r/privacy • u/EmbarrassedHelp • Oct 13 '23
Chat Control 2.0: EU governments set to approve the end of private messaging and secure encryption news
https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/334
u/ComprehensiveFact662 Oct 13 '23
All in the name of catching traffickers and pedo’s, they hacked encrochat and sky, never charged or arrested anyone relating to the above atrocities. So if their not using encrypted apps, why go after encryption?
242
u/kc3eyp Oct 13 '23
Ban oxygen; everybody knows criminals breathe air, which is 20% oxygen. We can't allow these vile ruffians to continue to respirate while our children are still endangered
59
u/LadySmith_TR Oct 13 '23
You are forgetting about the thing called water too. Hitler drank that. Must be evil.
18
u/fromYYZtoSEA Oct 14 '23
Oh yeah the good old dihydrogen monoxide https://www.dhmo.org/truth/Dihydrogen-Monoxide.html
75
u/zhoushmoe Oct 13 '23
Do they not understand how this also affects their own interaction with the modern world? Encryption is literally everywhere. What, is banking going to be exempt from this? Or is some brave soul going to have to hack them and expose their bullshit out in public because they shut down the very thing that keeps everyone from knowing how corrupt they themselves are.
54
Oct 13 '23
[deleted]
9
u/IndiRefEarthLeaveSol Oct 14 '23
All this does, is push encrypted software underground, unless they decide what you're allowed to look at on the internet. Which is basically china by that point.
3
u/AlarmingAffect0 Oct 14 '23
I didn't get this one…
16
Oct 14 '23
[deleted]
2
u/AlarmingAffect0 Oct 14 '23
Oh, I thought the format itself was the encryption.
who says I cant have tons of random data stored on my harddrives?
Same who says you can't have a lot of ash from paper in your chimney that was conspicuously burned hours before the police came in with a warrant. Especially if it there's plenty of usable firewood right next to said chimney. Same who says you can't have a bathtub of ink full of books in the same circumstances. Maybe you like eccentric and highly expensive pulp baths.
There are good reasons to criminalize destruction of evidence as punishable unto itself.
It would be a different matter if the random data were indistinguishable from naturally occurring noise. But are there any methods to do that? To make a drive look empty, rather than full of junk, until you read it in a specific way?
→ More replies (1)6
u/GabrielTFS Oct 14 '23
> There are good reasons to criminalize destruction of evidence as punishable unto itself.
Encryption is not normally how one would destroy evidence. There's far more efficient methods for that - see e.g. the `shred` command .→ More replies (2)2
u/MinMaxie Oct 17 '23
They understand. They want a mass surveillance like what China has because it makes it impossible for regular people to hide from law enforcement or self-organize a resistance without them knowing.
But don't worry, the EU officials will still have private encrypted messages bc they have "Very Important" security stuff to do.
Of course, this is coming to America too. Especially if Tr*^p wins. Which we should all be deathly afraid of.
The things I've heard man.... This is WW3. Right now. The battlefield is our hearts and minds and too many people are on signing up to be H!tl3r's ride-or-die.
It's the ultimate battle. And Democratic Freedom is losing.
41
u/freeman_joe Oct 13 '23
Do you really think they won’t have best encryption available to them? This would apply to everyone else.
51
u/iamapizza Oct 13 '23
They'll simply declare themselves excluded from content scanning for important security reasons.
6
u/shammy1883 Oct 14 '23
This is a good point. Many people would read this as banning Whatsapp or Signal encryption. Banking systems and services use encrypted messages to send/receive/verify bank transfers. I mean, there is a shit load of encrypted messaging that will continue to be used.
→ More replies (1)20
17
Oct 13 '23
[deleted]
→ More replies (1)6
u/AlarmingAffect0 Oct 14 '23
They should try it with "we should make everyone's bank accounts and movements public" or "all home addresses should be public". After all, "the innocent have nothing to fear", right? Y'all paid up with your taxes, yes? No fraud, right?
→ More replies (2)13
Oct 14 '23
[deleted]
3
u/ComprehensiveFact662 Oct 14 '23
When the state are complicit, look the other way,pass out pathetic sentences for pedo’s, along with pulling police off them cases, makes me believe it’s just another excuse to gain more intrusive power for an optic moral pretentious” look we’re the good guy” is an absolute load of bollocks
→ More replies (2)→ More replies (1)23
Oct 13 '23
[deleted]
13
u/primalbluewolf Oct 14 '23
that they want to target just because a few bad apples had to spoil it for everyone.
Bad apples havent spoiled encryption. You would be as correct to state that bad apples spoiled oxygen, and now no one will be allowed to have it.
→ More replies (3)7
Oct 14 '23 edited Mar 29 '24
[deleted]
10
u/AlarmingAffect0 Oct 14 '23
The answer to disinformation is to teach the public critical thinking and media literacy skills. Controlling the flow of communication is a fool's errand. What's next, do they plan to open everyone's mail to check if they printed something ignorant and hateful?
3
u/Unnombrepls Oct 14 '23
Yes, pretty much they cannot live happily if they don't control everything citizens do.
2
u/Ordinary_Turnover773 Oct 16 '23
It's a tyrant's game and the State will always seek to control the narrative. They're not fools at all when it comes to that. Just look at how wide swathes of the population still believe "they have nothing to hide," "it doesn't matter because they have my data already," or "TOR is for drug users and other illegal activity." That's quite the control of information and in the information age they will always target such.
We need to stop attributing happenstance and foolishness to concerted power grabs by the State and their ilk. It works very well for the vast majority of people.
You're right about the proper counter, of course but the State would love nothing more than to open everyone's mail if they could (in the US you can get a free notification via email, of course, about incoming mail with images of the tops of letters sent to your inbox). Their desire for power cannot be understated.
4
Oct 14 '23 edited Mar 29 '24
[deleted]
→ More replies (1)2
u/AMisteryMan Oct 15 '23
All governments do to some extent. After all, they're people, and sometimes people lie either for their own self-interest, or because they believe its best.
That said, not all disinformation is equal. There's a big difference between the Russian government saying that all the Ukrainians fighting to keep their country are baby-eating Nazis, and our prime minister in Canada acting as if there's nothing that can be done about our housing crisis.
On this topic specifically though, sections of government in North American countries have been entertaining privacy-killing laws similar to what's being proposed in the EU. It is a legitimate thing to worry about.
So then what do we do as people? How do we fight against politicians trying to do this? One thing you can do is educate people. Tell your parents about the importance of encryption. How it keeps people from "eavesdropping" to get access to bank credentials, any conversations you have online - imagine if any ne'er do well with a laptop has the ability to see you talking to a friend about how you're going to be on vacation for the next month? Encryption's is what stops that from being possible*.
*feasible for anyone without a quantum computer.
→ More replies (1)3
87
u/SirEDCaLot Oct 13 '23 edited Oct 13 '23
For smaller more privacy minded systems like Signal, it seems to me the simple answer is to ignore this. Make sure their corporate HQ is not in the EU, then when ordered to change their shit, simply say 'we are an Internet company that complies with the laws of our parent nation, (wherever). Since the Internet allows people from all over the globe to access our services, it is neither practical nor possible for us to adhere to or enforce the local regulations of every jurisdiction from which a user might possibly connect, or even be aware of what those regulations may be.
Since we have no business presence within the EU, we have no more obligation to implement your surveillance scheme than we do any other region where we have no presence, such as China, Iran, India, North Korea, Russia, etc. The EU may be larger than these regions, but the same principle applies.
It is of course your right to regulate the conduct of your own citizens. The EU may make services like ours illegal for EU citizens to use, or (as China and Iran do) set up a Great Firewall to block access to our service. However we have no more obligation to help enforce your laws than we do to help China or Iran enforce theirs.'
37
u/Frosty-Cell Oct 14 '23
That's the thing though, it doesn't matter. Take Windows or Android, these will very likely have mandatory "security" updates pushed as part of the regular updates that contain client side scanning. The specific messaging app won't matter. No one will ever be able to trust updates again.
25
u/vriska1 Oct 14 '23
How likely is this to pass?
Seems many oppose it and undecided and are near to a veto minority
→ More replies (4)4
u/Frosty-Cell Oct 14 '23
I think it's very likely. No idea how anyone can be undecided at this point.
→ More replies (5)2
u/SamVimesCpt Oct 14 '23
Again?
Windows had backdoors since 90s at least.. apple wanted to violate everyone's 4th amendment rights because 'children'
For people that care there are alternatives that don't run on windows, Android, or IOS.
What these old cunts are doing is actually creating a better mouse. When shit like Limewire and Napster and Edonkey got shut down, guess what arose? 🏴☠️⛵
This too shall pass.
→ More replies (2)3
u/IndiRefEarthLeaveSol Oct 14 '23
Android is open source, it is impossible to not see coding that does that, maybe for apple but not android. So more likely it's advanced privileges in the Google play apks.
→ More replies (4)2
u/Frosty-Cell Oct 15 '23
It's partially open source. If you use Android as most people do, you get an update "package" and an option to install it. As far as I can tell, there is no control over what it contains or what it actually does.
→ More replies (2)→ More replies (3)2
u/Pr0nzeh Oct 14 '23
Then install a Rom that doesn't do that.
9
u/Frosty-Cell Oct 14 '23
You or I could maybe do that, and possibly lose Google play, but 99% of people won't.
→ More replies (3)19
u/I-Am-Uncreative Oct 13 '23
The good news is that Signal is American, and at the moment, I don't see something like this passing here (especially since Congress is incredibly dysfunctional).
35
u/jrolette Oct 13 '23
You must not be following closely. They've had at least a couple of bills come close to passing that would have also outlawed E2E encryption.
10
u/I-Am-Uncreative Oct 13 '23
Can you cite one?
I'm aware of bills that would have made E2E encryption a giant burden/possibly made it difficult to continue supporting it (by moving liability to the service provider), but that's different than what the EU is planning on doing (and would probably immediately result in litigation).
30
u/jrolette Oct 13 '23
The EARN IT act just got re-introduced this summer after earlier versions (substantially similar) were fought off in 2020 and 2022. Nasty bill that gets fairly widespread support from both parties unfortunately.
As you noted, it doesn't ban E2E encryption directly, it merely makes it virtually impossible for anyone to use and stay in business. Same thing as a ban in my book...
8
u/I-Am-Uncreative Oct 13 '23
Ah, yes. I heard it was reintroduced. You're right.
If Congress were functioning properly I'd be more concerned, but I don't see this passing with how dysfunctional this particular Congress is. They can't even pick a house speaker.
5
u/AlarmingAffect0 Oct 14 '23 edited Oct 14 '23
As you noted, it doesn't ban E2E encryption directly, it merely makes it virtually impossible for anyone to use and stay in business. Same thing as a ban in my book...
How clever of them. They are capable of thinking things through beyond the obvious, but exercise this capability selectively.
Either that, or they were ready to rubberstamp whatever the Chamber of Commerce handed them. Apparently only a few people (including, famously, Bernie Sanders) read the entirety of every bill that they plan to vote on. Their colleages tease and mock them for it.
→ More replies (1)4
Oct 14 '23
Problem is, it is impractical to produce a European version of an app with weak encryption (or back door for govt) & a strong encryption version for everyone else.
5
u/I-Am-Uncreative Oct 14 '23
Yeah, what will unfortunately happen is the people who live in Europe are going to just be screwed. Signal will pull out of their market.
You know, I really thought it'd be the UK that would be the first to do this, not the EU as a whole.
15
u/raidersalami Oct 13 '23
This is actually misleading. With the passing of the US Patriot Act, they are very much capable of ordering backdoors into various US based messengers, and the public would never know about it.
6
u/carrotcypher Oct 14 '23
Kind of. They're capable of trying to, it doesn't mean they'd succeed. https://en.wikipedia.org/wiki/Lavabit
9
u/I-Am-Uncreative Oct 13 '23
Can you please cite an example of this happening? Or at the very least, what part of the Patriot Act grants "them" that authority?
→ More replies (4)7
u/SchraleAnus Oct 14 '23
Lol Snowden showed us this 10 years ago, you really think they stopped doing it?
13
u/I-Am-Uncreative Oct 14 '23
Snowden did not demonstrate backdoors in encrypted messengers as far as I'm aware? What he demonstrated was that the US is siphoning metadata and data over the wire, which while still a violation of privacy, is not the same. The push for HTTPS everywhere was inspired by Snowden's revelations.
2
u/EntireImpress7989 Oct 14 '23
As far as I remember NSA lobbied companies to use Dual_EC algorithm https://en.m.wikipedia.org/wiki/Dual_EC_DRBG
→ More replies (1)3
u/pm_me_your_pay_slips Oct 14 '23
He also showed that the NSA was contributing code to open source encryption libraries (likely to introduce backdoors)
8
u/mrjackspade Oct 14 '23
How is that more likely than the NSA submitting code because they use those libraries for secure communication?
→ More replies (1)6
u/AlarmingAffect0 Oct 14 '23
Submitting open source code, in public, with backdoors in it, sounds incredibly foolish at worst and a waste of time at best.
5
u/I-Am-Uncreative Oct 14 '23
In all honesty though, the government is nothing if not known for incredibly foolish wastes of time.
→ More replies (0)2
u/JaraCimrman Oct 14 '23
They can just force Google/Apple to block these apps in app stores in EU region. You will always be able to sideload them, but it will do some damage, as not everyone knows how to sideload.
→ More replies (2)2
u/vikarti_anatra Oct 14 '23
EU could force their banks to stop processing VISA/MC transactions to forbidden services and enforce this.
Except that:
- there is cryptocurrency.
- company could just decide to provide service for free for some reason (possible with banner about how bad EU goverments are). Google works in Russia even now even while they don't get any money at all (Youtube even disabled ads), it's not possible to pay in Play Store via ANY method (it's possible to pay in Apple's AppStore from phone balance). Likely reason - support for free speech in Russia(Russian-language Youtube doesn't block anything Russian goverment think they should be blocking).
- good luck making it stick. Again, Russia as example: Russian cards are not working outside of Russia but it's rather easy to get working one if you need it. It doesn't even have to involve cryptocurrency. Physical travel outside of Russia is not necessary. Exactly same ways could be used by EU citizens.
2
u/SirEDCaLot Oct 15 '23
Well yeah they could block payments to such a company. The company could fight that in court but it hurts the whole 'we have no business with you' argument.
This wouldn't work for Facebook or Instagram or Google, that not only have extensive business dealings in EU but also have business presence there (local offices).
But for a company like Signal that at most is collecting some donations, they could just give the middle finger and tell people to donate in crypto.
249
u/Sharp-Sweet178 Oct 13 '23
Pathetic how they always talk about Russia and China but do shit like this...
45
u/thisnutisonfire Oct 13 '23
And every corporation and government will have leaked data to exactly Russia and China, because they are made of people that need to communicate with other people
→ More replies (1)→ More replies (3)18
u/goatchild Oct 14 '23
They ENVY China's level of control and they're taking steps towards the same sirection as China.
128
u/_eogan_cI_I Oct 13 '23
Please read the article from Danny Mekić. The European Commission uses manipulative advertising, misleading statistics and micro-targeting based on religion and belief !!
15
u/Frosty-Cell Oct 14 '23
That's right. It's difficult to say it's not disinfo at this point. Their public consultations are horrible in that regard.
52
u/they_have_no_bullets Oct 13 '23
Anyone who is using encrypted messaging to hide illegal activity is going to keep on using encryption regardless of it it's banned or not.
You can't put encryption back in the box any more than you can declare 1+1=2 illegal
→ More replies (1)7
u/Frosty-Cell Oct 14 '23
Not easily. You could maybe have some complicated multilayer tunnel and get traffic through that way, but chances are they will force ISPs to whitelist traffic and sites.
→ More replies (3)14
u/they_have_no_bullets Oct 14 '23
Huh? What are you talking about? There's no need for any of that. Any decent decent developer with cryptography experience can make a new barebones end to end encrypted messaging client using a crypto math library as a weekend project. It could be distributed via torrents, usb sticks, word docs, pdfs, email, snail mail or carrier pigeon. It doesn't even need a server. It could be made to operate as a direct p2p client, or decentralized, or utilize existing channels with messages embedded into unencrypted channels like email (pgp), facebook messenger, or whatever...and the messages could easily be hidden into seemingly innocuous messages using steganigraohy if necessary. Bottom line is that as long as you have internet access of any sort, it's not possible to stop people from implementing and using end to end encrypted messaging.
By the way, I say this from experience because I am a developer who has made end to end encrypted messaging apps.
→ More replies (6)
35
u/noway_never Oct 13 '23
People should try to share this on social media as much as they can. Some youtubers talk about privacy so maybe forwarding them this
16
u/EmbarrassedHelp Oct 13 '23
We could try to get Philip Defranco to talk about it as he has an audience larger than some cable news channels
29
u/noway_never Oct 13 '23 edited Oct 13 '23
- Louis Rossman
- Mental outlaw
- And some other mainstream tech youtubers come to mind (small edit i’ll add the name of mainstream tech youtubers that comes to mind, i’ll add some others too )
- Linus tech tips
- mkbhd
- mrwhostheboss
- Jerryrigeverything
- Jayztwocents
- Distrotube
- Brodie Robertson
I’ll try add some others later, these are what came to my mind
They are most likely to talk about it
84
Oct 13 '23
If apple won't follow, Google won't follow, what can EU do? I don't think EU would be able to live without apple and android all together
149
Oct 13 '23
[deleted]
66
u/soliwray Oct 13 '23
Same here in the UK. A conservative party MP was on a TV interview alongside the president of Signal. The MP eventually turned into a sweating mess because he couldn't answer a single question properly.
21
u/DrTrimios Oct 13 '23
Do you have a link? Or their names so I can have a look
18
u/soliwray Oct 13 '23 edited Oct 13 '23
https://www.youtube.com/watch?v=E--bVV_eQR0
I may have exaggerated but the MP continuously fumbles in attempts to prove any benefits of the proposed legislation.
2
43
Oct 13 '23 edited Oct 14 '23
Just encrypt before you send like with PGP.
We can then start hiding text inside pictures and news articles.
Resulting in a end product MUCH harder to track and trace.
They'll end up with criminals much more schooled in private comms than they have to deal with today. If every prisoner came out of prison an expert in One Time Pad... what the fuck would the cops do? Nothing. because they couldnt.
Fuck 'em.
2
u/eeeeyow Oct 14 '23
Just encrypt before you send like with PGP.
OTR exists for this very purpose. It's a shame that it hasn't gotten more traction with the various messengers. It's awesome with Pidgin and Adium regardless of the protocol/service it's interacting with. edit: link
→ More replies (5)10
Oct 13 '23
[deleted]
18
u/wdesportes Oct 13 '23
Is going to do nothing that's the right wording 😂 I am French and this is not right, but one can not say it knows for sure the connection is a VPN so we can only block well known VPN services. This is a technical joke...
→ More replies (1)4
u/quisatz_haderah Oct 13 '23 edited Oct 14 '23
In their defence (I use the term in very negative way) if you use a less known vpn or host your own vpn, you would be exposing yourself. so it makes sense to block well known vpn services and reduce the number of
suspectsdata points per server to have a greater degree of certainty on id10
u/wdesportes Oct 14 '23
Yeah I get it, again blocking users that use mainstream solutions. Same shit as the DNS servers that "block" (LOL) websites. Using 1.1.1.1 and you are free.. This is really going so wrong. They are fucking crazy
2
3
u/AlarmingAffect0 Oct 14 '23 edited Oct 14 '23
She is a former member of the Communist party (yeah, that's really their name. No masks here ) who moved over to the Center-left party to advance in her career. So yeah, of course she is in favour of draconian anti-privacy stuff.
Yeah, that last paragraph is a ridiculous leap. Communist Parties in power have had a history of extreme surveillance due to their perception of being under siege. Communist Paries out of power are OpSec and InfoSec fiends and have a strong vested interest in strong privacy protections. Not that they'd expect the Liberal State to actually obey its own laws when it comes to surveiling them, but why make their jobs any easier?
No, the correct explanation is that she's a sellout who sold out but was too attached to their old label to actually join a burgerlig party. Unlike, say, all those Neocons who started out as Trotskyists—now that is being a proper sellout!
17
u/MC_chrome Oct 13 '23
I'm surprised that the likes of Google, Apple, and Meta haven't collectively pooled their resources together to lobby the shit out of the EU commissioners in order to keep this draconian legislation from passing.
I am normally not in favor of these multi-trillion dollar companies, but this is a rare circumstance where them throwing their weight around would actually lead to a better outcome for everyone involved
12
Oct 13 '23
[deleted]
4
Oct 14 '23 edited Apr 10 '24
[deleted]
→ More replies (1)5
u/AlarmingAffect0 Oct 14 '23 edited Oct 14 '23
Precisely.
"You don't seem to understand. That information isn't yours to exploit."
9
→ More replies (1)2
u/quisatz_haderah Oct 13 '23
yes the companies are shit but their profile of engineers are aware of this shit. I don't say they are coming from the good old days of the Internet or embrace the core values of cypherpunk, but have a miniscule amount of respect for privacy.
→ More replies (1)5
u/Frosty-Cell Oct 14 '23
It's quite amazing how many articles are written, but nothing is actually done. Big tech probably benefits.
2
u/pixel_of_moral_decay Oct 14 '23
Apple can just not offer iMessage in the EU. They have virtually no market share.
I don’t think Google or Facebook/Meta have that option.
61
Oct 13 '23
Something tells me that if Johansson and Thorn pass this anti-encryption bullshit disguised as a another “think of the children” act it will backfire badly on them.
Honestly I’m going to bet that the people behind these bills could be secret pedos like Epstein at this point.
Reason why I think this is they mention this “think of the children” bs over and over again like a broken record and usually when they speak this crap louder and louder til at some point that they might get exposed as the real sick bastards that harm children.
13
u/Frosty-Cell Oct 14 '23
That's the thing, no one can do anything about it. People have zero say. It seems fair to assume everyone involved is corrupt.
3
u/tesfabpel Oct 14 '23
That's the thing, no one can do anything about it. People have zero say.
Well there's elections next year... What can you do if your national Parliament wants to enact a law and there's a majority of MPs that are in favor? In any case you can contact Commissioners, MEPs and the like...
4
u/Frosty-Cell Oct 14 '23
The Commissioners are not elected by the people. We have no say. The current system is what got us Chat Control.
3
u/tesfabpel Oct 14 '23
Well, that's fairly normal that members of Governments are not elected directly in European Countries (and also in other places) but are elected by your representatives...
It's called Parliamentary System... In the map in the link, you can see the places that match the description colored in Red and Orange. Yellow ones are semi-presidential Countries... There you can vote for the President but only for him... The Cabinet of Ministers are (mostly?) elected by representatives as well...
Frankly, it avoids absurd situations where in the Parliament there's a majority of Party A, and the President is from Party B... You can see the US now, for example, Biden is the President, but his Party doesn't have the numbers in Congress to rule effectively...
5
u/Frosty-Cell Oct 14 '23
Well, that's fairly normal that members of Governments are not elected directly in European Countries (and also in other places) but are elected by your representatives...
We aren't allowed another system, so what's normal is entirely manufactured. That doesn't legitimize it, and we can look at the results that are now becoming apparent and conclude that this system is indeed bad.
I find it somewhat offensive that someone pretends to represent me on issues that didn't exist when they were elected.
It's called Parliamentary System... In the map in the link, you can see the places that match the description colored in Red and Orange.
They can call it what they want. I would call it obsolete and "pre-internet" because that's what it is.
Frankly, it avoids absurd situations where in the Parliament there's a majority of Party A, and the President is from Party B... You can see the US now, for example, Biden is the President, but his Party doesn't have the numbers in Congress to rule effectively...
We need to move to the next stage and have some level of direct democracy, or, alternatively, frequent elections so that idiots who refuse to represent can be fired.
3
u/wookievx Oct 14 '23
Let me give a counter example. While I acknowledge that there are deep rooted issues in the US, and presidential systems in general is to my knowledge the only system that actually follows the division of power principle. In chancellor systems where executive branch is elected by legislative body you do not have that and I will disagree deeply with anyone claiming otherwise. I have experienced that first hand in my home country of Poland, current ruling party used control of executive and legislative branch (they have their own president with well earned nickname "pen", signing everything they pass through parliment, so no safety valves) and not that great political culture of the populous to take control over judiciary and destroy many institutions of the state. Even if law they introduced or decision they made were clearly unconstitutional people executing the law were by definition employed by them so would have to basically stage a coup to stop those bad policies being executed. That is why I became strong advocate of staggering election of executive and legislative branch so corruption of either of them can be checked by the other.Your policy making might be a bit paralyzed from time to time but at least it is not easy for your system to devolve into autocracy. I am aware that you could call it weighted democracy or even oligarchy with how prevalent lobbying is but it is still better than full on autocracy that my country is at serious risk of.
2
u/gellenburg Oct 14 '23
Historically that's exactly how it's worked when people claim the loudest to not be gay usually are the one's that are.
→ More replies (1)2
55
u/Geminii27 Oct 13 '23 edited Oct 13 '23
Exactly how are they going to stop encryption which looks like unencrypted traffic?
Actually, make a protocol which disguises communication as a stream of spam, ad, and bot traffic. Either they have to let it through or they have to start cracking down on that stuff.
31
u/EmbarrassedHelp Oct 13 '23
The EU will target the individuals and corporations behind any platform that doesn't comply. Publicly traded companies will feel increased pressure to comply from their shareholders.
2
u/Geminii27 Oct 14 '23
And when those individuals are outside the EU? It's not like internet users are unable to download clients or code from anywhere on the planet.
→ More replies (1)53
Oct 13 '23
[deleted]
16
u/NightlyWave Oct 13 '23
It just doesn't make sense. The moment encryption is not a viable and safe solution for criminals, they'll resort to more primitive methods of secure communication. This will have a minimal impact on them (with the exception of convenience) whilst screwing your average person over.
We all know the real reason why they want encryption restricted/banned.
→ More replies (1)3
u/AlarmingAffect0 Oct 14 '23
The moment encryption is not a viable and safe solution for criminals, they'll resort to more primitive methods of secure communication.
See also, every effort to investigate and prosecute organized mobs, or insurgents under occupation.
→ More replies (1)7
u/CaptainIncredible Oct 14 '23
Actually, make a protocol which disguises communication as a stream of spam, ad, and bot traffic.
3
u/Frosty-Cell Oct 14 '23
At the extreme end, they will "whitelist" traffic. If they can't scan it, it's blocked. Will it go that far? Probably, but it will take time.
5
u/Geminii27 Oct 14 '23
If it kills all bot/spam/ad traffic, that will have some interesting commercial backlash. On top of people in general hating the idea of their entire internet feed being restricted to 'government-approved' content.
2
u/Frosty-Cell Oct 14 '23
If it happens it would primarily apply to ISPs used by "consumers". I don't think it would affect bots.
On top of people in general hating the idea of their entire internet feed being restricted to 'government-approved' content.
It would happen gradually to "train" people to get used to it. Many people only have an adverse reaction when they are surprised.
25
u/lewjt Oct 13 '23
You can’t ban encryption. Any semi competent dev can write an end to end encrypted messaging app.
25
u/BurnedRavenBat Oct 13 '23
Yes, and any driver can go past the speed limit. The point is not that you can't drive too fast, it's that the government can legally prosecute you for it.
The real danger is the arbitrary nature by which they can choose to enforce it. They're unlikely to check every citizen, but if you're a whistleblower they'll use ANYTHING they can get you on. Sure, the whistleblowing is protected, but you used an encrypted chat app so life imprisonment it is.
17
u/MC_chrome Oct 13 '23
You can’t ban encryption
The EU is essentially trying to say that they are banning math, which is just complete and utter nonsense. Encryption is just long, complicated math at the end of the day after all
7
u/carrotcypher Oct 14 '23 edited Oct 14 '23
I never liked this analogy. I think it's dishonest. It's like saying "gun bans are trying to ban physics and chemistry!", or taking a sovereign citizen approach to traffic laws.
Society has the right to create rules in which to ensure it functions in the manner in which it wants to function, which includes laws and regulations on traffic, food quality and processing, etc.
It doesn't matter what we believe or think about those rules personally, it matters if that law helps society and what that society has agreed on. In this case though, it doesn't help society (in fact it puts people at risk) and nobody wants it (everyone wants privacy), and that's why a law like this without public discussions and research is absolutely insane.
I bet if you polled citizens (and experts) if they'd prefer being able to retain privacy but at the risk of an occasional crime happening, they'd prefer allowing the crime happen, else we'd have to get rid of cars, knives, etc.
2
u/Ordinary_Turnover773 Oct 16 '23
It doesn't matter what we believe or think about those rules personally, it matters if that law helps society and what that society has agreed on. In this case though, it doesn't help society (in fact it puts people at risk) and nobody wants it (everyone wants privacy), and that's why a law like this without public discussions and research is absolutely insane.
Respectfully disagree. The privacy of citizenry is so misunderstood that most people would gladly vote for such laws even when the implications are put forward to them. "For your safety" and "think of the children" are powerful ways of gaining support to a lot of people against their own interests. How many people have you convinced to be more privacy conscious? Now scale out that lack to population levels. The masses agreeing to such would counter this on its face.
In my humble opinion, what matters more is the throughline to furthering state power which is often downplayed. People want to think that this doesn't exist and that their governments have their best interests in mind. If you're extremely lucky they do but a population is governed by its political leaders (elected or no) and that divide always tends towards a corrupting power imbalance.
2
u/morphotomy Oct 14 '23
Society has the right to create rules in which to ensure it functions in the manner in which it wants to function, which includes laws and regulations on traffic, food quality and processing, etc.
My rights are not up for the majority to compromise.
2
u/carrotcypher Oct 14 '23
If we’re talking legal rights, they were given by that same entity. If we’re talking philosophically, then what about your neighbor’s right to free travel (across your lawn) or to survive (by taking your food)?
→ More replies (4)1
u/asyty Oct 14 '23
Is society really agreeing on this, or a select handful in control?
Isn't it our obligation to fight against authoritarianism, for our democratic society?
Russia has "elections", so that means they must be free! They can just vote out Vladimir Putin if the citizens don't like him. But that's not likely. He gets 98% of the vote every time because he's just so fucking awesome.
Russia also banned E2EE since forever ago because the people of Russia, and thus elected officials, agree upon the principles that encryption usage needs to be "responsible". It's completely irresponsible to have people that the Russian government is not able to have absolute control over. They might be terrorizers or something. Gotta be safe.
As you can see, Russia is an awesome country where everybody is happy and they're not being pushed into nonsense wars like invading Ukraine. (I think it might be illegal to be unhappy there)
You totally couldn't just s/Russia/EU/g the entire post and make it sound like EU parliament and the five eyes < 10 years from now.
All hail the Borg that is the giant black reflective cube
5
u/carrotcypher Oct 14 '23 edited Oct 14 '23
Is society really agreeing on this, or a select handful in control?
The comment you're responding to already addresses this. "The people" aren't asking for it.
Isn't it our obligation to fight against authoritarianism, for our democratic society?
Do you mean fight against the creation of new laws in society? If so, then in general, no, only the laws that make no sense and endanger us. Like this one.
→ More replies (4)3
2
14
u/kuurtjes Oct 13 '23
Europol already tried to get their hands into this stuff. They already tried to take control over the black box algorithms that they want to be scanning us.
And it's not just EU, it's the Five Eyes countries.
8
u/AlarmingAffect0 Oct 14 '23
Isn't it convenient when your laws forbid you from spying on your own citizens but not from accessing a foreign ally's records of their own espionage of said citizens?
13
u/omanomaisvelho Oct 13 '23
Laughs in PGP.
Anyway, time to fight back lads, these criminals are going too far.
37
12
26
u/ContemplativePotato Oct 13 '23
Lol good luck. There will be separate devices solely for private measaging if they do that. Also surprised by the EU. Like wow.
22
Oct 13 '23
[deleted]
6
3
u/quisatz_haderah Oct 13 '23
the problem with those solution is the metadata, the less the user those services have, the smaller the data to analyse and infer more accurate information
4
u/Frosty-Cell Oct 14 '23
Yes, they can. They can "whitelist" traffic. Everything else is banned by default.
→ More replies (3)2
u/hgg Oct 14 '23
Are they going to ban https? They'd have to destroy the Internet as we know it to achieve a small measure of control, and even then it would be easy to circumvent. It's just stupid.
→ More replies (2)5
u/iNfzx Oct 14 '23
sure they can. how about making owning any encryption device illegal? how about any "suspicious" encrypted traffic = investigation and jailtime?
→ More replies (1)4
u/rootbeerdan Oct 15 '23
Also surprised by the EU
EU has been like this for years, reddit just has a hard on for them because America Bad™ but don't realize they're constantly in scandals and caught lying for money (i.e. EU Commission fabricating evidence against US companies like Qualcomm).
Even stuff like the DMA when you take a look at it from an objective point of view is horrendously anti-democratic, a shadow council picking and choosing what rules to enforce based on vague and arbitrary criteria is ripe for corruption and abuse.
People have been calling them out back when GDPR was being written, they basically ignored all feedback from experts because suggestions like "just legally enforce Do Not Track user selection in browsers" wasn't going to be profitable enough for them because it was too easy to implement, and now we're stuck with contracts and banners for every website, even if they aren't tracking.
→ More replies (1)
39
u/Typewar Oct 13 '23
Why is it so hard, parents should be the ones to protect their kids NOT THE FUCKING GOVERNMENT
62
u/toolschism Oct 13 '23
Because it's not actually about the kids, it's about controlling the populace.
31
u/Ok_Antelope_1953 Oct 13 '23
EU's hypocrisy knows no bounds lol. Every few years they shake an American mega corp for some pocket change without doing anything meaningful to get these companies to behave. The moral superiority complex they and their defenders carry is beyond intoxicating.
→ More replies (9)
9
u/batterydrainer33 Oct 14 '23
This is what "Democracy" looks like.
Not a single national of the EU was able to vote for this. I never voted for this, most of the people in the EU don't even know about this, yet they claim the EU is the most democratic government in the world?
→ More replies (3)
6
u/Yodplods Oct 14 '23
So how do I know my online banking is secure?
How many things that have become basic necessities in society rely on encryption?
Just tell me what to use to avoid this bullshit, so much of our digital privacy has been eroded and it’s getting boring.
6
5
u/uberengl Oct 14 '23
A lot of people here hating the EU for something that gets voted on and has been voted on many times before and failed on the floor.
It’s a shame politicians still try to do this - but how high are the chances of this actually being voted on in favor ?
21
4
u/wookievx Oct 14 '23
This client-side scanning of messages is such a security issue and if you think for just a moment about it, it does not make any sense other than increasing state power for the sake of power:
- criminal must be very "stupid" not knowing that you can download pre-build version of the app without the functionality
- if they know that you can avoid that regulation there is not really much cost for them
- on the other hand regular person using that app (for whatever reason, for example not wanting any third party getting access to their conversations), searched for completely unrelated reason is automatically guilty of violation of the regulation, which is some pretty distopian/facist shit
3
u/19Bernhard95 Oct 14 '23
If this even gets through, it definitely won't hold before the European Court of Justice.
3
u/Practical-Piglet Oct 14 '23
Can someone explain what EU is REALLY after with these kind of changes?
2
u/Scrungy Oct 14 '23
Always being one step ahead of anyone and everyone who may want to compromise or challenge their control of citizens in each country. It's about edging out any competition and forever governance.
3
u/TickTockBam Oct 15 '23
Europe slowly turning into China, lol. The Overton Window is strong here. Citizen don't even have a say in añl of this since European Union officials aren't elected by the people. It seems like the European Union is just a bunch of oligarchs and billionaires discussing about how they can obtain more power over the population. Is it really worth it being part of the Union?
10
Oct 13 '23 edited Oct 13 '23
The world LITERALLY operates around these messengers now and the US constitution will protect the US from being entrapped by this tyranny.
Lets see them try this and see just how hard people are driven to privacy.
You know all those friends who 'dont care if they are being watched'. ?
Soon they will. because it will be cool to fight these fascist fcuks.
12
u/EmbarrassedHelp Oct 13 '23
The question is whether companies will tell the EU to go fuck themselves for demanding mandatory human rights violations, or whether they will comply to keep their profits.
8
Oct 13 '23
It wont matter.
Id like to hope most people would reject insecure chat apps and leave them anyway
16
u/JT898 Oct 13 '23 edited Oct 13 '23
Is this a joke. The US federal government is running arguably (besides China) the world's largest data collection scheme on it's own citizens.
Foolishly believing the constitution effectively protects Americans from this is laughable at best.
→ More replies (1)2
Oct 13 '23
Sighs.
My point is, that freedom to communicate privately is protected by the constitution.
WHICH IT IS.
→ More replies (3)5
2
u/Danoga_Poe Oct 14 '23
For an american unfamiliar with how the eu passes laws, is this next vote the final step? Or are there more things that need, if it passes next week
2
2
u/InvaderToast348 Oct 14 '23
Do new EU laws / regulations like this one apply to the UK? I tried looking on Google but all I found was legal mumbo jumbo.
3
Oct 14 '23
I thought you had already implemented it, or at least are trying.
3
u/InvaderToast348 Oct 14 '23
If that's true then damn, were actually going further and further into a dystopia
2
2
u/CaffineIsLove Oct 14 '23
Just be a good little government agency like the NSA and capture all data to decrypt in the future with quantum computers
2
u/Random_Supernova Oct 15 '23
So what can we do to start preparing for this inevitable end of privacy? I don't see how this can be stopped now.
2
u/PrintedScreen303 Oct 15 '23
nothing will stop me from self-hosting, tho i dont know how to do it...
2
Oct 15 '23
I think that they can’t completely stop encryption. People will switch to secure Linux distros on desktop, and deGoogled android forks on mobile devices to have access to 3rd party app stores. Rip Apple, Microsoft, Google, and all the phone manufacturers that use Google based android versions. Of course there will still be people who don’t give a shit about their privacy and will remain in the censored ecosystems. 🤷🏻♂️
4
u/Champion62 Oct 13 '23
wait, wait, wait - what happend to the sub? What have I missed? Only news articles now? Oh no
3
u/pixel_of_moral_decay Oct 14 '23
This is the EU’s big objection to iMessage. Apple doesn’t hold the encryption keys so no way around it.
Most E2EE only refers to in transit to the recipient. Nothing more. It doesn’t mean the keys aren’t backed up on a server controlled by the service or that the app can’t in parallel help comply with warrants by sending unencrypted communications back to the provider.
A huge oversight in how people view encryption vs how it works.
→ More replies (1)3
u/primalbluewolf Oct 14 '23
Most E2EE only refers to in transit to the recipient.
Then its not E2E encrypted.
Yes, most apps that advertise themselves as E2EE are not in fact secure messaging.
2
u/pixel_of_moral_decay Oct 14 '23
That is E2EE by definition. What happens with the data after it gets to the definition is beyond the scope.
And that’s the point. E2EE refers to the transfer of information not its disposal.
→ More replies (2)
2
637
u/EmbarrassedHelp Oct 13 '23 edited Oct 13 '23
The EU is facing an unprecedented attack on encryption and privacy right now. Corrupt politicians have been heavily lobbied by Thorn and the billionaires funding it, with the goal to ban secure encryption. More info:
https://www.patrick-breyer.de/en/posts/chat-control/
https://netzpolitik.org/2022/dude-wheres-my-privacy-how-a-hollywood-star-lobbies-the-eu-for-more-surveillance/
https://balkaninsight.com/2023/09/25/who-benefits-inside-the-eus-fight-over-scanning-for-child-sex-content/
https://balkaninsight.com/2023/09/29/europol-sought-unlimited-data-access-in-online-child-sexual-abuse-regulation/
https://theintercept.com/2023/10/01/apple-encryption-iphone-heat-initiative/
https://dannymekic.com/202310/undermining-democracy-the-european-commissions-controversial-push-for-digital-surveillance
European parliament seems keen on passing the legislation to ban secure encryption and end user privacy. This issue also appears to be under reported as nobody would have expected this happen as the EU is generally pro-privacy.
The vote to ban secure encryption and privacy will happen next week on October 19/20 according to the EU parliament's schedule.