleartext, but it is usually tunelled through TLS. The entire stack matters, not that this one part is insecure when considered in isolation.
That’s all open source standardized. That’s a million times better than a dependency on GitHub, AWS, or some Google Drive link.
A really puzzling part: "SMTP is a ‘push’ protocol that does not allow one to ‘pull’ messages from a remote server on demand. To do this a mail client shall use POP3 or IMAP. Within the framework of implementing DNA data exchange it is decided to use the protocol POP3."
What’s puzzling about that? It’s true, and seems a reasonable choice
Unless they invented a creative way to use pop3, it is not 'pull' in any reasonable sense, because you can only pull what has already been pushed. You can't even even select what to pull once more than one request is outstanding, because pop3 does not convey information beyond message size.

Also, you have to poll continuously, destroying the benefit of having something pushed over smtp.

You prefer Snapchat or tik tok??
(comment deleted)
It sounds like nobody cares what the rules are, only that there are rules. Humans are strange.
(comment deleted)
This is a repost and the key takeaway is that changing this legislation from the prior version from 2008 would be counter-productive to moving forward and require further EU law changes. When the EU updates their own 2008 legislation then I imagine this trade treaty can also be updated.
2008 is after SHA-1 was significantly weakened.
Your comment and OP's can be completely true at the same time.
Presumably, the goal of this part of the agreement is to harmonize various regulations, processes, and bits of legislation. It's included because that's what the pre-Agreement EU/UK verbiage says, not because someone thinks SHA-1 is adequate in 2020.

It makes sense in a way, because there wasn't really time to re-legislate every outdated multi-national standard and regulation that needed addressing in the agreement.

https://www.legislation.gov.uk/eudn/2008/616/annex/chapter/1...

Mozilla Mail is a modern service...

It is is distributed as Thunderbird these days. And while I have a lot of gripes with the way it's managed (ugh, don't ask!) - it's still one of the best alternatives. Still sort of extensible if you sneak in the back way (i.e. not WebExtensions).

Being someone who has been in the tech field for well over 20 years, I always look upon any legislation that deals with tech, with suspect. Sadly, I venture that people in other fields feel the same way when legislation is geared toward their areas of expertise. Elected officials are truly like aristocrats, who are too far removed from the world in which the govern. And because of this, they rely too often on lobbyists and their overwhelmed staff to tell them what to do/what to believe.
Fitting that a deal setting us back decades would mandate 90s tech.

Though of course, the actual reason is sensible and relates to the legals around those things, I imagine.

Nobody tell them about napster yet!
If those problems, which are readily understandable to readers here, exist, imagine how many other things are wrong in such a large and wide-ranging document that most of us would be unable to spot.
What seems to be missing from this discussion is that this agreement was negotiated mind bogglingly quickly (9 months as opposed to the multi year / decade long process) and hasn't undergone the usual process of scrubbing which is where such technical and legal issues would normally be fixed. This process would itself normally take longer than the entire period in which this has been negotiated. Of course it's a mess and is full of copy-pasta errors. Luckily however law isn't code, especially not at the international agreement level, and it is implemented by humans, not computers (or software developers). The big problem with the Brexit deal is that it has essentially come straight from the hands of the politicians and civil servants who have negotiated it and is then being approved without proper scrutiny, at least from the UK parliament and the council of Europe. Let us hope that the only problems with it are a few embarrassing technical errors that in reality will be dealt with by secondary legislation and side agreements between the parties. If there are serious issues then they will likely be picked up before it is approved by the European Parliament (and it's not a shoe in that it will actually be approved by MEPs) and these will need to be dealt with, probably through a bunch of secondary legislation and agreements.
I can’t wait for them to sit together again and start working on errata.
It does make me wonder if this type of legal document is just too large and complex for the people agreeing to it to even really know what they're agreeing to. The international politics version of a EULA.
I would suggest that the BBC rewarding Prof Bill Buchanan with a quote in a story for this silly bit of grandstanding is a bad idea.

He says, "one day we will build a digital world fit for the 21st Century ..." and I roll my eyes. At least he could follow this up with some tweets that educate his audience about how these sorts of agreement /should/ be drafted. But I suspect that he is just a drive-by critic and doesn't have any insights into how they should be drafted.

And now I feel so snarky.. the man's twitter profile says "Old World Breaker/New World Creator" .. I could only dream of growing up to be this pretentious!

Be as snarky as you like. What have you contributed to the field of CS that's so much more impressive than the Professor?
Fairly standard for the type of quote the bbc likes from academics unfortunately.
Can you imagine how much we would laugh if modern web browsers identified themselves to servers by all saying they were Mozilla browsers and referencing old technologies like Gecko?
or if apple and ms and google browsers all identified themselves as each other?
> old technologies like Gecko

Gecko is a modern browser engine.

Gecko is old and, while still in use, is being actively replaced by Servo for last 3 years.
Apply more scrutiny to the pop tech news sources you pay attention to and/or be more mindful of the takeaways that you read out of the information that is reported. This information is incorrect.
"The proof that you are wrong is obvious and left as an exercise for the reader" it no way to hold a discussion on a public forum, or anywhere.

And I say this as someone who knows that Gecko is constantly being updated and that Servo is a testing ground for new technologies that after being shown to be effective were migrated into Gecko.

Please don't fabricate quotes.

https://news.ycombinator.com/item?id=13602947

Aside from that, the burden of proof is on the person I responded to. The idea that anyone needs to prove them wrong is completely backwards.

Thanks for informing me, I'm surprised that it wouldn't be obvious that my "quote" is paraphrasing the tone of your message, but if it is confusing then I'll find other ways to express that.

Anyway, the burden of proof is on anyone who makes any claim in a debate. And you do make a claim:

> This information is incorrect.

... without any further explanation as to why that claim would be more correct than the claim by the person you disagree with.

Or put in other words: there is nothing in the comment that would be of any substantial help to a third person reading along who doesn't know anything about Gecko or Servo. Even if they were to believe that you were right they wouldn't know what the correct information is!

Despite your pronouncements to the contrary, a comment appearing to say "this is incorrect" is absolutely more "help" to someone who's reading along and doesn't know anything than if the original false claim were instead to appear naked and unopposed.

There is no imperative—moral, logical, or otherwise—that I or anyone else spend energy to substantiate the debunking of a claim for which there has been no attempt to substantiate the original itself—even if you want to use a bullshit accounting method which frames it as a de novo claim that the first claim is incorrect. To insist that there is, especially when the energy required to debunk is much greater than the energy spent spitting out the original one sentence nugget of misinformation, is to deliver a set of conditions where Gish gallops are even more effective than they already are. (And that's before we get around to pointing out that you're not even following the rules that you're vigorously arguing are in play; we can let this be one of your exercises for the reader: swap in the word "claim" in place of my use of the word "insist" in the preceding sentence, and then pay attention to the ramifications it has for any of the comments you've written here, esp. wrt the "way to hold a discussion on a public forum".)

In fact, on the topic of outsized expenditures of attention and energy sinks, think about the role you're playing in this even now. (Although, perhaps that was the point—and not an attempt to excite oneself with a pastime that only incidentally happens be tedious in the way it makes contact with others' lives.) This will be my last comment in this thread.

It's not an on/off switch; various parts from Servo have been integrated in Gecko, but it's not like it's "replaced".

It's like the old Greek philosophical riddle: "if you have a ship and replace one plank of wood, then is it still the same ship afterwards? And what if you replace all the planks of wood one-by-one?"

Not at all. Servo is a research engine to try out new things. Things from Servo get incorporated into Gecko when they are production-ready.
AES is mentioned too, with big 256 bits keys, but it appears that you can use whatever block cipher mode you want such as the terrible ECB one.