Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Euro MPs back end-to-end encryption for all citizens (bbc.com)
776 points by jkaljundi on June 20, 2017 | hide | past | web | favorite | 335 comments

Another big recent achievement of the European Parliament is the "General Data Protection Regulation" (GDPR) [1], which comes into effect in May 2018 and stipulates that companies can be fined up to 4% of their worldwide turnover when they fail to protect/process the data of EU-based customers in a proper manner.

For example: say that LinkedIn was to experience a new data breach, and they fail to inform the authorities or their customers in time, then they can be fined for up to 120 million USD (based on a revenue of 5 billion USD)!

I'm surprised that it's so little known here, as the impact will be massive.

[1] https://en.wikipedia.org/wiki/General_Data_Protection_Regula...

Yep, and it does much more than that: it forces companies to actually wipeout your data when you ask them to (not just flip some bit and still keep that data, like facebook infamously does), and also set strict TTLs (Time To Live) for any derivative data that the user cannot explicitly delete.

How do I follow conflicting laws? One country says "keep all data for 90 days to aid law enforcement" the other says "delete it immediately" which is it?

"How do I follow conflicting laws? One country says "keep all data for 90 days to aid law enforcement" the other says "delete it immediately" which is it?"

GDPR is EU wide regulation that trumps national privacy laws. It doesn't even need to be approved by individual members, so when it goes into effect on 25 May 2018, it will be working EU-wide on the same day. Furthermore, it affects companies all over the world that serves EU citizens. There's much skepticism on how EU will enforce this law worldwide, but for now it was quite successful dealing with big companies, remember: Microsoft vs EU (paid €561 million fine), multiple cases of Google vs EU (right to be forgotten, Ireland tax rulling, ongoing case vs Android), Facebook/WhatsApp vs EU (€110 million fine) etc. To answer your question: no, there will be no conflicting laws - if you serve EU citizens, you must follow GDPR. From my personal perspective, GDPR is one of those not-so-often moments that I'm proud of EU.

> Furthermore, it affects companies all over the world that serves EU citizens.

No gdpr applies if companies target EU citizens [1][2]. My personal opinion of the law is that its as useless as cookie law but way more costly and unpredictable.

[1] (122), Pg 22, https://docs.google.com/viewer?url=http%3A%2F%2Fec.europa.eu...

[2] Pg 13, https://docs.google.com/viewer?url=http%3A%2F%2Fwww.linklate...

The mere accessibility of your website by individuals in the Union or use of the languages of one of the Member States in the Union (if the same as the language of your home state) should not by itself make you subject to the Regulation. However, the following factors are a strong indication that you are offering goods or services to individuals in the Union and so are subject to the Regulation:

> Language - You are using the language of a Member State and that language is not relevant to customers in your home state (e.g. the use of Hungarian by a US website).

> Currency - You are using the currency of a Member State, and that currency is not generally used in your home state (e.g. showing prices in Euros).

> Domain name - Your website has a top level domain name of a Member State (e.g. use of the .de top level domain).

> Delivery to the Union - You will deliver your physical goods to a Member State (e.g. sending products to a postal address in Spain).

> Reference to citizens - You use references to individuals in a Member State to promote your goods and services (e.g. if your website talks about Swedish customers who use your products).

> Customer base - You have a large proportion of customers based in the Union.

> Targeted advertising - You are targeting advertising at individuals in a Member State (e.g. paying for adverts in a newspaper).

All the big (and smaller) players in tech are working hard to implement all the requirements of this law (control over what data is stored, TTLs, encryption).

How is this useless for end-users? It forces companies to encrypt this data at rest, and allow users to delete it when they want.

I can't really envision Facebook or Google removing all EU-only language options and doing away with targeted advertisements, so how come you think these criteria won't work?

Microsoft vs EU yielded €2bn fines. I had made the calculations myself in 2013, I can't find the source, but here's most of the details: https://www.neowin.net/news/since-2004-the-eu-has-fined-micr...

I think they meant eg; US vs EU.

EU law does not subsume US law.

It is possible for there to be a situation where to offer some service, you have to either break the laws of one country or the other. In this situation, you simply cannot offer that service without exposing yourself to legal consequences.

Well, nothing stops a company to implement different stuff for different countries.

Companies did this before the internet and even with internet they did it for China regulations.

I mean, even translation to different languages is basically "special implementation" for different countries...

That's not always sufficient. You can end up in a situation where an American court demands records that concern European customers. In that situation, handing them over gets you penalized in an European court, and not handing them over gets you penalized in an American court. Both will have the ability to really hurt you, and "the other court tells me not to" is not a defense at either of them.

I would guess that one solution is to keep EU citizens' data in the EU to avoid it being subject to other laws. And possibly having separate companies by country.

As an analogy, if I recall correctly banks have very stringent laws to follow regarding data export and money export to other countries. The solution they choose is to have a bank per country, not a global bank.

> I would guess that one solution is to keep EU citizens' data in the EU to avoid it being subject to other laws.

This is exactly what is being done by the large corporations that can afford to do it. European datacenters staffed by Europeans. Americans are not allowed to view any PII for any European (at least with the company I work at).

Russia requires the same thing, although they just want the servers in their country so they can put a SORM-3 alongside it and intercept whatever data they want.


Ah yeah 242-FZ, definitely a different purpose in Russia

There is no easy answer to this question.

For example, what happens if US courts demand data you have stored on Irish servers,[1] but an EU citizen asks that you destroy this data?

Do you destroy the data and risk being charged with destruction of evidence in the US? Or do you keep it and risk being non-compliant with the GDPR?

[1] https://www.theguardian.com/technology/2014/apr/29/us-court-...

I would imagine, since the EU is where the Data resides, and the EU is the legal jurisdiction, that the EU would take precedence. Its monumental nationalistic and legal hubris to think that American law takes precedence anywhere in the world, let alone with an ally as large as the EU.

Be that as it may, there is nothing to stop US authorities from charging US companies with crimes if they were to comply with EU laws. They are in direct conflict, and any internet-based company operating on nearly any scale is in danger of running afoul of these sorts of issues. This isn't a Google/Facebook only problem, this is a problem for any web service that might store user data.

This is a US Govt overreach problem. Not an EU directive problem.

Maybe the EU/US Privacy Shield will help handle situations like the above.

>there is nothing to stop US authorities from charging US companies with crimes if they were to comply with EU laws

There is nothing stopping you from shooting yourself in the foot either. (Or stabbing I guess in case you don't have access to firearms)

Just FYI, this case was reversed on appeal (i.e., against the government). I recall there being some buzz with the government potentially pushing for further court action, but as far as I know that's the current status.

>There is no easy answer to this question.

Of course there is. You comply with both laws or suffer the consequences. If you can't comply with both, you choose the cheaper law to break. If that's too expensive, your business sucks.

One of the goals of the GDPR is to consolidate all the data protection laws of the EU member states. So within the EU this shouldn't pose a problem. For the US, I assume this is covered by the EU-US data shield. I assume a similar construct will be necessary for GB once it leaves the EU.

You ask your team of lawyers who can make a good decision for your company based on your business goals and the relative values of complying with each of the competing laws, along with the relative risks associated with failing to do so.

Company may have to treat the data differently according to where the user lives (yes, it can be a mess). For EU countries, the EU law has priority (except for the constitution).

Encrypt it with key that only the law enforcement has. Keep actual encrypted data on a medium outside of coutry where it is illegal.

There won't be conflicting laws -- the GDPR is a EU wide policy and supersedes any laws on the books in that nation.

Except that not every country belongs to the EU. If you have customers globally, you'll still have to deal with conflicting requirements.

Until we have One World Government we'll have to respect the laws of the countries we do business in.

This is an example of why some local services are winning out against global competitors. Respect for and knowledge of their specific niche.

So on my ad-supported site that does not ask users where they are from, I will have to put a geo-ip filter to keep EU people off in order to avoid fines? Otherwise, do we accept that statements like "we'll have to respect the laws of the countries we do business in" is a bit generic and over-reaching in a global medium? I have not read the proposed law and I trust this situation is covered, but I am still annoyed at every region having so many of it's own internet rules (not EU specific, goes with them all). Granted explicit business w/ explicit customers giving explicit monies in nation-backed currencies does make it easy to follow this law, but not everyone's business is like this.

Do you collect a lot of data about your users and not offer them any way to delete it?

This is a hypothetical, so let's say yes. So, do I need to filter out my users to avoid fines? That may seem noble and great in this particular case, but it's a slippery slope. The more regionally-specific regulations that are introduced causing more work for companies, the more the ROI per customer in that region may reduce. Once it gets below 0 with the threat of fines for a company, the users might be cut off.

It seems all good for this specific policy because most of us agree with it globally. But data protectionism and/or extreme regional deviations/regulations in law will reduce the globalism everyone shares. Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.

This is something to think about as the EU grows smaller, not larger. Even today, small companies with fewer EU users may stop and think about providing access at the cost of, e.g., building a portal for them to manage cookie settings.

> This is something to think about as the EU grows smaller, not larger.

I guess we'll see what happens with Brexit, but I would argue that the EU is growing in global importance and leadership. With the USA's recent NSA scandals, isolationist rhetoric, and backing out of international environmental agreements, I think we're going to see the EU increasingly set the tone for international trade.

I'm sure there will be plenty of tech firms that choose to serve only US customers (in the same way that there are Chinese-only and Russian-only companies today), but competing "globally" will mean following the EU's lead.

I understand your concern; if restrictions become overly complex and regional compliance may start to limit innovation (e.g. EU VAT based on destination country).

That's a different type of restriction than respecting user privacy because you can't apply the same approach everywhere. A company could easily extend the same rights to all their users. If your offering needs to violate user privacy to exist, maybe it shouldn't.

>Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.

This appears disingenuous.

1. Competition: In your example above respecting user rights nets <0 ROI. There can be no competition here that respects user rights, so how would this help the situation? Conversely, restrictions will encourage competition by protecting less profitable and wealthy ventures from predatory global competition solely focused on maximizing profit.

2. Educating: You're seeking to shift responsibility from experts to laypeople, then blame the laypeople for their lack of education. It's like suggesting we should eliminate building codes then educate people on proper construction. Basically you are advocating for schools and high-rises that collapse.

If they aren't part of the EU or strongly associated with EU institutions why would the GDPR apply to them?

What the EU is trying to do is make it so countries outside the EU only have to think of the EU as a single country. This is why theres a single market and single currency.

You just need to have different requirements per country, I honestly don´t see any conflict there.

So follow EU laws regarding EU customers and US laws regarding US customers.

Do smaller companies get less onerous requirements? This is achievable for mid and large companies to comply with but may further stifle EU innovation.

I think this is a good set of data protections and hope there are ways to make compliance incredibly low friction.

Nope. This is an upcoming requirements nightmare that people seem to ignore in the vain hope that it will ignore them.

Why is the GDPR an requirements nightmare? It's one ruleset for the whole EU instead one ruleset for each EU state. And the GDPR seem to be not more complicate than the individuel laws where before.

"This ruleset you have? Oh, just merge it with the old ruleset; the old laws are not being repealed. Merging is easy, right?"

In other words, it's not a replacement: it is an additional set of rules to keep (although most of it would be a superset of various national laws).

It isn't? Are we talking about a different regulation?

I quote from the title of 2017/0003/COD COM (2017) 10:

    AND OF THE COUNCIL concerning the respect for private
    life and the protection of personal data in electronic
    communications and repealing Directive 2002/58/EC
    (Regulation on Privacy and Electronic Communications)
Note the word "repealing".

See, there's this thing called context: the meaning of the word changes through the surrounding words. If there is a word "repealing" in text, this does not usually mean "everything that's related is repealed" - it means exactly what it says on the tin: "repealing Directive 2002/58/EC" - nothing about repealing the existing state-level legislation (to repeat previous context, "It's one ruleset for the whole EU instead one ruleset for each EU state.")

My point still stands - you still need to conform to both GDPR and the state-specific legislation.

It may be that I am the one who is misinformed here. My understanding was that 2017/0003/COD was about creating a replacement for 2002/58/EC. I haven't read all the documents, so I could very well be wrong.

But assuming that I am right, then a replacement directive would simply cause the states to update their laws and nothing would really change in terms of complexity compared to the situation before.

If it just then 4% of revenue fine could well be 0 for startups. I presume they have some provision to prevent 0 euro fines, does anyone know about that provision?

From the wikipedia page: "fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater"

So yea, a 20M EUR fine could destroy a startup.

Will it also have to be removed from backups?

Almost certainly yes. Otherwise it's not actually removed.

I've seen court ordered removal before and no one even considered backups and the impact on backup integrity had it been removed from backups. Especially when considering off site backups that the company will often not have immediate access to.

Seems like it will be extremely difficult and expensive to guarantee all copies are deleted. Also, replication is necessary for caching and reliability. I worry about how such seemingly well-intentioned laws can have adverse unintended consequences.

Think of it in terms of infosec: in a similar way, one could complain that having to sanitize secrets from RAM is harmful to performance (why can't we cache the result of decryption)… Yes it's an overhead but at the end of the day, we build technology to serve human goals, not the other way around.

(To be pedantic, we build technology to serve business goals, which are fulfilled within the larger context of serving human goals. Laws like these are to prevent shortcuts that would serve business goals while at the same time be detrimental to human goals.)

If I ask Facebook to delete my data, it should be deleted. Why does caching or reliability have anything to do with that?

or reliability

If our company had to delete all customer data for a particular customer, then I would need to:

restore 6 months of database backups individually, remove the data, then run then take and store each backup again.

have 3 years worth of tape backups shipped back to us from our data protection company. Restore the databases off of them, delete the data, store them back on tape, and have them shipped back to the long term storage facility.

Backup users' data encrypted with a recovery key. Delete the key, presto, the users' data is no longer accesible.

Would you be satisfied with, "this data will be deleted once the deletion filters though the caches and backups?"

If "once" is a reasonable time (as defined by the regulation) then yes, I'd be satisfied.

but I doubt the average user will be comfortable with such an experience.

I doubt the average user needs anything more than "as per EU regulations, your data will be deleted in X days" when they delete their account.

It is not just the deletion when closing your account. It is the keeping track of all the copies that have to be made during regular operation (including packets in temporary buffers, periodic backups, cached version, redundant copies to hedge against data loss) just incase one day the user decides to delete.

If you have backups, you might unintentionally restore an EU citizen's data. Pretty sure it's a crime to make backups (of user data) under this law.

Agreed. I was initially reluctant about the GDPR thinking it'll be more rubbish to have to take into account but was really pleasantly surprised. It actually and seriously implies better rights over collected data and privacy.

I think soon enough, privacy is going to become a serious competitive advantage for Europe because it'll translate into consumer confidence and business confidence .

I wish we had more European based alternative services that I could switch to. With email the standard response to dumping Gmail seems to be FastMail (non-EU) and I haven't seen anything high-quality within the EU. Same goes for lots of other services.

If anyone reading has some suggestions for EU based alternatives to popular websites/apps I'd love to hear.

ProtonMail for mail. ProtonVPN just launched, too.

Being Swiss is it subject to the same EU privacy protections?

It's good that this idea (fine as a percentage of revenue) is finally becoming mainstream, but it's sad that the percentage is so low... 4% is just cost of business, like taxes etc. It should be about 30% if we really wanted to incentivise the companies (or their CEOs/shareholders).

Four percent of revenue is a massive fine. That can easily wipe out a company's profit margin.

Massive until you look at how people are treated when someone leaks company data: 4% income fine? No. Prison.

No one goes to prison for accidentally leaking company data through negligence.

We could "fix" that.

That's what you do when you hate capitalism and hate the power to destroy it.

It's called regulators with teeth, and it's what makes the EU livable for its citizens. As an EU and US citizen this is exactly why I choose to live in the EU.

That's not how I'd put it, as a citizen of an EU country. The overregulation is suffocating for both business and individuals (who lived in socialism and value liberty, anyway).

Just this year, EU regulations destroyed my LTE data plans, hugely increased my cost of Swiss travel (the same) and ruined my hobby because terrorism.

It is sad that EU is slowly moving back towards the over-regulated and bureaucratic regimes of the past. This will further push the EU economy down the drain and prevent people from innovating. I just hope it does not lead to jail sentences and labor camps for people accidentally leaking the data as some in this thread are arguing for. The history does not provide much hope here unfortunately.

I don't see how this law benefits anybody except filling up the EU budget by collecting fines. The companies are already careful with their data as any leak would affect their image extremely negatively.

If one needs a good example of why Brexit happened, here it is.

It will prevent people from innovating in profiling, ad serving and keeping peoples data private. What a shame! Really wish the EU would see how great it is in the UK where they want to be able to access anything ever posted online, which can only lead to innovation of the highest caliber. /s

Do you think this law will prevent the government from accessing the data somehow? The way it's written it's primary goal seems to be extracting fees from successful business and not protecting user privacy. Ideally you would not want government intervention in these matters at all as you can bet it will end up with special provisions for government to have an access.

Maybe not, but they don't discourage/illegalize encryption and companies are supposed to delete your stuff on request.

Did you ever wonder why there are so few EU startups? Why the alternative to Gmail is Australian FastMail and nothing comparable even exists in EU?

Less sarcasm, more thinking. Shocking as it may be to you, even people you politicially disagree with may have a point or two.

There's so "few" of them because they're in a dozen different languages.

And they're not startups, just small businesses, the difference being mostly the funding. Investing a million for some people to burn through and say "yah, that didn't work" is very much unacceptable.

It should be over 100%. The ideal goal is that a company that has a massive date breach due to their incompetence (such as refusal to hire experts at market value) should cease to exist. I still think we need prison time for those making the poor decisions. Even if they didn't intend to hurt anyone, should we tolerate recklessness of that nature?

To come back on my example: LinkedIn reported a net income of 166 million USD. The potential fine is thus more than 70% of their profit!

The fine is also based on the revenue of the parent company. Say that Nest would be fined, then the revenue of Alphabet Inc. would be used as a reference point! A good enough incentive to make sure that all parts of your operations are covered :-)

in LinkedIn's case it's Microsoft...

My bad. I looked up the figures on Wikipedia, where the latest figures were from 2015. Should have read the article more carefully.

in both cases: ouch!

No, many companies have net profit margin from revenue of less than 10%. So 4% of revenue is not the same as 4% of earnings.

For my work, I'm working on the impact of the GDPR on the research, and how will the GDPR work in scientific communities. I'm not a lawyer, of course, so my interpretation might be a bit off (so disclaimer, IANAL, this is not a legal advice, and etc.). Anyway, these are just some of my thoughts on the subject.

Well, GDPR is a big topic, and it not yet clear how all the provisions will be implemented. It is not that different from the (currently valid) Directive, but it does clarify certain points, and makes much more stringent penalties, as mentioned in parent post (the fine is actually 4% of the global revenue, or 20M Euro, whichever is greater). The changes in respect to the Directive are, in short:

  • GDPR applies to the processing of personal data by controllers and processors in the EU, regardless
    where it takes place

  • Penalties – up to 4% of annual global turnover or 20M€ (whichever is greater)

  • Consent – conditions are strengthened (clear and plain language, explicitly related to the
    processing, easy to withdraw)

  • Breach notification

  • Privacy by design

  • Right to be forgotten

  • Data Protection Officers

  • Right to access
Now, as mentioned in another comment, the right to be forgotten and erasure of data is not really wipeout, the data controller and data processor are supposed to do it using "industry standards" and "reasonable effort" (controller, e.g. should flag that the processing the data should be restricted). Also, there are exceptions (legal claims, public authorities, free speech, etc.).

Different comment points out that the Regulation, unlike Directive, makes GDPR valid in all EU countries, and this is true. However, the EU states are free to implement their own data privacy laws, which of course, need to be in line with the GDRP. This may potentially introduce legal inconsistencies across the EU for certain points.

Also, one should not underestimate the legitimate interest of the service provider, or controller, to retain the data, even if the user has asked for the data to be removed. The data may also be retained by the request of relevant public authorities, etc. One comment has suggested what will happen if the EU citizen requests the removal of it's data, while the US public authorities asks for access to this data. In this case, the relevant EU public authorities may request for the data to be kept (or not, I guess this will be decided on case by case, also the provider may have a legitimate reason to keep the data..).

And of course, the biggest problem, the transfer of data to non-EU countries. For this, there are several ways to do it, one is mentioned already, i.e. user consent (which must be clear and unambiguously given, and can be revoked at any time). Then, of course, there are contracts, binding corporate rules, etc. For EU-US transfer, there is Privacy Shield for transfer of data to US (which is a replacement for the Safe Harbor, stricken by EJC), but this is mostly for commercial services (so it does not work for academic environments..).

There are some other interesting aspects to GDPR, but this post is already getting a bit long. For more info, these links are interesting:

[1] https://aarc-project.eu/aarc-infoshare/ -- for academic environments..

[2] https://iapp.org/resources/article/top-10-operational-impact...

[3] https://www.whitecase.com/publications/article/unlocking-eu-...

There are multiple WP29 interpretations on various points (some of them are actually human readable, not just legal talk..), etc. In any case, it will be interesting to see all these developments in the future.

[Edited for mistakes..]

> "industry standards" and "reasonable effort" (controller, e.g. should flag that the processing the data should be restricted).

Not quite. That sort of fits the current model, such as Facebook not deleting data, just restricting access. In this case, data should be marked for deletion, "within a reasonable time frame". Data controllers may not retain the data indefinitely, no matter how much they want to.

In practical terms, the implementation of that will probably be influenced by the fact a user should be able to download all their data without hindrance, (Data Portability).

That is correct, user will have access to the data, e.g. the images/videos user uploaded to Facebook, and I presume the Facebook will have to delete (successfully) these data upon request. However, personal data are not just images, or similar. It is also IP addresses, logs containing user's actions, etc. everything and anything that may identify a person. So, e.g. if some logs somewhere may contain IPs of a user, or some actions of the user were recorded in logs that are scattered throughout the system, the controller may argue that it "reasonably" tried to remove also these data for the user, but it can't guarantee that. However, GDRP now stipulates Privacy by design, which means some of these scenarios might have to be taken into account before creating and providing a service, so the removal of (all) user data should be more feasible.

This is for those reasons that EU companies are innovating in the privacy, for instance doing AI assistants which are private by design with https://snips.ai

Yes, but important will be how selective they are enforcing.

Careful with this stuff. It looks nice, but it may bite.

The "states shall not impose any obligations" is a great thing, but "shall ensure that ... guaranteed ..." isn't so much. Your Parliament basically tells you how to write your software, and while this particular cause may be good[1] - the general concept isn't healthy.

Granting governing bodies this level of control... that must require exceptional levels of trust in those bodies and all future ones that could be their successors. I'd argue that it's better to have the very contrary thing - a ruling that no governing body may ever dictate how one can secure their communications and how they can't (or, in more general terms - how one can write their software). Oh, and keep the "states shall not impose" clause, of course.

Yes, that leaves data-miners with their messengers still vulnerable, but I think it's less important than a general non-interference principle. And I'm for having fines for calling non-E2E messengers "secure" if the wording may confuse user into thinking it's E2E - that's basically misadvertising. The issue is information gap and "clever" marketing - fix that and things will be good.


[1] It may be a problem for early prototypes, if they had started with UI/UX and a simple insecure "TCP socket server"-level stub for the messaging layer. Mandatory implementations are always a barrier.

>Your Parliament basically tells you how to write your software

Buildings have strict construction codes, and this improves the overall quality of buildings. If developing software is to be more like other professions, it should strive to move in this direction

Other professions? I don't think all professions should strive to get more and more regulated. On the contrary, I'm sure that some shouldn't. For example, if government starts messing with artistic expression (painters, graphic designers, musicians, typographers and many other professions) - that would be a disaster. Same goes for most scientific research, with exceptions for hazardous and dangerous facilities. That were all obvious cases, of course, but I'm sure there are more examples, I just need to think about it (and I'm slow).

As many other regulations, construction codes are there, because otherwise unrelated people lose property, get injured or even die. A building may deprive neighbors from enough sunlight, and that is unhealthy, so there are standards for insolation. A badly done electrical wiring can overload or short circuit - and the fire doesn't know about property ownership and jumps onto the neighborhood.

In a imaginary scenario, if one's on their own land, with no one else around (and no woods to burn, no basins to pollute, etc etc) - I don't think mandatory state building codes would make any sense. And in the virtual space, things are frequently just like that - if something goes kaboom, it only impacts that system. Of course, some exceptions apply (NTP DDoS amplifiers, misconfigured MTAs or hacked websites abused for spam, etc).

And I think IM apps are very different from housing. Usually, compromised communications do not have any impact on third parties. And when they do there are usually provisions for that, e.g. HIPAA.

>if something goes kaboom, it only impacts that system

And its users. Unless you're the one living in the house (in which case I agree, do whatever you want) there has to be a certain guaranteed safety so the roof doesn't fall down on its tenants. I don't want to be a civil engineering expert to choose the place where I live; I expect the plumbing to work and the electricity to be safe. Likewise, a software user shouldn't have to be an expert in order to get safe software.

Most commercial software products aren't pieces of art, they are pieces of engineering like cars and bridges, and should behave as such

(Of course, there is software that is more akin to pieces of art; videogames come to mind. Even then, they shouldn't compromise the privacy of unsuspecting users)

> And its users

Users are part of that system. If the system in centralized - it's a bus, not a car - if it crashes, everyone get injured. (BTW, should EP mandate distributed architecture or 6-nines SLAs? Reliability is as important as confidentiality.) The real problem is not that communications aren't encrypted or something. It's that users aren't aware what they get and what they don't.

> I don't want to be a civil engineering expert

Neither do I. But regarding software - I don't need to be an expert to hear "we can't access your messages even if we would want to". Why need government for that? And why make it mandatory? I just don't see your point except for analogies with other professions. What's the point of programming being like car manufacturing?

Personally, I want to be informed but free to chose whatever fits my requirements. That doesn't work well for buildings and cars (for the reasons I've mentioned in the parent comment), but that works very well for software. Non-mandatory certifications and attestations works just fine - e.g. we have IM software audited.

Interventions may be necessary if no one builds E2E messengers (assuming there is a demand - and there is), or all existing software is unusable. But I don't think the communications software market is that unhealthy.

And as I've said before, if someone advertises something as e.g. "100% secure" or "we can't read your messages" but it's false - that's basically a misadvertising.

But isn't this the same issue with Net Neutrality regulations? We're asking the state to enforce net neutrality, but it opens a can of worms. Tomorrow it would be "all data should be treated equally, except for govt data which should be prioritized above all." "All data should be treated equally, except for terrorist data, which should be prioritized/blocked".

This is true of any government at all. "We're asking them to arrest murderers, but what's next, arresting suspected communists?" Well, maybe, depends who you elect. Every government power can potentially be abused.

It is. And this is controversial statement but I'm really not sure how I feel about Net Neutrality.

Where I'm from (Russia), we had (and still have, to a some extent) a lot of competition in ISP space. This had happened just because government weren't particularly looking at that direction at the time (90s and early 2000s).

If one ISP did some weird stuff that upset customers, the market had actually worked and they lost profits, making them reconsider. This may sound weird, but that really was like that - "power" users were vocal, and word of mouth did spread fast. And absence of NN allowed ISPs to do things that were actually beneficial to the customers, like routing specific traffic differently so e.g. gaming would be smoother and files would download faster. Just because content customers meant good reputation - a stable userbase with steady growth. So I don't believe NN is a good idea if the market's right. It only makes sense if it's bad, with a few giant telcos and no competition.

[Edit: ignore this paragraph, please. I'm keeping it, but indeed it's a long stretch.] When the government decided they're going to get a grip on the tubes, things immediately got worse. No NN here, though, just censorship - a great pile of unsound kludges with mandatory monitoring and automatic fines if something goes through. But NN here would've killed tiniest ISPs just as well.

That's just how I see things. It very well could be that I'm mistaken here.

> If one ISP did some weird stuff that upset customers, the market had actually worked and they lost profits, making them reconsider

The problem in the US is the telecoms are divided across neighborhoods in a way that you don't get a choice. I only have the option of Comcast at my apartment building, it's that or no internet / use a 4G hotspot / satellite maybe? My parents house is similar, AT&T offers internet, Comcast only offers it as a package with cable tv. Both just began offering maximum rates of 30Mbps down / 6Mbps up this year! And this is in the suburb of a major city.

So when my ISP pulls crap, raises prices, or does something else I disagree with, I can't just change providers without also making several lifestyle changes.

I don't think it is easy to compare how censorship works in Russia with how Net Neutrality would work in the US (or some other country) it is comparing apples to eggs.

Of course. Where they're comparable is that both are government-mandated interventions. Censorship... Yes, now I think I shouldn't have mentioned that, and omitted previous-to-last paragraph. Sorry about this.

My overall point was unrelated to what the current government does, though - it was that absence of NN can be beneficial - but only if there is a lot of competition, so when not being neutral doesn't help customers but hurts them, there is a proper feedback loop that makes ISP either have losses or reconsider.

I appreciate the well-thought-out counter perspective. Do you still live in Russia and do you still feel the same way? If you had to put yourself into the shoes of a US voter, how would you feel?


Yes, I still do, and feel the same way.

I don't yet feel that I understand US realities well enough to be able to have a proper, informed opinion. Still, from what I've heard, there is very limited competition in a lot of areas, when there are essentially mono- and duopolies. In that case, NN may be beneficial, as it acts as a safeguard, as consumers can't vote with their feet. If things are really bad, I think I'd be for NN, but I'd really prefer there'd be some "this must be carefully reviewed in 4-5 years" clause. Otherwise... I'm not really sure, sorry. But, either way, I'd support those who seek to improve ways for new ISPs to start up and grow, as I've heard the entry barriers are very high in the US.

I got selected in DV 2018 lottery so, hopefully, if I'll get a visa approval, I will have to form a proper first-hand opinion in some years. :)

>I got selected in DV 2018 lottery


Here's a quote from the draft that I particularly like:

> The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.

> Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.

If I'm going to play devil's advocate, this sounds like a European DMCA in the sense that it will prohibit removal of DRM, and tools which assist such removal.

Given that the next sentence is about "Member States", I think the sentence before it is as well—it's the member state['s government, or any contractor acting on its behalf] who is "prohibited" here from "reverse engineering or monitoring" encrypted communications.

In other words, this would constitute a ban on domestic SIGINT operations ala PRISM.

Also, "when encryption of electronic communications data" would have to be interpreted in a very twisted way to apply to DRM of IP content (be it software or art)

It would need to be twisted indeed to apply to DRMed games, sure. On the other hand, I could see streaming video from Netflix being "encrypted communication", where the "recipient" is your HDCP television, and breaking the trusted media path between the two would count as "reverse engineering or monitoring" the signal. If, of course, these lines were meant to apply to something other than the Member States themselves. :)

It would depend on the legal definition of recipient used. If I — as a natural person — am the recipient, than decrypting that stream would not be unlawful. Even if my TV is the 'recipient', I, as its legal owner, am probably still in the clear.

Considering the level of mental gymnastics necessary to produce the current model of "intellectual property", there is definitely room for concern that you may end up with software which you do not own that is considered the recipient.

Think a proprietary streaming service client which you pay to have a license to use. Combine it with enough layers of HDCP and shitty illegal-to-break crypto and they'll have managed to plug your analog holes.

Actually, yeah, given that TVs are clearly private property. How about the set-top box you're renting from your cable company, though?

My guess is value. A set top box being the recipient is of no value to me, it, or anyone else. If I (a person in meatspace) cannot see whatever was encrypted, what's the point, even? Why would I pay money for it?

So what is stopping telecommunication providers, or tech companies, from "voluntarily" breaking the encryption and providing the results to the governments (in expectation of deregulation, or bandwidth allocation, or tax advantages, or as a result of secret coercion)?

That's where the famous "colored bits" come into play; "but we didn't do it personally ourselves and we didn't hold a literal gun to the telcos' heads" is ... not a great defense. http://ansuz.sooke.bc.ca/entry/23

In other words, intent matters; we only pretend it doesn't (and let the legal system sort it out) because it's too hard to express into computer systems.

these kind of assumptions and having openings to these kind of interpretations is what creates loopholes in the law. if anything this will be crappy worded and probarb ly exploitable by lawyers...

This is still a draft. It will likely be tightened up before the final version is approved (if it ever comes to that).

Reporters are picking up on it because it's unusually conciliatory - Commission (i.e. lobbyists), Council (i.e. governments) and Parliament (i.e. people) all seem happy to let it go through, in an area where nation-states have recently been quite belligerent versus their own citizenry. This could be a watershed victory for civil rights on par with FOIA laws, and it might happen after little or no unrest, which would be remarkable.

By the time the lobbyists and policy launderers have got to it, it'll be "you shall not remove DRM, and everything else must have a back door".

The context seems to be communications between citizens, not media playback.

I worry how that wording will work for security researchers exposing badly implemented roll your own encryption systems.

Or opensource client applications for proprietary messaging systems, though those get rarer these days.

Unless they're Member States, they should be OK

Why wouldn't it apply to private entities ?

There's already a European DMCA -- the Copyright Directive, which was introduced in 2001. See https://en.wikipedia.org/wiki/Copyright_Directive#Technologi...

DMCA applies to first parties and to anything which could be defined as "encryption".

This should apply to state-of-the-art encryption and only to third parties.

Why is it that European governments seem to act in the interests of their citizens and just about all other governments default policy positions is to act against the interests of the citizens?

> Why is it that European governments seem to act in the interests of their citizens

Note that this article is about the European Parliament, which indeed acts very often in the interests of us, the European citizens.

However, that one is not the "European government". More precisely, it is only one part of it (depending on how strict you want to draw your analogy).

This is really a pity! There should be more power to the European Parliament.

On the other hand, if the European Parliament had more power, lobbyists would engage with it much more than they do now. So maybe it would then become as biased as all the national parliaments. However, I really hope that the European Parliament is able to retain its quality if it gets more power, which is why I'm a strong supporter of giving more power to the Parliament, and consequently taking power away from the Council and the Commission.

While we are at it: If you haven't already done so, you should go and become a regular supporter EDRi. It is one of the very few civil rights organizations that act on European level (not just national level). They achieve astonishingly much, given their low budget. Imagine what they could achieve with a real budget!


According to a comment[0] on earlier discussion[1], this legislative process was even initiated by the European Council and European Commission. I'm curious about more details about that, though.

[0] https://news.ycombinator.com/item?id=14578358 [1] https://news.ycombinator.com/item?id=14577828

> this legislative process was even initiated by the European Council and European Commission

This is no surpise. Note that the European Parliament is not allowed to initiate new laws, so any new law has to start at Council/Commission, almost by definition.

(As I said: The European Parliament should get more power. Where else do you have a parliament with a missing right of law initiative? WTF?!)

All they can do is trying to shape the law proposals by Council/Commission into a less hostile version. Sometimes they are even able to turn things around, but that works not very often.

Yanis Varoufakis describes the structure of the EU as "We the governments" rather than "We the people".

Indeed, the EU is currently a union of countries - that is the way it was designed: the founders were nationally attached. I would love to make it an actual country, but I am in a minority for now - most citizens of Europe still feel they belong to their nation before belonging to the union... I dream of that changing: when one has traveled a bit inside and outside of Europe, one realizes that national identities are irrelevant compared to what European nations have in common. But that would be a radical redesign of the EU.

I'm sort of where you are in that I don't really feel like I'm a part of any nation, I'm just a human. I do feel Terran however (ie like I belong to Earth and vice-versa). So I feel European as much as British.

As a subject of Her Brittanic Majesty however, I'm about to have that citizenship forcibly removed. The only other option appears to be to become a political refugee. Like if a third of people in your region voted and suddenly you were no longer to be a national of the country you were born in; it's weird.

I can't help wonder if this is an age and class thing.

Is one is younger and hold higher education, one can more freely move between nations.

But if one is older, more settled with family and such, and perhaps has done industrial work for most of ones life, i suspect one see less benefits from EU. Heck, some of the directives may be seen as disrupting hard won job security.

Seems like a reasonable hypothesis.

Yes; in political science terms the EU is a very interesting hybrid between an intergovernmental organisation ("we the governments") and a supranational government (which could theoretically be "we the people").

The structure is very close to that of a very powerful intergovernmental body, though, and there's not (yet?) a strong European polis/sense of shared identity. The democratic aspects of the EU as itself (rather than as a confederation of themselves-democratic national governments) are underdeveloped.

>there's not (yet?) a strong European polis/sense of shared identity //

I don't know about that, there presumably has been research/surveys on it but are you making the statement based on assumption?

Even in the UK which is geographically separated, outside the Schengen area, and not part of the monetary union there is still clearly a lot of people who feel European.

"sense of shared identity" may be a bit loose; I meant in the sense of not feeling a constituent part of a common political community. Plenty consider themselves European (I suspect rather more in the UK since the Brexit vote made the question a bit more salient) but I doubt there are many whose principal allegiance is to the European Union, rather than France, the UK, England or Yorkshire. And yes, this is an informed assumption rather than based on a particular survey.

In practical terms, as someone else stated, European Parliament elections are conducted as a series of more-or-less isolated national campaigns, with a weak sense of a body of citizens making a decision as a continental group.

This is perhaps beginning to change, with the Europarties nominating explicit lead candidates for the presidency of the Commission at the last Parliament election, which provides a certain cross-border unifying factor. It's notable that in my country (the UK) these candidates were barely mentioned, though, and the race was treated as a proxy fight for future control of the Westminster parliament, or as a chance to elect eurosceptics to protest the EU as a whole.

Sure but don't conflate the EU with Europe, much as the former would like you to.

A lot, but a minority.

And it seems to depend on where in a nation one lives, and what occupation one holds (or held).

He is not wrong. Most EU institutions represent the member states rather than the European people directly. The Europarliament is the one exception, the only institution directly elected by the European people. Still limited by national borders, though; each country gets a number of seats according to their population (rather than the number of votes), and you can only vote for parties from your own country.

Still, it's easily the most democratic part of the EU government, and should definitely have more power.

If they got it, would they not become the subjects of more lobbying and therefore become less democratic?

It is easy to represent someone when you don't have much power. It becomes harder when you have power. Maybe different people seek to become MEPs for example. As today it is not a very highly regarded political job IMHO.

Perhaps, but they are already subject to a lot of lobbying. So much so that it has happened that two different parties propose the exact same law that was clearly written by lobbyists.

But with greater power comes also greater media attention, I hope, and therefore more accountability.

Varoufakis is irrelevant.

I think he was in a unique position as an "outsider" desperately trying to do his best to help his country and indeed Europe as a whole.

I've read a couple of his books and I've definitely become more skeptical of how the EU is currently structured (although still a Remainer) and much more sympathetic to the plight of the Greek people.

Do you care to elaborate? Given the power imbalances especially regarding the European Parliament, his statement is not wrong.

Moreover, given his political work, we can safely assume that he gained quite a lot of insights into the inner working of the EU. So his personal opinion that results from the experience is anything but irrelevant.

Kinda. He has some deep insight into (macro-)economics, but i fear he is too enamored with the EU project as an intellectual.

There's a belief that legislators elected as MEPs are not particularly high quality, so it's not a good idea to give them too much power. OTOH it's hard to convince ambitious talented people to run for a job with little power, so there's a catch-22.

It's also a way around the democratic deficit, though in reality the deficit is in government to government horse trading with plausible deniability ("the EU made us do it!"), not anonymous bureaucracy.

Thanks. It is a pity I am not aware enough of how European lawmaking works.

Thanks for the link to EDRi. I hadn't heard of them (although it looks like there is some affiliation with the UK Open Rights Group who I am aware of). Besides Privacy International, whom I'm also familiar with, are there any other non-profit's working in the privacy sphere within Europe that you know of? It's an area I'm interested in getting involved in in the future.

This is not the European government in the sense we understand normal government.

In the USA the federal government is seen as the "real" one and the States are the also-rand. In Europe it's the other way round. MEPs are elected really as proxy popularity polls on the home parties. And they undergo very little scrutiny of their actions at home. It's only when EU runs counter to a home country "third rail" that it gets reported - for example changes to agricultural policy. this is its strength and weakness (if every road and job susbsidised by EU was branded with EU logo on the pay packet (1,045 euros this month came from EU!) then it probably would be looked on differently.

The EU is mostly a positive boon for the world. But the lack of scrutiny leads to no system of checks and balances - which is not good in the long term.

In tech policy there are either no home country policies entrenched, or the different sides are not deeply entrenched (Security agencies love spying on email of course but it's only a decade or two)

So a sensible policy wonk can lay down really useful guidelines that help everyone. Because it so early in the game.

Being a sensible policy wonk and trying to fix agricultural subsidies where there are centuries of ingrained compromises is much mich harder

Trust me the UK gov is not down with this idea

> MEPs are elected really as proxy popularity polls on the home parties. And they undergo very little scrutiny of their actions at home.

This is painfully true, and the biggest hurdle IMO to solving the perceived "democratic deficit" of the EU.

MEPs should be banned from using domestic party branding on their material, and have to canvas themselves based on the bloc they plan to align to in the EU, and what that stands for. Only then do you have a hope of people educating themselves on which EU parties/blocs align with their own ideologies.

At the moment, standing based on domestic parties in an EU parliament election has about as much relevance as someone in a general election saying "Vote Jones, member of the local football club", but leaving off their party affiliation.

> MEPs should be banned from using domestic party branding on their material, and have to canvas themselves based on the bloc they plan to align to in the EU, and what that stands for.

MEPs align themselves with the bloc their party is aligned with.

Perhaps it would be better if political parties had to include the branding of the European Parliament political group they're aligned with on all campaign materials (I'd go so far as to say this should also apply to national and local elections, if EU citizens can vote in them).

MEP seats are allocated per-country, voting based on domestic policies is the entire point of the EP. The council & commission (in particular the latter) are then supposed to balance it out with unified national & cross-national representation, respectively.

> MEP seats are allocated per-country, voting based on domestic policies is the entire point of the EP.

I disagree, that's like saying — MPs are allocated per constituency, voting based on local policies is the entire point of an MP. It's definitely a factor, but how many people voted in the last UK election based on having "a good constituency MP" rather than the party positions?

I think an MP's main job is to make legislation for the country as a whole — yes, she should inform her opinion through the lens of her constituency and her constituent's opinions, as well as her own, but she shouldn't only vote for things that affect or benefit them directly. So similarly, I'd want my MEP to make good European acts of parliament for the EU as a whole.

Telling me they are a 'Labour', 'Lib Dem' or 'Tory' affiliated gives me a hint as to their ideological background, but it's no match for something like the voting blocs issuing their own manifestos for how they'd like the EU to progress and develop.

I think if people want the European Parliament to become more accountable, you have to start engaging with policies (and politicians) at a supra-national level.

The UK has an entirely different governmental structure than the EU, so comparing why someone votes for an MEP v.s. UK MP makes no sense.

Of course MEPs are going to need to consider the EU as a whole, because in order to advance the goals of their constituencies they need to cooperate with the MEPs representing everyone else (and other EU institutions).

But expecting that you can ban MEPs from being a product of national politics or national political branding would be folly and undemocratic. That's what the EP is for, it's there to represent voting blocks within the nation-states that make up the EU, MEPs are explicitly not voted for across national boundaries.

Targeting MEPs to solve a perceived "democratic deficit" in the EU seems bizarre. They're the only directly elected institution, and they're the most locally accountable EU representatives or institution.

It seems to me what you'd like to accomplish here would be better solved by making the 28 members of the Commission directly elected across national boundaries by the entirety of EU citizens.

> Trust me the UK gov is not down with this idea

Then again, it looks like UK is about to leave the union[1], so their ability to influence policy at the European level is fairly limited at the moment.

[1] I would not be surprised, though, if both sides just dragged the exit out long enough so nobody will care about it any longer and then quietly drop the issue.

Parliamentary systems in general are more responsive than Presidential ones.

Also, most of us EU nationals don't see EU structures as very democratically responsive. Fairly sure most of us only send the B Team to the EU parliament. E.g retired national politicians, or people who couldn't get elected for national parliaments. Also, it gets a lot less coverage than national parliaments, so members are free to vote on random things without the same amount of scrutiny.

> Fairly sure most of us only send the B Team to the EU parliament. E.g retired national politicians, or people who couldn't get elected for national parliaments.

I wouldn't call 'retired national politicians' the 'B' team, those are more likely the 'A' team, no longer worried about their career they are much freer to operate than their national counterparts, besides that they have lots of experience.

A Dutch example:


The current president of the European Council, Donald Tusk, used to be the Polish Prime minister before he took the position in Brussels. Definitely not B team.

Yes the European Council and European Commission tend to get the more experienced and capable former national politicians but the Parliament generally doesn't...Certainly not in the European countries that I have lived, worked and studied in/about.

MPs in national parliaments aren't all that great either. And some MEPs are really good. Just not the backbenchers.

But the Europarliament does seem to get used as a training ground for national MPs.


Neelie Kroes is not a member of the EU parliament. She used to be a member of the European Commission. The executive branch, basically. And she was excellent at it. She's easily my favourite EU commissioner as well as my favourite VVDer (Dutch right-wing liberal party that I strongly oppose for their destructive economic policy and their occasional flirtation with extreme right).

Neelie isn't an MEP. MEPs don't have much power, so ambitious people aren't interested, so the B team gets sent, and then nobody wants to give them much more responsibility.

Neelie was indeed not an example of a MEP (read different comments in parent-parent-parent's thread for distinction).

But there are definitely examples of driven 'A' team politicians in the EP. And those are more easily heard because of the lack of attention to the laid back types. So the possible higher amount of the latter isn't even an all black-white bad thing.

And since many are positive about the results of the EP: does it even matter?

> most of us EU nationals don't see EU structures as very democratically responsive.

Whilst I got the same feeling, this really needs to be backed up by data. Do you know any reliable polls about it?

The recent elections (last year or so) in Europe showed a great deal of anti-EU feelings from some parts of the population.

Op said "most of EU nationals". You say "a great deal" - but I can't really put that into numbers. "Most" means >51% but "a great deal" is just what I call (please don't get offense) bullshit-speak.

I have asked for numbers and the elections in different European countries this and last year did not show majorities of anti-EU feelings.

Netherlands, France, Austria, Spain, ... am I missing something?

The fact is only Greece has a majority that dislikes the EU (I'd say for obvious reasons). Not even the UK is polling that way right now.

Yes I think it's also about which part of the EU. The majority seem to support the EU as a whole but some of the political structures like the Parliament and Commission - less so.

"Since 2012, there has been a steady increase in Parliament of the fight against terrorism and respect for individual freedoms as a priority policy for the European Parliament, and this is now in second place (42%, +8 compared with 2015).

Meanwhile, some other indicators remain relatively unchanged. A clear majority of Europeans still believe that being a member of the European Union is a good thing (53%, -2), and that their country has benefitted from this membership (60%, =). Likewise, around seven respondents in ten think that there is more solidarity amongst Europeans than issues which separate them (71%, -3). Nearly one European in two also shares the opinion that a harmonised social welfare system reinforces their feeling of being a European citizen (46%, +1).

We also noted that the neutral image which Europeans have of the European Parliament (44%, -2), and the more significant role which they want to see it play (46%, +2), are two indicators which also remain stable. In addition, Europeans remain well informed about the European Parliament. Finally, other results show a decline in this survey. For example, Europeans feel that their voice counts less and less, both at national and at European level. However, in 26 of the 28 Member States, they felt that their voice counts more in their own country (53% in average, -10 compared with 2015) than at EU level (37% in average, -2). When asked about the future situation, Europeans are increasingly pessimistic, both in the EU (54% « things are going in the wrong direction », +13 compared with 2015) and in their own country (58% « id. », +14),

Among the various elements of European identity, a significant decline in the single currency as one of the essential elements is also noticeable (33%, -6), particularly in the Euro area."

Source: http://www.europarl.europa.eu/atyourservice/en/20161110PVL00...

A "great deal" means that in some places these people and those feelings will represented :/

I can't endorse those feelings so you can't ask much more out of me playing devil advocate.

Yeah, the EU works surprisingly well... I mean given how little attention it gets the EU institutions makes a lot of good calls.

Granted, it would likely change it more controversial topics was handled by EU.

OTOH, sometimes national governments will try establish policies at the EU level that they know will be unpopular at home, so can face their voters and claim they don't really want this, but look, that evil EU makes us.

That was how the data retention laws were established before the European Court of Justice decided that it was illegal/unconstitutional (unsure what term to use here).

Other countries primary concern is to give big business and the rich anything they want.

To add to other answers, the european parliament is composed of deputies elected directly by european citizens, so it doesn't represent european governments; the latter are represented in the european council, composed of the different heads of state. I don't know what is the council position on this one but I expect it to be on the opposite side.

A theory is that not much money is poured into elections for who is sitting in the EU chairs, allowing small parties to gain votes.

Campaign financing as well as some form of representative democracy.

Also note most European nations have dramatically reviewed the election systems many times over the years. I believe France is at its fourth constitution :)

US and UK doesn't exactly have modern election systems, it works a bit better in the UK because it's smaller, but brexit still happened..

No voting system would have yielded a different result in the EU referendum, it was a two option referendum.

I genuinely wonder what the result would have been if the options were 1: Explicit no-opinion, 2: EEA membership. 3: Complete exit, WTO rules. 4: Status quo. 5: Even greater EU federalism.

I imagine the 3rd option (UKIP's favourite) would be the least popular and the EEA option "soft brexit" as the winner - which I feel better reflects voter sentiment... and voter ignorance: as EEA members still pay money to Brussels and are subject to regulation on goods and immigration. At least it would have made it clear to everyone in Whitehall that "hard brexit" was/is unconscienceable.

I'd actually bet the opposite. I think if you only gave people one vote, it's pretty much guaranteed that you'd see 3 then 2 for popularity. More options without introducing rank would be the greatest gift you could give UKIP, whereas you'd lose the majority of remain (ie #4) votes to the flanking opinions of #2 for those wanting greater independence, and #5 for people who are more EU aligned. Thinking that most leave voters would go #2 only makes sense if you are thinking of the vote in the context of right now, not a year ago, when everything was more politically charged.

I'd actually bet that had you suggested this a year ago, the people on the remain side would be loudly objecting to it, rather than the other way around.

Based on results it appears that many struggled to understand the two options already on the table.

I suspect most people sufficiently informed about all the options would have voted 'No' already, as with that knowledge would come understanding of the risks voting 'Yes' would entail.

Are you trying to solve an ignorance/emotional/populist problem with logic?

I disagree. If voting was compulsory, as it is for example in Australia, Argentina and a number of other countries [1], the outcome could have been different.

The smallest percentage turnout in the EU Referendum was by those aged under 25. However, the largest percentage of Remain voters were also in this age group [2]. If voting was compulsory in the UK, it's reasonable to assume the extra under 25 voters would have swung the result the other way.

[1] https://en.wikipedia.org/wiki/Compulsory_voting

[2] http://www.bbc.co.uk/news/uk-politics-36616028

Perhaps a "more modern" voting system is one where you have only one option.

Such systems were "progressive" back in 1980's, remember.

> I believe France is at its fourth constitution :)

Oh, more than that. It's on its fifth Republic, but there were also a few constitutional monarchies in between.

Check the individual governments, the German government for example is all for end to end use of the Bundestrojaner. End to end encryption wont really interfere with them when they practically own the end points.

In fact, German parliament will be voting this week (at practically the last opportunity before the forthcoming election in September) to extend the usage of the Bundestrojaner (federal Trojan horse) from the terrorist threats that it was supposed to combat to all kinds of mundane offenses (e.g. drug abuse).

Source (German): https://netzpolitik.org/2017/staatstrojaner-bundestag-beschl...

I expect that the law will be shot down by the Bundesverfassungsgericht (Germany's Supreme Court), but it will be a few years until that happens because these processes take time.

The blatant disregard for the Bundesverfassungsgericht some politicians show drives me mad when I think about it too long. They shot down the Bundestrojaner once already, and based on their reasoning about the matter (or what I remember of it), I am certain they will do so again.

European cultures are heavily influenced by having seen dictatorships be born, grow and collapse.

Don't worry, US and UK will get there.

Get where? The US is not going to join anything like a "EU".

He was referencing the US getting to experience dictatorial rule.

UK has been there, multiple times no less...

Reference? Which administrations have stuck to power irrespective of the wishes of the electorate?

Damn it! I dont know. recently they had a few good ideas there were discussed and some even implemented! Our system definitely is broken... but in a good way?

It's the European Parliament here, and there are much more protections between politics and businesses/lobbyists.

Maybe they are not part of the same club as the other politicians.

Because other governments' offensive capabilities are greater, and they want to improve their defenses first.

This is welcome, but moves like this will only make a difference if the legislation has teeth — will there be some ombudsman that I can appeal to, who will investigate that a firm is using encryption (correctly), and issue a hefty fine for breaches?

Or will it turn out like the cookie legislation: potentially good in theory — that you should have an opt out to non-essential tracking cookies — but because of vague hand-waving around implicit opt-ins and not forcing firms to distinguish between essential & non-essential cookies, means the only outcome is an annoying banner on every website and no real effect on end-user privacy.

Serious question:

If we had perfect encryption on all devices and no government would be able to listen in on anything (spoken conversation, mails, whatever) we would be pretty much back to where we were a couple of decades ago. I suppose the government would need to employee more real people to monitor other real people.

Is there any way we could have encryption / security with a state actor still being able to decrypt the data if needed?

I'm not saying that I personally am for the state actor, but I'm just imagining a scenario where all communications of bad actors would be via encrypted channels. No possibility to gather chatter, no possibility for rumors, everything encrypted and hidden. I mean this is the scenario state actors are afraid of, and frankly I would be too.

How would we live in a world with perfect encryption? More anonymous, sure. But safer? I'm really trying to see "the other side" (state) right now. Help me out and tell me how we can have perfect encryption, but don't undermine security / possibility of investigation.

This is an honest fear to have, but it hides the real causes many of the recent "bad actors" did what they did.

Most of the recent terrorist acts can be traced to different organizations that only exist because of military/economical interventions that happened a few years, or even decades ago. In a broader sense, many can even be traced to the aftermath of the first world war and how the Ottoman empire was split, and the interventions that followed.

What I'm trying to say is that this is not a "inherent" problem in western society. They were created by misguided actions of the past (and current) generations. The techniques and methods used by these actors are just details. You could theoretically spy in everyone like the US or UK governments want, but ultimately the criminals can easily be one step ahead of them if they want and try just hard enough. They can switch to other method or just pay some hacker group to create software for them if they were really organized.

Think of the prohibition in the US. Did it really stop alcohol consumption? Not at all. And a few years later everyone realized how stupid that idea was and the whole prohibition was scraped.

I strongly disagree. You can't just blame terrorism on poor decision making by Western powers. The world is complex and every country has to make difficult decisions that will make winners of some and losers of others.

Ultra-conservative strains of Islam are big losers to the West's cultural influence, even in the absence of Western military and diplomatic intervention in the Muslim world. Western economic and cultural might is a threat to their value system and way of life, and some are willing to kill to defend it. Within the United States there has been left-wing terrorism (e.g. anarchists in the early 20th century or the Weather Underground) and right-wing terrorism (e.g. the Oklahoma City bombing).

We cannot always avoid arousing the ire of hardcore radicals.

>but ultimately the criminals can easily be one step ahead of them if they want and try just hard enough. They can switch to other method or just pay some hacker group to create software for them if they were really organized.

They can, but thankfully most people seeking to do us harm (and most people in general) are incompetent. Even the most seasoned computer criminals get careless and make mistakes.

>> They can, but thankfully most people seeking to do us harm (and most people in general) are incompetent. Even the most seasoned computer criminals get careless and make mistakes.

People wishing to do us harm don't need computers at all. Just look at the 3 attacks in London in the last few months (Westminster, London Bridge, Finsbury Park). All that is required is a driving license to rent a van and the want to drive it at people at speed. Any person willing to do harm can go out and do it this afternoon without any planning. If we give up our freedoms so that the government can spy more effectively the terrorists will just do more of the above style of attacks.

It's not me saying it. The Pentagon itself made such claims even before 9/11.


Do you really think an entire population will just accept a foreign nation obliterating their lives completely, without at least a small amount of revolt groups wanting revenge? Now that would be naïve.

> Ultra-conservative strains of Islam are big losers to the West's cultural influence

You mean the same strains that have been repeatedly propped up [0] by the western powers?

[0] http://flashbak.com/wp-content/uploads/2012/09/Independent-1...

> I suppose the government would need to employee more real people

It would make sense if spending had gone down as more monitoring was added, but to my knowledge funding has instead been going up. A reinvestment on low technology solution is mostly just shuffling of funds for one area to an other.

> where all communications of bad actors would be via encrypted channels.

It is really hard to encrypt a physical meeting, and even harder to encrypt ownership of guns, bombs, stolen goods or the intent to hijack a truck. The evidence and police work needed to stop and convict criminals in a society with encryption look very similar and practically identical to the work needed in a society without encryption.

The scenario you describe would be good overall. State actors can easily metastasize into bad actors themselves, and when they do the results are truly monstrous. Having a way to organize dissidence (in this case, the possibility to communicate without being immediately captured) is of prime importance as a safety valve when things inevitably turn for the worse.

Other bad actors seem benign in comparison. A fundamentalist organization can clock up hundreds or thousands of kills but a bad state actor is usually along the lines of millions of lives negatively affected.

There's also no indication that bad actors need encryption at all. In several of the recent terrorist attacks, in some cases information was easily retrievable but was not investigated due to an overwhelming amount of people to monitor. It seems like states have no issues collecting data but sometimes struggle to actually use it to stop terrorism.

> How would we live in a world with perfect encryption?

That question is indeed addressed if you read the article. Toward the end:

> "There are lots of existing techniques law enforcement can use," Dr Steven Murdoch, a cyber-security researcher in the department of computer science at University College London told the BBC News website.

> "One of them is traffic analysis, which is looking at patterns of communications, eg who is talking to who, when and from what location.

> "The other one is hacking - equipment interference in British law - which can happen before data is encrypted and after it's been decrypted, so there are still ways for law enforcement to gain access to information."

If the E.U. is considering this legislation, you can be sure the member countries' spy agencies are confident in their ability to hack and do traffic analysis.

Probably a better (though still highly theoretical) way to phrase your question is this:

How would we live in a world where there are no bugs to exploit?

>> we would be pretty much back to where we were a couple of decades ago. I suppose the government would need to employee more real people to monitor other real people.

My view is - why is that a bad thing? We didn't live in some crazy unsafe time then and I don't think it'll be any different now.

However what if I was wrong and the world did become less safe? We need to start looking at 'safety' thorough the bigger picture. If this regulation really did make it harder to catch e.g. terrorists and there were 1-3 more attacks a year with 50 deaths total should we give up our privacy to prevent that given the consequences of giving up privacy to save those 50 lives? That loss of life would obviously be tragic but in the grand scheme of things it's a tiny number. I've seen governments take away people's freedoms to stop violence and keep people safe. It generally doesn't make much difference. And if we let the government take away this freedom how long until they take away another? How long until we start letting them take away freedoms that only serve to frustrate the bad guys and fuel further violence (again this has happened in the past).

Do you feel more unsafe in a world where secure encryption is widely and easily used, or do you feel safer in a world where that would become contraband, and fake security in encryption would expose you to state and criminal exploitation. This isn't some kind of techno-libertarian hard-line position. Many governments are incapable of administering back-doored encryption without corrupt influences exploiting the back door, even if you trust first-world governments to keep things relatively clean.

All communications of bad actors will be encrypted via safe channels regardless of the regulations. Regulations only limit citizens who obey the law.

And if you are hoping that it would be easier to spot these truly encrypted communication channels then, not really a chance, there are already too many options how you can hide the data in the skype stream images, websockets and so on.

Apart of course from the fact how bad idea it is to let state actors access all this information. Sooner or later they will be breached too, by other state actors or Mallories, regardless of their intentions.

Either you have the right to privacy or you don't. It's just double speak to say the government can violate any right, then either the government is acting criminally and people involved should be personally punished as such, or you don't actually have privacy.

That's like saying people have the right to life but government can murder anyone they want because they are the government. It's silly and meaningless. Rights are to be protected even when the government is against them, perhaps even more so in such cases.

Most communication that occurs is already not monitored. If I go to a restaurant or a coffee shop, no one is monitoring what I say.

Just because it is technically feasible to do something doesn't mean there is some obligation to do it. We should treat external parties intercepting our traffic the same way we would treat those third parties trying to install microphones in our houses to listen to us.

You are forgetting that people have been talking in code words for centuries: criminals, businesses with trade secrets, mystics and esoteric religions, revolutionaries and even friends secretly planning a birthday party.

Talking cryptically comes so naturally that close siblings and friends evolve their own dictionary just for fun.

Removing encryption will not change this.

> Is there any way we could have encryption / security with a state actor still being able to decrypt the data if needed?

There are, and there have been, they're called back doors and they are a bad idea, because you cannot guarantee a state actor having sole access - if there is any way to get to data besides the main gateway (e.g. having a private key), it's insecure and potentially hackable by people that are not said state actor. Even if it's fully secure, there's still the risk of human failure - leaks, espionage, accidents. Then all your data would be up for grabs.

There's also a question of how much you trust the government, and trust all future possible governments.

Sure, it is actually quite easy to design systems that allow only the state or the government (or any given trusted organizayion for that matter) to decrypt secure communications. However, the problem is, can we trust the governments to not use this for malicious purposes, or to not somehow leak their credentials to others? What if some bad actor infiltrates the government and gets all access, or some rogue terrorist organization invades a country? As the Latin poet Juvenal said, "Quis custodiet ipsos custodes?" (Who will guard the guards?)

That's fine, why is that even a problem? Government won't be able to employ too many of those people, that is financially unsustainable. So they will think twice who to watch, they'd have to limit their surveillance only to actual terror suspects etc., not just about everyone as now.

Yeah, and now many UK citizens will regret leaving the EU even more...

I think (at least a lot of) those of us that voted remain knew there would be a massive watering down of civil liberties and protections should we leave the EU.

The UK has never suffered occupation under National Socialism or Soviet Union like most of Europe did so we don't have the same fear of authority creep, which is unfortunate because it absolutely is happening here.

People in the UK are infuriatingly trusting of their rulers.

> People in the UK are infuriatingly trusting of their rulers.

No, just the readers of the reactionary black-top press.

What's infuriating is erosion of civil liberties that has happened under both Labour and Conservative governments in the past 30+ years - I blame it on the fundamental design of the office of the Home Secretary - whose job-description is seemingly to always put matters of national security (and the reactionaries' opinions...) above such trivial concerns as privacy or liberty. Fortunately this trend can be reversed if an equivalent opposing office, a hypothetical "Secretary of Sensibleness", existed with veto rights over the Home Secretary.

I thought we came close with the new Secretary for Culture, Media and Sport, but it seems like a holding position for unwanted or up-and-coming MPs than a position of any consequence (London Olympics notwithstanding).

As a loony lefty myself, I find it really disappointing that Labour has decided to take the turns it has with regard to protecting civil liberties. This is just about my only qualm with the leftist parties in the UK; they have little or no emphasis on protecting the right to privacy, freedom of expression etc. and even the right to possess certain drawings, which was made illegal in 2009, as I remember via the proposal of a Labour MP.

Is it really so much to ask for a democratic Socialist party that favours protecting civil liberties? One would think it's in the interest of the proletariat. Oscar Wilde would be in favour of it.

> I find it really disappointing that Labour has decided to take the turns it has with regard to protecting civil liberties. This is just about my only qualm with the leftist parties in the UK; they have little or no emphasis on protecting the right to privacy, freedom of expression etc.

The issue here is that Labour governments under Tony Blair and Gordon Brown were decidedly NOT leftist. They were very much a Tory-lite neoliberal party. Remnants of those priests of a dying religion still plague the PLP today and spent the better part of Corbyn's leadership attempting to undermine him.

My MP is Angela Eagle. A self-described socially progressive lesbian that you would imagine would be on the side of civil liberties and democracy, yet her record speaks for itself;

- Refused to vote against Tory welfare cuts

- Voted in favour of the war in Iraq

- Voted in favour of the bombing of Libya

- Voted three times to block investigations into the decision to go war in Iraq

- Voted in favour of national identity cards

- Voted in favour of Theresa May's Investigatory Powers Bill (legalised mass surveillance of Britain)

She is the kind of 'leftist' that made the Labour party utterly right-wing.

A couple of years ago, when the LibDems supported Cameron's government, I concluded that the UK's political system was made up of 3 conservative parties. Both Blair's New Labour and the LibDems are an utter disappointment.

If I lived in England (I don't), I'd be pissed I couldn't vote for the SNP. They seem to be the only sane party there. It would be interesting to see them gain seats south of the border.

That's an interesting point and I'm inclined to agree with you there. I don't know if it's an urban legend or not, but apparently when Thatcher was questioned on what her greatest acheivement was, she answered 'New Labour'.

It's a real shame what the options have been in terms of electable leftist parties and policies in the past few years, so I'd very much agree with you. As to what Corbyn is going to do about it, I don't know, but I'm not a pessimist in this regard.

>> even the right to possess certain drawings

These would be drawings of child pornography, just to clarify.

Are you implying that the restriction is right, because of the content, even how disgusting as it may be? I don't think drawings should be censored, and I see no basis behind censoring them.

I think that it is a relevant factor for people to consider to make a view on whether the policy is correct or not.

It's worth viewing in the larger context though - it shows that the legislature has no problem censoring things, even possession of certain things, without evidence. In my opinion that sets a rather big precedent, whether you disagree with the specific content in this instance or not.

In terms of the principle, the actual content shouldn't matter in the slightest.

That's an interesting read -- wasn't the main "leave" argument pretty much to avoid Socialism, the new Soviet Union and creepy external authority (EU)? Preserve freedom?

From the outside, hilariously, it looks like both sides claim the same ultimate goal.

My opinion as someone who wished to remain in the EU despite its (many) problems is that those who voted to leave based on a wish to preserve sovereignty, freedom and democracy were woefully misinformed and perhaps even deliberately led astray by demagogues and fascists.

But then again they might say the same about my wish to remain part of the union.

I value effective regulation, worker protections, considerations of civil liberties and democracy and I made a choice to vote remain in the EU knowing full well that it is far from perfect.

I trust the EU to act in my interests a hell of a lot more than my own country's shit-show of career-politician Eton schoolboys, unelected Lords and sycophantic royalists embodying the very notion of hereditary privilege.

Leavers seemed to fall into one of two camps, one was primarily concerned with high levels of immigration, the other talked about freedom from EU bureaucracy.

The agitators mostly seemed to come from the second group but were happy enough to stoke the fears of the first.

Neither group appeared to have any coherent arguments to me.

Those on the right in the UK see the EU as a fundamentally a socialist enterprise as the EU has views on workers rights and human rights.

Those on the (far) left in the UK see the EU as a fundamentally a capitalist enterprise as it is about free trade and ensuring supplies of cheap labour to keep wages depressed.

Quite the opposite actually.

The UK is a mixed economy, we have both Capitalism and Socialism and we like it - our safety-net welfare state and the NHS save lives everyday.

EU membership is a shield for former soviet satellite states to join the West and escape Russian influence.

The main leave "argument" was £350,000,000 was being given to the EU and could save the beloved NHS - this turned out to be a downright lie.

Many of the other popular arguments were equally false and fearmongery about out of control EUrocrats legislating on the curvature of bannanas and attacks on the British sausage and that farmers would be better off outside the common market - all very jingoistic.

It has emerged that there was a lot of carefully crafted individually targeted Facebook adverts that played on voters fears derived from personal data held outside the UK (and outside UK data laws), sadly these went undocumented so we may never know the extent of the falsehoods or their level of influence.

The UK electoral commission has expressed concern over this type of campaigning as no-one knows what is being promised or how much was spent on it.

There has been an effort to try to document these dark ads for the recent election where they seem to have been much less effective.

Many Brits feel conned as the referendum was pitched as being only advisory but is now being taken as iron-clad and a 4% majority of those who offered an opinion is very little mandate to enact such major constitutional change.

As the realities for science funding, farming subsidies have kicked polls are reporting many Brexiters have changed their tune. Goldman Sax's relocation to Europe is a bellweather for the realities for the financial industry which is close enough to Tory hearts that one hopes they'll snap out of their dreams of Empire and Commonwealth.

Hopefully the staggering level of incompetence so far demonstrated by David Davis' negotiating team will be the rope that hangs them and we'll get a second real referendum.

The alternative Red White and Blue Hard Brexit promised by Teresa May is not good for anyone in the UK unless they are shorting the pound.

I agree with a lot of what you said. But it's simply not true that "Many Brits feel conned". The majority still wants to leave EU. That's why both Labour and Conservative MPs are pro brexit. Only LibDems are pro-remain, and they only got a handful of seats in the last general election. The brexiteers won, unfortunately. The only question now is how bad it will be.

> The majority still wants to leave EU. That's why both Labour and Conservative MPs are pro brexit.

This is not really accurate.

Firstly, the majority that initially voted to leave was 37% of the population. As far as I am aware that number has slightly decreased in terms of supporters, but even if the opposite were true it is still less than half of the population that actively support leaving.

Secondly, these MP's are only 'pro-Brexit' insofar as they know it has to happen regardless of their own beliefs and coming out against it now would be political suicide. No matter what you think here, in this last General Election people did not vote for parties based on their Brexit stance. They voted based on whether they wanted 5 more years of Tory rule. Tht issue was a far higher priority than Brexit.

You're quite correct. The proper phrase "The majority of people that could be bothered to vote still wants to leave the EU".

You have to remember we have FPTP voting, not STV or any other form of PR.

I'd have voted LibDem but you only get one vote and my main concern was "try to halt NHS privatisation" leaving me to vote against the Tories and so for whoever has most chance of winning against them.

There's no scope in General Elections for any nuance in voting.

LibDems openly supported this line, "vote against the Tory party".

Meanwhile in Scotland it seems SNP lost votes not because of their governance, per se, but because people were using it as a proxy for voting against a further Scottish referendum.

True. If the Brits really wanted to undo the referendum, they should have voted en-masse for the LibDems. They didn't. Worse: the Tories remain the largest party despite their losses. Clearly a lot of Brits still support the hard-line Brexit of Theresa May.

It is impossible to conclude this given Brexit was far from the only issue - ending austerity and saving the NHS were big priorities too.

This doesn't work so well under the UK's First Past The Post system.

If you wanted to get the Tories out then feeling one was throwing away a vote for the Lib-Dems in a seat were they are too far behind is one argument for proportional representation.

Also the Lib-Dems lost a lot of trust with the coalition with the Tories, many left the Lib Dems as they felt betrayed by this.

True, proportional representation would have given a far more accurate representation, and the Tories didn't get as many votes as their number of seats suggests, but still, they got enough votes to remain the largest party. That's far more support for May's mad rampage than I expected.

The main reason for brexit that I have sussed out is that it makes the Tories more powerful because they'll be the same sized fish but in a much smaller pond. So on a relative level their power increases and as long as the country doesn't collapse to such a degree that this undoes the advantages they come out ahead.

That last assumption may end up not to hold water in the longer term.

Basically the UK doesn't want the EU government forcing freedom on them.

Homegrown oppression over foreign freedom.

It's ironic, because many people that were under Soviet Union feel like European Union is creeping dangerously closely towards it, with centralized planning (Germany) and silencing of dissenting voices (if people vote against something in referendum, just run a fear campaign and repeat the referendum).

Do you have any sources to support your assertions on centralized planning done by Germany, or decisions overturned by repeated referendums?

This is an oft-mentioned idea in the UK. See here for a list of state EU referenda: https://en.wikipedia.org/wiki/Referendums_related_to_the_Eur...

The only repeat referenda seem to be ones where: 1) a motion was denied 2) ammendments were made to change or garuantee parts of the motion 3) the motion was subsequently passed

In the anti-EU crowd, this has morphed into "repeatedly re-run a referendum until they get the result they want"

I think leaving the EU was absolutely fear of authority creep, the increasing authority creep of the EU.

I'd be interested to see what authority creep you think is happening in the UK right now. I can see no evidence of it.

Given that the British were on the other side of that transaction for quite some time (occupying territories, leaving people fighting etc.), it's unlikely they think of such things as a risk.

The UK is already a solid police state, they didn't need to leave the EU to implement that. Of course, it can always get worse.

Most UK HN readers yes, most UK citizens wouldn't have a clue though, sadly. I imagine the prevailing attitude is that encryption (i.e. messages that the police cannot read) allow terrorists to plot things in secret. In a month with three terrorist attacks, it's easy political capital to clamp down on such things.

I won't be surprised if many (in the leave camp) will construe this as the EU sabotaging the security of its member countries.

As much as I wish they did, I am not sure they will.

A large portion of the UK has no idea how encryption helps them and believe that criminals and terrorists should "have nowehere to hide".

If there's one thing that stops criminals and terrorists, it's making the things they do illegal!

Same as drugs. Making them illegal really sorted things out and now no-one takes drugs and there's no more criminal activity because people fear the outcomes of breaking the law.

Agreed, smart criminals will just use private channels.

But what about dumb criminals? From what I read both the London Bridge attackers and Manchester bomber are dumb as dogs__t. They'd probably use whatsapp even if it wasn't private simply because it's popular.

(I support private communication, and think not being able to catch some criminals is a reasonable price, but many others do not)

For both recent attacks the authorities already had information on them, they were already on watch lists.

That's pretty much always been the case with most of these attacks. Which is the very same reason why I think that "more surveillance/data collection" will make the problem only worse.

As is, many government agencies databases seem to be filled to the brim with false-positives, making it impossible to spot the actual dangerous people among the hundreds of thousands (if not millions) of "suspects".

Maybe they believe that more data will make it easier to figure out who the really dangerous people are? But that whole idea is still based on concepts which pretty much boil down to precognition of how individual humans gonna act, an impossibility.

Guess a few people took Minority Report a tad bit too seriously and didn't get the message at all.

If you are having trouble finding a needle in a haystack, adding more hay is a bad idea.

source: https://www.youtube.com/watch?v=V9_PjdU3Mpo

That's a good one, reminded me of this: https://www.youtube.com/watch?v=pdIA0jeW-24

They were probably on watch lists at least in part due to the ease of monitoring their communications.

Come, come.

The reason you make it illegal is that then you can, with Rule of Law, take action against it.

You're (extremely naively) correct in saying making Terrorism (and associated activities) illegal is likely to have little direct effect, but if it isn't illegal then authorities subservient to the Rule of Law are impotent to act against it.

Assuming your comment is not that naive, what's the purpose of the comment? Unless you're advocating return to feudalism I can't see anything positive in your thinking here.

What am I missing?

I'm certainly not advocating against the rule of law, rather that we already have plenty of counter-terrorism laws, the sum total of which doesn't seem to stopped terrorist attacks from happening. I believe that in order to reduce the threat of terrorism in the UK, what we need is not more laws against it, but spend that time and energy tackling the root causes of radicalisation - poverty, mental health issues, education, wartime atrocities committed overseas, and other factors. Preventing people from becoming radicalised is safer and much more cost-effective than trying to find and track people who already are. Both approaches are necessary, but all the rhetoric is focussed on the latter, the former being not such a vote winner as a 'tough on crime/terror' stance.

Aye, but you specifically said "making the things they do illegal" with the implication being that such actions are entirely unnecessary. My point is they are necessary in a society that cares about the rule of law.

You're right to contend that simply adding more laws doesn't help further in general. But that's a considerable climbdown from the position implicit in your post upthread.

You can try taking a broader stance and consider the criminalization of related things that otherwise innocent people would still want to use. E.g. encryption.

The jaded tone is likely due to laws being created for the 'drug war' and 'terrorism' quickly impacting ordinary citizens, while having relatively little effect on the groups they were purportedly created for.

The latest attackers have given plenty of clues, like appearing in documentaries about extremism, being violent to their neighbours and actually stating their intentions for whomever wanted to listen

But I guess it's "racist" to take action on that

Can you give an actual example where someone in authority said they would or could not follow up a lead into a terrorist plot because it would be racist to do that?

Not terrorism, but race was one small factor that caused the Rotherham child sexual exploitation rings to not be rigorously investigated.


This was a long running set of crimes that had severe impact on the victims, and there were very many victims.

Investigating people before they are terrorists is complicated by things like human rights. But raping children is always, unambiguously, wrong.

Those are decisions made by social workers and local government, that's a long, long way from the Met and MI5.

Parent post doesn't mention the Met or MI5, and I'm not sure how the Met s relevant for eg Manchester bombing.

Those decisions not to investigate or prosecute were also made by police in Rotherham. Police were well aware of the extent of the criminality, and chose not to investigate or prosecute.


> Within social care, the scale and seriousness of the problem was underplayed by senior managers. At an operational level, the Police gave no priority to CSE, regarding many child victims with contempt and failing to act on their abuse as a crime. Further stark evidence came in 2002, 2003 and 2006 with three reports known to the Police and the Council, which could not have been clearer in their description of the situation in Rotherham. The first of these reports was effectively suppressed because some senior officers disbelieved the data it contained. This had led to suggestions of coverup. The other two reports set out the links between child sexual exploitation and drugs, guns and criminality in the Borough. These reports were ignored and no action was taken to deal with the issues that were identified in them


> Some at a senior level in the Police and children's social care continued to think the extent of the problem, as described by youth workers, was exaggerated, and seemed intent on reducing the official numbers of children categorised as CSE

etc etc.

Of course he can't. Note the use of quotes around racist, smacks of "I'm not racist but" mindset IMO.

No, it's an "intelligence" failure, and a direct result of austerity cuts.

Clearly they had the intelligence information, so it's not an intelligence failure.

It was lack of authorisation to act, and even that does not come from any "austerity cuts". It comes from the difficult balance of citizen's rights to "freedom of expression" and "privacy" and "right to family life" and so on.

The silly part is simply that foreign citizens can preach violence but they can't be deported.

I have tried to explain this to many people and I agree. People are entirely ignorant. I have actually given up now. I will have to vote with my feet at some point.

if this proposed regulation goes through soon, they 'll be able to get a taste of it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact