35 comments

[ 2.5 ms ] story [ 85.2 ms ] thread
Finally sth to monitor our politicians and every director/leads at state agencies or state owned companies. I always wanted to have that for my emoloyees that I pay +50% of my sallary to.
This is better understood for Americans in terms like "Grouping of State governors submits plan".

The European Commission doesn't pass laws. It represents the heads of state of the EU nations, and it can propose legislation, but not pass it.

Only the Parliament can pass legislation, and the parliament is made up of (720, as of this year) MEPs from various national parties in EU states representing somewhat-large constituencies in their home states, in weird and wobbly international groupings. So it's a much tougher sell.

ETA: Governors isn't an ideal comparison -- commissioners are appointed representatives of the heads of state/heads of government, a bit like ambassadors, and they are supposed to think collectively like ministers of a European government. But it's sort of closer to the idea.

Essentially in my analogy, it's a bit like if all the state governments gathered some delegates who asked the Senate or House to write legislation, and provided them with an outline.

But my point is, the Commission planning something doesn't at all mean it's going to happen.

Right -- states are very often ahead of the EU on all sorts of legislation, though.

It was always amusing to see Brits complain that the EU imposed GDPR on us, when it was pretty much our own existing legislation (the Data Protection Act of 1998) that gave the GDPR most of the structure it has.

Governors in the US aren't formally the main source of federal legislative proposals, nor do they represent their states at the federal level in any formal way. They can propose legislation in the same sense that any citizen can, but a petition signed by all 50 of them would have zero legal force in terms of requiring Congress to take anything up.

The Commission is a lot more integrated into the process.

Governors of US states are also directly elected, and have to be careful about annoying the voters too much... and it would be noticed if each of them individually signed onto something like you suggest. It'd be even more noticed if they did it over and over every year. Commissioners are at one or two levels of appointed remove, and are also somewhat sheltered by the Commision as a collective. They can more easily get away with repeatedly raising unpopular proposals until they manage to wear everybody down and move the Overton window.

> but a petition signed by all 50 of them would have zero legal force in terms of requiring Congress to take anything up.

Well it's not an exact analogy as I say; I edited a bit for clarity earlier too.

But as it goes, I'm not sure the Commission can compel the Parliament to take up legislation anyway. The fact that they usually get their way is more due to realpolitik; I'm pretty sure a formalised gathering of delegates of US states would ultimately be able to wear down enough senators and representatives to get legislation drafted.

The EU system is a bit more realpolitik than the US system, at this point; the USA has abandoned realpolitik except for the times when the House majority wants to undermine their own speaker.

The EU Parliament also can’t propose legislation, only the EU Commission can. This reduces the elected MEP’s role to basically gatekeeping, allowing or denying legislative proposals formulated by th Commission, who have shown themselves to be utterly relentless in their pursuit of this particular issue. That dramatically changes the balance of power when you compare it with the US Congress.

You have to imagine the Commission uses this power to set the legislative priorities (and hence the re-election chances for MEPs). Imagine if the only way to pass some legislation of vital importance to you constituents was to bargain with the Commission so they would propose it? Presumably they’d get a lot of their legislative priorities passed even if no voter really wanted them.

> this reduces the elected MEP’s role to basically gatekeeping, allowing or denying legislative proposals formulated by th Commission,

MEPs are pretty much just like MPs in the British parliament. They are not just rubber-stamp voters of policies from the Commission.

They can propose amendments.

(Misrepresentation of this fact is a lot of why Brexit happened, if you ask me.)

The challenge is that the EU Council (essentially usually acting as an intermediate drafting body between the Commission and the Parliament, I think?) has to agree those changes too. AFAIK just as the Parliament has to agree amendments made by the Council.

If they don't agree, the law doesn't go forward, as far as I understand it.

ETA: this is pretty useful:

https://www.europarl.europa.eu/infographic/legislative-proce...

I'm not sure it captures the path much legislation seems to me to take in practice (where a lot of the drafting energy is actually spent in the Council), but you can see parallels to the UK and US processes throughout it.

> MEPs are pretty much just like MPs in the British parliament. They are not just rubber-stamp voters of policies from the Commission.

Having moved from the US to a Westminster country, I have to say that even British MPs can look an awful lot like rubber-stamp voters. The system is set up to punish them severely if they dare to seriously endanger anything the cabinet wants. And MEPs are even weaker.

It matters if (what amounts to) the executive can continuously badger and harry the Parliament to get what it wants, whether all at once or bit by bit... while there's no mechanism at all for the Parliament to spontaneously move the ratchet the other way.

> Having moved from the US to a Westminster country, I have to say that even British MPs can look an awful lot like rubber-stamp voters. The system is set up to punish them severely if they dare to seriously endanger anything the cabinet wants.

Not really. Parliament inflicts major defeats and signficant amendments quite a lot, several times a decade. Which is a lot.

And you have to understand that there is implicit context here, which is that Parliament really doesn't like having the piss taken out of it, doesn't accept disrespect, and hasn't for several hundred years.

It does take a long view of the British parliament to understand how the longstanding collective spirit of parliament as an entity, a community, influences which legislation government even tries to put before it.

There are some notable exceptions (particularly in this parliament) but as a general rule, ministers don't have the whipping power they tend to think they have.

What you see is a series of acquiescences, but what government sees is a process/approach that rules out things they would want to do that they won't ever get through parliament. Select committees in particular are brutal.

We are heading towards a period of time where the government of the day is going to have a lot more power, and what you will see is paradoxical: longstanding members on the back benches of the government side will become even more vocal about the importance of respecting parliament.

It's amazing the way it happens, and it is often underwritten by a little bitterness about not getting a ministerial or PPS job that becomes a balancing force.

But the EU cares deeply about us though. It’s for our safety! /s

Thank EU!

No :' Please take back the popups about cookies, and these silly plastic caps.
I agree that what's going on in the EU council is a very big problem.

But what is that website about? They want my money? for what? It doesn't look like it's a legit NGO, let alone a European one.

> Reclaim The Net is supported by you, those who care about the future of the internet and are concerned about Big Tech, media, and governments controlling speech and eroding liberties.

> Become a contributing member to keep fighting for individual liberty online. Not only does your donation support our work around free speech, alternative tech, privacy, and individual liberty online, members also get…[list of perks]

You have to enter a made up email address to get to the "choose your membership" page

[1] https://reclaimthenet.org/support

The question when governments are enforcing backdoors is, how can they be sure hackers won't abuse these new backdoors too? This is going to do a lot more harm than good. It's reassuring to know that these are the sorts of people running our society.
We already know there is no way make a back door that only the "good guys" can access.

However I see that discussion as moot because governments past and present already abuse the information technology they have access to. Below is just a small snippet of the seemingly countless number of examples I could find in minute of searching:

USA:

N.J. cop used police databases to stalk ex-girlfriend, investigators say https://www.nj.com/monmouth/2023/01/nj-cop-used-police-datab...

Officer Fired for Allegedly Using Police Database to Stalk, Harass Women https://www.newsweek.com/officer-fired-allegedly-using-polic...

Australia:

Former policeman accused of using force database to stalk ex-wife and girlfriend https://www.theage.com.au/national/victoria/former-policeman...

Former federal police officer faces new charges over stalking of ex-girlfriend https://www.canberratimes.com.au/story/6138318/former-federa...

(Note the two above articles are not the same person)

UK:

Met police officer 'used CCTV cameras to stalk his ex-girlfriend after telling her to take up sex work to pay her bills' https://www.dailymail.co.uk/news/article-11868575/Met-police...

Creepy cop saw attractive woman on the road and 'looked up her license plate number so he could stalk her on Facebook' https://www.dailymail.co.uk/news/article-2178556/Officer-Jef...

To attempt another perspective on this...

These days we have organized crime, drug cartels, human trafficking, government corruption, terrorist activities but from that all the way to simple crime as three dudes sharing pictures of a girl they gangraped while she was unconscious.. All this, happening on encrypted platforms.

Mass surveillance is probably not the silver bullet to deal with it. And yes, most hardened criminals will certainly find a way around..

But, then what are effective measures, in terms of time and cost?

> Mass surveillance is probably not the silver bullet to deal with it. And yes, most hardened criminals will certainly find a way around..

So should the government be reading every piece of mail too? And record your private conversations? Why not put a microphone and camera in your home to ensure you are not gangraping anyone?

> But, then what are effective measures, in terms of time and cost?

Effective measures need not be time or cost efficient. Maintaining a free society is expensive.

> So should the government be reading every piece of mail too?

Essentially all governments have some mechanism to make it legal and possible for them to read any post in transit.

US postal inspectors need a warrant, which they can easily get. In the UK, once you post something in a post box, it becomes the temporary property of the crown (the state) until it is delivered, so they can read it when they want. They have to open it, of course, so you would know it happened.

The simple problem with encryption is that it replaces communications that are exposed to this authority with communications that can evade it.

Whether you are happy with it or not, it's absolutely true that inspecting post has thwarted serious crimes, so it's not surprising to see governments seeking to have the same powers. The fact that it's impossible to do safely doesn't necessarily make it an idiotic request. And the instantaneous nature of these communications means retention for some period of time is the only way inspection is even possible.

I am not sure we should blame governments for wanting to retain powers in a social contract we've been broadly happy for them to have for 150 years.

It's technologists' jobs to explain why easily-broken encryption is a bad idea.

In the UK that's really easy. You just say "imagine if the Prime Minister could read their own party's whatsapp group whenever they liked". And then they get it.

> I am not sure we should blame governments for wanting to retain powers in a social contract we've been broadly happy for them to have for 150 years.

The breadth and depth of surveillance that you can do on the average modern person with electronic monitoring is unprecedented in all human history. Reading somebody's letters does not begin to compare.

There is not an "established social contract". They got a massive spying windfall, beginning with wiretapping, and then exploding when practically everything anybody did was recorded in a machine somewhere. The changes in the last 20 or 30 years have been overwhelming.

There's no "150-year social contract" on their side, but there are several hundred thousand years of established balance of power on our side. The powers these people want to "retain" are things they didn't have for long enough that it could be intertwined with the biological evolution of the species.

> The simple problem with encryption is that it replaces communications that are exposed to this authority with communications that can evade it.

> I am not sure we should blame governments for wanting to retain powers in a social contract we've been broadly happy for them to have for 150 years.

Encryption is math. I can encrypt messages and send them by post, and law enforcement would be equally powerless to read them.

Ciphers are not a new invention. The social contract you are speaking of never existed.

> It's technologists' jobs to explain why easily-broken encryption is a bad idea.

No, it is on the people who want new powers to justify them.

Yes I don't need explaining that encryption is maths and letters can be encrypted. That is pretty obvious.

(Postal inspectors the world over would assume evidence of a crime.)

> No, it is on the people who want new powers to justify them.

The exact point I am getting at is that the governments who want these things are seeking to protect the power they have, not expand it.

Encrypted communications are eating away at the power to inspect communications they already have, that we have been happy to grant them (that is the social contract I am talking about; it has existed for as long as postal services have).

It's a very American thing to assume that government in general is always acting in bad faith, I guess.

I noticed another thing here that I think matters, especially because it's a common frame shift.

> Essentially all governments have some mechanism to make it legal and possible for them to read any post in transit.

You changed it from "every" to "any".

The EU proposal is much more similar to "every", in that it would end up recording so much information about all messages, in case that information happened to be needed later. And I'm pretty sure that information would, at least in some cases, include the content, or things that were more content-like than envelope-like.

It is true that the US, at least, has done mass "metadata collection" on the mail for a long time. They don't open or read it, but they do photograph every single piece of mail that goes through the system and keep the pictures. So they're in a position to do traffic analysis, and do it after the fact if they want to.

... but even that program has vastly increased in actual impact since it was instituted. Originally it was a lot of work to find out what had been sent to whom. You'd have had to manually trawl through a bunch of records that weren't all in one place, might not have been all that well indexed, and probably had fairly limited retention periods. That changed, step by step, but over a very short time in the grand scheme of things, so that now all you have to do is type in an address to see a picture of everything sent to or from it in a very long time.

I'm not sure that they could ever have created the program if anybody'd understood that they would eventually be able do that.

> US postal inspectors need a warrant, which they can easily get.

They can easily get a warrant for a specific person's mail if they have something that can at least pass for probable cause to think that that mail will contain evidence of a crime. They are at least theoretically supposed to do everything they can to identify the particular mail, and sometimes they're even actually forced to get pretty specific. And they have to get the warrant in advance. Once the mail has been delivered, there's no way to retroactively read it other than to go raid the target and try to find it.

That's quite different from proactively collecting a copy of the actual content of everything that gets sent through the mail, just in case you later find out you want to look. That applies even if the "looking" step does require a warrant. Some of the data retention stuff the EU keeps wanting to do is much more like that.

That's why the phrase "mass surveillance" keeps coming up in these things.

This also ties into a bunch of US domestic controversies about using "foreign surveillance" to get around the rules even as applied to domestic communications.

> You changed it from "every" to "any".

I changed nothing, sorry. It's just a British English colloquial word choice -- I don't think there's much semantic difference and I didn't intend it.

But you can read it as "any and all" if you like.

The point is that essentially all governments have granted themselves that power, one way or another. They have the right to access any postal communications in transit.

That "any" includes all of it. Even, I would hazard a guess, under a practical day to day USPTO given the rather broad readings of the Postal Clause in the past. There's no constitutional right to privacy, is there.

> The point is that essentially all governments have granted themselves that power, one way or another. They have the right to access any postal communications in transit.

Even if they claim that "right", they don't in fact read or copy everything, and doing so is radically different from selectively reading or copying certain things.

I also doubt that "essentially all" governments claim such a power at all.

I know that neither the US nor Canada does.

From either the US or Canada, the UK has always looked way, way too willing to give blanket authority to various government functionaries, at least on paper (and, I guess, trust in their restraint and adherence to tradition). Nowadays it's like you're turning into a total police state (and that adherence to tradition seems to have been badly eroded). Australia might go for it; they're pretty authoritarian there.

Most of the EU probably wouldn't allow it (and in fact the ECJ nixed an EU directive to do less on the Internet). I don't think anybody in northern Europe would go for it. France has floated some pretty spy-ey proposals, but I don't recall them suggesting copying everybody's mail, and would expect riots (maybe they'd do it, but they'd riot first). Maybe the EU as whole would allow it for mail after being softened up for a while with this electronic communication stuff, but not now.

I will admit that most of Asia and Africa seem like lost causes, with either weak protections or weak institutions. I wouldn't be surprised if many governments there would claim that power. I don't know about "essentially all". I don't know about South America; they seem pretty diverse.

> Even, I would hazard a guess, under a practical day to day USPTO given the rather broad readings of the Postal Clause in the past.

The US Patent and Trademark Office? I think you mean the US Postal Service. And you may be confusing the "Postal Clause" with the "Commerce Clause". At least I don't know of any particulary broad reading of the mandate to operate the mails. And "operate" is pretty different from "read".

Anyway, governmental entities in the US emphatically do not have and cannot claim any power to read mail en masse. Nor can it be granted to them by legislation.

"Amendment IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

That "reasonable" bit has consistently been interpreted to mean that if you have a reasonable expectation of privacy in the ordinary course of events, then that expectation can't be violated by the government without a particularized warrant. The interpretation of the Fourth Amendment expanded in the 20th century, and I don't really know the early history... but I don't think the federal government could have gotten away with reading the mail even in the 19th, and it probably would have literally destroyed the US if they'd tried in the 18th.

If it had always been the case that all, or a large fraction of, letters were read in transit, then they might have been able to get away with it, but it never was. Such a traditional expectation becomes a reasonable expectation, and therefore has legal force under US constitutional law. And amendments win over the main body of the Constitution (because they amend it).

There's tons of case law that would apply a particularized warrant requirement to mail. It's not even slightly ambiguous. Even the current SCOTUS wouldn't question it. I'd expect 9-0, but could be disappointed and see 7-2. It wouldn't even fly for email or other electronic messages.

If they w...

> But, then what are effective measures, in terms of time and cost?

The first question I would ask is rather: is what they propose effective? Probably not. Real criminals (those you mention) wont have any problem breaking the law a bit more than what they already do and use non-backdoored encryption.

Therefore, is such proposed mass surveillance and backdooring going to do anything against big crime? Probably not.

The link to the document because this post is a pretty undetailed blogspam: https://cdn.netzpolitik.org/wp-upload/2024/06/2024-05-22-Rec...

In general, most of the document is set as a "information collection" proposal from different "expert working groups" (expert names redacted). It's mostly proposing standardizing who collects data, what data is collected, jointly buying surveillance software/technology and in general harmonizing EU-state laws when it comes to that.

However, AGAIN there's the outright demand to collect and expose data:

22. Implementing lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security. To that end, experts recommend developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure.

also two new fun things:

33. Developing a mechanism to ensure that Member States can enforce sanctions against noncooperative Electronic Communications Services54, and that such measures act as a deterrent against those entities. Both administrative and criminal law measures should be available and should be applied depending on whether a provider is merely non-cooperative or is deliberately hosting activities of a criminal nature.

34. Harmonising at EU level criminal law measures to enforce cooperation, including imprisonment. The same should apply to non-cooperative hosting providers (in addition to Electronic Communications Services) to ensure that such companies, when hosting communication services of a criminal nature, adequately comply with the judicial orders they receive. [The coherence of this recommendation with the rules established by the Digital Services Act Regulation should be further assessed]

They seem to be seeking to make sure that every EU member state enshrines data collection in their law (even ones that are more privacy obeying) and punish companies which refuse to implement backdoors into communication systems.

Collect, expose, do it in a convenient format so law enforcement doesn't have to do any work, do 99 percent of the technical standards work to determine what that format is, make sure that it works for any every kind of system or service (including ones not yet invented)... and somehow magically put in all these back doors without reducing security.
(comment deleted)
We need community run resiliency more than ever. Support TOR!
Isn't the EU parliament completely against surveillance like this ? That's what happened to Chat Control right ?
It was, but this weekend it's election time which can change that.
That's why we MUST impose FLOSS by popular acclaim and came back to desktop computing and home servers. That's why modern connected cars are designed to be a national security threat as well as many other macro-bugs.