Context: Chat Control 2.0: EU governments set to approve the end of private messaging and secure encryption
“By making a minor concession EU governments hope to find a majority next week to approve the controversial ‘chat control’ bill. According to the proposed child sexual abuse regulation (CSAR), providers of messengers, e-mail and chat services would be forced to automatically search all private messages and photos for suspicious content and report it to the EU. To find a majority for this unprecedented mass surveillance, the EU Council Presidency proposed Tuesday that the scanners would initially search for previously classified CSAM only, and even less reliable technology to classify unknown imagery or conversations would be reserved to a later stage. The proposed „deal“ will be discussed by ambassadors tomorrow and could be adopted by ministers next week.”
Criminals aren’t going to be using services that comply anyways. They’ll have their own underground ones. This is just a violation of regular citizens rights.
1: “… and then we’ll be able to stop terrorist attacks. Simple”.
2: “ok but if you put a back door into encryption, won’t others be able to find it?"
1: "no we’ll be the only ones with the key. Great huh?“
2: “and you don’t think the key will be leaked or be hacked?”
1: “I said we’ll be the only ones with the key.”
2: “so what’s your plan to make sure the key stays secure”
1: “…”
2: “what’s your contingency plan if the key *is * hacked or leaked?”
1:“…”
1: "I SAID WE’LL BE THE ONLY ONES WITH THE KEY. "
2: “…”
1: “don’t you want to protect our children ??”
And even that’s only in the optimistic situation where you can always fully trust “1”, also in the future.
I never seen it summarized so fucking well. And meanwhile, it happens CONSTANTLY, but they pretend it’s impossible to happen and never has actually happened
This seems to be a general theme. Those arguing loudest for better privacy are really saying “only we should be allowed to invade your privacy”. See: Google, Apple, the EU
Fairly fucking sure this is a nothingburger like Art. 13-17 was, and will not break E2EE messengers.
The reason:
Encryption plays an essential role in securing communications. The international human rights law test of legality, necessity and proportionality should be applied to any measures that would affect encryption. Both the UN Commissioner for Human Rights[1]and the European Data Protection Supervisor[2]have concluded that the EU’s proposal for a regulation on child sexual abuse material fails this test[3].
A recent article published by Wired[4]described a European Council survey of Member States’ views on regulating encryption. In its response to the survey, Spain stated that there should be legislation prohibiting EU-based service providers from implementing end-to-end encryption.
Requiring platforms and device manufacturers to build back doors to facilitate law enforcement access would make everyone more susceptible to malicious hacking from criminals and foreign adversaries alike[5]. Measures allowing public authorities to access the content of communications affect the essence of the right to privacy.
1.Which encryption experts did the Commission consult when preparing its proposal for a regulation on child sexual abuse material?
2.Will the Commission revise its position on encryption in view of the opinions of human rights associations and experts?
3.Given the abuse of Pegasus, how will the Commission ensure that the fundamental right to privacy is protected if a Member State, such as Spain, decides to ban encryption?
Submitted: 24.5.2023
[1] UN High Commissioner for Human Rights, ‘The right to privacy in the digital age’, A/HRC/51/17, 4 August 2022, para. 28, https://www.ohchr.org/en/documents/thematic-reports/ahrc5117-right-privacy-digital-age. [2] https://edps.europa.eu/press-publications/press-news/press-releases/2022/combat-child-sexual-abuse-online-presents-serious-risks-fundamental-rights_en. [3] https://home.crin.org/readlistenwatch/stories/privacy-and-protection. [4] https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law/. [5] https://cdt.org/area-of-focus/government-surveillance/encryption-and-government-hacking/.
Source: https://www.europarl.europa.eu/doceo/document/E-9-2023-001661_EN.html (EUP Parliamentary question E-001661/2023)
So yeah, it is now established that forcing law enforcement on E2EE messaging services goes against human rights. glhf EUC
With a little knowledge, it’s not very hard to make your own messaging app and share it with those you know. And there’s plenty projects online that give you what you need without having to write the code yourself. Alternatively, there’s just plenty dark web and under the radar apps already that won’t bend to this ruling.
What it is, though, is very inconvenient and annoying to do so.
But if you’re an actual criminal, then there is this solution here that can never be subject to this ruling.
So what this clearly means is that the EU will violate the privacy of all the everyday people that don’t handle that inconvenience, pushing the serious criminals to dark channels.
This law has nothing to do with CSAM or child abuse prevention. “Think of the Children” is just an effective rallying point because, of course, no one wants to come out against it publicly. The Surveillance State grows.
This is a level of bullshit that will straight up make me vote to leave the EU.
Outlawing E2EE should just not be a thing. It just shouldn’t.
As if European state governments aren’t also stupid and would come up with this idea.
The EU sucks sometimes but where ever you live in the EU your gov would totally come up with this on their own…
Obviously. The point is that it’s the kind of thing that will make me reject the very society I’m living in, and I would change it wholly to avoid this.
If the source was my own government, for the first time in my life, I’d be considering moving to a new country.
Well, this is being implemented in the UK separately so I wouldnt be too hasty
Here’s what this bill does for children: reduces pedos from sharing images of them yay! Here’s also what it does for Children: un-encrypts their chats so pedos know what they are doing, where they are, who they are with, what they like, their vulnerabilities and much much more. Trading safety for a viewing crackdown. Congratulations
Friendly reminder it’s never about consumer rights. It’s about who is in control of the data.
A question you can all ask yourself. Despite the warts in both who would you rather control your data (you have no choice here. Someone is controlling your data and it is not you)
A. Google, Amazon, Microsoft, etc.
B. Government
You’ll get strong answers either way. Personally I’d rather the government strictly from an accountability perspective but that also warrants governments not electing shitheads which unfortunately the world is leaning towards with these populist right wing politicians gaining favour.
It can be you. It doesn’t have to be Big Corps or Government. It can be federated instances, it can be self-ownership of data, it can be E2E encrypted.
A, by a goddamn long shot. If google mistakenly thinks I’ve advocated for a crime against a massive corporation, they’ll remove my account and ban me from their services. If the government mistakenly thinks I’ve advocated for a crime against a massive corporation, they’ll arrest me and ruin my life. Microsoft doesn’t give a shit if you acquired the 1s and 0s that comprise a popular TV show without paying for them. The government will fine you more than the average person will make in their entire life.
It also depends on where you live. Facebook doesn’t care if you’re gay or trans, if anything that’s valuable monetizable data about you. Iran will straight up fucking kill you.
Tbf in this scenario, google reports you to the police. You get arrested in either scenario.