Hacker News new | past | comments | ask | show | jobs | submit login
The EU Commission accepts high error rates when checking chats (netzpolitik.org)
381 points by monort on Aug 23, 2022 | hide | past | favorite | 396 comments



As an EU citizen I didn't know exactly what that Chat Control thing was, so I web searched it:

> The EU wants to oblige providers to search all private chats, messages, and emails automatically for suspicious content – generally and indiscriminately. The stated aim: To prosecute child pornography. [1]

Yeah, that will go down well, a central government checking our private conversations for "suspicious content". Of course they would use the "think of the children" trope, they could also have gone with the "think of the bad terrorists" trope, but that would have been too American, too cowboy-ish, we need to feel special, we're Europeans, after all.

Minus some street protests I don't think we can actually stop this, and, even then, I have my very big doubts. It so happens that I live in the EU periphery (I still need to present my ID card if I want to travel to Budapest or West from there), and it sickens me to see that my privacy depends on countries and electorates on which I have no say (like Germany, with all due respect to the Germans who still care about their privacy). Why should my privacy be made fun of because of decisions taken by some people from half way around the continent with which I have no direct connection and no shared past? Did they have a Securitate-like thing? Many of them didn't, and even those that did (like the same Germans), it looks like it doesn't matter at this point, they're all too happy to see their private political conversations be scrutinised 24/7.

F. that, the only viable solution I see for my country is an exit from the EU, but the money (still) coming in from Bruxelles is too good to leave aside for pesky political principles, so of course that no serious politician from around these parts puts the problem that way.

[1] https://www.patrick-breyer.de/en/posts/messaging-and-chat-co...


> and it sickens me to see that my privacy depends on countries and electorates on which I have no say

The problem isn't "foreign rule".

The Swiss, famously independent, have one of the worst surveillance laws.

Doesn't chat control require unanimity in the EU council? If yes, if it happens, it will be because of 'your own' politicians.

Also, the EU parliament votes on this, and small countries have more power than large ones there, more votes per citizen

Lots of these laws are being independently adopted all around the world.

I will believe this is a foreign rule issue once you can show me one democratic country that consistently opposes internet surveillance and defends privacy and rejects 4-horseman based bogeyman politics. And where big countries pressure it to change that.

All countries are susceptible to this brand of demagoguery.

I will grant that the size of the EU enables it to pass surveillance laws that would otherwise not happen - any single EU member state would not be able to suggest change to global law the way the EU can. But then theres China, the US.


But the Swiss could organise a referendum and could've voted it down if they had wanted. (and they can also vote for much more draconian initiatives if they want). Ps : Iceland?


I always find it funny those "leave the EU" posts because it's usually based on 1) thinking the EU is something apart from the constituent states 2) Naively thinking their countries have nothing to do with the latest EU Commission proposals. And of course the ignorance on the process helps those who want to pass more controversial proposals

(as an example see the latest UK "proposals" for the internet)

> didn't know exactly what that Chat Control

Interesting, several discussions about ChatControl were posted semi-recently (just a minor observation)


> like Germany, with all due respect to the Germans who still care about their privacy

What are you talking about? The german speaking world cares (maybe a bit too much) about privacy. This is why google street view sucks in Germany. NOYB - European Center for Digital Rights is headquartered in Vienna.


Germany has many anti-privacy laws like the Impressum system which forces website owners to essentially dox themselves on a public webpage. I’m not sure where the misconception that Germany had strong privacy laws came from.


I've long believed this, but surprisingly, very few Germans I've spoken to feel this way about it, admittedly my sample is Berlin-centric, so perhaps that isn't a very good litmus test for general German sentiment considering the demographics of Berlin consist of a lot of non-Germans who likely aren't that clued-up, and that perhaps skews sentiment as a whole.


Big cities are always a lot more progressive.

But a christian-conservative like Merkel wouldn't have come to power if it wasn't for the more rural masses. They must have enough votes to influence policy in such a big way. And those are the ones that are the most susceptible to 'for the children!!!' type privacy invasion. At least in my experience here in the Netherlands, this is usually the angle those measures are pushed from.

I've also been surprised at how bad Germany is for privacy. For example when I tried to sign up at Hetzner they demanded that I sent a photocopy of my ID. When I did so after arguing, I blacked out my social security number which is very susceptible to ID fraud and even the local police provide instructions to block it out on scans.

However they refused that. So I refused them. I didn't try other German providers but went to France instead (Scaleway) and had a much better experience without ID crap.


Merkel is not christian-conservative except for the label of the party itself. She hit most of the progressive boxes really, especially "no nations, no borders" and the climate sale of indulgence.

I also wanna add that Merkel was elected by big city voters as well and not just the (framed stupid and wrong) "rural masses".

> They must have enough votes to influence policy in such a big way. And those are the ones that are the most susceptible to 'for the children!!!' type privacy invasion.

Realistically speaking once a party is in charge the people have no saying in the politics and the only thing that matters is how it is framed in the media. If the media says that people like it, it's okay, otherwise they might rethink it, but even that is not a guarantee. Given that most media outlets are dependent on government money they are mostly mouthpieces of the same.


This sounds like you're coming from a very US viewpoint. By European standards she is firmly conservative.


I am German and her politics and talking points were progressive politics/talking points.


Admittedly I'm a bit disguntled by the conservatives in my own country which are mainly supported by the rural communities. I let that show too much in my comment which was not fair. I'm sorry.


Don't be. I'm sure most people here feel the same.


That's very interesting re Hetzner. When I signed up Hetzner about two weeks ago, I wasn't asked for any kind of ID, in fact I was quite surprised how little friction there was. Experience hasn't been good though, so you haven't missed out on much. Downtime and connectivity issues have meant hours of time wasted on an issue that wasn't even at our end. Will check out Scaleway!


Strange. This was at least 5 years ago so perhaps it changed.

I'm very happy with scaleway. They're a bit smaller and really easy to deal with IMO, you can ask them questions directly on slack and they don't look down on the small customer. I have 2 VPSes of the cheapest kind "Stardust" (1,80€ per month) and they're quick and friendly.

They used to have 8-core atom servers that were a bit unstable, mainly due to the nbd network based root filesystem. One network hiccup and it would go read only. They were really cheap though (12€ per month for dedicated metal is pretty amazing) but I did need support for that a couple of times.

But since I moved over to their VPS offering I've had no issues and I heard that they deprecated all the nbd based platforms due to these issues.


That's odd, I have never experienced downtime and connectivity issues there, with constant use for over ten years.


Personal privacy is different than commercial privacy I guess


Bingo. Impressum is mandatory for commercial sites (including anything ad-supported), but on the other hand WHOIS has been crippled by German privacy laws. The standard API will give you only the name servers, and the denic website will give you the owner-c email address (after solving a captcha) but no mailing address without a court order.


Vienna is in Austria, not Germany


Austria is considered a part of german speaking world


Yes, but its not in Germany.


On that point Austrian privacy laws are insane. CCTV is a nightmare to set up there.

https://edpb.europa.eu/news/national-news/2018/first-austria...


> The infringements refer to the following: the video surveillance system covers public streets as well as parking lots, both part of the public area in front of the entrance of the sports betting café. This is not adequate for the purposes of the processing and is not limited to a necessary extent. There are no logs of video surveillance processing operations. There is no deletion of the personal image data recorded by the video surveillance within 72 hours and no separate logs for processing in this regard and a justification for an extended storage period is missing (as determined in the Austrian Data Protection Act). In Addition to that, the filmed area does not have adequate signage about CCTV.

Why are those laws insane?


You set up a camera to cover your front garden and if you happen to cover a portion of the street leading up to your property you are breaking the law. That's genuinely absurd. Keep in mind these apply to residential systems also.

The rest of your quote is just as ridiculous.

> There are no logs of video surveillance processing operations.

It's a private system, why should there be.

> There is no deletion of the personal image data recorded by the video surveillance within 72 hours

Genuinely insane


if you happen to cover a portion of the street leading up to your property you are breaking the law

in germany too.

why is that absurd?

you can monitor your own property, but don't record me when i am walking along the street please.


Recording the street is the most important part of recording for crime detection.

If someone knocks off the side mirror of my car by driving too close, I shouldn't be able to record that? I shouldn't be able to capture the license plate so I know who it is?

You do get that you are publicly visible when walking down the street, right?

People are visible in their gardens too, but I can at least understand making it illegal to record other private property, but the pubic street is reading it too far.


Regulation of CCTV generally takes the approach that there's a substantial difference between you standing there with a camera and CCTV because you standing there with a camera produces a substantially different level of signal that people are being observed.

Your right to take the footage is in competition with peoples right to a reasonable level of privacy even in public spaces, as there is a huge difference between being seen by someone, being filmed by someone when they happen to be there, and being constantly filmed by automated systems that may or may not be appropriately controlled to ensure images are not spread.

The approach taken tends to vary between outlawing it or allowing it with restrictions, including making you subject to retention and subject access policies.

E.g. in the UK, which is notorious for the amounts of CCTV, you can cover public areas if necessary, but you then need to be prepared to delete footage of people on request, respond to subject access requests, ensure the footage is kept securely, ensuring the footage is deleted regularly, and restrict access to the footage. You also need to be able to provide - in writing if requested - legitimate reasons for doing so. Here's the ICO's advice page on the subject[1]

[1] https://ico.org.uk/your-data-matters/domestic-cctv-systems-g...


Or go live in Africa where people case the street before they come to rob/murder you. It's a big deterrent to have CCTV covering property perimeter


it's a band-aid to a different, more serious problem. you both would have a point if the crime rate in germany or austria was higher due to not allowing surveillance in public spaces.

but thankfully they have other deterrents to crime that allow everyone to have more privacy in public spaces.


> germany or austria was higher due to not allowing surveillance in public spaces.

Have you seen how many stabbings have been happening in germany lately?


Germany is somewhat safer than France and 6 times safer than the US, and continues to have a downwards trend.

https://data.worldbank.org/indicator/VC.IHR.PSRC.P5?end=2020...


How's that in any way relevant?


i saw the headlines. i haven't read about any ideas what would be the cause. but whatever it is, surveillance of public space is not going to solve it.


don't go to pretty much any other country on planet earth then


So is data loss prevention or other forms of workplace monitoring


> This is why google street view sucks in Germany.

Street view in Germany sucks because very rarely there will be a pixelated building front?


Street view in Germany sucks because Google didn't want to deal with so many pixelation requests, so they drastically reduced the coverage.


Incidentally, Apple just launched Apple Maps Look Around in Germany this summer. It has very good coverage, but you need an Apple device to access it (ugh).

Interestingly, I haven't seen any public discussion on it.

Apple also allows you to demand blurring of your house, but they do this globally.


Those requests would neither have been possible nor come in by such numbers if Germans were not privacy-aware.


your house on the street is public landscape. privacy does not apply on what you see from the road.


without streetview or photos on a public website, only people who are actually passing by my house can see it.

otherwise it is visible to the whole world. that is a drastic difference for a privacy conscious person.

or consider for example me posting a picture of my house without giving any address. there is nothing identifying except the building. with streetview you could potentially find my address. why should you be able to do that?

sure, streetview is nice to use, but i think privacy concerns are real.


> your house on the street is public landscape. privacy does not apply on what you see from the road.

It would be difficult (impossible) for 8 billion people to come over to my street and stare at my house, in the physical world.

So it's very different to expose the view on the internet to all those 8 billion.


No, because GSV is at least a decade old in Germany, since the whole "pixelate my building" has understandably been too much of a hassle for Google to push any picture updates.


" the only viable solution I see for my country is an exit from the EU,"

I suspect the privacy situation is much worse in most countries outside the EU.


> F. that, the only viable solution I see for my country is an exit from the EU

Genuine, not loaded question: and then what? What do you expect to happen?


Probably what Brexiteers expected to happen, that everything they don't like disappears and nothing gets worse.


Am currently living in England, can confirm things they don't like didn't disappear and things have, in fact, been getting worse

But hey, happy fishes and being able to flaunt that stylish passport on the massive customs queue

Maybe I should get myself a job in the continent and move there...


UK government is working hard to replace all the worst aspects of the EU with homegrown alternatives.


Examples? And what about replacing all the good things the EU provided with homegrown initiatives?


So one example is pushing the surveillance and anti encryption agenda covered in this article.


What were the good things beside less hassles when travelling and some money thrown at universities? Genuine question.


Erm, free movement of goods and services, labour, capital. Access to the world's largest single market with no restrictions which by itself allows more UK businesses to thrive. Huge benefit to being able to choose from numerous places to live and work.

The UKs trade swagger is demonstrably worse without free access to the single market. Numerous academic studies have shown that long-term the UK will be worse off.

Trade is the big one.


Dare I say worse ones for privacy and public protection.


The real reason Brexit happened is that people were concerned about the immigration of poor Europeans in the UK and the future prospects of having to bear a share of the poor Africans together with the rest of EU.

I was a poor European who moved to the UK and I've seen first hand the problems that immigration of poor people can cause on crime (from drunks to petty theft to stabbing) and how much the locals dislike it.

I've seen the same happening in Italy and the situation nowadays is so bad I would be genuinely scared to live next to the train station in any major city in Italy.

I think a model based on skills is the best approach: if you want to move in you should be able to prove you're skilled and that we need you. Once you pass the checkboxes the process should also be much smoother than what it is right now, the typical bureaucratic nightmare.


What amazes me is how few details were in the referendum. The question asked was "Should the United Kingdom remain a member of the European Union or leave the European Union?" and the possible responses were "Remain a member of the European Union" and "Leave the European Union".

There are a lot of ways Brexit could have been implemented. One extreme would be to make it so the UK has no special arrangements with the EU. It would be just another non-EU country, like say Mexico or Japan, that trades with the EU. Agreements and treaties would arise eventually to deal with issues as needed.

The opposite way would be to make it more like say Norway. Norway is not a member of the EU but is part of the Schengen area along with many EU countries greatly easing travel. It's part of the European Economic Area, easing trade.

Are politics in the UK stable enough that at the time of the vote one could predict which kind of Brexit would be implemented? I don't think anyone seriously thought that Brexit would be fast, so implementation would be years after the referendum.


It's easier to go to the capital of your country and bomb the parliament than go and do the same in Bruxelles. You can't expect foreign politicians who can't even spell your country correctly to care about your problems. You can keep your local politicians more accountable.

I personally think we should decentralise power even more: country level is still too much. EU level is just ridiculous.


> and then what? What do you expect to happen?

When the Government did do shitty things in the past we used to go out in the streets, we last did that 4-5 years ago. It helps that the main Government building is only two tram stations away from where I'm living and from where I'm writing this comment, so that helps. I wouldn't even know where in Bruxelles to protest against this, never mind that I'd have to take a plane to get to said protest.

Granted, laws like this one are mostly a clear pass-through for any party that holds power, mostly because the "liberal" middle-classes (the ones who usually go out to protest against a Government they don't like) basically support laws similar to this (unless instructed otherwise).

There are people though who do protest against this sort of stuff. I remember joining a protest against electronic IDs about 10 years ago (give or take), organised by a local religious organisation (I was and still am an atheist), which protest was of course derided by member of said "liberal" middle-classes with stuff like "look at these religious n.ts! they think they're going to have the number of the devil imprinted on a chip located inside of their brains" (I'm paraphrasing, but not by much).

Also, the only consistent movement (for lack of a better term) against electronic centralisation (including surveillance, of course) of most of our lives comes from the same religious and traditional fringes. If they will go out in the streets to protest against it, and they might, I'll most surely join them, while, I repeat, I wouldn't even know what European-wide movement to join in order to combat this, to say nothing of its effectiveness (by "joining" I mean physical presence, not only just an online petition thing).


> but the money (still) coming in from Bruxelles is too good to leave aside for pesky political principles

This is a myth. The money Bruxelles “sends” are money lost by customs duties no longer levied by individual states. There are no new money “spent” as such.

As for leaving the eu, speak for yourself. Romania has by and large a favourable view of the eu. Those who usually dislike it are either corrupt politicians or really really dumb people (conspiracy types).

Germany has many faults for the current state of the eu, but as in any democracy, you can vote better representatives for the eu parliament, instead of the bunch Romania sends at the moment. That way your view will be better supported in their debates against mps from that country.


You don't need to leave Europe. You can use an open platform like Linux and relevant tools, and also educate your close ones what is going on. My experience is they're using spying tools such as WhatsApp or Messenger out of inertia, but when they learn about privacy concerns, they are willing to use an alternative solution, and this is something that spreads around.


When we put in place stuff like this to "think of the children", we tend to neglect what those children will inherit from this legislation. Every year the future for the next generation looks more and more bleak. No wonder depression and anxiety is such a huge problem.


Didn't Germany question and pressure the EU consul about chat control?

Deutsch: https://netzpolitik.org/2022/chatkontrolle-bundesregierung-l...

Translation: https://www.reddit.com/r/privacy/comments/vitir0/germany_ask...


> F. that, the only viable solution I see for my country is an exit from the EU, but the money (still) coming in from Bruxelles is too good to leave aside for pesky political principles, so of course that no serious politician from around these parts puts the problem that way.

Without any shadow of a doubt, the EU is trying to create a super state. In its original scope it was a trade union, but it has clearly exceeded its mandate. They now actively look towards creating an army and will be soon forced to start significantly increasing taxes (for complex reasons).

Your sovereignty is worth the cost in the long run. You get a large EU tax, and then Brussels decides that it knows how to spend your money better than your own government.

Maybe (maybe) you receive an excess amount from Brussels, but there are also hidden costs. One is a slower and more complex political system with many more actors. Another is uncontrolled migration which the EU is currently plagued with. Another is that you are forced to engage in ideological investments your Country may not be aligned with.


> the only viable solution I see for my country is an exit from the EU

The UK thought so too, now they're frontrunning the EU on scraping privacy. I honestly don't even understand one could think an EU exit would address those problems in any way - corporate lobbying is inherent to politics, just look at your national government (whichever that currently is). And realistically speaking, the smaller the entity, the less likely they are of placing meaningful restrictions on US tech firms (like the EU did with GDPR).


Because, depending on the country, another government may be elected that will change the course.

I can't elect anyone in the EU commission. Nor did I vote for my country to put the EU treaties above my constitution.


You also don't elect the members of your national government directly (in no country that I'm aware of, EU or otherwise, not even Switzerland). You're electing members of parliament and/or a president, who will then jointly appoint members of your national government, EU commissioners and a host of other political/judicial/administrative/... positions, in sometimes complicated processes. So your democratic choices affect the EU commission just as they affect your national politics.

I'm not saying that the EU couldn't do more to strengthen direct democracy (eg the role of the European Parliament, referenda, direct election of the president of the commission...). I would actually welcome that, but suggesting that current EU politics isn't democratic is a severe misrepresentation of the facts (one that is often peddled by actors with sinister agendas).


The constitution of Germany for example explicitly states that it is immediately rendered invalid the day the German people chooses to establish another, e.g. the ultimate power to govern the German people lies within the people.

This is a fundamental freedom the EU currently does not guarantee and putting the EU treaties above countries' constitutions is frankly incompatible with this clause.


You are completely missing the point. You have a whole lot of more control on people who live next door to you than bureaucrats living thousands of miles away with whom you have absolutely no connection



N=1 does not prove anything.


that's two acts of the UK government already. sorry if the data don't match your ideology.

but sure, you can try to brush off every fact-based argument against your idea with 'it hasn't been tried often enough!'


Leaving the EU won't help. Laws like this impact the global internet, even if you don't live in the EU.


>F. that, the only viable solution I see for my country is an exit from the EU

I don't think non-EU Eastern European countries have such a stellar track record with respect to privacy...


what stops your govt from doing the same even after existing the EU?


[flagged]


Sorry, sarcastic remarks with no discussion don't get upvotes. That is standard here, unlike on Reddit.


It’s trivial to disprove that but ok, whatever makes you sleep at night.


The only "good" thing is that the current German government is very skeptical about this and two of the current governing parties (the Greens and the liberal party) have also long been opposed to more surveillance.

This was different with the previous government where the "law & order" mentality was much more entrenched, and which did nothing to prevent e.g. upload filters (despite promising to do so).

So I try to maintain some hope that at least Germany as a member state could tank this awful bill.

edit:

Here's the list of 61 questions that the German government sent to the EU concerning the bill (at the end of the article, in English): https://netzpolitik.org/2022/chatkontrolle-bundesregierung-l...

From a cursory reading, it reads to me like the diplomatic equivalent of "what you're proposing doesn't make any sense".


The questions are indeed gold:

> 4. Does the COM share the view that recital 26 indicating that the use of end-to-end-encryption technology is an important tool to guarantee the security and confidentiality of the communications of users means that technologies used to detect child abuse shall not undermine end-to-end-encryption?

> 5. Could the COM please describe in detail on technology that does not break end-to-end-encryption, protect the terminal equipment and can still detect CSAM? Are there any technical or legal boundaries (existing or future) for using technologies to detect online child sexual abuse?

Mathematically speaking, they could have stopped at that point, but they went on.


Are you sure they're ideologically against it, or where they against it because they were in the opposition and it was convenient for them to be?


The Greens in Germany are basically a more serious/realistic Pirate party when the topic is related to the internet.

Honestly I vote Greens because of that alone. The fact that the rest of their program is sane is a cherry on top.


Oh my god, not at all. The Greens, are more ideologically driven than any other party and not in a good way(and that ideology does not line up with their campaign promises at all). They have been the single most destructive force in German politics and they have not kept a single campaign promise. This is the supposed "Green" party that campaigned on anti-war and not sending weapons to war zones and closing coal that has been actively lobbying on reopening coal plants and has been the most vocal in its request to send weapons to Ukraine.

If Greens were in favour of anything they campaigned on it would be the perfect political party, but it's not.

It's actually the FDP and AfD that has been most actively against these things. The AfD has been labelled far right and racist conveniently ignoring all the massively racist statement and actions by past CDU/CSU and SPD leadership.


How can you complain about them being "ideologically driven", and simultaneously criticize them for not insisting on anti-war/environmental ideas in the face of war in Ukraine? I say they're doing realpolitik, even if it might lose them some of their more ideologically entrenched voters.


>How can you complain about them being "ideologically driven", and simultaneously criticize them for not insisting on anti-war/environmental ideas in the face of war in Ukraine?

Simple, the Greens have refocused on US-style identity politics and abandonded environmental concerns as their main focus.


Hah I completely agree.

Realpolitik trumps ideology. And I'm happy the Greens go that way


> This is the supposed "Green" party that campaigned on anti-war and not sending weapons to war zones and closing coal that has been actively lobbying on reopening coal plants and has been the most vocal in its request to send weapons to Ukraine.

Which is not a new thing; They did the same the last time they had government participation under Red/Green, ended up sending the Bundeswehr to "defend freedom" in Afghanistan.

Thus the running joke about Greens in Germany is how their "green" does not stand for the environment, but rather for the olive green of military uniforms.


So, in other words... they react to changing circumstances (the exact opposite of ideological)?

Coal used to be worse than gas, so they wanted less coal and more gas, but now the gas is worse, so they want less gas and more coal?

They were opposed to arming Germany out of fear Germany could be tempted to attack other nations, but now that it wasn't Germany who started the attack, they want Germany to help defend?

This is the exact opposite of ideologically driven and it is exactly how every party and politician should be.

If your position is to be against war, even when a tyrannical dictator sends his army to murder your people, that is a stupid position. If you position is to be against war unless it's against the army a tyrannical dictator sent to murder your people, that is a very sensible position.


That's a dangerous way of thinking. Just because you have a common enemey (AfD hating all things Europe and therefor hating this stupid law), does not make you a friend or even a good ally.

Also whataboutism of the highest order! Of course there have been people found to be Nazis in other parties throughout Germany's history. Still no reason whatsoever to even remotely accept them today.


Sane policies like shuttering nuclear (in favour of more coal and reliance on Russia)? Yikes


Hahaha, good one.


Are you sure they’re not part of the group who wrote the law, only to pretend lobbying against it with, you can admit that, surface arguments which won’t rollback the idea of total control on private communications?


It doesn't matter how low the error rate is. The fact that the European Commission wants to have a third (robotic) participant listening in on every digital communication is absolutely ridiculous.

Saying that this is about child protection is a blatant lie. This serves only as a stepping stone to introduce other screening criteria later. And with opaque ML models it will be very tedious to determine what the model is supposed to find.


I agree, child protection isn’t what’s driving this. It’s the deflection


What evidence do you have to support this? Everything I can see suggests that they sincerely believe this will help protect children.


The way the EU Commission handled whistleblower Roelie Post regarding child trafficking makes me think the safety of children is not the highest priority of the EU Commission. Even today she lives in fear and under a lot of pressure as can be seen on her Twitter account.

Basically the EU Commission punished her for being a whistleblower.

http://www.roeliepost.com/

https://www-vpro-nl.translate.goog/argos/lees/nieuws/2019/Ge...


What evidence is there that spying on the public will reduce child molestation? When you consider that the majority of perpetrators are family members how would spying on the publics chat help detect or prevent that? I don't think there are many child molesters boasting about it tbh. Would such a law prevent child molestation or prevent molesters from talking about it?

There is no evidence and little reason to believe this will protect children. Before infringing on innocent peoples privacy there must be some evidence that it will actually help protect children. There is no evidence to support this nor calls to study the efficacy idea. Makes me think protecting children is not the intention of their spying.


Especially because in the US we already do this and the sky hasn’t fallen. Storage providers and hosting services already scan for it and popular chat apps block sending matching images client side.

Like everyone saying this is the spiral to dystopia has to contend with the fact that we’re already apparently living in one.


The sky hasn’t fallen?? Have you read https://www.nytimes.com/2022/08/21/technology/google-surveil... ?


Not the first of such stories either:

https://borncity.com/win/2020/08/16/microsoft-kontensperrung...

This is why I explicitly make on-site backups of anything that's in the cloud and don't store my passwords with Apple. If they suddenly decided I had CSAM for some reason, I'd be locked out of everything.


Google found an image of potential cp, literally a naked child, and forwarded it to the authorities to figure out if it was legit.

Other than the person having their Google account suspended which is a separate issue from the surveillance I see zero issue with the events as they happened. In a bygone era where you had to get photos developed I would have expected the 1 hour photo employee to do the same.


That’s a totally alien idea to me. I grew up in a very nudity-friendly family in Europe and the idea that something as trivial as a naked photograph could occasion such a quasi-disaster is absolutely horrifying.


A photo of a naked child isn’t automatically CP


Which is was forwarded to the police for them to make that determination, do you want the alternative where Google decides?


A lot of Europeans would consider the US fairly dystopian, yes.


The alarm here is because the EU is proposing mandating it, that’s not happened yet in the US.


What? The US doesn't do this. What's the law that mandates scanning chat messages?


I think the US does it without the law. They’re proactive like that


> "Saying that this is about child protection is a blatant lie."

Why do you think this? What evidence would convince you that they are sincerely trying to protect children?

Helen Lovejoy wasn't lying, she was sincerely (but irrationally) concerned for the children.

HNers believe this conspiracy theory about their own governments (that they are deliberately secretly plotting to be despotic, and using the cover of trying to protect children) with no actual evidence, just a lot of winks and eyebrow wiggling. Complete abdication of rational thinking.


> What evidence would convince you that they are sincerely trying to protect children?

If they sent people into the the real world (where the children are), instead of passively spying on bits and bytes

> HNers believe this conspiracy theory about their own governments

Not a conspiracy theory, and not specific to HN. I dare say it's a mainstream opinion, which explains why they can't openly admit to it and the document had to be leaked (similar to Edward Snowden in the US). This comic predates HN: https://i.redd.it/ifb8agngc7dy.jpg


> If they sent people into the the real world (where the children are), instead of passively spying on bits and bytes

What would those people do in the real world? Kind of a rhetorical question but if you have a good answer then shoot :)


One piece of evidence is that authorities pushing hard for surveillance do not actually care about removing images they find, even though removal requests are easy to file and are obeyed by hosters.[0]

More evidence is that this sort of crime is being exaggerated in its severity. E.g. this study found the risk of adulthood psychological trauma is minimal when relying on objective evidence of abuse.[1] It is filthy and bad, but the total damage seems hardly enough to justify abolishing privacy.

There is always going to be a tradeoff between safety and freedom.

[0]: https://news.ycombinator.com/item?id=31353026

[1]: https://www.nature.com/articles/s41562-020-0880-3


> Why do you think this?

Because it's happened before. Systems put in place nominally to fight child abuse end up being used for copyright enforcement.


Do you have links for those systems? I can't find anything, but "copyright" is not a good Google search term...


Governments don't need to secretly plot to be despotic. They're fairly open about it.

Here we are discussing a government demanding that they are able to access all private communications in order to ensure it's all perfectly legal, and yet you don't see this as despotic.

So it's not a conspiracy, because so many people don't even see it as despotic they aren't afraid to do it in the open.

Losing the ability to have a private conversation online is so blatantly harmful to individual liberties I cannot comprehend how a thinking person isn't alarmed by it.


This technology is ineffective at saving children and highly effective at ruining more lives than it could theoretically save even with perfect conditions.


Yes, both true, but in no way contrary to the statement you're replying to.

Politicians in general are highly ignorant on technology and have no clue about the impact of ideas like this. They get advice from advisory boards populated by political science students that had internships at IT companies and are now 'advisor on AI in government'. Sometimes they get external advice from expensive consultants that tell them what they want to hear, especially if they think they might be able to sell more projects afterwards.

So, a politician who objectively wants to protect children in a modern world will come up with dumb ideas like this and get confirmation that it's not a dumb idea. It's Hanlon's Razor at work.


> Why do you think this?

Because Zensursula has tried to pull off this trick before. Her party is very eager to introduce more surveillance and they like to brush off technical and ethical concerns.


> HNers believe this conspiracy theory about their own governments (that they are deliberately secretly plotting to be despotic, and using the cover of trying to protect children) with no actual evidence, just a lot of winks and eyebrow wiggling. Complete abdication of rational thinking.

Ha, I don't think most HNers would be quick to say think their governments are capable of conspiracy. I think most would say it's just more your regular run of the mill taxpayer-funded incompetency.


> Why do you think this?

Anyone with a bayesian world-model thinks this. It's one of the most tired and obvious lies of all time, to the point that "think of the children" is a well-known trope.

> What evidence would convince you that they are sincerely trying to protect children?

Their behavior would have to actually reflect such a stance.


A major rule in life is to listen to what people do, not what they say.

What they'll do is listen to every online conversation anyone has.


You are disingenuous. 'Gliding path' is standard practice in the EU.


I think there are some important questions that need to be answered before such a dangerous decision should be made.

How big is the risk of a child being groomed through these electronic means? Is it comparable to being struck by lightning? What is worse weighted by probability: being sexually assaulted as a child or being suspected and having your life turned upside down for years by these algorithms. We already see these things happen with relatively minor things like having your google account closed by an algorithmic mishap.

How was this 10% number of false positives determined? Is this only an expectation of false positives or an actual statistic. What does 10% mean in the context of mass surveillance?

It might well be that millions of children are groomed and assaulted every year through chats. I don't have the data so i cannot say. I was under the impression that most sexual assault cases happen in the family and not by strangers.

What's worrying though is that these decisions are taken behind closed doors without any oversight, on the hope that they might save a child and possibly putting our lives in the hands of algorithmic justice.


These are the type of questions that need to be presented to the public. This type of attack on encryption hasnt changed in 30 years, except now governments are going hard on the CSAM aspect as opposed to the other 3 horsemen[1]. It makes sense too since its the type of argument which invokes the most emotion in people, how could anyone be against protecting the children.

[1]https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...


99% of people are simply not capable of making or even comprehending the relevance of probability-weighted utility calculations. This has predictable and deeply unfortunate effects on the political process.


"If even one child is protected, then it was all worth it"


Or conversely, "Thank you child. Your abuse, was all worth it."


This sounds more like reviving the Stasi than helping children.

I’m not going to debate a disingenuous excuse from the people who just locked us in our homes for a year seeking yet more power and control.


I have such a strong reaction to news like this, it's hard for me to not think that it's appropriate for every member state to consider leaving the EU now. They've succeeded in shifting me to a very anti-EU stance in one proposed measure - brilliant! It wouldn't surprise me if the leaders of most states are quite keen on such surveillance though.


I kinda get it, but it doesn't make sense to blame it on the EU when you own government would likely impose the exact same (if not harsher) rules. Thats at least what I tell myself. I'm under no illusion that my own government is any better.


See: The UK, doggedly pursuing similar legislation


I think it does logically - in any countries where you have more direct democracy than the EU flavour, certainly easily achievable in respect of the Commission.

Whether that has any practical difference given the nature of politicians and politics in general, well, at best your mileage may vary.


EU is not a foreign entity, it's made up of the governments of the members(some elected some appointed by the locally elected). So when you leave EU, you end up to live with the entity that tried to introduce it in first place.

If they didn't wanted that, they could have blocked it. However, leaving EU might actually help the government to have a better localised excuse. For example, maybe child abuse is not a big thing in your country but immigration is a hot topic? Then you can have "break the encryption to stop the human smugglers" campaign.


Your argument does not stand with e.g. France.

In France, there's an election for each. One for national parliament seats, one for EU parliament seats.

In the last decade, the national elections were usually won by center-left (Macron's party) while the EU ones were won by the far-right (Le Pen even has a seat at the EU parliament AFAIK)


What it doesn’t stand exactly? Who is the foreign entity that makes French people do at stuff? Macros? Le Pen? The French voters?


Well in theory I'd agree with you, but in practice your assertion that people would vote the same party nationally and at the EU level is demonstrably false


I don't get it? Do you claim that one of the elections is rigged? I mean, we have multiple elections for a reason right? People choose to vote for different people on different elections, why would that be problematic and how that would be "fixed" if France left EU?


It is EU law that will prevent the Commission from actually getting anywhere near implementing a project this stupid and insanely-illegal.

Over in the UK, the EU can't stop the new Kakistocracy from actually doing it. I know where I'd rather live.


The EU commission members are appointed by each member state.


The schema how they're appointed and which country appoints which is.. muddy to say the least.

And then EC bureaucracy has a lot of weight with appointed commissioners (who frequently know jackshit about assigned fields) acting as PR figures.


I'm very critical of the EU, i do think it is poorly designed and not a desirable project regardless.

That being said, things like this would happen at the national level for sure, the EU has nothing to do with it. It's systemic to "modern democracies ".


The issue is that they might end up breaking encryption anyways as exited states.


Better to have a patchwork of occasional shitty laws from weak, small states than consistent and unified shitty laws with widespread enforcement.


The counter-argument is that nothing prevents governments coordinating on this in a supranational manner, anyway (cf. the planned, but fortunately rejected ACTA).

In the EU enforcement is mostly decentralised, anyway.


No comment on the policy etc, but I think the presentation of the numbers is a bit misleading.

That 10% is the percent of flagged images which are actually OK. Whether this represents a large fraction of all legal content depends on how much illegal content there is. It would be better if they quoted the false positive rate and false negative rate as a fraction of legal/illegal images respectively.

e.g. if 1/100,000,000 legal images are flagged incorrectly, and 100% of illegal images are flagged correctly, then a corpus of 100,000,000 legal images + 9 illegal images would result in the stats in the headline. That seems like a pretty good system (ignoring any principled objections to the scanning in the first place).


10% of all OK images may be falsely flagged, but what about specific categories of images?

What would the error rate be for an album of legal pornography?

What would the error rate be for an album of a family spending the day at a beach?


> 10% of all OK images may be falsely flagged, but what about specific categories of images?

The article doesn't say what % of OK images are falsely flagged, only what percent of flagged images are OK.

Agree that subsets might have different stats, but there's 0 information in the featured article about any of that!


Ah, I see what you mean.


The (false negative) error rate on a parent taking pictures of an unusual growth on their child's naughty bits and texting it to their doctor is 0% - as in, the algorithm correctly identifies this as CSAM every time. Nevertheless, nobody[0] would consider this CSAM, based purely on context that... absolutely will not be available to any of the intermediaries charged with scanning for it. What system does the scanning won't matter, because it's not a question of accuracy; it's a question of missing information.

This isn't even a hypothetical. The case I mentioned above actually happened. Google narc'd on someone who did exactly the thing I mentioned, and they got a police investigation for their trouble. And while the police - armed with exhonorating context - did eventually drop charges, they are still banned from Google for life. Yes, Google was contacted by journalists about this guy and they said they stand by their initial decision to permaban him.

The core danger with any automated scanning system is not the false positive or false negative rate - that is an engineering problem. It will get better. The danger is the amount of legal-but-crime-adjacent activities that will be effectively prosecuted as crimes. I mentioned child telehealth above, but there's other instances of automated prosecution expanding far beyond the letter or spirit of the law. YouTube Content ID is top-of-mind for me; though that has two problems. It both kills fair use, and correctly prosecutes copyright infringements that people expect to fly under the radar.

[0] Child anti-explotation agencies still caution against this because they don't want your kid to get used to getting photographed down there. However, they wouldn't consider this sexual abuse.


This headline seems factually incorrect given what the post actually claims was said. What's described isn't a 10% error rate, but rather 90% precision. It seems like the actual thing which would be called (type I) error rate isn't discussed at all.

I can only imagine that the reddit post was written with that title in bad faith/to promote fearmongering. It seems like this nuance escaped the majority of the commenters on HN as well.


The 90% precision seems to be text only and without the rate of false negatives it is pretty useless. Could be the software only finds text that are pretty obvious grooming then 90% precious is not so good.


Due to the volume of messages and the endless need to maximise profits, companies will accept 10% flagged content may be false positives but act against all 100% of flagged content, meaning that the default will be innocent people having action taken against them but with no real recourse to clear their name.

I also didn't find anything in there about expectations for reducing numbers of false negatives (where automation fails to flag suspicious activity). Content control is basically just PR if it ignores the majority of activity it is designed to police.


Not just will have action taken against them, they already are: https://archive.ph/W41mf


And in typical Google fashion, you get flatlined and there will be no recourse.

> “You have to talk to Google,” Mr. Hillard said

One of the most impossible feats in the modern world.


Doesn't the system eat itself in the end? False flag 10%, remove those users, falsely flag some more, remove them, and so on until all that's left are people who don't use it or just send pictures of their food?


> Doesn't the system eat itself in the end?

Well, it does not as long as the (predictable?) self-censorship sets in. After some time users know not to post pics of vegetable soup if those pics tend to get misclassified.


Depends on the absolute rate of false positives.

I, for example, am currently banned from Reddit, after something like 8 years of usage, due to writing a comment mentioning that Reddit administration was corrupt (how's that for irony? I fear the far-right may have been correct about Reddit administration).

In this case it is not a broken system but an actively malicious one but the point still stands: if it takes 8 years to get falsely banned, they still have plenty of active users at any given time, even high-value ones.


Where will those flagged users go? The point of FAANG is that they are monopolies.


Offline? If the system is as automated and un-appealable as the doom posters are saying, their lives are ruined and they're banned from those platforms forever.


Disgusting. Wonder if people working on these commissions ever consider the thought that they are "the baddies". In any case, the gestapo would have _loved_ this service.


I know a few, and these people genuinely and completely unironically without a doubt in their mind consider that they're doing the right thing for the greater good of humanity.


Sounds like the average politician.

I posit that people that rise to power and at the top of bureaucratic institutions are those diligent and stupid characters Kurt von Hammerstein-Equord was warning us about:

"I divide my officers into four groups. There are clever, diligent, stupid, and lazy officers. Usually two characteristics are combined. Some are clever and diligent — their place is the General Staff. The next lot are stupid and lazy — they make up 90 percent of every army and are suited to routine duties. Anyone who is both clever and lazy is qualified for the highest leadership duties, because he possesses the intellectual clarity and the composure necessary for difficult decisions. One must beware of anyone who is stupid and diligent — he must not be entrusted with any responsibility because he will always cause only mischief."


There are too many "useful idiots" in government circles. Hell is paved with good intentions.


That's scary. Where to even begin to convince them?


You cannot. If you need proof to convince you, really look into any revolution that ever happened in human history. It was always the <10%, both on the bad and the good side who did them, while everyone else watched and did nothing - the same people you'd try to convince. The reality is that most people will go wherever life sends them, if their country turns into utopia, they'll think "that's cool I guess", and if it turns into dystopia, they'll only think "that sucks but what can I do anyway", but in neither scenario will they ever do anything themselves.

If nothing more, there's a few words for people who are aware of this and actually do something about it, you can read all about them by looking up news articles containing words like "Terrorist", "Public enemy", "Anarchist". In some cases it is thinly veiled in unrelated words like "Nazi" even though if you really think about it, the problem with "Nazis", whatever that even means today, was fascism, same fascism that you're dealing with right now, but it's totally not fascism however because fascism requires Hitler, and trains, and uh, public shootings or something.


There's actually a way (though it won't happen).

Setting up a system that invades privacy to catch crimes is bad because once you have that system, all you need is for your government to criminalize good things to reach a dystopia.

In order to avoid that, you'd have to actually run that dystopia, but dramatically and at a small scale.

A great example could be a US state where abortion is illegal and gives actual jail time (I think that's a thing, not sure). You have one of those states put into law that online services must scan for the word "abort" then actually find and put women that had illegal abortions to jail over this.

If you did that, you might get the congress to make digital privacy a protected right at the national level.


A society where good things are criminalized is already dystopian by definition. Automation is irrelevant.


Important to note that this is not 10% of all messages being falsely flagged (= 10% false positive rate), but 10% of flagged messages being false positives (= 90% precision). As someone who works with these types of classification problems in a different context, 90% precision is actually quite good - especially assuming there is some sort of manual review process to take care of the 10%.

Whether that makes this whole plan a good idea or not is obviously a very different question, but I think it's important to be clear about what this number actually means.


Everybody here seems to be saying "the EU commision doesn't have any idea what they're doing", but it seems barely anyone understands what the 10% is referring to.


However, I hardly doubt that they will actually adapt their recall to actually ensure a 90% precision based on court evaluation. I think this is all handwaving and throwing around numbers which as described won't be part of any legal act.


It's easy to achieve high precision when you just define a hit very broadly. See also the political flap about teachers factually describing the existence of alternative sexuality as 'grooming'.

If you want to see the lie behind any of these child protection surveillance initiatives when they talk about things like 90% precision or millions of hits per year ask them how many of those detection of vile child predators resulted in an arrest warrant -- not even an actual arrest, or an actual conviction, but just an attempt.

The answers is extraordinarily few and that tells you everything that you need to know.


> It's easy to achieve high precision when you just define a hit very broadly.

No, it's easy to achieve high recall when you define a hit very broadly. Precision will come down starkly.


I don't mean in the algorithm itself, I mean in your evaluation of the algorithm, where you also don't do so equivalently for recall (or don't report on recall).

Evaluate your algorithm thusly: If it made a hit, it's a grooming true positive unless its extraordinary undeniably a false positive. Absent any ground truth data you just don't evaluate recall, of if you have any test data it's only a false-negative if it's undeniably abuse. Benefit of doubt always goes to the algorithm. All hail the algorithm. All hail.


Code is law the algorithm is always right 90% of the time.


For a moment, consider that you're running a company that supports some form of user communication.

How much time and money are you willing to risk in a gray area considering all the legalese? Google doesn't seem to be willing whatsoever: https://archive.ph/W41mf


> 90% precision is actually quite good

It is good from the perspective of comparing this to other ML models. It is not good from a real world perspective.


Is it really good? What's the rate of false negatives? I could build a search engines that searches only one specific text classified as grooming. I wouldn't find much of the other grooming in chats but if I find a positive it's with a pretty high precision.


https://archive.ph/W41mf

At present the manual review process consists of "fuck you"


What that means is having some random person going over the nudes your kid sent to her boyfriend.

I wonder what kind of person would take a job like that…


How many EU beaureaucrats got their training in East Germany, I wonder? Or is it rather that they are too young and do not know about/remember what constant surveillance does to trust in a society?


Rather a lot of them were young and naive left-wing supporters who looked at USSR through rose glasses.

Wouldn't you want to be bureaucrat in late USSR? No threat of purges above you, only endless opportunity to play with your minions as you see fit.


> Rather a lot of them were young and naive left-wing supporters who looked at USSR through rose glasses.

The EC is dominated by conservatives.


How many of those who you call conservatives where left-wing when young? Maybe they changed some views, but retained the love of total control :)

I'm not sure about current EC, but the one under Juncker had plenty of far-left-when-young people. Far left as in Marxist and Maoist in 1970s-1980s.

P.S. Fun story from ex-USSR country... At the very end of USSR, it was USSR apparatchiks who were called conservatives :)


Believe it or not, the late USSR bureaucracy was anything but left-wing. It only held onto the name through inertia, greatly muddying the definitions of left- and right-wing.

I believe the most accurate description is that left-wing are ideas emphasizing equality and right-wing are ideas emphasizing hierarchy/inequality.

On the extreme end one way you have anarchist ideals (everyone is equal because everyone has full ability to do everything they want) but you also have some failed states (everyone is equal because everyone ekes out a miserable existence). On the other end you have, well, Hitler, dictatorships, and yes, literal bureaucracy, which is just a dictatorship hierarchy by another name.


Depends how you define left wing.

It was highly collectivist and little private property. It was also working hard on building the new homo sovieticus. And the idea of world domination never really went away. It was also equally poor, especially if you skip party elite. Capital was not a thing. Well, social capital did play a big role :)

I can’t agree that left wing is for equality while right wing is anti-equality. Unless you’re talking about equality of outcomes, which is madness IMO.

I’d rather say that left is for equality and right wing is for fairness. Equality leads to unfair outcomes for better-equipped. While fair treatment leads to unequal results. Both has pros and cons.


Left-wing is not collectivism, it's not low private property, it's not world domination, it's not poor. The NSDAP was highly collectivist - they all had to work together to build the master race, no? I imagine North Korea doesn't have very much private property.

The original right wing were monarchism apologists. Hitler's right wing set up a hierarchy based on race. Mussolini's right wing set up a hierarchy based on nationality, and later race, and was also explicitly collectivist, by the way, speaking of "the debacle of individualism" and "collaboration between the classes". And capitalism makes a hierarchy based on the number next to everyone's name in the bank's spreadsheet (which is also what a social credit score is, by the way). How many more examples do you want?

The right wing usually defines fairness as some kind of meritocracy based on the hierarchy du jour. For example the current right wing thinks it's fair that people with higher numbers get more stuff. Hitler thought it was fair the German empire would belong to Aryans. Mussolini wanted to expand the Italian empire. And the monarchism apologists thought it was fair that a king's children would have special rights. Sure, they support fairness, by defining it their way, in ways that most of us actually wouldn't call fair.


Hitler was national socialist for a reason :) Mussolini roots are in left wing too and was sort of socialism without internazional element.

And yes, ultimately left wing is collectivist.

It is fair that people who contribute more get back more. Otherwise we have USSR style mess where people ain’t incentivised to contribute. Because people were getting same compensation regardless of their contribution. Although at the end of the day it did became fair - nobody contributed much.


[flagged]


> there is no constant surveillance in Europe

CCTV? I would also be extremely surprised to learn that European agencies don't have access to the Five Eyes program, or even their own analogue.

Face it, every state wants a hand in the big data gravy train. Especially organisations like the EU that believe their regulation, centralisation and bureaucracy is an unquestionable good.


they can't use it unless authorized and no, there is no single evidence that EU is engaged in massive surveillance on their citizens.

Also because, for those who don't know, EU cannot do it by itself.

It depends from the legislation of every single member.

So I'm sure in Poland and Hungary they are trying to do it against political opposition, but I'm also sure that in my Country it is not happening (I know people working for that department, it's mostly because incompetence and laser focus on other threats like terrorism and organized crime, which we are pretty good at preventing)

And most of all as European I support the idea that EU should protect interests of EU, where 450 million people live.

It's bad enough we have to witness and pay the consequences of a war at our borders because Americans did nothing to prevent it, that we have to allow them to have their military bases on our soil, that they are now sending more troops to said bases, let's at least have our own regulations created by, let's remember this fact too, elected representatives of the European population.


Silly fear of communism/socialism? :) Why would we be afraid of the thing that messed up with us for 50 years? :) It's funny when Westerners who have no practical experience talk down to us how we should throw away our practical experience...


[flagged]


> You sure you actually know Europe?

Born & living in eastern europe... Well, technically born in USSR... Maybe that makes me unqualified to talk europe and socialism :)

> because it's silly American paranoia, there a lot of socialism in every political platform and State politics, social welfare and labour in most of the EU members.

What silly American paranoia in eastern europe? And social democracy has nothing to do with socialism.

> Yeah like my country is not at the border with the former Yugoslavia or hadn't the stronger communist party in all the west.

There's a massive difference between cosplaying commies in communist party in a free country and living under socialismus-communismus regime. As our own communists learned after being annexed into USSR.


> What silly American paranoia in eastern europe? And social democracy has nothing to do with socialism.

A relatively high percentage of Americans believe that getting health insurance from the government will lead to a Stalinist like era in America. We can't even make simple improvements to our bureaucracy like a federal ID system instead of having all 50 states issue seperate IDs because of this.

Many Americans cannot differentiate between the social programs of Marxist countries and the anti-democratic single party systems which concentrated state power and made them repressive and corrupt.

It's a bit like thinking that because a country starts building an interprovincial highway system it is going to become fascist Italy or Germany.


I know that part. But in this case another user, who seems to be european, calls my experience in Eastern europe „American paranoia“.

It feels like some people have such a strong irrational love for certain political system that they can't accept that some people dislike it for valid reasons.

Maybe actual American paranoia is when people blame US of A for whatever when their arguments run out.


With 90% accuracy, and assuming the incidence of true grooming in random conversation is way smaller, they are setting themselves up for the base rate fallacy.

https://en.wikipedia.org/wiki/Base_rate_fallacy


In the linked Netzpolitik article (in German) it's pretty clear that the 90% refers to Precision (i.e. 90% of flagged instances are True Positives), not accuracy. Still, the article (and probably the primary documents as well) do a horrible job of differentiating such concepts.

[For clarification: Don't understand as my post as an argument for Chat Control, please :)]


So does this mean that if nobody produces illegal material somehow the models will need to get better?


Good to know there's a name for this. It's pernicious. I came across it recently when someone said "if vaccines are effective then how come 60% of COVID patients in hospital have had one?".


No in this case there is an abuse of language which has led to the poisoning of the conversation somewhat.

There, the reason being the broad change in the correct definition of the word "vaccine". In former years this would be a preventative treatment that was probably 90%+ effective for multiple years for most people for almost all symptoms and almost all ability for infection to spread. The key being stopping the spread as this is why vaccines are adopted in the first place historically.

For some reason this particular treatment is given this grandiose title despite unfortunately not really working at reducing spread, and only demonstrably reduces severe symptoms for those who are clinically at risk. It's a preventative treatment which works very well and should be applauded but the problem is people are now calling it what it's not which causes problems.


At the time, the "base rate" of vaccination was already up around 90%, so the 60% rate in hospitalised patients actually demonstrated significant protection.


Yes again in the art risk groups this reduced significant symptoms hence why they're underrepresented in global hospitalisation numbers. As I keep saying it's a fantastic preventative treatment.

Unfortunately many people are still catching it repeatedly, displaying symptoms repeatedly and the fact that despite 90%+ of people are immunised. With vaccination levels like this for various other diseases transmission would be pretty much stopped and symptoms would be much lower.

Anyway, not looking to derail, just want to point out there is a significant change in the definition of words being used which can causes conversations to become toxic, and apologies if you think I'm being abrupt.


This person was questioning its efffectiveness simply because more people in hospital were vaccinated than weren't. Without considering the base rate. A sufficiently high base rate would lead to this situation even if the vaccine was 99.9% effective.

To address your other point, I believe studies have shown a significant reduction in hospitalisation for young adults who take the vaccine, e.g. https://www.thelancet.com/journals/lancet/article/PIIS0140-6...

> only small (and sometimes non-significant) reductions in the risk of hospitalisation were seen in 10–19-year-olds, with increasingly large reductions seen with age in 20–69-year-olds

https://els-jbs-prod-cdn.jbs.elsevierhealth.com/cms/attachme...


> A sufficiently high base rate would lead to this situation even if the vaccine was 99.9% effective. In principle for these factors alone statistically yes, in reality we know this isn't the case. Calling it a vaccine is calling it broken. Calling it a preventative treatment to improve your outcome is more accurate.

The studies showing reduced admissions are either grasping at statistical straws or a reglorofied statement of "This is a novel contagion in a herd without immunity at which some unknown percentage may be clinically at risk from genetic or environmental factors."

The strongest environmental factors we now _know_ (and had clear statistical evidence for as of July2020!) was vitaminD and a few other well defined risk factors.

Hospitalisation in the UK due to exclusively COVID factors reduced dramatically as the pandemic went on due to less strong concern once almost every a&e had seen the full disease cycle from admission to treatments to outcome. Not to mention most COVID cases at hospital in the UK were either contracted there in the younger age groups or they tested positive but this wasn't the concern at the time of admission.

One of the major concerns in May2020 was that "up to 30% of the working population may be off it at one time if the virus spreads according to China's numbers and the economic cost of that is too high..." In hindsight this statement didn't compare to the damage of being frozen by indecision combined with no global trade for 2 years, so... As for guessing how many would end up in hospital report 9 models said the peak would be over 2million needing a&e at the same time, despite the model not combining medical risk with any mortality factors, this was simply 10% or so of total cases if 20M or so we're ill at the same time.

Again, as a preventative treatment for clinically at risk people (who we did a great job of identifying based on medical history in 2020) we should have never had a 2nd global lockdown, unfortunately the particular group all vote a certain way so...


> unfortunately the particular group all vote a certain way so...

Please stop viewing everything through the political hammer of one ideology over another


I had a go at digging up some research on the interplay between vaccination and vitamin D levels in protection against hospitalisation. So far I've found one study that touches on this: https://www.medrxiv.org/content/10.1101/2022.07.15.22277678v... .

> Conclusions Among adults with sub-optimal baseline vitamin D status, vitamin D replacement at a dose of 800 or 3200 IU/day did not influence protective efficacy or immunogenicity of SARS-CoV-2 vaccination.

This suggests that having the vaccine is still worth it even if you have normal vit D levels.

So far I have yet to find any studies which show the opposite, but I'd be keen to read anything you can link.


> The studies showing reduced admissions are either grasping at statistical straws or a reglorofied statement of "This is a novel contagion in a herd without immunity at which some unknown percentage may be clinically at risk from genetic or environmental factors."

So... the vaccine reduces hospital admissions for young adults because some unknown percentage of them are "at risk" due to (unknown?) factors?

This argument reminds me of Greek astronomers inventing epicycles to fit the model to the data!

Are you referring to Vitamin D supplementation? Would be interesting to see a similar study which factors this out.


At this point I wonder if that's by design, they ask for a random 10% of conversations in order to spy on people, it's the only sensible interpretation of these policies.


I think what makes false positives scary in this context is that accusation is guilt for most practical purposes. There needs to be a tremendous ammount of openness around systems like this so that people understand the meaning of it's outputs.


This whole debacle reeks of stupidity. The only thing that will happen is that the criminals they are (allegedly) trying to catch will simply move their comms to different channels. What's stopping a sophisticated crime syndicate form simply creating their own app which will have a small enough footprint such that it will fly under the radar?

From the perspective of tech companies, they are being put between a rock and a hard place by simultaneously being asked for more privacy, and also less privacy.


VPN + using services in a country that doesn't care is enough. This will be a sales point for VPN providers.


How long until the bureaucrats start saying "These unregulated foreign VPNs are a danger to our private data / economy / national security / children"?

I mean, if a jurisdiction is making people's phones spy on them, then it's not much of a stretch to also make those phones not connect to unapproved VPNs, or even to prevent them installing unapproved apps (despite the recent win of the EU supporting sideloading on mobile OSes).


Unless they try to aggressively regulate the sale, import and manufacture (at this point, many hobbyist level homebrew retrocomputers are powerful enough to run a VPN) of general purpose computer devices or aggressively firewall all of the EU and punish anyone using to obscure encrypted data flows through approved protocols, this will of course only stop the people who actually don't have anything to hide. It'll be trivial to work around for anyone actually up to no good


> It'll be trivial to work around for anyone actually up to no good

I never claimed they were motivated to actually stop these crimes.

If the real ultimate goal is to prevent the spreading of "state secrets" (i.e. journalists exposing government malfeasance), or reduce copyright infringement, or limiting the spread of "disinformation", or banning memes that insult public figures, then the government needn't worry about "hobbyist level homebrew retrocomputers". Most people will continue to use mainstream platforms, and most governments mostly care about controlling most people.

Besides, the next step will be to make ISPs deny service to any machine which doesn't have Secure Boot enabled, and which isn't running an "approved" OS, which checks every executable you run. Suddenly your general purpose computing device isn't very useful any more.


If the goal is to create an authoritarian dictatorship, then sure, controlling "most people" is usually enough because you can control the press by sending thugs to their offices.

But your "next step" is far beyond what even China does.

It would kill off any ability for software development. I'm all for being vigilant, but these scenarios are not realistic. As for a general purpose computing device being useful, as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data. After all, we have a long history of using acoustic coupled modems. No, it's not practical for regular users, but if we get subjected to that kind of authoritarianism, it's worth doing for the sake of it.


> But your "next step" is far beyond what even China does.

And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]

Add in the fact that Hollywood wants this (for DRM and blocking torrenting apps) and governments like Australia claiming their laws trump the laws of mathematics[2], and you can almost guarantee that this is going to become mandated as soon as enough Windows 10 users update to Windows 11.

> It would kill off any ability for software development.

Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create. As an interim step, governments may allow devices to access a "legacy" portion of the internet which doesn't require SecureBoot to be enabled, but expect that portion to get smaller and smaller each year.

> as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data.

But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device, and people could do the reverse process when they receive them, but that's a cat-and-mouse game which 99% of people can't or won't play, and governments will win by mandating cryptographic watermarks in any files created.

[0] https://arstechnica.com/gaming/2021/09/riot-games-anti-cheat...

[1] https://forums.macrumors.com/threads/mcdonalds-app-knows-im-...

[2] https://www.zdnet.com/article/the-laws-of-australia-will-tru...


> And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]

Specific online services doing so is very different from a general ISP ban. A general ISP ban is impossible as long as you have an IO channel of any kind, including projection of text or playing sound. See the end of this comment. SecureBoot in itself also does not in any sense stop general purpose computing of unsigned code.

> Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create.

... and you've just kneecapped your software industry in favour of companies outside of said authoritarian hellhole. Won't happen. The EU has a long history of crazy demand like this being proposed, and they end up dying or getting watered down to nothing because there's nowhere near sufficient support for going as far as you suggest.

> But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device,

Missing the point. If you can play and record sound on an approved device, for example in a call, or transfer text, no matter how filtered, you can use that as a channel for an non-approved device. We used to use heavily filtered low-fidelity audio channels to transfer data, via acoustically coupled modems, after all. Any attempt to filter this just reduces to making it seem more plausibly like acceptable material, e.g. encoding it in speech for example. This is not even a hard problem, though data rates would be low. If a channel can transfer language, it can transfer data.

But we're talking a regime more oppressive than China for this to even be relevant. Even in China today, "normal" VPN tech is sufficient, though a hassle.


> SecureBoot in itself also does not in any sense stop general purpose computing of unsigned code.

It's true that SecureBoot isn't enough, but its current lack of ubiquity is the only thing holding back such a law. A government couldn't demand that a large proportion of voters throw away their PCs / phones, but requiring people to use an "approved" app store is as simple as writing a law and making a couple of calls to Microsoft, Apple, and Google. (See the end of this comment.) Just look at how quickly voters accepted having to carry around a Covid Pass app.

> and you've just kneecapped your software industry ... The EU has a long history of crazy demand like this

Indeed, and this is what people said about the GDPR, and it's what people said about Apple's on-device content scanning, and yet both of those got implemented (to some extent). The regulations I'm imagining are actually quite modest, and basically all software industry groups would support them. They just have to publish a public key on their website, perhaps in some .well-known location, and that would be enough to connect their submissions to app stores with their official company registration details.

Germany, for example, already requires that companies include Impressum information on their websites[0], and the EU is apparently trying to take this idea to its logical extreme with its controversial QWAC certificates[1]. In reality, it is businesses who decide what is reasonable or practical for a jurisdiction to mandate, and Apple is already making people pay an annual developer's tax to them to prove their identity, so no politician is going to say that an "online software development licence" is some sort of impossibility or gross infringement of people's freedoms. (Indeed, a law that makes things slightly more inconvenient for small developers/companies will only be more supported by the lobbyists of big companies, which is further grounds to suspect this will happen).

> If a channel can transfer language, it can transfer data.

You're right, it is possible to generate files that hide encrypted data within them, while also deniably hiding the fact that the encrypted data is there at all, and to do so in a way that is robust against the digital-analog-digital round trip (twice, since both the sender and receiver have to transfer the message between a locked-down and a jail-broken device). And of course the software to do this will have to be sent carefully from person to person, on USB sticks, since any computer that's allowed online will treat it as malware. And people will have to preserve old, unapproved devices to run this code on, which will become increasingly hard to find (with the sale, and then possession, of them being made illegal).

> But we're talking a regime more oppressive than China for this to even be relevant.

It's not more oppressive than China, at least not at the beginning. The first steps are already in place, and no one complained. If a jurisdiction can mandate multiple app stores, then it can mandate only "approved" app stores, and 50% of the population (the Apple fans) will cheer for such regulations, saying that side-loading is dangerous and only the most trusted gatekeepers should be allowed to decide what runs on people's devices.

If you're still not convinced, imagine that the law initially applies just to companies, and is pushed to prevent piracy and to protect cybersecurity of the economy. Would companies really reject such a rule (if it was phased in over a long enough timeframe that all their computers already supported SecureBoot by default)? Perhaps there would be an exemption for software companies to start with, if you think that's a sticking point. Also, imagine these laws being introduced in the aftermath of a cyberattack on energy infrastructure which causes massive prolonged blackouts. I'm not saying this would be a false flag... I'm just saying that one way or another, such a law will pass, even in a liberal democracy.

[0] https://www.ionos.com/digitalguide/websites/digital-law/a-ca...

[1] https://en.wikipedia.org/wiki/Qualified_website_authenticati...


Is there any estimate for what percentage of chat communication happening within the EU is done by "perpetrators/criminals"? The average crime rate is 40 incidences per 100000 people per year, which would mean 0.0004% of the population is considered a criminal every year. What % of that tiny margin are going to be using online chat to commit their crimes? is it really worth abandoning the privacy of 450mil other people in the hopes that you might stop a criminal?


It is so tiring to see the constant efforts to erode our rights. Even if they succeed in creating a surveillance state, do they think that it will not blow up in their face one day? It will make violence and revolutions against the surveilling institutions innevitable, or maybe it is just wishful thinking...


Not while the average person is content. It won't matter until it personally affects them. And by then it will be WAAAAAY too late.


It kinda gets me into the stance: every member of EU parliament and EU commission should make their bank accounts fully transparent so populi can check whether they are committing some act of corruption.


I understand the sentiment, but it's unlikely that any/most corruption happen trough bank accounts.


Right, as the most communication is not used for illegal activities...


It’s hard to escape the conclusion that they do not have any idea what they’re doing.


Of course they do and they do it on purpose. They are not some good but stupid people. They are clever and evil. Or led by their own interest. Which makes them do evil even if they are not. And that’s the worst kind of evil.


Why don't you specify what they are doing?


Which messenger do we switch to if this goes in? I don't think I'd have an issue convincing people.

Is Signal subject to this? Telegram? Do we need something "less mainstream"?


You could use your own Matrix server as far as I know. It's annoying you need to go that far just to prevent the EU from snooping on your communication.


You have to keep in mind that to do this you'd have to blacklist every other server from federating, keep all rooms private and disable public room discovery completely.

And it still wouldn't really be all that private, because matrix is public oriented protocol and nowhere on the main website do you see the word "privacy" in context of user privacy.

You also cannot really delete users, nor force deletion of their messages from servers that you're federating with once the user uses the disable endpoint.

Also, matrix server specification is garbage, synapse is the only implementation that at least pretends to work reliably because of that, and it's maintained by a for-profit organization.


> You have to keep in mind that to do this you'd have to blacklist every other server from federating, keep all rooms private and disable public room discovery completely.

Yup, if you want to run a Matrix server which doesn’t share data with any other server you just turn off federation; same as email. It’s trivial to do so.

> And it still wouldn't really be all that private, because matrix is public oriented protocol and nowhere on the main website do you see the word "privacy" in context of user privacy.

Nope. Matrix is for both private and public comms. For instance, right now the matrix.org homepage includes clips from the Synapse 1.65 blog post which celebrates hooking up private read receipts so you can disable read receipts from being seen by other users.

> You also cannot really delete users, nor force deletion of their messages from servers that you're federating with once the user uses the disable endpoint.

Obviously there is no guaranteed way to obligate a server you don’t control to delete your data. Prior to deactivating your account, you can ask servers to delete your messages. After account deletion, you don’t have a way to delete your messages… because you deleted the evidence that you created them when you deactivated your account.

> Also, matrix server specification is garbage, synapse is the only implementation that at least pretends to work reliably because of that, and it's maintained by a for-profit organization.

sigh. The spec is not garbage; Dendrite is perfectly usable (despite being beta), and I hear Conduit is usable too. Synapse is maintained by the Matrix.org Foundation C.I.C, which is a UK non-profit: https://matrix.org/foundation. Contributions come from all over the shop, including for-profits like Element.


I cannot vouch for its real world security but it looked interesting enough for me to remember now: https://github.com/simplex-chat/simplex-chat


Will this go in actually? It's quite unclear to me (esp. not knowing anything about how EU las making/passing works). IIRC last time Chat Control passed here it sounded as if all of this was still in proposal state, or something like that. Whereas on https://www.patrick-breyer.de/en/posts/messaging-and-chat-co... one can clearly read things like

    All of your chat conversations and emails will be automatically searched for suspicious content
which sounds unconditional.


Whatsapp seems to be best, they have end to end encryption for every chat. As long as you don't use an Iphone (where your phone itself can turn against you[1]), you will be fine.

[1] https://www.apple.com/child-safety/pdf/Expanded_Protections_...


> Whatsapp seems to be best

Lol, trusting a company run by Facebook to keep your data secure.

Signal has a good mix of ease of use and privacy. Then there's Matrix, which may not be that easy to use yet.


Anything that violates privacy to such an extent shouldn’t be legal.


It isn't. It is equivalent to an automatized search of all peoples conversations all the time, just because it's automatized and done local on the phone doesn't make it not a search. Which means it's pretty much unconstitutional.

It's also probably not very useful as when it is people knowingly committing crime with YT access will know about it and will know how to work around it.

And outside of cases of people which know they are doing illegal things and therefore take precautions it's unlikely to make a relevant difference I think.


> Which means it's pretty much unconstitutional.

In the USA, I guess. But this is an EU proposal; the EU doesn't have a constitution.


But individual countries within the EU can and do have constitutions. Here's title 2, chapter 2, article 28[1] of Romania's constitution:

> Secretul scrisorilor, al telegramelor, al altor trimiteri poştale, al convorbirilor telefonice şi al celorlalte mijloace legale de comunicare este inviolabil.

> Secrecy of the letters, telegrams and other postal communications, of telephone conversations, and of any other legal means of communication is inviolable.

[1]: http://www.cdep.ro/pls/dic/site2015.page?den=act2_1&par1=2&i...


A number of Eastern European countries joined the EU without first bringing their domestic legislation into line with the European treaties. Unsurprisingly, some of those countries have dragged their feet about coming into compliance after the fact.

This is one reason I was in favour of Brexit.

That "title 2 chapter 2" seems reasonable enough to me; but it's a problem if an EU Regulation comes into conflict with the constitution of a member state. If a member state's constitution can override EU legislation, then there's no EU to speak of any more. Any state could then sidestep EU Regulation by simply passing a constitutional clause that declares it unconstitutional.

What I'm saying is that EU Regulations override the legislation of member states, which are required to be in compliance with Regulations. If Romania has a constitutional clause that is overridden by a new Regulation, that Regulation isn't unconstitutional; rather, the clause ceases to be law (or Romania leaves the EU).


That doesn't seem to be the case uniformly across Europe, as several states have invalidated EU law primacy when it conflicts with their constitution. https://en.wikipedia.org/wiki/Primacy_of_European_Union_law


I'm speaking about the German constitution. Which the EU has to be compatible to due to agreements when the EU was formed as else Germany could legally not have joined the EU.

(At least this applies to the articles with special protection in the German constitution, which is in violation with.)


But this is an EU proposal; the EU doesn't have a constitution.

The European Convention on Human Rights applies in all EU member states.


The ECHR is a treaty, not a constitution.


But all EU members auto include it into their constitution or at least law.

Through not necessary the ECHR but a more general term of "human rights" but that is legally basically the same as long as they don't exit the treaty.

Even Russia did so until a few years ago (through they kinda ignored it at the same time, too).

E.g. it's §1 of the German constitution (yes the very first "law" in the constitution).


The fact that type I and type II error rates are not mentioned is an interesting point by itself.


Maybe I'm missing something here but it seems to me there is a basic question here. Do two or more people have a right to privately communicate via a third party?

If the answer is yes, then regardless of the accuracy of the system or the mass nature of the communication network this is objectionable law making.

IMO, it is a fundamental human right to communicate privately.

The only real question is what is the responsibility of a third party. If I give a shipper illicit material are they responsible to inspect it and report it? I'm personally unaware of the law regarding this but I assume your shipper is not required by law to open every package it ships and report upon it. Are they required to do a percentage?

If not than what the state is claiming here is a right by convenience. It happens that digital communication is easier to inspect than crates. Therefore, the state can create an expectation of one third party it does not of another.


If this ever gets into production I hope the tech community can come together and work on a system to generate false positives until this system is no longer viable.

Let's hope its a typical EU project and will take at least a decade to complete, or better, let's just hope it will outright fail.


While i get the sentiment, you should check the mentioned penalties for abusing the system (once known) before jumping to action.


I guess everyone should just check the penalties for committing crimes before assuming that crime is real...


That works so well with DMCA, no one ever abused it and it hasn't negatively impacted the lively hood of anyone.


And in particular, Google totally doesn't have a special business relationship with RT to allow RT to ignore the DMCA on their disinfo.


The problem is this project already in pipeline for a good decade :)

As the old drunktard Juncker said... We'll keep pushing unpopular solutions over and over again till it slips through once. And then nobody can get rid of it :)


Ah just in time to monitor fledgling revolts due to their own policies. Can't rebel against the deliberate reductions in wealth if you start black-bagging anyone who wonders about the current state of the continent.


> The EU Commission is apparently aware of the problem and is consciously accepting it.

So they're fine to read 10% of all messages? Probably more, because of context? Besides this obviously being a massive DDOS on whatever dystopian spy center of sanitary thoughts they want to build, I wonder how the big EU honchos get their free pass on that? Or didn't they simply not consider that they're going to get monitored as well?


No. The article explains that it is 90% accuracy on already flagged messages.


I can only repeat myself, the EU is not a democracy.

Also I thought chat control was off the table? Did that change?


There is a fundamental problem to making everyone a suspect. I'm no criminal... why do I need to prove it to the state(s) and companies with EVERY message sent?

Not even when driving a car I'm tracked all the time. And I think driving a car can be also dangerous.


How ironic. On one hand EU forces legitimate businesses to spend billions of dollars to satisfy GDPR in the name of privacy. On the other, they are planning to stream teenagers' private pics directly to designated "investigators".


It's almost as if the EU were composed of many different people with different viewpoints.


I get that, but it is still ironic. And it makes me sad looking at the utter wastage of money and human effort.


It's not ironic at all. Both decisions benefit the government which considers itself the sole proprietor of your privacy rights. Slave owners don't like it either if you mess with their 'property' without their consent.


So the TL;DR is the EU Commission wants to implement surveillance in Chat applications to "protect and combat sexual abuse of minors", because nobody is against "combating sexual abuse of minors", right?

Probably later they extend that to "protect and combat right wing opinion", because nobody is against "combating the right wing opinion", or even "protect and combat the climate changes", because "Who are against it", right?

Sounds like the a lot of "paranoid people" were just right, i guess?


It’s sort of how blocking of websites was introduced in some of the countries of the EU to combat sexual abuse of minors (CIRCAMP), and then the infrastructure set up to do it was reused to block torrent sites, fake goods sites, phishing sites and a whole host of other web content deemed illegal.

The slippery slope is real, and I have zero doubt this chat control system will be used to detect other illegal activities within the year.

Private correspondence should be private until a judge orders it unsealed in a specific case. Blanket surveillance is worse than the crimes it purports to combat, and there are always better ways to combat those crimes.


> EU Commission wants to implement surveillance in Chat applications to "protect and combat sexual abuse of minors", because nobody is against "combating sexual abuse of minors", right?

> Sounds like the a lot of "paranoid people" were just right, i guess?

Yes they were. The privacy activists are yet to realise that they have lost the battle decades ago.

It is that dire that you have companies and governments pretending to care about privacy but it is always about mass surveillance in the end.


In the flip side of the same coin, almost the same group demand a stronger presence of the police in the internet[1]

[1] https://www.youtube.com/watch?v=Xdm8SG8_v0I


What is to stop criminals from using any specific form of encryption (ie. math)? Meanwhile the average person who follows the law will be at a much greater risk of identity theft, ransom-ware, etc…


It will apply in the same way the unskippable anti-piracy segment on DVDs applied to pirates. In no way at all. Honest people who bought or rented legally, were subjected to the bullshit, while pirates enjoyed the superior unaltered movie experience.


This will never fly in Germany. Those people still have internet cafes without surveillance cameras so they can do their computing anonymously. Paranoia is a way of life there, for good reason.


How many people actually use them? If 1% of people use them that probably won't be enough to stop anything.


Enough to keep one on every block open, in my experience. They really are everywhere.


Can someone give me the tl;dr regarding where Matrix protocol stands in regards to this and people running their own server for family?


The commission does not seek to break encryption

Okay.

Encryption is not only important to protect private communication, but would also help perpetrators/criminals

No.

It is there to protect us from perpetrators, criminals and all the people which think they are on the good side. The road to hell is paved with good intentions. Authoritarian regimes on our planet always thought they were the "good guys". Encryption is actually there to protect us from you!

The mothers and fathers of the German Grundgesetz (~ constitution) learned that the hard way.

https://www.gesetze-im-internet.de/gg/art_10.html


> > Encryption is not only important to protect private communication, but would also help perpetrators/criminals

> No.

Without going into whatever context the original quote has: doch — encryption does both. There is no technology so pure it only helps the "good guys", from fire to firearms[0] there are things we can't possibly survive without, and yet criminals can use them for crimes.

I don't know the best way to handle this with crypto, mainly because the problem is much deeper than the crypto itself: even if absolutely everyone without exception or equivocation agrees everyone gets unbreakable cryptography, it is getting ever easier to just spy directly — laser microphones on drones, using software to repurpose a WiFi antenna as a wall-penetrating radar, IR cameras, using AI for gaze detection and 3D scene reconstruction to figure out who (or what) you were looking at when you blushed — that's all coming to a blackmailer near you. (Caveat: fake images and potentially at some point 3D bioprinted fake bodies will make the evidence invalid in courts of law, but that's a whole different discussion).

The only thing I can even think to suggest is a radical liberalisation of almost every law and punishment such that we can as a society survive when everyone's crimes, misdemeanours, and administrative infractions/regulatory offences are cataloged and dealt with in real time.

The only thing I am sure of is that the future can't look anything like the examples from history — while it might be much better or much worse, it won't be even close to the same.

[0] I don't mean in the American 2nd amendment sense though, I mean an army with no firearms will loose to one that has them.


>Without going into whatever context the original quote has: doch — encryption does both. There is no technology so pure it only helps the "good guys", from fire to firearms[0] there are things we can't possibly survive without, and yet criminals can use them for crimes.

So? Cars also help the bad guys escape from robberies faster, but we don't seem to ban those...

Not to mention knives... those can be deadly if somebody stubs you with one.

And what about clothes? Naked criminals would be much less effective...

The thing is anything can assist criminals. Why single out encryption (besides the government wanting to snoop at will)?


> Not to mention knives

Bad example. We definitely do ban carrying large knives (blade length >X), butterfly knives etc. around with you. Relatedly Germany even punishes carrying around lockpicking tools (unless that is your job) -- just carrying them.


Also cars have unique identifiers literally attached to the outsides of them with typefaces you can read from 100 feet away. They do this to, you know, mitigate their criminal uses.


A sharp enough 3cm blade is more than enough to make someone bleed to death.

A 5cm screwdriver is more than enough to give brain damage to someone.

A flexible extension hose like the ones that go under the sink (with the nuts attached) is perfect for knocking someone out.

A titanium tipped pen is quite good if you aim for ears, temple or throat.

A tightly rolled newspaper makes a very good blunt weapon.

Breaking/banning encryption like would have minimal benefits while exposing the whole society. Don't think that only the gov't will have the secondary keys if they decide to "only" have back doors. Anyone motivated enough will have them.

If chat encryption is banned... let's say it's not hard to reintroduce it on top of existing layers for anyone motivated enough or with enough money.


When I was a teenager (in the 90s in the UK), the police sent a guy to our school to tell us all about the new knife laws. He said that even a sharpened plastic ruler was illegal.


All those things are regulated, specifically to reduce chances for abusing them, but also to help in fetching criminals. Similar, nobody is demanding a ban on encryption (anymore), what they want (now) is the balanced middle, to allow justified access for "the good guys".

Whether the balance is good or bad, we will see. But society is all about balancing the good and the bad.


> what they want (now) is the balanced middle, to allow justified access for "the good guys".

Which can only be done through spyware installed universally if encryption isn't going to be broken. Because that certainly isn't ripe for abuse..


Yes, it will be abused. As will the surveillance tech that I prefer as an alternative to crypto backdoors, on the grounds that (1) the crypto is far too important to permit backdoors, and (2) it won't be possible to stop boring everyday criminals from getting surveillance tech, let alone governments, and (3) crypto is knowledge that's already out of the bag, so sufficiently motivated bad guys can still have it without backdoors even if everyone else's crypto is broken.

That's why I can only see a plausible outcome involving radical reductions in penalties for basically everything.


>Similar, nobody is demanding a ban on encryption (anymore), what they want (now) is the balanced middle

There is no balanced middle with encryption. Things are either encrypted or their not.

"Encrypted but a third party has access" or "Encrypted, but with breakable encryption" is as good as non encrypted.


> But society is all about balancing the good and the bad.

Yes, but the "bad" tends to become "good", as the members of the society becomes weaker and weaker.


This is why I didn't go beyond the quote.

My general point is that even though crypto is necessary (despite criminals using it), keeping it available isn't sufficient.


This comment is gold, I'm definitely going to be using these arguments!

Indeed, food is also helpful to criminals, without proper nourishment they would be less capable


Well, encryption is in fact used by offensive military forces too so it definitely can be a part of the "bad guys" arsenal but I don't think this is the real motivation behind the push for breaking encryption.

It's not just EU but UK, USA, China and every single entity that collects intelligence for their goals. They all would love to have encryption braked in their favor because we created vast communication networks with enormous data stored that can be reached at instant but they can't reach those due to encryption.

Consider that you are in charge of defending your community against straight out criminals and foreign influence or actors who have other goals than you do. How amazing would be for you to be able to check out each and every citizen or each and every device relevant to you at click of a button, right? It's the ultimate society debugger, you will be able to do your job so much more easily.

The problem with that is, we as a society, don't have a definitive good or bad or truth or allies or enemies and we constantly change our minds on all these things and this is not a bug but a feature.

Let's say some kind of anomaly happens and the encryption is removed and government officials have total access and none of them are corrupt and they do their jobs perfectly. Instantly you removed progress in the society and everything will stay the way it is, good luck if you are on the wrong side of things because the only way anything changes from now on will be possible only through discussion from within the community of those who happened to be in control when the encryption no longer worked.

I don't want this to happen because I don't live in country where the mainstream policies are aligned with my ideas on how the world should work. What about criminals you say? Well, catch them through police work and other means - it doesn't have to be completely effortless for you to do your job.


https://www.youtube.com/watch?v=zgsQNNYurWo

Demolition Man called this. How did the police catch criminals before bio-engineered trackers were attached to every citizen? "We worked for a living, this fascist crap makes me want to puke".


I'm for E2E encryption wherever it's applicable, and for individuals having the ability to be fully anonymous online, but it's not useful to claim it doesn't have drawbacks as well. Yes, it's true that it might it harder to arrest criminals because of encryption, but the alternative that nothing can be 100% private is so much worse.


It was hard to arrest criminals before digital communication as well, I’m sure we’ll deal.


But each improvement in communications tech (landlines, mobile phones, internet) have enabled new, faster, easier, better communication methods. Medieval criminals would have to physically meet to coordinate a coach robbery; nowadays a terrorist attack can be coordinated fully remotely and anonymously. There is no point in denying the facts - that encryption and the ease of use of the Internet enable criminals to coordinate more easily. Sweeping it under the rug won't change it, and it will be a part in the reasoning for limiting encryption. It should be fought with numbers and the gravity and the tradeoffs, not "people used to be able to communicate with pidgeons so there is no issue here".


How will you enforce 'limiting encryption'? Will you prosecute everyone who runs a few mathematical calculations on their own computers, presuming guilt?

Do you think that criminals will care that it is 'illegal' to send messages when they're plotting more heinous acts? In such a scenario you'll have to radically enforce what programs may or may not be run on everyone's computer. If you do that, you're worse than the criminals.


> Do you think that criminals will care that it is 'illegal'

If that sort of logic were to be applied what's the point in any law? Deterrence, making it harder, and punishment. Rolling your own crypto is hard, just like building your own gun for a robbery is. Not impossible, but it will certainly deter less motivated individuals. If all crypto was broken with law enforcement owned escrow keys (not in any way advocating for this, just playing devil's advocate, criminals would know not to rely on it and would have to first build a reliable safe method of communication (like physical meetings). Not the end of the world, just a deterrent.

> In such a scenario you'll have to radically enforce what programs may or may not be run on everyone's computer. If you do that, you're worse than the criminals.

That's a wild exaggeration. All sorts of things radically enforce what software can run on anyone's computer (DRM, antiviruses, licenses, etc.) and that's not great, but comparing that to an actual violent crime for instance is just stupid and honestly insulting.


Can't the authorities do what they've always done since time immemorial: monitor these activities from afar (without needing to know specifically what was said), and plant people in these organizations.

Compromising everyone's security to target a few seems backwards.


They are doing that, this scales to ~100-1000s of people per state. I suspect that on the current trajectory they will need to monitor far more and they are dealing with technology that most likely has been compromised by the US but not them.


They are monitoring people in person its just that they also want to break encryption. Why not have it all?

Let's not forget, that the government is doing this to keep us nice and safe. It knows what 'nice' really means, and what 'safe' is too! (You don't)

Sometimes it needs to keep you safe even from yourself!!

So, it turns out, that government (an imaginary concept that only exists in our minds) actually cares about us even more than we care about ourselves! Right?


Without encryption, criminals will have even easier time stealing personal information and breaking into accounts. Limiting encryption use may hurt certain types of criminals, but also helps another types of criminals, mainly cyber criminals.


A huge chunk of things are already encrypted in that sense - the data for all big tech companies for example is encrypted in transit, decrypted, analyzed etc. on their servers, and then encrypted again when saved to disk and not immediately used for anything. You'd have to compromise both their at rest data storage and the storage for their local decryption keys to steal useful data. That does mean that data on a provider that is thoroughly compromised is vulnerable, and that you obviously have to trust the provider itself, and judging from the recent NYT article (and Google's reputation wrt closed accounts in general) at least Google is not at all worth that trust.

End to end encryption / Trust No One encryption setups are much simpler in that regard - only you have the keys, so you don't have to worry nearly so much about the provider being compromised or just not giving a fuck about paying customers. Plus you just don't have to worry about monitor people creeping on your photos and such.


I think all the legislations proposed have been for backdoored encryption, not a blanket ban on encryption, under the (probably extremely naive) assumption that encryption can be backdoored only for law enforcement use and nobody else would be capable of exploiting that.


It also helps criminals in government, the most dangerous of all.


> nowadays a terrorist attack can be coordinated fully remotely and anonymously.

Actually, Osama Bin Laden relied on trusted couriers; not phones, networks or encryption.


Coach robbery has reduced dramatically though, after inventing the internet.


To modify that statement a little bit

> There is no point in denying the facts - that encryption and the ease of use of the Internet enable everyone to coordinate more easily.

Since it’s easier for everyone, it’s also easier for criminals. But we don’t have to deny it to everyone just because the subset of people called criminals benefit too.


Encrytion was used since forever and birds as a fast transportation too. Nothing changed. And btw if i where a terrorist i would use birds to communicate. What do we learn? Criminals will always find a way, instantly.


Mass use technologies make the individual more powerful, but also institutions.


Yeah, and this worry about criminals is misdirected. The only legitimate worry should be about national security - the danger from terrorists, especially foreign actors. And the answer to that is simple - the state should have complete control over the communication infrastructure. But this is impossible with the internet. So the real solution, and an unpopular one, is to introduce legislation banning "free" communication and treating internet messaging companies like WhatsApp, Zoom, Skype etc. like telecommunication companies and applying the same legislation to them.

The only bloody reason people use WhatsApp and Skype etc. is because it is "free". Take away that aspect, apply the same laws and rules applicable to telecom companies to them, and we will find they will lose their appeal very fast. (I do believe offering a product for "free" should be considered an anti-competitive behaviour as it hugely increases the barrier to entry in any field. Google, Facebook, Microsoft etc. continue to have a monopoly on the internet solely because competing with them for "free" is a losing proposition for anyone - in fact, if they were not backed by CIA and NSA funds and programs like PRISM, even they would have collapsed a long time ago).


You can deal with it on your own. I won't be putting up with this, go ahead, make encryption illegal, I'll follow along with you to every fucking court because you have 0 proof that my disk drive is encrypted instead of overwritten with content of /dev/urandom


I think people on HN forget that the biggest problem with full E2EE is individuals losing access (similar issues with crypto). I believe this is one of the big reasons (not the only one) Apple hasn't added E2EE to everything yet. Permanently losing access to health data is different than losing access to decades of pictures.


Before I miss it. Here are the "good guys" at work (paywall): https://www.nytimes.com/2022/08/21/technology/google-surveil...

We can see "AI" at work. And even if a human checks it you are doomed, because you don't fit in the business plan. Therefore never upload private data on a strangers computer. The cloud is by definition a strangers computer! It is nice that you can find your lost phone with their website but you shall not store any private data on the computer of someone else. If you want keep data in sync across multiple devices multiple providers providers and tools allow for that:

  * https://syncthing.net/ (recommend: everyone)
  * https://git-scm.com/ (recommend: it-professionals)
  * https://mailbox.org (recommend: everyone, including mail, calendar, contacts, notes)
  * https://posteo.de/ (see above)
  * https://nextcloud.com (recommend: hobby and it-professionals)
The situation changes somewhat if you pay with money for service instead with data. Now you are the customer and not the people working with your data. Shared-Hosting usually comes with readily usable E-Mail and other stuff, sometimes with automatic setup of nextcloud or similiar.

Does someone have recommendations for US based E-Mail providers which are reliable and "not free"?


> Does someone have recommendations for US based E-Mail providers which are reliable and "not free"?

Buy a refurbished server rack and mount it anywhere in US, install and configure email software with everything else that you need.

> The situation changes somewhat if you pay with money for service instead with data

Yeah, now company is profiting not only from your data, but from your bank account aswell, that's the difference.


> > Does someone have recommendations for US based E-Mail providers which are reliable and "not free"?

> Buy a refurbished server rack and mount it anywhere in US

Not anywhere. You won't get very far trying to host an email server on a residential Internet connection.


As the old saying goes... Works on my machine.


You're very lucky, then. It's probably been 20 years or so since I've even bothered attempting using an email server on my residential connection.


"'The situation changes somewhat if you pay with money for service instead with data.'"

In most cases that means you pay and they still monetize your data to the fullest


They are traitors against the spirit of the constitution.

Article 10 of the Basic Law:

(1) The privacy of correspondence, posts and telecommunications shall be inviolable.


Well there is also

(2) Restriction to this are only permitted if required by law.

Which is used to force postal operators to report and investigate suspicious letters that might contain drugs.


Yeah I always laugh at those clauses that totally override all that came before


>The mothers and fathers of the German Grundgesetz (~ constitution) learned that the hard way.

Well, now we can counter "Think of the children" with "Think of the Ukrainians"


> The mothers and fathers of the German Grundgesetz (~ constitution) learned that the hard way

repetita iuvant: secrecy is not privacy.

encryption makes conversation private but not totally secret, WhatsApp knows if I write to the person named "dentist" on my address book only when the phone number connected to "wife" is out of town.

Or if I dial the number of a tow truck service at 4 am after my phone has been for hours inside a club and my CC was used to pay for half a dozen alcoholic drinks.

that's more than enough to imply what everyone is implying by reading this.

no need to know the content.

on that matter cheating was easier and safer before encryption was a common thing, nobody actually listened to our calls, and we did not leave around clues strong enough to rebuild our entire life in exchange for a messaging platform.

Secondly, that article clearly states, as any other deliberation of the EU, that the law can override the right to secrecy and that's what happens all the time: the authorities ask the permission to a judge that can grant it or deny it.

It's not like the CIA that breaks your SSL certs and wiretaps on your communications without asking anyone if they can or cannot.


> It's not like the CIA that breaks your SSL certs and wiretaps on your communications without asking anyone if they can or cannot.

It's absolutely hilarious that you believe America is the only country that does this.


> It's absolutely hilarious that you believe America is the only country that does this.

where did I say it's the only one?

But would you deny that its the one spending more on it and with the most advanced technologies to do it?

I don't know many other "free" countries that spied the political leaders of allied Nations.


Every country spies on their nominal allies. That part is not unusual or unexpected and has a long historical tradition. You can find story after story on this.

“Allies” are only allies for reasons of national interest, not because they are genuinely friends, whatever that would mean between countries.

Of course, there’s still outrage when they get caught. Here, for example, is Germany being outraged that the US spied on them. [1] And here’s Germany spying on France [2]. But they all know it’s going on.

And here’s a good quote from French intelligence:

> “If Hollande was genuinely shocked by these allegations, that would mean he wasn’t aware that this kind of thing is normal,” he said. “But of course he is aware. Hollande has to satisfy the feelings of the general public by expressing some indignation, but the truth is all countries spy on their friends and the only limitation is the means at their disposal.

[1] https://www.cnn.com/2021/05/31/europe/denmark-us-nsa-merkel-...

[2] https://www.france24.com/en/20151113-germany-spying-france-h...


> Every country spies on their nominal allies.

no.

they have sources and intelligence officers share information, for various reasons, not excluding political beliefs.

but spying the way USA was doing it on Merkel (for example) is not common, at all.

It would also mean that American intelligence is more incompetent than French or Italian intelligence, never caught spying an ally, which cast some doubts on why CIA is so highly praised...

I really don't believe it's true.

And frankly "former intelligence officer says that" it's more information warfare than something newsworthy.

If we believed "former intelligence officers" flying saucers should be filling our skies.


France has been caught spying many times. There was a huge scandal in the 90s when the French intelligence services were caught bugging American business leaders. WikiLeaks cables make the claim France is actually the “evil empire” of state-sponsored industrial espionage. France also has an enormous NSA-style spying apparatus.

https://www.france24.com/en/20130702-france-usa-spying-snowd...

https://www.theguardian.com/world/2013/jul/04/france-electro...

Beyond just spying, French intelligence services even blew up a Greenpeace ship in New Zealand. They don’t have a moral problem with messing with allies.

https://en.m.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warri...

Allies negotiate with each other all the time. Of course it helps them to have inside knowledge of what’s going on behind the scenes. Why do you think any country would handicap itself?


> Why do you think any country would handicap itself?

why do you think I think that?

As a person from Rome I have no respect for France.

The point is not that secret services spy on each other, but that mass surveillance of the scale US has built has no equivalent in the west.

They have been spying their citizen too.

Televisions, smartphones and even anti-virus software are all vulnerable to CIA hacking, according to the WikiLeaks documents released Tuesday. The capabilities described include recording the sounds, images and the private text messages of users, even when they resort to encrypted apps to communicate

Add to that most of the corporations amassing people data are American and manufacture the most popular devices around (not limited to but including clouds, voice assistants, even roomba now) and have close relations with NSA (they have to or are willing to do it it doesn't matter) and the only logical conclusion is that they either are incompetent and got caught or they have been doing it too aggressively and the allies got pissed. Right now I believe they simply stepped up their game and catching them is just gone be harder.

Wiretapping looks like child's play in comparison.

But in the end my comment was about the fact that EU Parliament is not the CIA and it's not advocating for mass surveillance.

There's a reason why secret services are called secret, because they are not doing it because the laws permits it.


Multiple EU countries have mass surveillance programs and spy on their own citizens. One of my links described the French mass surveillance program in detail.


> Multiple EU countries have mass surveillance programs and spy on their own citizens

Stop saying things you can't prove.

> French mass surveillance program in detail.

not remotely in detail and not remotely close to what we call mass surveillance and not remotely close to what NSA does

from the article (which I have to suppose you haven't read, because it's in the first paragraph)

The agency intercepted signals from computers and phones in France as well as between France and other countries, looking not so much at content but to create a map of "who is talking to whom", the paper said.

The metadata from phone and internet use was stocked in a "gigantic database" which could be consulted by six French intelligence and security agencies as well as the police.

NSA don't simply look for metadata, they can simply ask Face.. ehm Meta for that (WhatsApp).

They actually look closely at the content.

The article also goes on saying that France haven't protested much about Prism because they have (assumingly) the largest system in Europe, after the Brits (that come way after the US)

So not "multiple countries in Europe" but a couple countries have put in place system that rivals with WhatsApp abilities to collect metadata, but WhatsApp obtain it from willing users.

Imagine what MS, Amazon, Apple, Google, Netflix, Oracle, and many other american corporations can collect for the NSA while hiding those activities as legit businesses and what that means for NSA: being free to focus only on everything else.


> The mothers and fathers of the German Grundgesetz (~ constitution) learned that the hard way.

> https://www.gesetze-im-internet.de/gg/art_10.html

Weren't we Germans calling out Poland, because they decided that national law can take precedence over EU law? So I guess our GG < EU Law.


That's different, you got to understand. /s


The kids must be protected /s


No



Pretty hard joke to point at the German constitution, after it displayed it hard failing in the last years. Protection from bad state-actors is necessary, but not for the price to also expose the citizens to non-state bad actors. Protecting the citizens is also a state's job, and somewhere they need to find balance between the different protections.


[flagged]


> All the recent war involvements of Germany are inherently against the German constitution

You'll have to back that up a little. Which wars? Which involvement is considered unconstitutional? Because a lot of those have been tested in the constitutional court and found to be covered by the constitution - see the courts judgement from 1994 https://www.servat.unibe.ch/dfr/bv090286.html#

"BVerfGE 90, 286 (286)1. Die Ermächtigung des Art. 24 Abs. 2 GG berechtigt den Bund nicht nur zum Eintritt in ein System gegenseitiger kollektiver Sicherheit und zur Einwilligung in damit verbundene Beschränkungen seiner Hoheitsrechte. Sie bietet vielmehr auch die verfassungsrechtliche Grundlage für die Übernahme der mit der Zugehörigkeit zu einem solchen System typischerweise verbundenen Aufgaben und damit auch für eine Verwendung der Bundeswehr zu Einsätzen, die im Rahmen und nach den Regeln dieses Systems stattfinden.

2. Art. 87a GG steht der Anwendung des Art. 24 Abs. 2 GG als verfassungsrechtliche Grundlage für den Einsatz bewaffneter Streitkräfte im Rahmen eines Systems gegenseitiger kollektiver Sicherheit nicht entgegen."


I mean you can justify all you want, and there is various critiques on how the Verfassungsgericht has become an instrument of politics where the top assignments are now based on party affiliation. But regardless of what you think of it's decision and what you think of it's decisions, Artikel 2 of the GG says this:

> Art 2 > (1) Jeder hat das Recht auf die freie Entfaltung seiner Persönlichkeit, soweit er nicht die Rechte anderer verletzt und nicht gegen die verfassungsmäßige Ordnung oder das Sittengesetz verstößt. > (2) Jeder hat das Recht auf Leben und körperliche Unversehrtheit. Die Freiheit der Person ist unverletzlich. In diese Rechte darf nur auf Grund eines Gesetzes eingegriffen werden.

"(2) Everyone has the right to life and physical integrity. The freedom of a person is inviolable. These rights may only be interfered with on the basis of a law."

You kill someone, you bomb someone, you support someone that is bombing someone -> you are inherently violating article 2 of the GG no matter how the VerfG decides to justify the Kosovo or Iraq war or justify it as a act of selfdefense.

EDIT: yes, on the basis of a law - that I retroactively rewrote in order to justify a "defensive war" that is on the other side of the planet. Let's not kid ourselves here. The German and US MIC has done a fantastic job in white washing the violation of something that has been proven to be a false pretence by now. Even assuming that the WMD defence held up in court AT THE TIME(which is a joke TBH, since there was no evidence available), we all know that all the officials admitted that it was a lie by now.


_these rights may only be interfered with on the basis of a law_. There is a law that covers it, just as there is a law that covers all the restrictions to freedom when you commit a crime. Killing in self defense is not a violation of the constitution. That's outlandish.

Killing in a war is not in violation of the constitution. The GG itself establishes an army used for territorial defense. Article 24(2) covers the case of integrating that army into a defense and security pact (NATO, EU army, UN) and from that derives the right to deploy german soldiers in NATO and UN missions. And if they have to kill on those missions, they are _not in violation of the GG Article 2_

Edit: When reading the GG, you also need to take into account that there are many fundamental rights that are in contradiction to each other. These need to be balanced out, there's no single right that always trumps the others. Take the case of an armed robbery: My right to my property (which is codified in Art 14) is opposed to the right of the robbers physical integrity (or even life). It would be outlandish to resolve this as "the robbers right to not be hurt trumps my constitutional right" and indeed, there is the Notwehrparagraph (StGB § 32 Notwehr https://www.gesetze-im-internet.de/stgb/__32.html) which codifies your right to self defense with whatever means necessary to stop the attack. (The boundaries of what's necessary are murky and difficult to generalize, but let's leave that aside here)


The German constitution has been very much subject to changes to reflect the will of the people (requires a 2/3 majority in parliament). It is true that Germans do not quite are so obsessive about their constitutional rights like US citizens, however, I would say our constitution is a quite solid basis. The general approval ratings for the legal system and the constitution are really not bad [1]

[1] https://www.roland-rechtsschutz.de/media/roland-rechtsschutz...

Edit: fixed autocorrection typo


It’s obsessed about in the US so much because we have a federal government that oscillates between parties who want to violate it one way or another. Their whims being unconstitutional is our only defense.


>"Germans do not quite are so obsessive about their constructional rights"

In this case "obsessive" is a very desired quality. People's constitutional rights must be guarded from the sweaty paws of the governments that may treat those as a mere annoyance.


> It specifically prohibits discrimination and welcomes people from other nations, both of which the average German does not actually like

Isn't "prohibiting discrimination" something else entirely as "allowing all foreigners to come in without questions asked"? Germans profited from the ability to take refugee during and after WWII themselves.

Also, the data would rather suggest that the average German is far less against migration than your comment suggests: https://www.fes.de/themenportal-flucht-migration-integration...


> It specifically prohibits discrimination and welcomes people from other nations, both of which the average German does not actually like

That’s an absolutely wild claim and I’d like to know where you got this impression from.


Have you ever seen a poll of a European country where people wanted more immigration (from the 3rd world)?


The claim is wild because the german constitution does not encourage immigration.

It contains paragraphs that prohibit discrimination. It guarantees asylum for people that are prosecuted in their home country for political views [1]. There's also a paragraph that widens the definition of "German citizen" in the GG to those that were german citizens in 1937 or who lost their german citizenship due to the nazis. After the reunion some groups from russia emigrated to Germany (Russlanddeutsche) [2]. That is wildly different from wanting more immigration.

[1] there's a long laundry list of exceptions to that rule, for example you have to travel straight to germany without passing through a safe country. It's effectively void. See Art 16a https://www.gesetze-im-internet.de/gg/art_16a.html

[2] Article 116 https://www.gesetze-im-internet.de/gg/art_116.html


You're being disingenuous. And given on your follow-up you're actually misrepresenting what I say, which is wilfully malicious behaviour in a discussion. German politicians have repeatedly called for a reform of article 16a of the GG. The paragraph is about the right of asylum. And yes, during what they call the "migration crisis" article 16a clearly supported the case for mass migration to Germany.

https://www.merkur.de/politik/asylrecht-oettinger-will-grund...


You claim was that the GG imposes immigration on the unwilling german citizenship. That's just plain wrong. Are there applicants for asylum that try to apply despite not being covered? Probably. Is that in the GG? No.


I am as sympathetic to the Germans who dont want racial diversity and as anti globalist as it gets.

But here is the counter argument. Europe (if you don’t take the Slavs and the albenians into account) has a negative birth rate. There is no way to sustain current standard of living without immigration. The politicians in Bundestag who control the EU knows that. And if there is one thing that they are afraid of is to encounter the shortage of labour and have to increase wages that comes from that. As the crisis from Covid has shown us.

I think the root cause of the decline of the national and cultural identity of Europe is not because of immigration but because of a local population that has mostly no interest in family formation.


>"but because of a local population that has mostly no interest in family formation"

I am in Canada so do not know what the trends are in Europe but I can clearly see that having kids here is quickly becoming a financial burden many people can not afford. Part of it because people want higher living standard while the other is our fucking politicians creating such conditions.


Taiwan has a completely different demographic and a negative birth rate and no real immigration "problem" and to me it is clear that the negative birth rate is indeed more related to the cost of living crisis than it is to other factors that people like to attribute it to. Their salaries have stagnated for 30 years, while cost of living has skyrotted for anyone but expats. In relation to the income Taipei is one of the most expensive cities in the world. Who wants children if you have to live in a room in your parents flat(at 35) because you can't afford to live on your own.

And yes, while Germany and other European countries have great benefits for child rearing, regardless of that a lot of Germans are actually struggling being able to afford living in the cities. Everyone here, myself included probably makes a lot more than an average worker in Germany.


A significant portion of Swedes legitimately want more immigration.


What do you mean by “want more immigration”? More tax payers? More potential customers? More cheap workforce? Immigration as a help for unfortunate people in other countries?


From the very small sample I've had, a majority would want immigration as a help for unfortunate people in other countries.


Can you back this up? Most swedes I know are reluctant to speak, but in confidence say that “it’s a bit too much”


You're perhaps in a sociopolitical bubble if you find that claim wild. Even if you don't personally know anyone with this perspective, I would hope that it's logical, rational, and expected that a significant proportion of an indigenous population targeted for "diversification" would be opposed to the idea.

(As a counter-anecdote, I don't personally know a single person in my social circle, in Australia, who is supportive of racial diversity, ranging from indifference to a depressing powerlessness and helplessness to protest what is being done to us by the government, to open and outright racist hostility to the concept.)


When I read the original post I was getting nervous, a little angry and wanted to make the same post and mark that claim as wild. But now that I've read your comment I thought a little about my experience here in southern germany.

I recently left Berlin after over 30 years. I have been outside, but not for long to get to know "other germans". And yes, you are right, the mindset here in the south is a lot more narrow minded and what people say about refugees/foreigners is just mind blowing. Which is kinda sad. I like it here, but I doubt I can live around these people for much longer.


I'm curious which population in Australia you are designating as "indigenous". Here in the UK, "indigenous" usually means white. But I think of indigenous Australians as the aboriginals.

So there's history in Australia of white immigrants trying to force aboriginals to "integrate" with whites. I suppose you could call that "targeted diversification". But you make it sound as if your social circle is white people, objecting to "diversity" in the sense of deviation from whiteness.

Would you mind clarifying?


[flagged]


Oh dear.

Well I'm not going to argue with a blood-and-land white nationalist from Oz, telling me how people feel here in Europe. I'm going to butt out, because I have blood-pressure problems. Bye.


> indigenous population targeted for "diversification"

Oh, come on. That's QAnon conspiranoid bollocks.

> I don't personally know a single person in my social circle, in Australia, who is supportive of racial diversity

Racial diversity exists. Supporting it or opposing it isn't going to change that.


It exists in the world, and people in a region might agree they don't want too much there.


Maybe you just hang around with racists?


Well. Nothing is just white or black.


That's right, everything is gray and black instead.


Some of it is a weird shade of red.


>No.

Assume for sake of argument that it were possible to develop an encryption regime which protected bona fide users, but did not protect criminals. That would be a good thing.

As a matter of public policy, criminals shouldn't be given the right to communicate for the sake of furthering criminal activity without the possibility of lawful interception. It's here that some technologists lose sight of the real world. In the real world, society expects that authorities be able to fight crime using proportionate means.

The real issue is that you can't separate the two from each other - weakening encryption for criminals means weakening it for everyone.


You sure you want to deprive anybody who has ever been allocated the tag "criminal" the right to private communications? You might want to think long and hard about the members of that class, and what fate they are subject to when they are laid bound at the feet of their prosecutors in the state, who were also the party responsible for defining who they are, sometimes for no offense more complex or voluntary than being born.

And then if that still doesn't dissuade you, you want to think again even from a position of pure self interest, because you are very likely technically a criminal yourself. (https://www.amazon.com/Three-Felonies-Day-Target-Innocent/dp...)

Be very, very careful about handing power to the state, there's a reason they're the largest cause of non natural death in the past century, and it's not their innate benevolence.


> Assume for sake of argument that it were possible to develop an encryption regime which protected bona fide users, but did not protect criminals. That would be a good thing. [...] The real issue is that you can't separate the two from each other - weakening encryption for criminals means weakening it for everyone.

Even if such a hypothetical encryption scheme was not intrinsically weaker, it still requires two very strong assumptions:

    1. Not a single individual with legal access to the interception system will ever abuse it for their own purposes, or in exchange for a significant bribe or under the threat of blackmail from a powerful and wealthy malignant actor.

    2. A future government (democratically elected or not) will never decide that currently legal behaviour is now a crime which warrants interception—say possession of drugs for personal use, "deviant" sex, unpatriotic discourse, etc.


Here's the thing - both of those issues you've identified are broader societal issues that concern everyone, not just you.

(2) in particular is suggesting, effectively, that you should be allowed to circumvent a law you disagree with. In other words, you should be allowed to communicate unlawfully if you don't agree the communication should be unlawful.

That's just not how it works. As a society, your view is one of many. I'm sure many people involved in illicit activity disagree in their activity being characterised as criminal.

(1) undermines the fabric of institutions and assumes that law enforcement targeting criminals may do so for collateral purposes, so they shouldn't be allowed to target criminals just in case.

I don't agree with either.


Whatever society decides is not necessarily good; it's your moral right to break laws you thjnk are sufficiently unjust. When germany goes fascist again, you can bet I'll be using encryption.

If you want people to respect the rule of law, you have to offer them a compromise.


You can break whatever law you choose, but there may be consequences for doing so. It's no answer to breaking a law to say that you don't agree with the law.


There is a possibility of lawful interception at the endpoints of the end-to-end encryption. Does it mean the problem is solved?


Exellent idea. We make a socialscore-system and just people above a certain score can buy stuff with working encrytion.


Actually 10% false positive rate is not that bad if the system really has a 90% chance of detecting child abuse. Keep in mind that it only raises a flag, it doesn't automatically results in a false conviction.

I don't have the numbers but I think that during an investigation, way more than 10% of suspects did nothing wrong. In fact, some people estimate that 10% of convictions are wrong (though I think that's an overestimate). A 90% effective system may actually end up preventing false arrests, search warrants, etc... a win for privacy!

The real concern is the potential for abuse, not that 90% bar that is, I think, completely reasonable.


Make sure you get the correct meaning of the 90%. This article isn't talking about a 10% false positive rate, which would mean that 10% of OK pictures are falsely flagged as bad. That would be awful. The article is actually talking about 90% precision, AKA 10% false discovery rate, which means that 10% of the pictures flagged as bad are actually OK. That's a fairly good precision - however it is only half the picture, as the false positive rate definitely needs to be specified (and be very low).


Even 1% false positive rate would be beyond ridiculous and completely unusable.



That old adage "if you've nothing to hide, then you've nothing to fear" is oft berated in these sort of discussions, but it really does apply here.

This regulation is for the purposes of criminal investigation into serious harms against children, not for spying on whatever innocuous messages you happen to be sharing with friends and family. The privacy fears are being way overblown for us ordinary people.

Paedophiles, on the other hand, do not deserve privacy. They need to be scrutinised their entire lives to keep children - the targets of their vile depravity - from harm.

I support this regulation; every parent should.


It doesn't apply at all.

If you get accidentally flagged as criminal it can easily destroy your live, without a years log curt case you might never get properly un-flagged even if you are innocent but then the damage is more then just done.

Worse after wards the chance to again be attacked when you are innocent aren't that small because even if you get un-flagged the system is most likely remembering that you had been flagged once. At least in similar cases involving police this is not uncommon.

You might literally end up in a situation with the state forcefully taking your child away because you send pictures to a doctor to ask if idk. some rash is dangerous. Even if it get's resolved it will traumatize your child, and likely you, too.

There are many ways to improve the situation with children and the internet, but this isn't a good one I think.


What do you mean "flagged as criminal"? In EU we have the principle of innocent until proven guilty. No-one is criminal unless they have been through the process of justice.

The scenario you are describing just isn't going to happen.

I'm glad that the EU are proposing sensible and proportionate solutions to the thorny issue of paedophiles concealing their depraved activities online. The privacy activists have cried wolf for so long on this one, I think people just aren't buying their arguments any more.


> In EU we have the principle of innocent until proven guilty.

This law is de-facto undermining it. Sure the police will investigate and clear the name but Google, Apple and co. won't. They will just treat you as a criminal they don't want to do business with from the accusation onward because that's the cheapest thing to to for them. Not even including the fact that not having access to your mail until the investigation concludes can cause massive damages you will not get reimbursed for.

Also having had a criminal investigation because of child pornography even if proven that you are innocent hugely increases the chance of you being suspect if there is a e.g. child being abducted around where you live. Which can destroy you live even if you are innocent in many ways, e.g. BILD printing headlines implying a person which can basically just be you is most most likely the criminal. Children being forcefully taken away from there parents even if the parents turned out innocent is another thing which did/does happen and can be traumatizing for the children.

This doesn't even include cases where people are willfully wrongly convicted (even if this judgement is later overthrown). Which is a massive problem in the US when the accused is very poor. Through less so in the EU. But it still happens here in some cases, e.g. involving people with mental problems which can't properly represent themself at all and do not have a support net.


In the real world, people do in fact get a guilty verdict only to discover the individual wasn't guilty.

The scenario described is rare, but what you are advocating for is to overfit at the cost of a few innocents. Which is great, until it happens to you or someone you care for.

The world is constantly changing. Law and justice aren't rigid. You never know when you find yourself on the other side with no way of realizing.


With child protection that isn't true. Social services will take your child away while they investigate. Then 2 years later, having lost your job, your family, your friends, your house and your kid you'll be found innocent because there was never any evidence. And you'll get a nice letter telling you so but you won't get any of those things back...


The biggest problem with this is that governments change. Giving them a power forever means every future government will have that power. Current intentions do not matter.

Just think about every evil government in history. It wasn't always that way, and it didn't remain that way. When you know that, how can you say something isn't going to happen?


I imgine the paedophiles are also concealing their activities in physal form too? It would then be reasonble to have a police officer strip/full cavity search everyone on their way in/out of their house.


Criminals WILL have private ways - as long as it's mathematically feasible, which it is. All regulation only affects people other than those who wish to protect their conversations.

To illustrate why I think banning widespread privacy is bad, I'd like to quote the US' Miranda Warning. "Anything you say can be used against you in court." And to add: "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." Therefore - we shouldn't give the system all of the lines.


It's never about the children.


[flagged]


No need to be so rude.

From the law enforcement side, that is the system working as it should - the police investigated and cleared him of any wrongdoing.

That Google can close someone's account for any reason and without any recourse is a wider issue, and one separate to this EU regulation.


Give me access to yours and your childrens' phones, I suspect that you or one of them may be a pedophile. Don't want to? Too bad, here is the law that says that I can get it all anyway. Don't worry, I'm a good programmer, I won't see it myself, I'll let one of my algorithms do it for me (I can't tell you how it works though, since you may use that information to hide something from me)! I pinky promise that neither I nor the other strangers viewing your or your childrens photos are pedophiles!

Is that the world you want to live in?

Why should everyone suddenly have to trust the discretion of complete strangers?


Yes that sounds fine to me. We have specially trained police in this category of crimes, for good reason. I trust them to investigate fairly and proportionately.

If we cast aside the hyperbole and look at the actual details of what is being proposed in this regulation, it's clear they're taking a decent and reasonable approach here.


And you think that the potential capture of a few criminals outweighs the violation of privacy of communications of 450 million humans?

You'd be okay with forcing this onto people who don't want this, and the majority who won't even know that this is happening?


Yes, he'd be okay with it, he has nothing to hide after all, not even the fact that his phone got stolen and was used to send bomb threats to 30 nearest hospitals, then destroyed, in the area where he lives with court ruling that he's guilty + getting extra time for destroying all evidence. Literally NOONE would ever do such a thing, it's not like criminals already communicate using stolen devices and even buy things using stolen credit cards. There's simply NO WAY.


If my phone got stolen, the police would be investigating the person who stole it. Inventing outlandish scenarios isn't really a good argument here.


I don't agree that having a CSAM detection algorithm running in your messaging client is a violation of privacy.

If it detects something and alerts the relevant authorities, there will then be a proportional reduction of privacy while they investigate, but this is true of any criminal investigation.

Doing it this way strikes a reasonable balance. Other alternatives include doing nothing at all, or sending a copy of all private communications to a third party - neither of which are desirable.


Do you not feel that your devices should wholly act in your interest, instead of possibly falsely accusing you of crimes? Would you want to have your devices and the state spying on you in a way that you can't introspect or control? Or unable to oppose, should its usage be extended to other domains? What about the presumption of innocence?

Why trust the executive without judicial oversight? What if they use their powers illegally, or misuse the files they receive? What if they are hacked? You will never know what happens in the black box.


> I trust them to investigate fairly and proportionately.

Should we trust authorities with unlimited power because... you said so? (no snark intended)

The last 2000 years of history show it's not a good idea. Prove me wrong.


It's not unlimited power, this is a specific power for a specific scenario - detection of probable CSAM in a person's messages.


That's very much unlimited power to breach privacy.


Please hand over all of your account details now them. Just so we can all check.


Law enforcement acknowledging the fact that he did nothing wrong won't fix the fact that he lost a lot of time and probably braincells because of the stress induced by something completely retarded that should've never happened.

Now go ahead and send a SWAT team to my house, because I have a real photo of a naked baby in an album in one of my coffers, lets ignore for a moment that it was taken by my mother when I was a baby, and I guess by your standards, it's called "CSAM" or something equally retarded.


So literally Google unilaterally decided, based on a "suspicion" that any human being would have immediately found to be bogus, to forward _all_ of his private, personal photos to the authorities, and you think that here "the system is working as it should"? What type of expectation of privacy can you have under this system ?


> and one separate to this EU regulation.

no, not separated at all

laws have to take the implicit effects they have into account they could have added a clause to require providers to not close the account until the police investigation finishes. They didn't. Which means they are implicitly partial responsible for such abuse.


That is a broader consumer rights issue which, I agree, the EU should do something about too.

But adding a clause to this regulation would not solve that wider problem.


yes, but it would make this law less worse




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: