The original title was "EU Parliament Decides That Your Private Messages Must Not Be Scanned" and it was linked to a different article, I think this comment was written before the title and the url were changed.
“Di” as a prefix is normally adequate when referring to two (dimension, dilemma, dichotomy, etc) and yet it acquires an “a” in “dialogue”. Possibly a similar word constructed from the “tri” prefix should also have an “a” inserted.
I was upset at the parliament for even considering this and extremely relieved that they chose not to pursue this draconic instrument. That said, we as citizens will have to remain vigilant and let our voices be heard because the onslaught on our privacy is constant from both commercial interests, spy agencies and state actors. These parties have no issue keeping pressure up over decades whereas we the citizens can become exhausted and exasperated.
We need some laws to swing our way; enshrine our rights to privacy in clear terms so implementing laws like chat control become a non-starter.
The EU parliament did its job pretty much 100% correctly in my opinion. Their job is to consider the laws the EU commission suggests and thats what they did. They correctly determined it was a shitty law and voted it down.
In my opinion you should be upset at the EU commission, and especially commissioner Ylva Johansson from Sweden who seems to be the one pushing this stupid stuff.
The previous commenter is not correct. Parliament votes for its own position on this law, which is then negotiated with the Council ( the 27 national government representatives) which itself has already developed a position. The two institutions negotiate a compromise (wir support from the commission as broker) which then both institutions must vote on in order for it to become EU law. So they can still vote something down later, but generally if it comes to a vote on the final text it is already a position parliament agrees with. In the EU processes laws that are unlikely to be agreed usually don't even get to a vote, rather the commission withdraws it's proposal and provides a new one.
I think the problem is that they didn't rebuke these groups and tell them that the people don't want to approve stazi tactics in order make it easier for police surveillance for their pet "concern". We all know the primary reason is to slowly sneak in surveillance everywhere, not necessarily for evil purposes, but a system which once set becomes extremely easy to expand upon for surveillance all the time, for any reason because a democratic society just accepted it.
> We need some laws to swing our way; enshrine our rights to privacy in clear terms so implementing laws like chat control become a non-starter.
I think those are already in place - one major point against the previously suggested approach was that it would conflict with a bunch of existing regulation, and so it would never get past the courts even if it was passed.
Two convenient examples:
- Article 8 of the EU convention of human rights guarantees a right to privacy, specifically that "Everyone has the right to respect for his private and family life, his home and his correspondence": https://en.wikipedia.org/wiki/Article_8_of_the_European_Conv.... Clearly conflicts with "let's scan everybody's correspondence".
Worth noting that this isn't just a regulation; since the Lisbon Treaty it is effectively part of the EU's _constitution_, and can't simply be regulated or legislated away.
Though also note that it's the European convention on human rights, not the EU one. It's from the Council of Europe, a separate body, but the Lisbon Treaty effectively enshrined it in EU law.
EDIT: Nope, see comment below. The terminology is a bit of a mess...
> but the Lisbon Treaty effectively enshrined it in EU law
Actually no, ECHR rulings and the ECHR itself are considered guiding principles when the ECJ decides related questions but the EU is not technically bound by the ECHR
This is made moot by the fact that the EU doesn't have independent enforcement so all EU law is enforced by the member states and all member states are members of the CoE and the ECHR has already ruled that a member state can't violate the ECHR and justify itself by saying they were following EU law
But the comment above could also be referring to the EU charter of fundamental right which is binding on EU institutions and EU member states (when they're implementing/enforcing EU law), article 8 of the charter is about the protection of personal data so you can read the original comment both ways.
Either they said EU instead of European and were talking about the ECHR's "Right to respect for private and family life, home and correspondence" or they said convention of human rights instead of "charter on fundamental rights" and were referring to the EU's "Protection of personal data"
The European Parliament has no saying in what laws it votes. The European Commission draft those, and the Parliament can at best rectify or reject them.
Very strange, the US usage seems to be like what we would use “to shelve” for (as in take it off the table and put it on the shelf to forget about), at least in Australia and the UK.
Sorry for the confusion, I'm not a native speaker (although I live in UK). I meant that the parliament can ask the commission to present a specific law for discussion.
Of course the parliament doesn't need to ask the commission to drop a law, it can simply vote against it.
Yes, and the sad reality is that even if each one of these absurd legislative proposals has only a 1% chance of passing, sooner or later they will. That’s just math / probability theory. We have to find some way of reducing the inflow.
... Wait, no, that's not how it works. The commission (broadly representing the will of the member states) proposes laws, the parliament (broadly representing the will of the people of the member states) votes on them. It's perfectly plausible that these remain permanently out of whack.
I think you see this dynamic in action more with the commission vs EU parliament dynamic than you do with national government vs national parliament because in many countries there are, in practice, consequences to the government losing a vote in parliament, so governments will generally mostly restrict themselves to bills that they think they can win. There are no such consequences in the EU system, so you see a lot of this.
> Chat control - one of the worst EU plans that is also being described as a surveillance monster - must be stopped. And the EU Parliament has just decided to do so! In a historic agreement on the EU Commission's Child Sexual Abuse Regulation (CSAR) the European Parliament wants to remove chat control requirements and safeguard secure encryption. The decision came after extensive backlash against the original proposal from technology and security experts, to international scientists and to citizens across Europe. This is a great win for our right to privacy and for upholding our democratic values in Europe, but the fight continues!
What did the EU Parliament decide?
Breyer writes on his website that internet services and apps must be "secure by design and default". The EU Parliament has agreed to:
"safeguard the digital secrecy of correspondence and remove the plans for blanket chat control, which violate fundamental rights and stand no chance in court. The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material."
A huge win for our privacy rights is also that the EU Parliament has decided to "clearly exclude so-called client-side scanning".
In contrast to the original chat control proposal, the version of the EU Parliament wants that a new EU Child Protection Centre proactively searches publicly accessible parts of the internet for child sexual abuse material with automatic crawling, which can also take place in darknet and would be much more efficient than private surveillance measures by providers. Found abuse material must be reported and taken down by the provider.
Fight is not over
While the EU Parliament's decision is a huge win, the fight is not over. It is expected that the EU Commission will continue to push for general surveillance chat control measures. Now is the time for each and everyone of us to join this fight!
> ... which violate fundamental rights and stand no chance in court
Thankfully the EU still has the European Convention on Human Rights and an associated court which individuals can go to and sue their state: the European Court of Human Rights. This is unlike the European Court of Justice which cannot directly be seized by individuals.
That EU Convention on Human Rights contains the "right to privacy" (art. 8).
This may be what they meant by saying that this horrible text stood no chance in court: a deluge of individual going to to the EU Court of Human Rights invoking article 8.
Now I don't doubt that the sold outs and enemy of the EU states at the European Commission are going to come back with other horrible measures.
As a sidenote this whole "good cop (European Parliament) / bad cop (European Commission)" is a bit of a farce played on the EU people too.
That's why we have strong checks and balances, the commission (made up of appointees of the 26 EU government heads) will push things, the council (made up of those heads) have to agree, and the Parliament (made up from a popular vote) has to agree, then if all that fails the courts step in
But the fight isn't as much against the government, it's the hearts and minds of the people to make them care more about their own privacy and security rather than "someone think of the children".
I don’t think the average person cares about privacy, sadly. “I have nothing to hide,” etc. The best argument I heard against this crazy policy (only heard recently during these hearings) was that many creators/sharers of this CSAM material is kids themselves! Young teens exploring their sexuality, swapping nudes with each other. So that means that if you’re scanning all messages and you come across one of these chats, instead of that conversation staying between the 2 teens (like it should), it’s getting scanned by the provider, flagged, uploaded upstream to some law enforcement center where god knows how many other people are going to be looking at it, only to realize that there was no abuse happening. And of course that comes with the risk of leaks/hacks/rogue employees spreading it even further. Completely insane!
Checks and balances are working this time hopefully. Regardless our
(good) multi-stage processes and multi-chamber structure and even,
regardless matters of lobbying and money - in the moment of quiet
while smoke is still on the wind - look for the shooter. "Who wants
this?" and "What are their fears?" leads to a better leverage point
closer to values than parameters.
There are a lot of people in the world right now anxious about the
digital future. The EU Commission seem to hear too much from
Chicken-Licken's gang of sky-repellant gizmo salesmen and not from
calmer humane optimists.
I can't see any specific benefit to this for a corporation, my feeling is it's a political response to a general disquiet with the tech industry abusing people, along the lines of "something must be done, this is something, therefore this must be done"
I'm sure some companies would make a fortune, but their lobbying power would be outweighed by other multinational companies like whatsapp and smaller companies like mullvad.
Despite the lobbying from American organisations (Google, Facebook, Microsoft, Amazon, Palantir and others who worked with Thorn on this [1][2]) the EU Parliament did the right thing this time.
The thing that I find shocking about lobbying is just how cheap it is. In the FTX trial the amount they spent lobbying politicians for pro-crypto laws was released and we're talking low five figures. SBF even said lobbying was very cheap for the impact you can get.
Naively I thought it would cost millions to get a politician to support you but actually it's cheap enough a FAANG engineer could individually pay enough to lobby someone lol.
Edit: Literally the user base on HN would be able to crowdfund and organise a lobbying group greater than the NRA ($2.93M in 2022) if we wanted to - lobbying is such a smaller industry than I intuitively expect
You’re misreading the study. It says they asked 115 people for a low and high range of organizational spend on lobbying, and the sum of the estimates was 34-57 million.
So divide 57 by 115, and you get about 0.5 million euros on average for the high estimate.
(Some of the respondents may work for the same organization which complicates calculating the average. Hence why they’re reporting the sums instead, I guess.)
Fair enough, I googled and used the first reputable source I could find. But sure, including the two other PACs, this is still IMO small change. I thought we were talking hundreds of millions or even billions regarding the NRA.
That money is just to employ lobbyists and their associated expenses.
I'm sure there is additional money for lobbying that is not on the books. Holidays, houses, good bullion, crypto, free memberships to exclusive clubs and the like that is gifted to politician's and their spouses by big industry.
So with regards to FTX these were listed in the same spreadsheet as "Gifts", and there were some, but we're still talking low five figures for the majority of politicians. And it's not like FTX were not willing to spend more, they spent $68M on Tom Brady and Giselle for a two year contract to advertise FTX, or $500k on hotel rooms for interns in Miami.
It's getting far more regulated though, and that's a good thing - big Pharma pushing drugs to doctors is one of the most sickening parts of capitalism.
I think we're partially mistaken about the true value and reason for lobbying existing as a concept. It's a cover that muddies the waters in discussion about laws, a coping mechanism for "The Other Side" and at the same time an endless stream of content for potential reporting by reporters/media.
It's about relationships - soft power - more than money. Speaking fees, revolving door/sinecure jobs, and donations to your charities will be there for you should you need it, so there's no need to ask for things up front.
In the movie, Thank You for Smoking, there is a great scene where the main actors are sitting in a restaurant, and there's a sign just behind them that says:
"Be thankful for your government, it's the best that money can buy"
How sure can you be that your lobby is successful? Can you like 'buy' a politician, effectively a legal bribe, or is it more nuanced?
In the EU, a lot of laws are effectively written or co-authored by companies, which saves the politicians and their staffs incredible amounts of time and expertise. This must be quite expensive, just to have the lawyers on payroll who are able to do that.
I think the idea that if an opposing idea went to an NRA friend and offered more money, in almost all cases they would refuse because the lobbying dollars aren’t to convince but to support someone who asked believes what you do.
In some cases, probably like crypto laws, a politician might think “sure I don’t care or have an opinion, you bought some donations and I don’t hate your opinion so I’ll help out”, but that is a lot different than “you pay me x and I vote y.”
I think taking the agency out of the politicians hands, in most cases, is the wrong perspective.
2) You aren’t going to move the needle much with 5 figures for anything at a national level.
The real work comes when you hire the congressman’s favorite PR firm for X and their cousins polling firm for Y and their former chief of staff for $15k a month retainer and so on. The vast majority of this gets done via “consulting” agreements and public relations firms and law firms, where the nominal work is irrelevant and the relationships and introductions are the product.
It's a downpayment, though. Political careers are often short; subsequently the politician will get a high paying 'job' at one of the firms funding the lobbying. That's the real payoff.
The better word is "informing". Lobbyists inform policymakers about perspectives of certain groups (those employing the lobbyists).
It just happens that most lobbyists are paid by groups who are seeking to enrich themselves at the cost of everyone else.
However, there are some lobbyists who work for organizations that attempt to guide policy that helps under-represented groups (like nature, animal welfare, human welfare). Those lobbyists are fewer and poorly paid (as their "clients" typically have little or no money), but they work hard to at least inform policymakers of their perspective.
Do you think it's corruption when they inform the EU of the risks of legislation (like eIDAS) and fight against potential loopholes (successfully in the case of eIDAS)?
Agreed, that is exactly what it is. It's a huge stain on democracy and in many ways subverts it. Companies don't have the right to vote and should not be able to do an end-run around the electoral process with their money.
> Companies don't have the right to vote and should not be able to do an end-run around the electoral process with their money.
There's no difference between companies and people here; no one, spending their company's money or their own, should be able to influence solely through money. They only can because of corrupt state employees, who should be replaced.
> There's no difference between companies and people here; no one, spending their company's money or their own, should be able to influence solely through money.
There is because individuals are not normally the clients of lobbyists, nor do they - normally - approach politicians directly with money in hand except for some countries where campaign donations are a thing. They shouldn't be because they are effectively corruption but unsurprisingly countries where this practice is established never get around to abolishing it because it put the people who are in power in power in the first place.
> They only can because of corrupt state employees, who should be replaced.
If the state employees receive that money off the books then yes, but if it is structural it is not the employees that should be replaced but the system that should be replaced. And that is a much harder task. Because you could replace employees until the cows come home, if the system remains the same nothing will really change.
> And that is a much harder task. Because you could replace employees until the cows come home, if the system remains the same nothing will really change.
There are lots of things where we trust individuals to do a good job. If we can identify things as being the results of corruption via lobbying, why not fire them or prosecute them?
> If we can identify things as being the results of corruption via lobbying, why not fire them or prosecute them?
That's an excellent question. In many places 'lobbying' is legal, technically it is supposedly to inform the clueless legislators about various interests. But in practice it very quickly turns into 'soft' corruption, meetings in holiday resorts (oh, do bring your family) and so on. Whatever lines are drawn the amount of money available to get around them is practically infinite and politicians (and civil servants) are not all equally good at determining when they are targeted and might be across the line before they realize it (and then it gets much harder to go back than to have never crossed it before).
Occasionally people are terminated, and occasionally there are prosecutions. But there is a very large amount of information about who may have been involved in corruption and only a limited amount of prosecution and investigatory power so the bulk of these cases will end up being ignored.
> politicians (and civil servants) are not all equally good at determining when they are targeted and might be across the line before they realize it (and then it gets much harder to go back than to have never crossed it before).
I don't think many people would get such a pass. The whole point of paying them from money taken from people's incomes is so they can be impartial. There's no point having them if they don't add value.
> I don't think many people would get such a pass.
You'd be surprised. Especially if the last review of the rules is a while ago or if they have been recently updated. People are sloppy, especially if they think nobody is looking and that it doesn't matter.
> The whole point of paying them from money taken from people's incomes is so they can be impartial.
That's the theory, but as the US supreme court proves that doesn't mean much.
> There's no point having them if they don't add value.
It's never that black and white except for the most extreme cases and those are the ones that in the end usually do make it to prosecution. Also note that in the EU different member states have entirely different views on what constitutes corruption and normality.
Some cities are more idiotic than others, apparently, but in case it wasn't clear the context was general elections. Not that what you point out isn't a travesty and should be dealt with before someone figures out that you can create as many companies as you want.
Let's not pretend that a slick lobbyist hired by vested interests to talk to representatives with no money changing hands is comparable to the stuff that goes down in high corruption countries, where there's literally briefcases full of cash given to politicians.
> “…it was publicly disclosed that Boehner in the last week of June 1995 walked around the House floor delivering six or more of the Brown & Williamson Tobacco Corp. PAC checks.
> “in the same week Boehner was giving out the checks on the House floor, the House Appropriations Committee met in its room in the Rayburn House Office Building and voted down (17 to 30) an amendment that would have ended the government's price support program for tobacco. Seven Appropriations Committee members each had received a $500 check from Brown & Williamson's PAC, including one for the committee chairman, Rep. Bob Livingston (R-La.).”
This kind of activity seems to refute the “objective difference” you’re imagining.
You were talking about high corruption and low corruption countries in general. Did you forget your own context?
The point that I and several others have made is that what “low corruption” often corresponds to is that corruption has been legalized in various ways.
Re the amount, the fact that it’s a token is kind of the point in those cases. It’s a public display and reminder to everyone where their campaign funding is coming from. Other amounts are often donated at other times, and larger amounts may come from other companies in the same industry. They didn’t change their vote for those specific checks, it’s more like a reminder that the vote that had already been bought was coming up.
Their tactics apparently worked on you to make you inclined to ignore the exact kind of blatant corruption you had just been criticizing. It’s not “low corruption”, it’s corruption that’s apparently less easy for many people to recognize.
> 500, even in 1995, is a token amount of money to the representatives.
In the post-soviet countries (many of them now in EU), you can't imagine how much you can "get done" by "gifting" the right person a bottle of their favourite poison - which costs a token amount by almost any standard (like, high school pocket money).
My point is that these are two names for the same thing, an attempt to justify the "rules for you but not for us" on the moral spectrum. Microsoft can launder open source code with generative AI, but don't you dare even look at their sources.
> Let's not pretend that a slick lobbyist hired by vested interests to talk to representatives with no money changing hands is comparable to the stuff that goes down in high corruption countries, where there's literally briefcases full of cash given to politicians.
That's just a make-up, parfumerie on top of the same exact concept: use money in some way to corrupt decision making.
Just because in some countries it's done with a veneer of legitimacy, in a way that doesn't look as dirty and disgusting as "those other over there with their dirty hands full of bags of money", it's just corruption with a façade of high-class. It's still the same thing, just has more layers of indirection and make-up on top.
> The CPI measures perception of corruption due to the difficulty of measuring absolute levels of corruption
So the difference consists primarily in perception, the slickness of it all as you put it? How well we can hide corruption with a facade of legality and civility. Somehow the crude briefcase full of cash feels more honest and direct.
"a facade of legality and civility" is literally the point of rule of law. It's why if you detain someone it's a crime, but if the police do it it's normal law enforcement.
Lobbying is just people or organizations making their case to politicians in a private way (e.g. meeting MP in their office) instead of a public way (e.g. putting an article to press).
That is what it is supposed to be. Offering a perspective someone said. In a michelin star restaurant, private resort full of prostitutes or after having donated substantial amounts of cash to their campaign ensuring their hold on power.
Somehow it seems different when 'presenting the case' is accompanied by gifts and money.
> after having donated substantial amounts of cash to their campaign ensuring their hold on power
This is the main problem, and there is a solution. If campaigns are financed by enough public money, donations have less power and can be regulated more heavily.
Similarly, if individual politicians get enough from the state to feel secure even if voted out, we take away the power of the promise of a next job and can enforce a grace period before working on anything related.
Lobbying I'd argue is an essential part of democracy because it allows groups of people that have a shared concern to come together and make their case to the politicians.
> ... groups of people that have a shared concern to come together and make their case to the politicians.
That would be solved by referenda, with their results and number of people affected being presented to the politicians so that they must deal with the problem.
Lobbying as it is now in many countries (possibly all of them) has nothing to do with that and to me is just legalized corruption.
What do you imply? To me it doesn't matter if you use a different word for monetary value, be it donation or something else, it comes down to the same, namely money.
The expert panel for this was truly a sight to behold, with majority representation coming from outside the EU (mostly american, but also canadian, new zealand and australian representation): https://twitter.com/SimoKohonen/status/1722635234116506052
The EU also has a right to privacy enshrined via the Treaty of Lisbon, so even if this law had got through the parliament somehow it should/would have been stuck down by the courts.
Thorn and all its supporters should be branded for what they are: Enemies of the free world. Enemies of democracy and fighters for oppression and dystopian police states.
If you look at the developments in Hungary and Poland (or the polls in Austria), any form of surveillance will be just used as another vehicle to keep autocrats and would-be dictators in power.
I doubt that the election in Poland in 2023 would have turned out like this if the PiS had seamless protocols of the opposition's communication.
How do you explain big Pharma lobbying to stop reducing drug prices? For example, Democrats who held up drug pricing reforms were the largest beneficiaries of lobbyist money.
That's a US problem. The prices of all medicines in for example Denmark are publicly available. The medicine is purchased by a single entity(and there are proposals to combine the entities within the Nordic countries to form a single large purchaser), so to sell medicine in Denmark you'll have to play ball. The prices are therefore quite reasonable. Insulin which is a commonly used example of overpriced medicine in the US is around 40-50 USD in Denmark. That is the brand version from Novo Nordisk.
The short answer is that we're talking about the EU. Thats a US thing.
As far as I can tell looking from the outside the US system is set up so that if you aren't ridiculously wealthy yourself you pretty much need lobbyist money to fund your campaign to get elected.
> As far as I can tell looking from the outside the US system is set up so that if you aren't ridiculously wealthy yourself you pretty much need lobbyist money to fund your campaign to get elected.
Considering their whole country started as a place where only wealthy male landowners could vote, and they literally deify some of those wealthy male land and slave owners, as well as their written works, it's no surprise really.
Out of curiosity, how accurately do you feel are the opinions of outsiders with no experience living in your country who comment on your country's state of affairs?
Well, on the one hand of course you could argue that outsiders are less experienced with living in your country.
But outsiders have no emotional stakes in convincing themselves that your country is the best on earth. Consequently, I feel the non-US media are freer than US mass media to discuss the true state of American healthcare. Outsiders are less susceptible to your country's patriotic propaganda.
This does go both (or all) ways. The US are an example here, not a singular special case. Every country tries to convince its citizens that it's better than everywhere else.
I have previously lived in the USA, I'm not sure why you assumed I have no experience of that.
In general I would expect someone who speaks the language of the country I live in now at roughly the same level I speak English to have a pretty accurate understanding of what is going on here. It would, frankly, be quite weird to speak the language and have no idea of what is happening here. Of course America is a special case because of how the internet is dominated by US media, commentary and content.
Sometimes their perspectives could be more accurate as they don't have the same biases. Or maybe its better to say understanding and including their perspectives contributes to a more accurate understanding.
Generally political advertisements, campaign spending and especially donations are strongly limited. E.g. where I am a only private individuals can only donate and only up to 10k per year. The downside of that is that most funding parties receive comes from the state and it's based on their previous election performance (which is problematic due to very obvious reasons...).
Also if everyone can give/spend as much as they want legally it at least stays semi transparent so in theory voters can base their decisions on that. Illegal bribes, kickbacks etc. are a bit harder to track.
I think the explanation is these legislators are not the ones who feel ideologically strong about cutting drug prices. Of the three people listed in this article, Kyrsten Sinema is no longer a Democrat and Bob Menendez is currently under indicment on federal corruption charges, which is now the second time for him.
Lobbying is likely easier in a polarised two-party system where you really only have to swing a few people on the edges to deadlock things. The European Parliament has 6 large parties (>50 seats), and they're not particularly cohesive, so cases where the pre-ordained decision can be swayed by getting to this six people would be much rarer.
That is likely true, though there is still extensive lobbying going on in the EU and within EU countries. It is just done in a different way, with different mechanics.
Well one of these guys is Bob Menendez, who is currently indicted on his second federal corruption charges and who happily accepts cash and gold bars from Egyptian nationals.
It's not just lobbying. There are entire industries built around the revolving doors of think tanks, NGOs, boards, advisories, "research" institutes, etc.
Makes lot of sense. In some EU countries like Finland the privacy of communication is a CONSTITUTIONAL right. So you need good reason to break it. And I don't think generic muh terrorism passes the bar.
Even more than that, its article 7 of the European Charter of Fundamental Rights so its baked into the foundation of the EU itself via the Treaty of Lisbon (which is why its unsurprising this law failed to pass the EU parliament). Even if somehow this law did get passed the parliament the EU's courts should have struck it down.
Private messages won't be scanned for now, but what about the certificates in web browsers that could be swapped at will by any certificate in the control of some EU apparel so that "encrypted" web traffic could be sniffed and MITMed?
Which moreover came with a fineprint specifying that it'd be illegal for browsers to warn users about certificate being swapped?
> Private messages won't be scanned for now, but what about the certificates in web browsers that could be swapped at will by any certificate in the control of some EU apparel so that "encrypted" web traffic could be sniffed and MITMed?
That was a (probably) unintended consequence of the eIDAS legislation, where specific Certificate Authorities must be trusted by browsers to enable digital certificates and signing to work EU-wide. This has since been corrected and the legislation explicitly states that those CAs and the regular CAs can and should be kept separate, thus MITM won't be possible unless the browser chooses to mix things.
I'd love to know who was in favour of the new better proposal and who was in favour of the old proposal. A clear insight into their values. It's EU parliamentary elections next year, I'd nearly argue those supporting this new better proposal would be a good voting choice next year and to steer clear of those in favour of the old proposal.
Unfortunately only a tiny proportion of population in the EU keep track of what their MEPs are actually doing and most vote more or less the same way they'd vote in national elections (where I am it's more like an opinion poll preceding the 'real' elections which always happen ~6 months after the European ones).
I was jaded by this proposal as well, but jaded by the EU in general?
GDPR, forced interoperability from gatekeepers, the 2 year warranty on anything bought online
This attempt at breaking encryption completely stood out with the usual things
The EU seems like the only governmental organization that's working well to improve my life, in my country. Everything else is either decaying or opposing my values.
I'm still bitter about their half-baked cookie law that instantly made web browsing a much worse experience, regardless of how well-intentioned it may have been.
Specifically in the digital space the DMA and DSA try (and will probably at least partially succeed) to break the plattform feudal rule and move their role more towards that of a public utility by restricting how they can use their market power.
That'll have a massive (I think positive) effect on the digital economy.
Unlikely. What will happen is that instead of one big push to the EU they will try again on the local level. That's how companies abuse the EU all the time. First try to lobby the EU itself for a one-stop-shop approach, and if that fails they go after the member states.
That will be a lot harder though cause way more people actually pay attention to what their governates are doing compared to the EU (assuming of course a significant proportion of the population actually cares and opposes stuff like this).
Yes, true, it is harder and will cost more and it will take more time. But I'm pretty sure that they'll try. You can expect the same for the DSA, which is a major thorn in the side of the advertising industry.
Privacy is an excellent example. At first it was locally dealt with, and big tech would lobby the individual countries for all kinds of exceptions and ways to effectively get regulatory capture. Then, in 1995 the EU created the DPD.
Big tech and the advertising industry responded by sidestepping the new regulation to make deals with the individual countries to undermine it, and actually managed to get close to getting their way, and possibly to get it repealed completely.
This is just venue shopping, can't get what you want in one place then you just fragment it and try to get multiple smaller deals. So I totally expect a similar thing to happen around this subject, the stakes are just too high for them to ignore the whole EU for their games.
Well, the smaller states are also easier to pay off, especially if they have already adopted the strategy of being the least regulated place in the EU.
Though admittedly the example Cyprus indicates that the strategy could be to simply quietly ignore the law when it comes to foreign interests.
I'm very relieved by this. It is shocking that there was even the possibility of such a law passing, because it would've turned a lot of people, including myself, absolutely against the EU.
Prefect combination with Article 45 (https://www.eff.org/deeplinks/2023/11/article-45-will-roll-b...). You can roam around EU versions of websites that rely on government own certificate authorities and allow you to log in with your eIDAS id - which will be a requirement for all "very large online platforms."
What really blow my mind is that now we need so much energy and be that thankful to the EU for something that should be so basic and obvious.
When you compare how scandalous and impossibly excessive was looking the story of "1984" a few dozen years ago and that now it is the new normal.
In a lot of countries, even democratic ones, we are already far worse than what was described in the book. But very little persons are shocked about that...
> In contrast to the original chat control proposal, the version of the EU Parliament wants that a new EU Child Protection Centre proactively searches publicly accessible parts of the internet for child sexual abuse material with automatic crawling, which can also take place in darknet and would be much more efficient than private surveillance measures by providers. Found abuse material must be reported and taken down by the provider.
This is a good start, if it is sufficiently well-funded and appropriately staffed.
I hope that they crawl much more than the public "clearnet" and "darknet", since a lot of media is shared inside the various walled gardens that make up the internet here in the '20s.
What's the closest thing to EFF for these kinds of things in Europe? I always feel like there's a huge difference in quality of reporting where EFF produces some of the best content I've ever read on any topic, and stuff about EU privacy is often a lot harder to follow.
I know about statewatch and some individuals I follow who do a pretty good job, but feels like there is a gap for an organization to step and replicate what EFF does in the US.
You might try Brave New Europe? They don't look at tech specifically like EFF, but tech touches their stories on economics, regulation, and the media: https://braveneweurope.com/?s=tech
This website is a throwback to a design choice that (thankfully) has mostly died off - choosing a mid-grey for your text, making it much more effort to read.
I used to have Stylebot pinned to my extensions to fix it, but haven't had to do it in ages. Designers - please don't do this.
(I think it comes from people designing on much higher contrast Apple monitors and not testing on anything else)
Indeed it looks like all the text is grayed out... like "I'm waiting for you to click that damn accept-cookie button before actually showing the page".
When I heard an interview with a Swedish EU politician, I thought it was a lost cause. She was completely blinded by the possibilities and saw no downside whatsoever.
I guess you are talking about Ylva Johansson, who is the spearhead of this. Every time she opens her mouth on this subject any person with knowledge on this subject breaks on the inside a little more, she has no idea what she is trying to do. Or maybe she does and it's all a smokescreen, I don't really know.
The EU needs to stop it with all this heavy handed regulation. At the end of the day it only hurts businesses. Businesses rely on the data contained within these communications in order to improve their services. This is why US tech companies are growing while EU equivalents are not.
It's all well and good to consider user privacy and user safety but not when it stifles the market.
[Please note that this is a satirical comment based on some of the arguments I've seen here in the past]
Those comments are not entirely wrong. Regulation does hurt, but the main issue is that even though the EU is a single market in theory, it's made up of nations that each have their own market and speak their own language. Not a lot of new tech companies target the entire EU, they mostly target their domestic market and certainly not the USA.
In the USA it's easy for a new tech company to put out a commercial to target the entire US population of more than 300 million people. This is practically impossible in the EU. The market here is actually very fractured.
We have "big" tech companies in each EU nation, but they cater only to the domestic market. "Big" as in they are dominant in their field inside their nation.
Take online payment systems for instance. While there are global EU companies like Klarna, most EU nations has their own system that everyone uses. So while you usually have a bunch of payment options to chose from, 99% picks the national one (usually no processing fees).
This also applies to a bunch of other apps in the EU.
If you create an app or a service in the EU and you want it to succeed, you need to target your domestic market first. However chances are there's already an app or service for your idea and you'll have zero chance to compete on the international market, even if you translate your service to as many languages you can think of.
And? I fail to see how having a big EU-wide tech company is more important than good regulations that protect EU citizens and give them rights big tech companies don't want them to have (e.g. privacy, data portability, right to be forgotten, etc.)
Next step would be OS maintainers to make APIs for providing e2e encryption functionality and then app stores requiring these apis to be used for private messaging.
All security is built on trust. If your threat model is trust nothing, then the solution is do nothing. What I’m talking about is called anchoring, where you force a critical flow through a single anchor by design, and thus reduce the places that you have to audit. It’s the same reason they say that all security should be baked in the keys (strength, mgmt, exchange, etc…).
Do I trust Apple and Microsoft? I think sort of.
I don’t trust them to be perfect, but if your prior is to say that you don’t trust them at all, then it means you basically can’t use them at all bc no amount of security will get around an untrustworthy OS.
They control what gets displayed on screen, they control how memory is laid out and accessed for a program. There are already so many more important things we entrust to them. So, yeah, I prefer OS’s (all vendors) to provide APIs, and for app stores to enforce their use. I especially would trust this more than EU laws, and I certainly would trust that more than everyone doing their own thing, regardless if it’s open source.
If for no other better reason I trust the OS more, since all of these open solutions will still run on those supposedly untrustworthy os vendors.
You basically have to trust your OS, Don’t you think? Otherwise, the answer is you do nothing.
Why wouldn't you trust them? To some extent at least?
I mean if they are claiming their messaging system is E2E and it turns out it isn't the cost to them (not only financial) would be much higher than whatever they earn from having access to your data.
Yeah I agree that's the core issue. I'd only "trust" them because I don't see how promising E2E and then breaking it on a widescale would be profitable for them
I've heard this claim many times, and have yet to see anything to substantiate it.
I'm not saying I don't believe it - I have zero trust in Meta, and use Matrix and Signal with everyone that I can. But I would like evidence of foul play before making specific claims.
It's not that simple. If the country introduces a legislation, every company operating in it's border must comply.
If EU would introduce such legislation, it could potentially make software doing end2end encryption illegal. In such case, google would be removing it from EU Play Stores, and this would be more/less end of such messaging apps unless they comply. :-)
This is why it's important to have a reasonable legislature and laws.
> This is why it's important to have a reasonable legislature and laws.
And multiple points of control. In the EU the council acts as a check on populism through parliament (even if the nazis took over parliament it wouldn't give them a lot of power), parliament acts as a check on the council (even if the heads of 70% of EU countries decided something, parliament gets its say). Neither of those are the executive so they would be unable to push through laws which favour specific countries or groups of countries (as the commission are supposed to act primarily on behalf of the union, in the same way the US president is supposed to not favour his home state). Then outside of government you have the judiciary who look at the laws passed and interpret them in line with other laws, throwing out ones which are incompatible.
It'd give people all the more incentive to sideload and get off Google Play Store. That's a win win in my book. And Signal is a non-for-profit. I don't see why they'd care. Designing system that subvert authoritarian regimes.. what's more punk than that
If you have to ask governments for permission then that's a bad design and your system will be taken away from you when the next think-of-the-children populists are elected
If you work on the assumption all governments are eternally nice and well interventioned .. then E2E chat systems aren't all that necessary in the first place
The Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted a "draft Parliament position" [0] and that's that.
This still needs to go through so-called "tri(a?)logue negotiations", held between the EU parliament, commission and council. [1]
Still a tad early for calling this a win!
[0] - https://www.europarl.europa.eu/news/en/press-room/20231110IP...
[1] - https://netzpolitik.org/2023/ueberwachung-eu-innenausschuss-... (German)