the European Parliament’s position removes indiscriminate chat control and allows only for a targeted surveillance of specific individuals and groups reasonably suspicious of being linked to child sexual abuse material, with a judicial warrant. End-to-end encrypted messengers are exempted.
How does this differ from the status quo? I would assume targeted surveillance, without requiring 3rd parties sabotage the security of their products, is already a legal law enforcement procedure?
The EU standardizes a lot of laws that a lot of countries should have had already. I'm sure there must be bad examples but I've really only seen improvements in action. Countries have to part with their idiotic version or give up on their idiotic proposals. NL for example had some issues wanting forced labor for unemployed people with social support but that would be called a job and require minimum wage.
Doesn't have to be different from the status quo. EU law acts upon member countries like the US federal constitution acts upon member states: it prevent individual members from ever changing their own laws to take more extreme positions than the recognized consensus position.
To my knowledge EU Regulations are simply laws that overrule local EU countries' laws, so whether it's possible or not for local laws to be more extreme only depends on such laws being at odds with what the Regulation prescribes (but I'm not a lawyer and only looked into that years ago).
From what I've been told how it actually works is that eu law doesn't apply directly to member states, but member states are required to amend their laws to be at least as strict as eu laws on all matters.
There's not a single type of EU laws, there are "regulations" and "directives".
Regulations are complete laws applicable immediately across the EU as they stand, the states are required to amend any conflicting law but the regulations already automatically prevail on any conflicting local law.
Directives instead need to be transposed into local law by each state individually, and can leave many details to the individual implementations.
Correct. But the chatcontrol proposal would have changed that. The proposed law mandates untargeted surveillance and bypassing of encryption through client-side scanning.
The status quo now is that each country does as it sees fit. This will unify legislation across the whole of EU and basically forbid countries to have laws that contravene to this.
Not really. This was expected. The commision tends to align with big business friendly proposals. The parliament tends to align with inhabitants, but has less power. Proposals go back and forth.
What makes this story special is how blatantly bribable the commission must be to make them spit out this proposal.
Here's an article in German about the sketchy dealings of the commissioner in question. Apparently, Ashton Kutcher (who's the main lobbying force behind this - how did that happen???), got a meeting with her confirmed 37 minutes after requesting it, while emails from privacy advocates continue being ignored.
Is Ashton Kutcher the actual "main lobbying force" or the hired face of the main lobbying force?
It's relatively common for lobby groups to hire known public faces to front for their interests .. a celebrity face can open a door to a meeting that might not otherwise happen.
It works both ways, celebrities will often hit a point in their careers where they start to look for a good noble cause to front for in order to keep their name and face in the public eye and aligned with <insert feel good values>.
For the historians that like to trace the roots of things the test would be whether this is a lobby and cause that was bought into being by its star face, or did it kick around for a few years before being bought to the attention of a star by their PR people and agents.
It seems like this is a proposal, but it hasn’t been adopted and it’s not clear this coalition will prevail. It’s hard to tell because the language of the article makes it seem like a “done deal”, but I’m less optimistic.
At least on the EU level, this certainly had its merits. Additionally I think having good informed representatives like that can even have a bigger impact than their seat alone, because they can often influence the opinion of other representatives around them.
> Security by design: In order to protect young people from grooming, internet services and apps shall be secure by design and default. It must be possible to block and report other users. Only at the request of the user should he or she be publicly addressable and see messages or pictures of other users. Users should be asked for confirmation before sending contact details or nude pictures. Potential perpetrators and victims should be warned where appropriate, for example if they try to search for abuse material using certain search words. Public chats at high risk of grooming are to be moderated.
The "publicly addressable" part is feasible and already implemented by many messengers.
Asking for "confirmation before sending contact details" is feasible but easily circumvented as is my mail is joe at example dot com.
Asking for "confirmation before sending [...] nude pictures" is where it gets interesting. How without scanning every file one is about to share?
There are many ways to share contact details. One is to use an app provided mechanism, which can ask confirmation about sending and receiving contacts. Another one is to just type them into a message. The confirmation of the intention to send is implicit but no confirmation is possible at the receiving end: they read the message and get the contact, willing or unwilling. All they can do is delete it before remembering it and report the other party. There is a provision about reporting unwanted interactions.
About circumvention, one could think about a way to detect contact details in messages. There are several problems with that.
1. If it warns the sender, the sender will try another way until the obfuscated contact passes unnoticed (text, image, vocal, link, whatever.)
2. If it automatically reports the sender there will be many false positives, some due to copy and paste, keyboard autocompletion, etc.
On the one hand this makes me very happy that democracy can actually work things out (and quite well at that)... but on the other hand i'm still horrified people seriously tried to push the original proposal. Not sure what i feel summing up the two.
I feel like it's pretty obvious the bill wouldn't pass. It's just so off-base from all other EU tech policy. Banning end to end encryption is both ineffective and practically impossible. And sending "CSAM" (in a lot of cases teenagers/young adult nudes) to a presumably American tech company for manual screening is just so unequivocally wrong on a privacy level.
It seems like a lot of money went into making this get to the vote. My impression is that lobbyists have worked for this through the European commission - which is distasteful as it should never have been proposed. But it never stood a chance in the parliament. There seems to be checks and balances.
I have to credit the great work of people like Patrick Breyer and everyone who has demonstrated and organized across the EU these last months. Passivity leads to the worst outcomes.
I think you're probably right, but sometimes I wonder if a bit of distance can be a good thing. Perhaps a slight distance can make populism less viable while still being effective at representing the low-pass filtered will of the people in a sense.
And perhaps the lower public mindshare might help insulate against people with ambitions but not people's best interest at heart. Or this is crazy talk, not sure which one it is :)
That isn't a good development at all. Problem is that this distance isn't realized for large interest groups. This bill is an example. It is still on the menu despite numerous lobbying attempts have been made public.
The EU shifted power from voters to larger groups with particular interests. Those groups have the resources to address people in Brussels, while voters have more or less no voice or impact.
Too far removed or just too technologically inept? Not only was it technologically impossible; but they keep wanting to do things to people's online life that everyone that would never fly in offline life.
It's like they think technology is somehow an optional extra, or even a passing fad that doesn't deserve the same rights and safeguards.
I am still not sure that this is not a very foul compromise. It remains to be seen. For example age verification for certain site with adult content.
This is a typical strategy and people fall for it every time because they have not reflected on their own position.
This isn't a win for democracy at all, it is still pushed top down by the EU. They still push for unique internet IDs, even if they say they protect anonymous access for now.
I am so extremely happy to see this. Even if the law text all.in all is a disaster, full of holes and inconsistencies the main goal after total rejection was to get rid of the chat control part. Forcing targeted scanning only. I was I Brussels a couple of weeks ago as a volunteer with eDRI and meeting with MEPs and making noise about the issue. As a Swede I feel extra bad about this law and how it has come about since the person driving this is the Swedish commissioner Ylva Johansson. But please keep protesting and explain to.people why the right to private conversations is important. This is a right that I.count on is going to be attacked many many more.times.
To add context to the link, this isn't a repost, just related.
The post linked is about the Council (think US senate or Bundesrat) not having enough votes to pass the text (they're still looking for internal compromises)
This post is about the European Parliament's committee examining the draft (well, one of the 5, but LIBE is the lead one)
The "worst" thing about this from my understanding is that for now this is just an agreement.
From the bottom of the article:
> The EU Parliament’s civil liberties committee is due to confirm the agreement on 13 November.
> 20 November 2023: Announcement in plenary (likely no vote on substance)
> 4 December 2023: Envisaged Adoption of Partial General Approach by EU Council (tbc)
> after 2024 EU elections: Envisaged trilogue negotiations of the final text of the legislation between Commission, Parliament and Council, as well as adoption of the result
> We safeguard trust in secure end-to-end encryption. We clearly exclude so-called client-side scanning, i.e. the installation of surveillance functionalities and security vulnerabilities in our smartphones.
What does "exclude" mean in this context? Should client-side scanning be allowed or not?
