I wonder why there has been such silence on this, with the exception of a handful of well written blog posts. The scope of such a dragnet, the economic impact, the societal damage, all seems rather broad. Yet why don't any major operators in the EU take a stance? Is it really so below the radar, or being kept so below the radar?
Just the network egress costs to whatever state sanctioned scanner gets built will in aggregate probably exceed a few hundred MEUR yearly.
Yes, I would think that if there were any real journalism left, they would be all over this. For the sake of their profession, and the protection of their sources.
But I don't think mainstream journalism points out computer nonsense because they're so intertwined with it all.
I mean, "we have a surveillance state" first points to "advertising" which is their revenue stream.
> Majority of news outlets have government subsidies of one sort or another
Or are you calling ads subsidies? Sure, gov pays these news outlets for ads, but that's because of their size and reach. They aren't spending nearly as much for smaller outlets, though yeah, local outlets get ads for local campaigns.
Either way, I think the argument falls short. I said in the short term yes. That includes ads. But in the long run it is a bad strategy. Lack of quality journalism has been making the public more distrusting of the news. It gives legitimacy to claims of "fake news" even if such a thing is not binary and if those claims are being used liberally.
I'll put it this way. Would you rather have a million dollars now or make $10m per year for the rest of your life? I'd call someone a fool for taking the former option, yet it is the option most take. The only difference is I said the second option out loud.
Complicated or costly regulation is a regressive tax -- it affects smaller companies a lot more than larger ones and tends to prevent new entrants to a market.
And that's before even accounting for the lives to be destroyed by a blurry photo of a tree being classified as abuse material.
Age restriction laws don't stop underage folks from doing anything, they just increase the market demand for VPNs, and improve VPNs so they get less easily detected. The net result is that platforms can't use IP addresses to meaningfully infer anything about their users.
Same with this. This legislation will create a demand for private encryption tech that isn't part of the platform. Someone is going to provide that and make money, and in the process may remove the demand for the platform in the first place.
I get the logic you're talking about, and agree that they must be thinking this, but it's very short-sighted.
https://www.heraldnet.com/news/investigation-seattle-cop-use...
https://www.kansas.com/news/politics-government/article29105...
If the lowest level of law enforcement can figure out how to use the system for this, imagine what a government ministry can do.
What we need is for legislatures to pass "NO Chat Control" and "NO KOSA" bills that specifically block this behavior, but unsurprisingly governments don't seem to be too keen about limiting their own rights, only those of their citizens.
It might be interesting to go the other way: Get it put into the constitution of a major country that these kind of backdoors are banned world-wide and you can't do business in that country if any part of your enterprise implements them anywhere else.
To begin with this would make it harder to pass laws like this in other places -- domestic companies with international operations would put up stronger opposition because it would compromise their ability to do business elsewhere, and legislators might actually be concerned about that. And then on top of that it would force the companies to choose which subset of the world they want to operate in, allowing people in oppressive countries to pick up uncompromised devices from the places where compromised devices are banned.
The EU does not seem to have such simple and ironclad norm.
For reference, the EU does have an equivalent norm: https://fra.europa.eu/en/eu-charter/article/7-respect-privat...
In comparison to the US constitution, EU "norms" might as well be toilet paper. For example, they have some notion of "free expression" which sounds like free speech but is defined to be so weak as to be useless. The european public broadly does not seem to care, they certainly aren't willing to kill for their rights.
Leaving aside everything else wrong with it: in the absence of due process, that can happen to citizens too.
Make a law that says companies have to protect the data of their citizens without the possibility of any intentional backdoor, perhaps. Make a law that says companies can't require people to dox themselves with ID scans simply to use a publicly available internet platform that provides no services in the physical world. Make a law that says OS developers can't create client-side scanning services that upload results off-device without revocable user consent.
Since decades.
Pass your 'no KOSA' law. And then when they want KOSA, they just pass KOSA with a sentence that says this KOSA law supersedes prior 'No KOSA' laws.
You need to limit their power to do that and the only way is constitutionally.
Trust only software and systems you control and even then, approach with a hefty amount of side-eye.
Whlie it sounds accurate that maybe 1-2% of the population watches it live, it is also the most highly rated and influencing "news" outlet in the US. Their reach is far deeper than 1-2%. It gets retweeted, talked about, and trickles down. It sure seems like at least 1/3rd of the population has a FOX brainworm infection. I've seen in on 24/7 in hotels and some sport bars or restaurants too.
All the main news outlets totalling less than 9 million viewers? That's not compelling at all.
Except that it's the opposite. The Dakotas are over-represented in the electoral college but getting them from 60% Republican to even 99% Republican wouldn't gain them a single electoral college vote. Meanwhile states like Michigan and Ohio where changing minds could change outcomes are under-represented in terms of electoral college votes.
But the vote allocations are the least impactful part of the electoral college. If you got rid of the +2 electoral college votes for each state independent of its population, votes in Arizona would still matter more than California. The primary thing the electoral college does isn't to give red states slightly more power than blue states, it's to give swing states dramatically more power than safe states.
There's a bit more to it than the +2 electoral votes from the senate, because even within the House the representations are skewed due to the strange decision to cap the size of the House at 435 seats while guaranteeing each state at least one seat. Thus California has 52 times as many reps as Wyoming although its population is about 67 times greater.
> The primary thing the electoral college does isn't to give red states slightly more power than blue states, it's to give swing states dramatically more power than safe states.
Strictly speaking this too could be changed to some extent without changing the electoral college itself, namely by states switching to allocate their electoral votes in proportion to the popular vote, instead of winner-take all. That is entirely possible now and two states already do it, but it has minimal effect because those states are tiny. But if, for instance, you could win 20 EVs in CA by winning ~40% of the popular vote, you can bet that some campaign dollars would shift to CA from, say, Ohio, because Ohio doesn't even have a total of 20 EVs. You could win more EVs in California while losing the election than you could by winning in Ohio! But most states will not do this because usually the party that wins all the EVs is also the party that controls the state government, and they don't want to give away half their EVs to the other party.
Capping the number of seats is dumb but the way they're apportioned doesn't give any major advantage to small states because the size of the average district and the size of the smallest state aren't very far apart, to the point that some of the districts in states with more than one district have lower populations than some of the states with a single district. Out of the 50 smallest districts, two are state-wide districts; out of the 50 largest districts, two are state-wide districts. The largest district is less than twice the size of the smallest district.
And there is no partisan divide in which states are over or under-represented because of this. Some of the most over-represented districts are currently in Rhode Island and Vermont. Some of the most under-represented districts are currently in Idaho, West Virginia, Utah and Texas. It's basically random because it depends on how evenly the state's population divides the national population, so the only consistent thing is that districts in the biggest states will tend to be of average size and districts in smaller states will tend to be either over-represented or under-represented.
Or to put it another way, California has 52 reps but its population is 71 times the population of the average district in Rhode Island. Except that these are both blue states.
> But most states will not do this because usually the party that wins all the EVs is also the party that controls the state government, and they don't want to give away half their EVs to the other party.
In some sense this is strong evidence that the government is bad at representing the constituents, i.e. the principal-agent problem is real. Constituents in safe states like California would be better off if candidates actually had to care about their votes. Even if you're in the state's majority, it's better for you that candidates from both parties have to address your issues rather than taking you for granted. It might even cause a shift in national priorities towards those of the state because both parties would have to do more to appease them. But then the state's representatives have more loyalty to the national party than their local constituents.
If states like California wanted to be clever they would allocate their electoral college votes something like "if a candidate gets more than 50% of the state's popular vote, they get 50% of its electoral votes plus 5% for each 1% over 50%, with the remainder going to the second place candidate". Which means that in the typical case where the Democrats get >=60% of the state's popular vote, they still get all of the electoral college votes -- 50% + 5x10%. But then that 10% difference between 50% and 60% becomes important to both parties, because each vote in that range is worth five times its weight in electoral votes.
And meanwhile if the Democratic candidate was going to get less than 60% of the vote in California they were very likely to lose the electoral college regardless.
I'm increasingly skeptical of the idea that the composition of government organs whose authority extends over a large jurisdiction should be determined by mini-elections in sub-jurisdictions. It makes sense to have sub-jurisdictions insofar as they can set local policy, but if a legislative body is going to make laws for the whole US it should, as a whole, be accountable to the whole US. Especially in the modern age, the relevant constituencies are defined as much by beliefs as by geographical location.
You can solve this using a cardinal voting system (e.g. STAR voting) even with single member districts, because FPTP is what produces a two-party system and if there are multiple parties then there are no safe seats because e.g. a left-leaning district would still have a race between the Democrats and the Green Party.
Which also thwarts gerrymandering because if an extremist party draws the lines to try to give themselves more seats, they dilute their base and lose them all to a moderate party, but if they try to concentrate their base they don't get many seats.
And you can also implement that in the US without major constitutional changes.
> It makes sense to have sub-jurisdictions insofar as they can set local policy, but if a legislative body is going to make laws for the whole US it should, as a whole, be accountable to the whole US.
The premise of this stuff is supposed to be checks and balances. Single member districts in the House would be fine if we used STAR/score/approval voting instead of FPTP.
The original purpose of the Senate was to represent the states in the federal government; Senators were originally elected by state legislatures. The idea being that the state legislators would send people inclined to temper populist federal overreach. And it worked pretty well until the people who wanted to do a big round of populist federal overreach changed it to cause Senators to be directly elected.
And that's what messed up the US Presidency. The original design was to have an extremely limited federal government and have the states do most everything, and then if the federal government doesn't do much, having only a single elected position in the executive branch makes sense. Meanwhile states have elected positions for everything from sheriffs to comptrollers to dogcatchers. There wasn't supposed to be a federal-level SEC or FDA -- that's state stuff -- so the US Constitution doesn't establish any elected position to be the head of it even though there ought to be if it's going to exist.
In theory yes, but in practice I think we cannot. That is, the system you describe is allowable under the current constitution, but the path to realize it is not achievable under the current constitution, because the current constitution has led us into a dead-end which I don't think can be unblocked without wholesale reform.
> The original purpose of the Senate was to represent the states in the federal government
That was a bad idea. There is no reason for organs of government to be represented in other organs of government. That is the dead-end we've gotten into now, because the constitution does not actually give anyone any full-fledged rights (only restrictions on government action) and instead sets up a procedural game which has now reached a stable stalemate end-state characterized by gerrymandering, corporate money, etc. There is no way out because the constitution, in all its checks and balances, provides no direct mechanism for the citizenry to check or balance the legislature. This has enabled the creation of a nonrepresentative government with no way out.
The change to STAR is something the states can do themselves and some states -- notably California with its large population -- have referendums. Put it on the ballot until it passes.
> There is no reason for organs of government to be represented in other organs of government.
Well sure there is. Elected officials are subject to the principal-agent problem, but different agents have different sets of misaligned incentives. Notably each one will try to usurp the intended powers of the others. And if you don't want the federal legislature to usurp the role of the state legislatures then you give the state legislatures representation in the federal one.
> There is no way out because the constitution, in all its checks and balances, provides no direct mechanism for the citizenry to check or balance the legislature.
I mean, you're supposed to vote the bums out.
The real enemy here is partisanship. Forget about the parties, vote against the incumbents until someone runs a candidate willing to actually fix it.
My understanding is that Nielsen does track what people encounter at hotels etc. (though only recently), so that should be included (?)
To give a simple example: imagine a script that constantly dumps /dev/urandom into JPG-like files nonstop onto a 16 TB disk, then repeats. I've seen enterprise systems that aren't so dissimilar. If indeed the EU commission wants all files scanned, then will Hetzner need to spy on all of their machines at least enough to check for compliance? I'm guessing their board members think it can't possibly be so dumb, or stand to gain handsomely and privately.
Correction, not the EU, the member nations.
Another one: it's holiday season, a clever time to get things through.
Another one: most EU parties stand for it, even my usual go-tos, namely Greens, S&D, and The Left.
But even so, the commission does whatever it wants anyway, they are complete autocrats when it comes to law proposal, it's up to the parliament and the courts to something about it afterwards. And they should given that it's unconstitutional in many EU countries and incompatible with GDPR as it currently exists.
there are multiple ways to make EU law, there are regulations (that apply directly) and directives that member states need to implement (basically ratify)
the Commission proposed something and then the Council votes on it and then there's the EP which votes on it
this one is a regulation proposal
https://en.m.wikipedia.org/wiki/Regulation_to_Prevent_and_Co...
the treaties have some areas that are under "Special legislative procedures" where the EP cannot propose amendments, but still has consent power, but in some cases like internal market exemptions and competition law only consultation right
https://www.consilium.europa.eu/en/council-eu/decision-makin...
It's something a Nazi regime would implement today had it existed.
There is no one in the EU that would tell those people are you fkin insane and give them a sack?
It’s surprising how quickly you have forgotten CISPA, EARN IT, etc - which were much more invasive proposals than chat control (slurping of all data of everyone, not just client side scanning for csam).
Of course, now you just cram unrelated shit into “big beautiful bills”, speed it through with minimal oversight using loopholes, and hope no one will notice. Has no one told you how fkin insane that is?
there is at least one very bad quasi-dictatorship in the EU, Hungary, where "protecting the children" is used as the perfect propaganda slogen, but when it comes to holding abusers accountable, things are 240% farcical.
https://en.wikipedia.org/wiki/Katalin_Nov%C3%A1k_presidentia...
https://en.wikipedia.org/w/index.php?title=G%C3%A1bor_Kaleta...
and of course Hungary supports this. who would have thought.
Unlike the president the EU commission are unelected and the commission is the only branch of government which can propose laws, however they can't force anything through in the same way the US president can with an executive order (it must go through parliament).
I guess it's good/bad, but in different ways to the US. It's bad in the sense EU citizens can't elect the people proposing their laws, but it's good in the sense that the commission can't just force things through without approval from the parliament which consists of MEPs which europeans elect.
As far as I'm aware the courts function in more or less the same way. Here in the UK parliament is sovereign and therefore can overrule any court decision with new law. This isn't true for the EU and I believe it also isn't true in the US.
The EU is founded on the pooled sovereignty of the member states (unlike in the US, where the reverse is the case). The Council represents those member states (each has a seat), and so holds this pooled sovereignty.
For anyone reading this drivel, this is a complete misrepresentation of how the EU works. The commission changes and is appointed by the elected heads of the member nations to do their bidding. The push for chat control is coming from the member nations, not some "evil mysterious third party" that appeared out of nowhere to control us all.
People who don't understand the EU and resort to blaming it for these sort of problems are actually causing more harm, because they're directing people's anger at the wrong targets. Target your own elected officials, because they are the ones pushing for this and the ones who steer the commission.
Government trying to break your privacy is routine at this point.
[0] https://www.theatlantic.com/technology/archive/2018/08/the-a...
If you give away something for nothing, that usually means you're a sucker. But it takes a real genius to justify giving everything away for nothing.
If online privacy was that impossible Ukraine couldn't successfully organize sabotage operations in Russia. They do it all the time.
That's also just one of many operations inside Russia. There's lots of sabotage and assassinations that have been done.
You just can't do operations like that without secure communications.
In the end, these organisations want to slice and dice private conversations. It will be a goldmine for AI training and hence the push and silence.
This is all corrupt.
How? If they're end-to-end encrypted, they really can't be monitored unless there's a flaw in the encryption system. Don't trust messages to systems that aren't auditable.
Yes, it is that fascist.
We need end-to-end encryption on phones to have reasonably convenient privacy. We can definitely lose that, and open source software won't help.
Worse, once phones are locked down desktops and laptops can be locked down as well.
I mean, look at all the geniuses saying "I'll just use a VPN" in response to the latest ID for age verification. A week later, the law was amended to also involve VPNs.
No you will not have freedom to choose how to use your own property.
this is happening now on most* services.
* ok, not every single one.
This is buried too far down the page, which is written quite poorly. A lot of meandering and jumping to a CTA and a bunch of anxiety and fear before even stating concretely what it even is. Even the section called “What is Chat Control?” takes five paragraphs before it tells you what it is.
The page talks about wearing people down, but these kinds of pages wear me down too. I want sober, calm presentation of a problem, why I should care, and what to do about it. I have enough frenetic sky is falling anxiety in my life already!
While its certainly possible it'll happen, it's far from certain. It can be stopped. Of all the currently 'undecided' countries, if just Germany came out against it, that'd be enough to sink it. Germans are pretty pro-privacy people, and the government would win no popularity by supporting it. Even if the German government supported it though, the German MEPs would likely still end up mostly voting no
Even if that is true—which you don’t know, because you cannot predict the future—later is definitely better than sooner. Later is worth fighting for.
Your defeatist attitude is exactly what these bad actors want, you’re playing right into their hands. Thankfully not everyone thinks like you, or Chat Control would have passed first time and no positive change would have been enacted ever about anything.
What I see in your post is that you tried to explain to a few people in your life what Chat Control is, it was an utter failure, and now you’re spreading defeatism to strangers on the internet.
In contrast, everyone in my life I explained it to understood that it is an urgent problem and that it must be stopped. Consider that your explanation might’ve been the problem, and that truly doing your part involves learning from the mistake and improving the messaging, or at least encourage others who can do it better, or at the very least not discourage them, which has the same effect as supporting the bad outcome. We need people ready for action, not defeatists bringing everyone down. You’re hurting yourself and the cause by doing so.
> Besides, I'm not a defeatist at all, because I know GnuPG!
That is incredibly naive. What does that even matter, in a world where everyone around you is surveilled.
It's more like I took a bit cynical view about the current situation. However, this view is based not only on my own experience, but also on what I read in the linked article.
- 14 EU countries in favour of Chat Control
- 5 EU countries not in favour
- 8 EU Undecided / Unclear
> That is incredibly naive. What does that even matter, in a world where everyone around you is surveilled.
I think this comment was unnecessary. My notion of GnuPG was humorous satire.
When we know that a particular political party will win an election, stating that fact isn't being hopeless. It just is what it is.
If anything, technology will always win over the legislation if it happens at scale. It may even lead to some new breakthroughs.
Citation needed?
https://www.patrick-breyer.de/en/poll-72-of-citizens-oppose-...
That's only one survey, but I'd say it still beats anecdotal evidence.
You have a tough challenge to convince me it’s anything other than a mundane device to give some groups an information advantage over others in their own society, for the unfair pursuit of political and economic advantage.
[1] https://www.bloomberg.com/features/2018-palantir-peter-thiel...
[2] https://www.newyorker.com/magazine/2010/09/20/the-face-of-fa....
fuck this attitude with a rake
There are also examples where the people have been charged for retweeting opinions or sharing lyrics which are considered grossly offensive. Although I suppose in these cases you could at least argue something is being expressed.
Could they still arrest you?
> In its decision, the court reasoned that his prayer amounted to “disapproval of abortion” because at one point his head was seen slightly bowed and his hands were clasped.
I'm all for women's rights, but that's not how to do it
> During the case, brought by BCP Council, the court heard Smith-Connor had emailed the council the day before to inform it about his silent vigil, as he had done on previous occasions.
> On the day, he was asked to leave the area by a community officer who spoke to him for an hour and 40 minutes - but he refused.
- https://www.bbc.com/news/articles/c4g9kp7r00vo
So he told the council he was going to have a silent vigil against abortion, and then it had to take place within the buffer area to protect women from anti-abortion activism.
He was totally free to walk a few yards away and do whatever he wanted, but he refused.
Sounds like he wanted to stir the pot to preserve the right to menace women seeking medical care.
Freedom of speech and banning vigils/demonstration is a different debate that we already have all the time...
Do they think they're above it? Are they stupid and don't know what they vote for?
I do not understand.
They're somewhat out of touch with tech, and caught up in police narratives around encrypted apps blocking their attempts to find pedos. Tech firm lobbyists sell them some lies about the capabilities of these systems.
Ultimately these are politicians stuck in the notion of "but the police can open your [physical] letters, this isn't any different" completely unaware of how times have moved on.
Matters like how people are already being harassed by CSAM being sent to their DMs, how people raid discord servers and try to have them taking down by spamming CSAM, etc, are completely lost on these politicians.
On top of that it's just cowardice. Not daring to be seen as "aiding pedos".
Yes, the lawmakers literally exempt themselves from this law in this law.
Are you going to the the "pedo" that is against protecting the children and catching predators?
I know it's diseingenuous but these laws are crafted with that in mind.
People that might take a real chance in challenging this are weeded out long before they get to these positions.
This is already happening. This is not about that.
The 'Unofficial' boss of European Union is Germany. If Germany will vote against it, more countries will back off and it won't pass. If Germany wants ChatControl, it's over. It will pass and all other undecided countries will support it.
Thankfully, Germany (so far) is against it.
I disagree with this sentence. The unofficial bosses are both Germany and France. Which is also the reason why the people in the richer EU countries will suffer economically when the upcoming bailout for France /will/ happen.
This needs to be a South Park episode if it isn’t already.
It is not. It is being pushed by certain politicians from certain member nations onto the commission.
That's it.
It means that the government asserts the right to bug all your conversations. They've already assured the right to put you in prison for dissenting with the government on policy and you have little to no recourse. Now it's this.
You loved this during covid, you'll love this now, "or else". Signed, your local nanny state.
How hard is it to disable the state spyware on a phone you buy there?
Can you buy a phone from outside China, put in a Chinese SIM card, and do everything over a VPN? Or will they shut down your connection?
Of course there are mechanisms to defeat privacy-invading software (and hardware), but the point is that most ordinary people don't want to. Most ordinary people actually want to hang out on the same social networks that all their friends and family are on, they want to watch the same TV shows, they want to be able to easily make payments at their local restaurants and the grocery store, they want to be able to use public transport etc etc.
When forced to choose, it turns out that convenience beats privacy for almost everyone.
I'm well aware of the tendency of societies to accept convenience over privacy, of the underlying risk of surveillance at scale and of the stripping of privacy from off-the-shelf applications that users are unlikely to abandon.
You seem to be assuming I was making a case that people will just get around these invasions of privacy en masse, and I'm not making any such case. Nor were my questions designed to undermine the original article or to dismiss the harms or the totalitarian nature of these laws.
More difficult privacy means less privacy for everyone, and it means no privacy for the bulk of the population. I agree.
So I don't need a lecture in how my questions misalign with the absolute need to preserve encryption. My questions are geared toward understanding what individuals can do in a society which has already turned completely into a panopticon. And I don't think it's useless to ask those questions, nor to educate people in how to protect themselves in such a situation, even if the task seems hopeless on a mass scale. Such a situation appears increasingly inevitable in the West, and I think it's valuable to take whatever lessons we can from societies that are already further down this road. My family fled a totalitarian dictatorship long before such powerful surveillance technologies could even be imagined. I think knowing how people cope with and attempt to preserve a modicum of provacy under the present conditions in modern dictatorships is instructive in preparing at least some part of our population for it.
The answer you seem to be looking for is that in China, just like in every other country, there are devices that exist which do not come with a state spyware component that is constantly transmitting everything to the authorities. Some devices are locally manufactured, others are imported, some are regulated, others are not, and people communicate using those devices and others, across all forms of media, including face-to-face.
To elaborate: China isn't a totalitarian hellscape where everyone has a gun pointed at their head and they're all forced to use the same, identical, CCP-branded phone or else face execution. It's a huge, diverse country filled with millions of hackers and entrepreneurs, people with different interests, people with different means. There are countless devices and app stores and popular trends. Regulations are often unclear and are enforced differently in different regions and by different layers of the bureaucracy. Not everybody's threat model is the same. Just as in the west, people find ways to communicate that meet their comfort level - sometimes that's through systems monitored by the authorities, other times not. There's no one special technology or technique.
The main difference in China is that citizens can be disappeared without much recourse because the legal system is opaque and there is no free press or democratic process to hold the government to account. But that's not the case in most of the EU. There is certainly democratic backsliding happening in parts of the EU, but that's a separate discussion.
So it's not a case that convenience beats privacy, AFAICT they're largely in favour of giving up that privacy anyway.
It’s completely fucking trivial, there are a gazillion services and a number of well supported v2ray/ss/etc. capable VPN apps. SIM has nothing to do with VPNs after all (except in the DPI sense but various protocols already bypass that).
Other restrictions are tied to the account which are based on the region of the Apple account, so any phone with a Chinese account will have various restrictions.
Are you referring to something specific? Or you are just guessing?
https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb...
EU's latest attempt to squash privacy rights.
Why not just call the page Chat Control 2.0?
I'm surprised nazi is not part of the title like it has in the past at the national level.
From that section:
> "In 2021, the EU approved a derogation to the ePrivacy Directive to allow communication service providers to scan all exchanged messages to detect child sexual abuse material (CSAM). Although this first derogation was not mandatory, some policymakers kept pushing with new propositions.
> A year later, a new regulation (CSAR) was proposed by the European Commissioner for Home Affairs to make scanning messages for CSAM mandatory for all EU countries, and also allow them to break end-to-end encryption. In 2023, the UK passed a similar legislation called the Online Safety Act. These types of messaging mass scanning regulations have been called by critics Chat Control."
the article also explicitly says it affects non-Europeans. I’m interested! I just can’t figure out what it is
> The most recent proposal for Chat Control comes from the EU Council Danish presidency pushing for the regulation misleadingly called the Child Sexual Abuse Regulation (CSAR). Despite its seemingly caring name, this regulation will not help fight child abuse, and will even likely worsen it, impacting negatively what is already being done to fight child abuse (more on this in the next section).
>The CSAR proposal (Chat Control) could be implemented as early as next month, if we do not stop it. Chat Control would make it mandatory for all service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan all communications and all files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."
> Chat Control would make it mandatory for all service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan all communications and all files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."
thanks!
Clearly defining the term and its intended meaning would do well, I think.
How the hang are they planning to do that?
I mean, if someone has an end to end encrypted conversation, it's encrypted when it gets to the carrier, and the carrier shouldn't (technically, not anything related about whether they are allowed to or not) be able to decrypt the conversation.
If the carrier is terminating the connection, then it's either not end to end encrypted, or it's broken.
edit: sorted the grammar/punctuation at the end to improve clarity
So then what? They start outlawing encryption altogether? knowledge of math? How would you claw back all the public and freely available software that people can already use to encrypt messages to each other?
This is the direction places like the UK have gone in, yes. Can't decrypt something? Then we assume it is illegal content.
The whole point of this technique is that with sufficiently low information density the data is not recoverable unless you know what you're looking for, because it's indistinguishable from noise.
"I don't believe you, so now you're going to be in the locker for contempt of court until you provide law enforcement access to this critical evidence."
Then it is reasonable to assume that you can just show us these internet memes?
Again: the signal is below the noise floor. Unless you really know what to look for, you'll just find noise. Whoever seizes these files would have to at least know the specific method used, particularly if the content is also encrypted.
Take for an example JPEG as a vessel for steganographic content: the image is divided into 8x8 pixel chunks. If you encode just one bit of entropy in each chunk, a 320x240 image will yield 1200 bits, so 150 ASCII characters. Mangle it with a one-time pad for good measure so that it actually looks like noise. How did that noise get there? Well, it's lossy compression your honor.
There are so many ways to encode that one bit in such a large piece of information that authorities are better off drugging, bribing or torturing you or whoever was the recipient of that message than trying to decode it.
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
"It's just math, you can't ban it" has never been true.
This had never occurred to me before but is totally obvious in hindsight. An interesting corollary is that, given an infinite natural number space, all programs that have ever and will ever exist can be found as a single point on this natural number plane. The larger the number, the more complex the program. What else is emergent from this property?
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
I mean, if youre in the business of CSAM surely you don't mind encrypting a zip and emailing it or putting it on Google drive or whatever. Its trivial, requires next to zero technology knowledge.
Its inconvenient, sure, which is why we don't currently do that. But I'm sure the CSAM distributors don't care. Why would they?
The next step is to control your mind.
I’m already taking most photos with a dedicated digital camera and they are so much better than phone captured images. I hate social media these days and am waiting to give myself a reason to delete all the apps and my accounts entirely. The internet is a shithole, most my search is done through LLMs and my interaction with people is through comment sections. I have no interest in being in group chats, I’d rather meet up with people in person and socialize that way.
It’s not the end of the world if smartphones just become a convenient way for governments to track you, there is totally a different way to live without them, and maybe it’s simple and beautiful.
If you really have a serious use case for peer to peer end to end encryption, you should be using something like Meshtastic.
Now, you may think you are the smart one and can always revert to the good old days of OTR[1].
But no, the next thing I can see happening is the smartphone OS conveniently doing client-side scanning of everything on the screen for you. You know, for developers' convenience. And then it's game over: you will not be able to take a look at the Tiananmen Square picture in any installed app.
If other people around you recognize the name of a chat platform you're using, then it's not decentralized and it's almost certainly monitored.
I'm not sure if something like it exists. I'm not sure if it could exist. PhotoDNA (the old CSAM detector) ended up being somewhat reversible, so that you could actually turn signatures back into obscene material. because of this, the signature databases were shared under strict NDA, only to large players.
probably the most realistic solution is a generic porn classifier convnet. if it blocks adult porn, it should block CSAM too (hopefully?)
they are not reliant on image hashes, and reversibility concerns apply less because the dataset used to train it was presumably legal (if distasteful.)
They do this using warrants. And subpoena.
We need a personal declaration of rights that says private systems are not in anyway obligated to extend the reach of govt surveillance networks, without the consent of the private party.
It is a small protective measure. The next step will be for govt to bully everyone to give consent to their surveillance systems … or else.
But as of right now, the law is arbitrarily taking for granted that private surveillance systems belong to govt regulations.
especially technology
especially information technology
politicians are selected for being people-oriented therefore most are hopelessly underinformed
and it's very very very easy to get caught up in ideologies
and then means to an end seems like business as usual
Democracy is being served. People want this stuff. HN people maybe not, but let's not pretend we represent anything but a noisy minority. It's entirely democratic AFAICT, "think of the children" and "think of the terrorists" won the argument some time ago.
Free speech is not held as an absolute in many countries as it is in the US, and never has been. It is in a bad state in some places (the UK seems to be performing poorly on this measure) but a lot of places feel the right to spew whatever toxic lies spring to mind without consequences might not be entirely healthy either.
Justice? I think justice is performed better in many European nations than most of the rest of the world.
And freedom... lots of people like to claim the US is the most free place on earth, but it's really not clear that's true. There are freedoms in other countries not enjoyed in the US. Here in Australia for example, I am free to collect the rainwater and filter it for my drinking-water supply, something that's not true in every state.
Is this an authoritarian move that ought to be spoken against by those who know and care? Absolutely. Does it mean that there's no more democracy in Europe? No, that's a little ridiculous.
As long as you know when you're being used by their fake services.
Disclaimer that I actually don't know what the full extent this chat control law is asking for, except for the fact that it will deeply compromise encryption
then what? you decrypt the answer and send it back to them? promise that you totally didn't change the answer?
FHE is the wrong tool for the job. you'd want verifiable computation (e.g. ni-ZKP) instead. both are too complex and faaar too computationally expensive for actual use.
>Apple, for instance, already solved this with NeuraHash
"Solved"
So did anyone ask the question ... is law enforcement actually helping children, when they act? This of course often results in the state raising such children, so the real question is how well that works, compared to not acting at all. Turns out there's a huge study on this, and of course the answer is a big fat no. And that was before another 10+ years of funding cuts.
https://web.archive.org/web/20120609063509/https://www.usato...
https://mitsloan.mit.edu/shared/ods/documents?PublicationDoc...
So no, this is not about law enforcement helping children, because they don't provide a solution for the damage they do when acting. The result is law enforcement, on average, makes things worse for children, not better. These institutions are also getting systematically defunded across the EU, it's not getting better.
It is not reasonably believable this is about protecting children. You want to protect children? FIRST, you restore the budget of the institutions caring for children after law enforcement "helps".
If the writer of this post wants people to oppose it, they really should do a better job of explaining at the very top what "it" is.
Russia and China are in your face and obvious about where they stand, and don't mind being a boolean of true. The EU just prefers some subtlety with more politically correct and polite wording, and prefers a float of 0.92.
Part of me almost prefers the Singapore model. Clear rules, even harsh rules, but near-total do-whatever-you-want if it's not on the list. None of this gray-area nonsense. Uncertainty is a form of oppression, and the US/EU are masters in that regard.
The government thinks the rule of law itself is good enough. Even if they are aware of your speech and it criticizes or shock or whatever the currently elected, they believe nothing could be done against you because the rule of law would protect your right to do so.
Therefore they assume if you have to be secret about it, you must be doing something illegal, otherwise they don't see why you would worry about the government being able to know you are doing it, since they could not do anything against you.
Here for example, they assume that it would only be used to catch and prevent CSAM, which is illegal. But that it would never be abused to prevent legitimate legal free speech, or that it would be done in a way that your privacy is respected because the rule of law won't allow other use of "snooping", etc.
And to be honest, I don't know if they are completely wrong or right. It's a different perspective, one that relates to "gun control" as well.
In the US, people have zero trust of government, and feel like at any point they need to be armed and have the means to hide, escape, and rebel against it. That means secure communication channels, bearing arms, etc.
In the EU, generally people assume that the systems in place will protect the institutions and upheld the rule of law, constitutions, democratic freedoms, etc. And people trust the system in place, so they don't see why individual citizens should be allowed to have weapons, places to hide, etc., and see that more in practice as something that enables crime.
Generally, the counter argument to the American stance is that the power imbalance is too big anyways, it's the system that must be protected and needs to be trusted, if the system becomes corrupt, no amount of civilian weapon and hiding places could match the power the state has, so it's a futile attempt that just ends up benefiting criminals.
It opens it up potentially to anyone with the means to infiltrate these systems - rogue employees of the companies running the messaging and cloud services, cyber criminals who will be able to hack into them, foreign states who will be able to hack it (we very recently saw this how China had infiltrated CALEA backdoors into telephone systems around the world for many years).
Which of course is part of the reason that companies are so on-board with end to end encryption in the first place - being able to ensure that rogue employees can't access customer's private messages and files, and that if cyber criminals hack in and infiltrate data that there are no encryption keys accessible is a huge benefit to them - but the moment you try to open it up to "lawful intercept" you open it up to all the unlawful intercept too...
I was more trying to frame the perspective I think in which these proposals are made. As I think it explains a bit why for some this seems ludicrous while for others it seems a reasonable proposal worth considering.
Then the US on the other hand does decently protect its citizens from the government itself (well, this recent year/administration notwithstanding), only because the US government knows full well they can just turn around and grab all the data they want from the private American companies they don't regulate at all.
Two approaches with the same outcome, absolutely.
e.g. If you engage in private spoken conversation, most people are not going to treat your conversation as if it's privileged, avoiding any mention of it in casual conversation, and refusing to divulge any details to law enforcement.
I promise you you aren't the main character in your friends' lives and they will absolutely give up information on you to save their career and their family.
Online/electronic privacy advocacy is in my view overly fixated on direct state invasions via law enforcement powers and corporate surveillance through ad data, while largely ignoring threats via hacking or civil litigation.
The best policy is to not record things that shouldn't be made public. The next best step is to not retain recorded things longer than needed. Modern software/operating systems largely make either of those steps quite difficult, leaking tons of data with every use, making it impossible to reliably delete material, etc. But nothing less is effective against the full spectrum of threats, not even strong encryption. (but obviously strong encryption is good and critical for what you do record and retain!)
That said, SSD's have improved the situation a lot with TRIM. While previously deleting a file wouldn't actually destroy any data until it was overwritten. With TRIM in most cases for files more than a few KB almost all the data will be physically destroyed soon after TRIM is called. It depends on settings. But that's commonly either immediately, or about once a day (the default on Android).
If you read the forensics literature TRIM has caused them enormous problems by radically reducing the amount of data available.
Could it be that this is a last ditched attempt to presumably stop a civil war that seems to be brewing by predominantly muslim vs european populations?
If this isn't a sign that the integration and the multicultural experiment has failed completely in Europe then I don't know what. A free democratic society that is peaceful would never need wide surveillance net like this.
It seems that non of the HN comments touch on the internal demographic tensions that has been going on for quite sometime. Western Europe and Scandinavia reminds me very much of Lebanon before civil war broke out between the Muslims and Christians.