this post was submitted on 19 Jun 2024
339 points (99.4% liked)

Europe

8324 readers
43 users here now

News/Interesting Stories/Beautiful Pictures from Europe πŸ‡ͺπŸ‡Ί

(Current banner: Thunder mountain, Germany, πŸ‡©πŸ‡ͺ ) Feel free to post submissions for banner pictures

Rules

(This list is obviously incomplete, but it will get expanded when necessary)

  1. Be nice to each other (e.g. No direct insults against each other);
  2. No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
  3. No posts linking to mis-information funded by foreign states or billionaires.

Also check out [email protected]

founded 1 year ago
MODERATORS
[email protected]
339
Client-Side-Scanning: 'Chat Control is Pure Surveillance State' (netzpolitik.org)
submitted 1 week ago by [email protected] to c/[email protected]
44 comments fedilink hide all child comments
 

The planned chat control makes the world less secure and more authoritarian, as it is directed against private and encrypted communication. Proponents are using disinformation, lies, and sleight of hand to push through the project. But chat control can still be stopped. A commentary.

For years, legions of IT experts and security researchers, lawyers, data protection experts, digital organizations, tech companies, messengers, UN representatives, child protection experts, guardians of internet standards, scientists, and anyone else with expertise have been raising alarms around the world: chat control is dangerous. It is a new form of mass surveillance. It will weaken the IT security of us all. It would introduce a surveillance infrastructure on apps and end devices beyond the EU that authoritarian states will use to their advantage.

Ultimately, chat control is a frontal attack on end-to-end encryption. Put simply, this form of encryption ensures that the sender puts their message in an envelope that can only be opened by the recipient. With the planned chat control, the envelope is not forcibly opened on the way to the recipient; instead, the contents of the envelope are analysed before being inserted into the envelope. So when you write a letter, your private data is looked at directly over your shoulder. Nothing Is Private Anymore When Chat Control Arrives

Those in favour of chat control now claim that the envelope – in this case, end-to-end encryption – would not be opened and that communication would therefore be secure and encrypted. It’s a shabby and transparent sleight of hand: after all, what is the protective envelope worth if what we send to other people is screened by default before it is sent? And where is the good old privacy of correspondence for our digital letters on WhatsApp, Signal, or Threema? What right do you have to monitor what I do and what I send on my mobile phone, tablet, and computer? How dare you!

The fact is that it is not technically possible to monitor all content at the same time and still guarantee private and secure communication. It simply isn’t possible. But the EU Commissioner for Home Affairs, Ylva Johansson, and all the other proponents of chat control claim exactly the opposite. They openly lie to our faces, place misleading ads, and pretend that chat control is somehow harmless and compatible with fundamental rights and data protection. They spread the disinformation that private communication and the screening of all content can coexist. This is nothing less than an insult to common sense.

It’s Not About the Children

The surveillance proponents pretend that they want to better protect children and tell horror stories based on dubious figures. But it was clear from the outset that chat control is about attacking end-to-end encryption – and therefore the secure and private communication of billions of people. Because if the EU, with its 450 million inhabitants, introduces chat control, it will have a global impact.

From the very beginning, a lobby network intertwined with the security apparatus has been pushing chat control. It was never really about the children; otherwise, the root causes of abuse and violence would be addressed instead of monitoring innocent people without any initial suspicion. The point is that encrypted communication is a thorn in the side of the security apparatus. That is why it has been trying to combat our private and encrypted communication in various ways for years.

This is the surveillance state at its best and a reversal of the principles of the rule of law. Everyone is guilty until proven otherwise. This chat control is a spawn of authoritarian fantasies – and as such, the EU member states must reject it in the Council on Thursday if they still have a shred of democratic values.

top 44 comments
sorted by: hot top controversial new old
[–] quinkin 37 points 1 week ago (1 children)

1984 was a warning, not a goal.

[–] [email protected] 12 points 1 week ago

For us(plebs) it was a warning, for those in control an aspiration

[–] hoshikarakitaridia 34 points 1 week ago

Imagine there's one phone type with one security level. And now they introduce a second phone. It has less security. Now everyone has to switch to the weaker phone.

Soooo, now who gets the stronger phones? Government employees? The military? Politicians? Agencies?

The less the strong phones you give out, the more authoritarian the measure. But the more the strong phones you give out, the higher the chance of misuse or mishandling. You will now have a black market for secure phones, giving them out to criminals. You will now have people with strong phones having a higher right of privacy, giving them more protection against the state itself.

Now let's add more factors. Someone loses their stronger phone. We now have a potentially untraceable strong phone. The government is losing control over those. Now you have 5 different tiers of secure phones. But people are people and the more complicated, the more things can go wrong. Now let's add in slightly more authoritarian states like Hungary. There's a good chance they will instantly start spying on journalists. Or give opposition parties the weaker phones by accident.

Now add in foreign agencies. China's digital government agencies are very efficient. Imagine they get the keys to the weaker phones. Great, now China can effectively monitor 99% of the EU. And now even if an EU member has a strong phone, they just listen in his wife's phone, and they get the information anyway. Now what about if a spy from North Korea gets the keys and starts finding bank information on the stronger phones? They now have new super annoying ways of stealing billions of dollars from the EU and covertly as well if they do it right.

As you can see, making some people's security weaker on purpose is a lose lose game. It never works. There's way too many cooks in the kitchen in the EU for this kind of stuff to stay in line, and there WILL be misuse, one way or the other.

[–] [email protected] 20 points 1 week ago (3 children)

How are they even going to enforce this? What prevents me from just using an E2EE message service that doesn't do chat scanning?

[–] [email protected] 29 points 1 week ago (2 children)

The law... But seriously, it's not meant to spy on you or me. It's meant for 90% of the population who can't install an .apk and don't know the difference between a web browser and a search engine. They'll just download facebook messenger from the play store if it doesn't come already pre-installed with their phone and won't even know that this law is a thing until they get arrested for sharing pictures of their sick kid with the family doctor or ~~political dissent~~ terrorism once it gets inevitably expanded to other things than csam.

[–] [email protected] 10 points 1 week ago

Ooo man, this is a super underrated take. Too often people get caught up in what the law is trying to do, how people could get around it, and what the incentives/disincentives are, while not really taking into consideration how the law would actually operate. Sometimes people get all conspiratorial about it trying to point to ulterior motives, but man, most of the time it's more that bad-faith actors are taking advantage of what's already out there rather than actively creating the problems they want to create.

[–] [email protected] 8 points 1 week ago* (last edited 1 week ago)

Yes guys who let Catholic clergy fuck kids are here to save us from pedos!!!!

[–] [email protected] 8 points 1 week ago (1 children)

Doing that, or operating such a service, will become a crime.

[–] [email protected] 8 points 1 week ago (2 children)

Yes but how will they enforce it? How can they possibly discover such a thing? It seems impossible.

[–] [email protected] 10 points 1 week ago* (last edited 1 week ago)

Well they'll go for the service providers, of course.

Signal would effectively have to leave the EU market and block any EU users to stay out of hot water.

The list of privacy-respecting chat apps would become real short real fast, and good luck getting everyone in your life to use one.

Yeah, I have my own matrix instance, but unless I want to cut off 90% of the people I want to have in my life, I can't not bridge it to at least telegram and whatsapp.

It doesn't matter that this is unenforceable, or that alternatives exists. That simply means that those of us who care will still be able to keep some of our communications secure. But this legal change will still make it impossible to keep all of our communications private. That's already the case, and this will make it orders of magnitude worse.

Unenforceable? On an individual level, yes. On a societal level? No. This absolutely can and will enable the monitoring of 99.99% of actual chat activity.

[–] kbotc 2 points 1 week ago (1 children)

How do they enforce the GDPR?

[–] [email protected] 6 points 1 week ago

The GDPR is actually unfortunately widely unenforced, aside from the very biggest tech companies perhaps.

[–] [email protected] 6 points 1 week ago

For now, nothing.

For phone manufacturers wanting to sell into the EU market in the future? It's will end up being a hardware level requirement baked right into the processor and OS. Like what they've already done for drm.