105 comments

[ 2.6 ms ] story [ 155 ms ] thread
How worrisome is this? And what can a normal person do while maintaining normal communications (to a degree) with people they love but who do not (seem to) care about this stuff?
My observation is that, sadly, "Normal person" probably does not care... For a long time I try to self-host communication channels that matter to me, that is at least email and communicators. That means support burden, since my family is not technical. Not easy but worth it..
Switch to email providers outside the EU like Protonmail, but I fear you are right. The main problem of this is that both sides of a given communication have to be outside the EU for this to work.
>The main problem of this

What is “this” — the EU parliament proposal? Or your workaround? Why would both have to be outside the EU?

> Why would both have to be outside the EU?

Because email/chat is rarely a monologue

Obviously, but that misses the essence of the question.
> What is “this” — the EU parliament proposal? Or your workaround?

The workaround.

> Why would both have to be outside the EU?

Because if one party is within the EU then the contents of the message will be scanned even if one party is outside of the EU.

You should read up on Google’s “associated country.” I think these politicians will take any excuse they can get, and not limit themselves to people who are physically within the borders of EU countries.
Isn’t Protonmail based in Russia? Good luck getting them to comply.
> And what can a normal person do

Prevent this law from passing. Call your MEP.

> Through a second piece of legislation to be proposed soon, the EU Commission intends to oblige all providers of chat, messaging and e-mail services to deploy this mass surveillance technology.

So they're going to require Signal to break their E2E encryption if the app is to remain legal and readily available? Wow.

Regardless of what intentions the EU bureaucrats have, there's no way these requirements won't be abused. Imagine what insights could be gained from applying a little ML to the real-time chat of an entire continent. Who would you trust to have access to data like that?

> Securely encrypted communication is at risk. Up to now, encrypted messages cannot be searched by the algorithms. To change that back doors would need to be built in to messaging software. As soon as that happens, this security loophole can be exploited by anyone with the technical means needed, for example by foreign intelligence services and criminals. Private communications, business secrets and sensitive government information would be exposed. Secure encryption is needed to protect minorities, LGBTQI people, democratic activists, journalists, etc.

So if I understand correctly, this will be the end of E2E encryption? That would probably be the stupidest decision of the century. Governments are always lagging behind in terms of 'cyber' security, so my guess is that it will only be a matter of time before we can expect data leaks from widely used private chat services.

No. It will mean that criminals can protect their communications better than law-abiding citizens.
That's the weakest of arguments. I don't trust that governments _can_ protect my data better than us nerds.

If there is a backdoor, it will only be a matter of time before the criminals get access to it. It would be the holy grail of data. If I were a foreign regime with bad intentions, I would put a lot of resources into getting access to those chats.

You could probably ruin anybody's life with access to their personal chats by extorting them, etc. It's going to create a whole new criminal sector. People sifting through other people's personal lives.

I'm not implying that these people may have committed an offence, there are many things I don't want anyone else to see other than the person I'm sending the message to. The "law-abiding citizen" / "Only criminals have something to hide" argument is complete bullshit.

With access to personal chats you can ruin careers, families, relationships, etc, etc. And what can happen, will -most likely- happen. E2EE prevents that.

Edit: Sorry, I misread the parent comment!

You misread the parent comment. It didn't say the government could protect data well.
I'm not sure you understand the argument you're replying to. The grandparent is saying "if you ban E2EE only criminals will have E2EE"

It's a variation on "if you ban guns only criminals will have them."

I think it's a funny argument to make after months of stories about how criminals have extra wide backdoors in their crypto. I guess nobody here saw them?
> It's a variation on "if you ban guns only criminals will have them."

Most countries have banned guns and there are way less problems with guns than those countries that haven't banned guns.

Is this an argument for or against the EU proposal?

This is utterly wrong in more than one way:

First, "most countries have banned guns":

Here, from worldpopulationreview.com is a list of countries that has kind of banned guns (at least made them hard to get):

"""

Today, we’ll focus on the nations around the world where restrictive policies are in place that make it illegal or extremely difficult for ordinary citizens to own a gun. Those nations are:

  China - Restricted
  Eritrea – Banned
  India – Restricted
  Indonesia – Restricted
  Iran – Restricted
  Japan – Restricted
  Lebanon – Restricted
  Malaysia – Restricted
  North Korea – Banned
  Singapore – Restricted
  Taiwan – Restricted
  Venezuela – Restricted
  Vietnam – Restricted
"""

...and yes by the way, while some of these are OK like Japan and Taiwan you are in some interesting company if your country joins that list.

Secondly: "there are way less problems with guns than those countries that haven't banned guns."

I give you Norway, Switzerland and Austria as a start. Probably Finland and a number of others as well:

All these have and have had loads of actual assault rifles (G3-s, HK416 etc, not semiautomatic AR-15s) complete with non trivial amounts of ammo around in private homes.

Yet I'd rather live in any of those instead of any of the ones on the list above.

So clearly something else is at play.

OK, well, I have lived in the UK, Isle of Man, Australia and Germany, all of which restrict private ownership of guns, and don't appear on that list. So I suspect that list is wrong. Can you post the actual link to the source you're quoting?
Germany has widespread gun ownership (estimate of 20 guns per 100 people). They are regulated but certainly not banned. In the UK, guns are pretty rare (about 5 guns per 100 people). The poster was talking about these low gun ownership rate countries, and was not trying to make a comprehensive list.

But it is true that the low gun ownership rate nations (<5 guns per 100) (ignoring ones in desperate povery where people can't afford guns) tend to, on balance, be much more authoritarian than the high gun ownership rate nations (>20 guns per 100 people). See the wikipedia article here:

https://en.wikipedia.org/wiki/Estimated_number_of_civilian_g...

So you went from:

> Most countries have banned guns and there are way less problems with guns than those countries that haven't banned guns.

to:

> OK, well, I have lived in the UK, Isle of Man, Australia and Germany, all of which restrict private ownership of guns, and don't appear on that list.

and you ask me for sources.

And sure, here it is: https://worldpopulationreview.com/country-rankings/countries...

it was literally just the first site that popped up when I looked for

  countries were guns are banned 
or something to that effect on duckduckgo.com

Now, can you provide some kind of source at all for your claims except that you lived in four of them?

BTW: I thought I'd seen your name before. You are also the one who claimed the other day that:

> Female programmers have had to fight against a constant discouragement from pretty much everyone in their lives, while male programmers have had nothing but encouragement.

Based on that and this one it seems fair to say that you have a tendency to make up facts as you need them.

Please stop doing that. It might be a nice party trick when one is young but it soon get really annoying for anyone who argues in good faith.

He's right on both accounts though.
Did we read the same text?

I for one as a very male programmer can at least say that the idea that

> while male programmers have had nothing but encouragement.

is patently false.

Can you give an example of a man who was discouraged from learning to code and joining the IT industry? I have yet to find an example of this.
Me - my mom was the kind of semi-christian person who considered Computers some sort of evil. I had to do everything against her will and partially in secrecy, and in the end she only accepted it because i ended up bringing money home.

Your "women are weak and need help" attitude sucks.

Thanks for the example. The first I've ever met. It's an interesting situation, and I sympathise with your struggle going through that. However it doesn't really affect the subject because you weren't being discouraged because of your gender, which is the thing I was talking about. Many women go through what you went through, but because "coding isn't for women" rather than "computers are evil".

> Your "women are weak and need help" attitude sucks.

Well, the women I helped didn't think my attitude sucks. I even got an honourable mention on a TedX talk on the subject [0] (by a woman). So I think I'll continue listening to them and not you. Maybe you should re-examine your attitudes on the subject?

[0] https://www.youtube.com/watch?v=R6UODmQXzIs

> The first I've ever met

Welcome to the working class! Where things are routinely shit, if "external discouragement" stops you from things, you will never get far in life.

It not about sex or gender, its resilience what matters. And resilience is what people from privileged backgrounds rarely have, because they had it good enough to never have to learn it.

Next time i see a damsel in distress i'll come back to you. Yes, im just making fun of you.

Resilience is the answer, for sure. But it'd be nice if we could have a society where it wasn't required so much by so many.

Good luck with your ongoing struggle.

I am arguing in good faith, based on facts that I know:

I ran a one-day workshop to teach women to code (now https://shecodes.com.au/) based on discussions with female coders about their experiences getting into the industry. These workshops are always oversubscribed, and always there are women there saying "if only I'd received this kind of encouragement when I was younger".

I've seen multiple female colleagues harassed by male management until they leave the industry. Again and again, I've heard female colleagues talk about the discouragement and difficulties they've experienced in the IT industry. I've never heard a male colleague express this. From everyone I've talked to it seems to be a universal experience from men that they have been encouraged to learn to code and join the industry.

These are facts. They may be anecdotal, but that doesn't stop them from being facts. I am not making them up.

The US has a problem with gun violence. This is a fact [0]. I think it stems from the high rate of gun ownership in the US. That is an opinion, though it is supported by correlation [1]. I think it's fairly clear that I'm expressing an opinion in my original comment, but I'll take your comment as a caution that I need to be more clear whether I'm expressing an opinion or a fact.

[0] https://worldpopulationreview.com/country-rankings/gun-death... [1] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3828709/

Slightly off-topic and two days late to the conversation but: every single country in the world(1) restricts private ownership of guns, it's not a useful metric when talking about gun ownership.

In England and Wales guns are heavily restricted but aren't outright banned or extremely difficult to obtain. Effectively every adult that isn't disqualified from owning a gun (medical reasons, >3 years in prison, etc) should be able to obtain a smoothbore shotgun licence provided the security/storage requirements can be met, this may be very difficult for younger people living in shared accommodation or in very developed city centres but still. Once a shotgun licence is obtained you can effectively own as many shotguns as you can securely store.

The firearms licence in comparison is much harder to obtain, you need to demonstrate a legitimate reason to own each specific firearm (i.e., land you have permission to hunt on, sports shooting at a club), the local police issuing the licence have a lot more say on whether they issue licences or allow amendments to the licences (i.e., owning more firearms), etc, but it's in principle not much different to a shotgun licence and if you already hold a shotgun licence you very likely can obtain a firearms licence for a very limited number of firearms. In American terminology a shotgun licence is shall-issue where a firearms licence (and amendments) are may-issue.

When it comes to stats on whether a licence is granted(2), in 2019 98% of shotgun licences that were applied for were issued and 97% of firearms licences that were applied for were issued.

This is a very different story to guns being outright banned or extremely difficult to obtain, gun ownership in the UK is low partially because of these restrictions but also because there's no gun culture to speak of. In comparison to countries like Iran, China, Japan, much of Asia and Africa, etc, we're extremely liberal with gun ownership, private gun ownership in Japan is almost unheard of and it's effectively prohibited for the general population for example.

These things have to be taken into account when talking about whether a country restricts/bans guns, because otherwise there's only a handful of countries that have no restrictions on guns. Gun ownership may not be trivial in the countries you've lived in but it's at least legal for the general population.

(1) We can get into the semantics of how restricted guns are in the USA and how this changes between cities/counties/states but as private sale/transfer of guns are effectively unrestricted and the right to gun ownership is constitutionally protected we can say that the USA (and Yemen, arguably South Sudan and Greenland as well) may as well not restrict private gun ownership

(2) https://assets.publishing.service.gov.uk/government/uploads/...

Of the various objections, many of which I agree with, this one is nonsense. If a communications can not be scanned because of E2E encryption, and if E2E encryption is banned, that's evidence of a crime all on it's own. That would have to be a pretty dumb criminal.
Just because you are using E2E you don't have to make it blatantly obvious.

Backdoored E2E (with an added government decryption key) will look just like proper E2E until you attempt to decrypt it.

You can also put your secure E2E communications inside backdoored E2E communications. The possibilities are endless.

Right, until you analyze it, it won't look encrypted. But pretending or wrapping it in backdoored E2E doesn't change that. If I labeled it "plain text" it also wouldn't look encrypted until the results are analyzed. If the authorities want to read it (either as an individual message or scanning all messages) either they can or you're a criminal. The only difference your "hiding" has is how many CPU cycles it takes them to check.
It's not black and white. I'm sure you've heard about steganography.
> So if I understand correctly, this will be the end of E2E encryption?

No, that is not what the law is about. Nobody in the EU is about to prohibit encryption, in fact some projects rely on it (https://en.wikipedia.org/wiki/EIDAS).

The law lifts the prohibition to service providers to indiscriminately scan messages for the specific purpose of scanning for dangerous content. The idea that service providers will not be able to provide E2E encryption is speculative, some people just assume it will follow.

In any case relying on proprietary software for secure communication is not a good idea anyway, and you can still do E2E encryption yourself with open source software, nobody is going to come for you if you do.

I don't support this law by the way, I think that privacy regulation is a good thing, and it is not a good reason to weaken it.

(17b) End-to-end encryption is an important tool to guarantee secure and confidential communications of users, including those of children. Any weakening of encryption could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or weakening end-to-end encryption.

https://www.patrick-breyer.de/wp-content/uploads/2021/05/202...

another great thing the EU is doing for us... wonderful! The bureacracy appartus works perfectly well, far away from any accountability. Its the perfect system actually. Let everyone fight their local nationwide politics and in the meanwhile implement those life changing things from an appartus far away.
Dumb legislature is not unique to the EU, blaming them specifically is misguided.

Please use arguments that arent fundamentally based on biases. There is definitely value in a European government, even if the way it's currently setup is very questionable, as the citizens have no realistic way to influence decisions on that level.

The EU is special when it comes to high-tech though. Just try to browse the web normally from inside any EU country to see how much they managed to f-up the Internet.
I browse the web all day, every day from within the EU and I don't know what you are talking about.
Never noticed that huge cookie popup smack in the middle of every single damn new website you visit huh?! Lucky you...
Yea, I see those but only the first time I visit a website. Lucky you... thinking that a notice that a web page is storing data on your computer is fuckig up the internet.
Oh no, the fist and most important thing I need to know when I visit a website is not whatever reason I came there for, but if that website is saving some goddamn bits of data on my machine. It’s really my first priority! Nothing else matters until I answer the existential question if I consent or not. Nothing!
Oh no, a notice on web pages is fucking up the internet.... just listen to yourself. It is pathetic.
Well excuse me for having a preference on how to spend my time and what I want to do on the Internet. Did not realize how pathetic this pretension of mine was to the eyes of the wise bureaucrats in Brussels. I am so lucky they knew better and decided for me how to best start my online experience.

Please accept my humble apologies. I am not worthy of your sublime attention. I am so lucky you exist and are leading me to new heights of progress and civilization. Thank you, sir.

That's the thing with cookie banners, they're not necessary if you only use them for site specific reasons.

They only become necessary if you're using something like Google analytics, which documents every action taken.

The fact that almost all pages have to show them is another sad example how broken our current internet culture is.

Btw, you can actually delete most banners with the ublock origin annoyances filters, that makes me forget that they exist sometimes

Perhaps you could give some examples.
> as the citizens have no realistic way to influence decisions on that level.

They could stop voting for parties/MEPs that have mass surveillance and weakening of civil rights as part of their election programs and core identities. Alas a majority of European citizens doesn't seem to care.

my friend. i haven't said the EU needs to go. I just stated that the whole setup is terribly wrong.

anyway. it needs to go. and then its need to be re-implemented differenlty. no idea how. but not in this way.

It’s far too easy to regard the EU as some distant entity that doles out laws. Who is in the EU? People. People from where? The countries within the EU. Often the diplomats were politicians in their own country before going to the European Parliament.

So who should you be angry at? Some make believe distant evil council, or your local parties? They are the ones sending over the people who vote on these things, you can complain locally about the policies “far away”.

So I am not saying laws like these aren’t wrong, they are and it is very frustrating that wrong decisions like these might influence stuff happening in my own country, but let’s not pretend that the EU is run by aliens from some sort of Death Star. Pretending like that is the case is what makes accountability seem impossible.

of course its not run by aliens from some sort of death star. stop being ridiculous. i never even implied that.

but the whole circus in Brussel is a huge black box bureacracy run by politicians that no one really knows. the politicans that are sent there by local parties are usually not very well known by the local populace, and even if, their doings are not really of influence on how poeple view their local parties. heck I bet 95% of voters cannot even name 5 eu politicians in the parlament and to which local party they belong to.

and thats the power. the citizens are busy with national politics and in the meanwhile the death star aliens can do whatever they want.

and yes. its not an unsolvable problem. people could educate themselves. all the info is there. but its a very laborous job. so maybe the media is just doing it wrong?

> and yes. its not an unsolvable problem. people could educate themselves. all the info is there. but its a very laborous job. so maybe the media is just doing it wrong?

EU Parliament is by-in-large more transparent and direct than the UK one (not sure where you're from, but I'm from the UK so that's the lens I have).

But you're absolutely right, for some reason the EU "feels" quite closed off, and it's almost entirely the medias fault. Media is driven on eyes, and the further away a thing is the more difficult it is to have eyes on it.

It takes huge issues to get international attention, natural disasters that kill hundreds in another EU country are barely mentioned on british media.

It's also very boring, so it's not surprising.

But, it's actually very easy to read the EU parliamentary, commission documents, and the documentation on how all the processes work is quite clear (even if it's a bit alien on first look because you're taught your own system and have to "unlearn" that a bit first).

I'd give it a go, it's not as intimidating as it first appears. But I fully agree that the media should do this, it's literally their job.

(comment deleted)
Speaking from a UK perspective: we ke{ep,pt} sending eurosceptics to the EU because "they'll hold them to account!", and populism is surprisingly effective.

The truth is usually that eurosceptics have no desire to see the EU work and they will support legislature that makes the EU look untenable, stupid and bureaucratic.

I suspect this is true for other countries.

Yeah, makes sense. But the likes of SPD are too happy to vote together with CDU on any stupid proposal
When did UK eurosceptics vote for legislature like that?
Well, Farage himself has the second to lowest voting record , only beaten by Brian Crowley of Ireland who has never at all voted.

I’m going to just grab a couple from my phone but I’m sure it would be easy to dig into many others, it’s not a hidden thing really but most people don’t even check who their MEPs are let alone hold them to account on voting records:

Tim Aker, voted against subsidising farmers from volatility (a key impact for UKIP voter base and a campaign promise of UKIP: protecting British farmers) and voted for renegotiating to give Greece more capital: https://yourvotematters.eu/en/profile/ec/tim-aker

and Stuart Agnew, a prominent UKIP MEP has intentionally slowed things down with farcical no confidence resolutions https://www.europarl.europa.eu/meps/en/96897/JOHN+STUART_AGN...

The EU commission is voted in by the EU governments. The EU council is made by the EU governments. EU citizens elect MEPs.

There is no accountability because no one holds them to account and people repeat what you just wrote like gospel, including people writing for newspapers - and that has to stop.

You can pressure the EU as much as you can pressure your national government, all you need to do is put the pressure on your national government. Add your MEP on top, but the national governments are enough if you don't want to go the extra step.

i know how the EU works. on paper its nice. but in reality, 99% of people can't even name 5 EU politicians or more than 2 EU parties (if they even can name 1) or even which national party is part of which EU party. the whole thing is a huge black box IN PRACTICE and thats why it is so powerful and uncontrolled.
And why is that? That is because national media cover only national politics in 99% of cases. The EU is only mentioned when the national politicians blame the EU for some of their own failings.
What the fuck is wrong with governments?
Things like these tends to be backed by pressure from the US. It would surprise me if it wasn't the case here.
If you really want to converse with governments then it helps to steelman their position before arguing it. Bear in mind I am against weakening cryptography when reading this:

I am a government. 20% of my population are tech savvy, a different very minorly overlapping 20% are criminals. Given the law of distributions this is probably pretty close to true.

Now, those 20% of criminals are very varied in their delights, violent, sexual or theft. Serious crime such as pedophilia or terrorism is very low probability overall.

However, as a government, I can't be seen to be weak on those extreme positions because they are highly visible; the 80% population simply will not allow me to argue in good faith for protections which _might_ help such extreme criminals operate easier.

The technical feasibility of good opsec for criminals is usually very low, and the FBI has a decent track record of targeted surveillance.

But I, the politician, cannot communicate effectively with 80% of people, when the populist says that I am weak on terrorists and pedophiles. I only weaken my own position and allow the populist access to power, because 80% > 20%.

--

The biggest benefit and the biggest problem with democracy is that everyone has a voice, even the uninformed.

If you listen to all politicans by numbers there will be liars and opportunists among them; then you're not uninformed, you're misinformed, and that's arguably worse.

What you've described often goes hand-in-hand with a two-party system. That way everyone finds themselves voting for what they believe to be the lesser of two evils.

Alternative voting systems (e.g. ranked choice systems) aren't some sort of political panacea, but they could help a lot with this issue. A populist thrives in an environment that does not support nuance. It would be harder for them to be successful if they were running against, say, 6 viable opponents rather than 1.

I hope we can address some of these major problems with democracy, because the alternatives generally aren't great.

The original post is about the EU.
Indeed, bad voting systems are not an issue regarding the EU because the EU is not democratic in the first place.
> the EU is not democratic in the first place

EU Election system is _literally_ one of the fairest systems in existence[0] ensuring that every party get some measure of proportional representation. Compared to English First Past the Post (minority rule, and 2 party systems) or Scotlands Single-transferrable vote (which is still winner take all); but D'Hondts method means that people can be safe in the knowledge they'll be represented and it's proportional to the input.

It's not "perfect" but it's _literally_ the best humans have come up with.

[0]: https://en.wikipedia.org/wiki/D%27Hondt_method

[0.1]: https://www.youtube.com/watch?v=yhO6jfHPFQU

CGP Grey did some videos on these:

FPTP (England): https://www.youtube.com/watch?v=s7tWHJfhiyo&list=PLNCHVwtpeB...

STV (Scotland): https://www.youtube.com/watch?v=l8XOZJkozfI&list=PLNCHVwtpeB...

D'Hondt-esque (EU): https://www.youtube.com/watch?v=QT0I-sdoSXU&list=PLNCHVwtpeB...

1. The voting system isn’t really important, if the voters themselves are restricted to a chosen few who are themselves elected using inferior methods.

2. Range voting is the best humans have come up with.

>It's not "perfect" but it's _literally_ the best humans have come up with.

Picking nits, but isn't Sainte-Laguë better?

Anyway, I think GP was arguing that no matter how fair your voting method, it's of limited use if important concentrations of power are not covered by it.

I would agree with you, but Australia [0] is an authoritarian, privacy hellhole compared to the EU.

[0] Mandatory voting, ranked choice, etc - Australia's voting system is as close to ideal as you can get

How is it populist if, per the article, 72% of the population oppose the measure?
They are run by humans who are seeking power over other humans. Easy.
The general public have shown time and again that they don't really care about privacy. And the movies have convinced them that the government can monitor anything at any time already (but only use it for catching crooks), so what's to lose?

The minority of the population who are tech-savvy enough to know this is going to be a complete disaster are unimportant in politician's eyes - no-one listens to us nerds in the corner doing nerd stuff.

By definition, a government has a monopoly on the legitimate use of violence within its jurisdiction. And, as any other monopolist, they'll do whatever it takes to maintain that position.
In practice this will only affect services provided by large entities like Facebook. If you encrypt your email on your own device there is no way they can make entities like GnuPG add in some sort of mandatory pre-screening system.

This question comes down to who or what controls the software on your device. The very existence of the proposal implies that the user of the device does not have this control. That is the real fight here.

i fear a little that it might mean doing this is just not legal no matter if its still possible to do yourself.
> In practice this will only affect services provided by large entities like Facebook

Which covers a huge percentage of the private communications on the planet. That should not be overlooked.

It takes at least 2 people to communicate. What are you going to do, when you have to communicate with a non-technical user who has a gmail address?

This may not work for everyone. If I must email documents that I do not wish Google to see, I call the person and say "The password to that 7-zip file is fartbubble, all one word, lower-case." I can put a text file in the .7z file that has additional context that would have been in the email body.
Encrypt an email with what key? It takes two to communicate.
Here's the the original text https://www.patrick-breyer.de/wp-content/uploads/2021/05/202...

Might I suggest that people check that before jumping to conclusions. My reading is that the main issue is putting limits on the companies that were already doing this (as mentioned, Google, fb, etc) and that's already privacy violating.

Protecting privacy and encryption is important, but I really think the Pirates cry wolf more often than not. I might be wrong, of course.

> In the case of technology used for identifying solicitation, such concrete elements of suspicion should be based on objectively identified risk factors such as age difference and the likely involvement of a child in the scanned communication.

> (17b) End-to-end encryption is an important tool to guarantee secure and confidential communications of users, including those of children. Any weakening of encryption could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or weakening end-to-end encryption.

The EU always says this. Then they point at that one sentence and say: "See, we're protecting end-to-end encryption!"

If the EU were an oil company they'd write: "Our oil is not allowed to be used in activities that are harmful to the climate." Then they'd go on to sell oil as usual while constantly claiming to protect the environment.

https://oeil.secure.europarl.europa.eu/oeil/popups/ficheproc...

> Use of technologies by number-independent interpersonal communications service providers for the processing of personal and other data for the purpose of combatting [SIC] child sexual abuse online (temporary derogation from certain provisions of Directive 2002/58/EC)

Who believes the sincerity behind this? Children's rights? Child protection? Do they not see the violation of rights and the potential abuse this law would effectuate, or is it just intentionally designed for it?

I cannot believe anyone would be so brazen to give up a core right that is already established as part of 2002/58/EC, aka "ePrivacy directive", https://ec.europa.eu/digital-single-market/en/news/eprivacy-.... So, let's look into the proposal more closely, which is available in the top URL.

> CONTENT: the proposal aims to introduce a temporary and strictly limited derogation from the applicability of certain obligations of the ePrivacy Directive to enable providers of number-independent interpersonal communications services to continue using specific technologies and continue their current activities to the extent necessary to detect and report child sexual abuse online and remove child sexual abuse material on their services from December 2020, pending the adoption of the announced long-term legislation.

In case you are wondering, "number-independent interpersonal communications services", apparently covers communication technology and services that not explicitly rely on public identifiable numbers. So, any communication service that you can have separate from a personally identified user.

> As a reminder, the proposal aims to introduce limited and temporary changes to the rules governing the privacy of electronic communications so that over the top (OTT) communication interpersonal services, such as web messaging, voice over Internet Protocol (VoIP), chat and web-based email services, can continue to detect, report and remove child sexual abuse online on a voluntary basis.

The language here comes across as particularly dishonest. You cannot introduce "limited" ability to circumvent privacy. In order to monitor something, services will need to be able to monitor everything.

It goes on to mention safeguards:

> - a mandatory prior data protection impact assessment pursuant and a mandatory consultation procedure, prior to the use of the technology;

> - human overview and intervention is ensured for any processing of personal data, and no positive result is sent to law enforcement authorities or organisations acting in the public interest without prior human review

> - appropriate procedures and redress mechanisms are in place

> - no interference with any communication protected by professional secrecy

> - effective remedies provided by the Member States at national level.

> When no online child sexual abuse has been detected, all data should be deleted immediately, according to Members. Only in confirmed cases can the strictly relevant data be stored for use by law enforcement for a maximum of three months

---

It honestly strikes me as one of the worst proposals I've seen in a long time. I cannot imagine that child porn is regularly transmitted through chatting services on a p2p basis. Especially not to the extent that it vindicates an end of E2E encryption. Giving up such a core component of ePrivacy, you would think that a report that documents what the problem currently is, would be in order.

The document attached to this proposal, and the article on HN documents the issues quite well.

Why is it always the EU that comes up with these moronic laws and regulations?
Three reasons:

1) They don't get tech. They are luddites. IT came from the US and they regard it suspiciously because it causes disruption, while EU is all about preserving the status quo and old money. Europe does not appreciate new money, self-made businessmen and entrepreneurship.

2) The two-level government. It should work in theory (after all, EU representatives are directly elected) but in practice it just removes any responsibility from those bureaucrats.

3) West European countries are oriented to the past. They can't innovate and evolve. Their rules and regulations are simply meant to preserve that past and stave off the future bringing all these damn changes.

In the end, it's about control. EU is obsessed about controlling its people and is horrified by those it can't control. Because they bring change, something unacceptable to the good old boys of Europe...

That seems a bit too simplistic and extreme.

More likely, it's because the EU feels too removed from the people. There are plenty of reasons for that, and we're stuck in the pessimum place where democratic reform of the EU which would help bring it more in line with what people want is prevented because too many people don't like the EU.

This is basically what happened with the Treaty of Maastricht, and three decades later the situation has if anything gotten worse.

As opposed to the US, which just goes ahead and lets the NSA siphon all traffic?
They want to lift some restrictions, not add them. Pretty sure indiscriminate e-mail/chat scanning is already legal in the U.S.
While I'm opposed to this legislation, how is it "always the EU" exactly? As opposed to what, the US or the rest of the world always getting it right or not passing moronic laws and regulations?

Have the US already forgotten who's at the helm of the FCC for example?

I also suspect there's a lot of hate for GDPR, even though it was a mostly good thing. It's just extremely poorly implemented by websites, and sure there are loopholes that should be plugged (the """legitimate interest"""), but it was a good first step which I'd like to see be developed further and enforced more systematically.

As opposed to the national EU governments themselves. Why does this idiocy always have to come up at the EU level? The general monitoring that the EU implemented more than a decade ago was also an EU level initiative.
Last chance to protest

Perhaps I have a lot of stubborn blood in me, but I never see a date or a law as a last chance. Protesting can also take the form of people adding witty footers to their emails such as old propaganda slogans from WWII, periodic messages to chat or chat server status, links to simple how-to's for E2EE that maybe your non technical friends can follow. Put your E2EE solutions to the test. Have your child and a grand-parent follow the instructions. If a provider rejects your encrypted messages, switch providers. Money talks. This is just my opinion based on my limited anecdotal life experiences.

Last chance to protest against the passing of that law. Repealing laws is harder than stopping them from becoming passed.
You're right. I know what they meant, I just refuse to accept or acknowledge a bad law. In my view, protesting also means going against something even if it means stepping outside the boundary of the law. Taking one for the team so to speak.
"Principiis obsta" [Ovid]. -> To Nip things in the bud. Hard to change afterwards...
It's hard to organize protests for free speech. If you ask people if people should be free to express their opinions, most people would agree. But then, if you ask people if it should be possible to block content doubting the scale of pandemic or efficiency of the vaccines, most people would also agree.
This article is about private communication, however. And that one does not necessarily contradict current pandemic measures.

Most of the harm of content with anti-vaccination stuff or whatever comes when it becomes publicly available. We could still have private communications but block (or annotate with "see COVID Center with actual science") those conspiracy videos when they get posted on public feeds, such as youtube, instagram or whatever. Until the pandemic subsides, that is.

Just another proof that the EU has run its course. It was good while it lasted, but they can't stop themselves from getting bigger and bigger and overreaching.
What this proposal does is to create an exemption from EU privacy regulation for the purpose of allowing mostly U.S based service providers to continue doing what they're already doing on a global basis.

I'm sure you can find examples of EU overreach and a desire to get bigger, but this isn't that.

If this is a topic you (reader) care deeply about, I have been building an open source project to avoid having a centralized authority on messaging while also keeping out the endless spam you'd get on an unmoderated system:

https://www.stampchat.io/whitepaper.pdf

The article claims:

> your private communications can be searched by error-prone artificial intelligence technologies. Although these algorithms are meant to search for potential child pornography and grooming, up to 86% of the correspondence reported to the police is not criminally relevant and users are falsely being reported – including many minors.

> This takes place in a fully automated process and using error-prone “artificial intelligence”. If an algorithm considers a message suspicious, its content and meta-data are disclosed automatically and without human verification to a private US-based organization and from there to national police authorities worldwide.

The proposed legislation contains:

> (ac) the provider of the number-independent interpersonal communications services ensures human oversight of, and, where necessary, intervention in the processing of personal data using technologies falling under this Regulation, and ensures that no report of material not previously identified as child sexual abuse or of solicitation is sent to law enforcement authorities or organisations acting in the public interest against child sexual abuse without prior human confirmation

> (b) the technology used is in itself sufficiently reliable in that it limits to the maximum extent possible the rate of errors regarding the detection of content representing child sexual abuse, and where such occasional errors occur, their consequences are rectified without delay;

My conclusion as a layman: This is problematic, but if you wanted to write "good" anti-child-pornography legislation, this might be close to it?

Someone was telling me the other day that censoring communication in Germany is just fine.

Hopefully he's right.