- Germany is currently not opposed to it (https://news.ycombinator.com/item?id=45273854).
- EU doesn't require all countries to support it on the council level (or parliament level). You just need at least 55% countries (at least 15) that represent at least 65% of citizens. To block it you need at least 4 countries that represent at least 35% of citizens, we are at ≈22%.
"If you were able to break encryption only for criminals, it would increase the security of the people. Please try to break encryption only for criminals" is not completely unreasonable.
The problem, of course, is that it's not possible. But for those politicians, cryptography is pretty much magic. Why wouldn't it be possible?
Same thing happens for climate change: instead of understanding the problem and facing reality, politicians (and honestly most people) stop at "scientists just need to find a way to remove CO2 from the atmosphere efficiently". That's not how it works, but it doesn't prevent them from behaving as if it was possible. "It's magic, just do this one more spell".
For most of human history, war of aggression was a matter of a cost-benefit analysis which often have more benefit than cost. That has changed (relatively) recently because of how destructive it is that even the winner does not gain from it.
Point being, hierarchical authoritarian structures are very good at war (and other kinds of competition). That's why they exist. But they should no longer be needed.
They are entrenched and we need to evolve away from them.
Few, if any, politicians are nuclear physicists, and I'd argue nuclear physics is far more complex than cryptography, yet I haven't seen any of them ask the weapons industry to manufacture a nuke for just the bad guys.
Let's not attribute blatant malice to stupidity. People in these positions have the resources and advisors to know exactly what the consequences will be.
And yes, this is an attack on basic human freedoms and should be punished, not just prevented.
- They think it's easy to just ask engineers to magically make safe backdoors.
- You think it's always easy to know what is right and what is wrong. "We should just punish those who harm society". Sure, we should! And we should have safe backdoors!
We're not talking about "being able to do it" but "being able to understand what it can do". Nuclear weapons are a lot easier to grasp than cryptography in that sense: it is a thing that explodes. It is absolutely obvious to everybody that a bomb destroys whatever is in the vicinity.
> Let's not attribute blatant malice to stupidity. People in these positions [...]
It's not people in these positions: the vast majority of the population doesn't understand the limits of cryptography.
> have the resources and advisors to know exactly what the consequences will be.
Seems to me like you haven't been in contact with lobbies and expert advisors. Many times, politicians will have to ask experts from the industry. They would not contact an average engineer for advice, but rather the company itself. If there is money to be made, the CEO or some executive will give their advice. This advice is systematically beneficial for the company. It's not necessarily malice: a CEO has to believe in what they are doing, even if it is objectively bad for society.
It is very hard to find unbiased experts to help you forge policies.
And the engineers' response is "not our job, it's yours. Please invent and patent such thing yourself, then we MAY execute". As it stands, it is in fact completely unreasonable.
Have you ever had a really great mentor or teacher who was excellent at explaining things to you? Good news, you've now got a budget to hire several of them in full-time exclusively for yourself.
Unsure about something? Just ask and a huge apparatus of several departments, featuring dozens of expert panels with hundreds of domain specific experts each will sift through huge databases, many of them not available to anyone else but the government, of state-of-the-art research, current events, historic events, standards, whatever ..., they will analyze your problem from every possible perspective and make the result of these efforts available to you, together with several recommendations of actions according to the guidelines you provided.
I highly doubt that there are more than a hundred people on this planet who could be incompetent under these conditions. What we're observing is not incompetence, but a conflict of interests, between what they want and how often they need to throw you a little bone to keep you obedient.
If this passes, just stop using anything inherently insecure. You may want to stop using WhatsApp, Instagram, Facebook, etc. for private conversations. I already do this.
There are alternatives that will not be affected by this, stick to these. I would give you a list, but I should better be quiet about it.
For how long?
In any case, Signal is not what I had in mind. Telegram is not what I had in mind either, and in fact, Telegram still has no E2EE on desktop so whatever.
EDIT: (I’m throttled and can’t reply to the child reply) - I said ANY phone number will work. You can get a number from any country, or a VoIP number, or a landline. It doesn’t need to be a sim card from the country you’re in. It doesn’t need to be a sim card at all. Any number will work.
If your country requires details to get a number, get a number from a different country. Unless you’re in China or Russia, we’re on the same internet with the same access to jmp.chat and others.
These attacks on freedom will continue until every computing device is mandated to have an ML system tracking your every input. And no communication method is safe from that.
Not even steganography would save you because more and more people would do it and they'd make it illegal too.
---
EDIT: Technology can give us tools to fight it but this has to be defeated at the political level, likely by enshrining privacy is a core human right.
Well, in that case yeah, that would suck. OTR, OMEMO, etc. would not help then. Collectively not buying new hardware and pushing against it collectively might.
Steganography to do key exchange on any compromised channel using DH, and then you just send normal encrypted messages - their magical idea is to do client side scanning.
this does require control over your device, but such regulations would just spring up black market for such devices.
An app, in an official app store no less, is not going to be a solution for long. If you want an actual technical attempt at a solution you first need to regain ownership over your computing devices.
EU ministers want to exempt themselves (https://european-pirateparty.eu/chatcontrol-eu-ministers-wan...)
The locations where exempts are gathered, locations where there are high commerce traffic and/or verified sent-in data, but no sent-out data, or abnormally low traffic altogether, those are all high-value targets as well.
No matter how you slice it, they're creating a list of airstrike targets and means to aid literal foreign spies. If the affected locations and people are as obvious and well guarded as the US DoD headquarters and uniformed guys there, fine, otherwise, they're just creating doors in the wall exclusively open for "enemy" uses.
But then it begs the question, why politicians feel the need to use public (>50MMAU) chat systems to conduct the protected (official) business?
It also begs the question why CSAM "distributors" would use those ;)
Of course they don't need to spy on themselves. The goal is to stop targeted attacks against politicians and any attempts to overthrow the government. The government is uniquely unlikely to overthrow itself.
"All animals are equal, but some are more equal than others."
..and this was allegedly Orwell's allegory for the Soviet Union. Are we there yet?
And of course if you do still consider further it only gets worse.
This is dystopian. Who is behind this coordinated attack?
It affects everybody in the world messaging a person in EU.
What we should be advocating instead is the freedom of doing whatever we want with our computing devices, which include rejecting the sort of crap companies and various government like to impose on ourselves.
The client-side scanning means that some amount of your communication will be uploaded in clear text to the government. And unless the government keeps it completely secure (spoiler: they won't) this will leak. Therefore it defeats the point of the encrypted channel.
So sure, it isn't as bad as just removing encryption from these apps. But it is very similar to giving the government a backdoor key to all messages. Maybe you see it as slightly better because only the messages flagged by the automated scanning are made vulnerable or maybe you see it as slightly worse because previously you would need both the backdoor key and access to the original messages and now all of the data you want is in a single location.
But the point is that this significantly weakens the security properties that these E2EE messengers provide if implemented.
I feel:
- The most danger in my life is from deranged people like some rando homeless person who decides to push me under the subway out of the blue. The second biggest danger is unemployed drug-using losers who might try to rob me in the street. The third danger is aggressive groups of teenagers (which happen to usually be a certain minority where I live) who might try to beat my up because somehow that is how they gain status among each other.
- If I was a woman, the fourth would probably be getting raped. Most probably by an immigrant, usually from a Muslim country. This might be incredibly controversial to US people but in the EU, we hear about these cases regularly. I am not saying every immigrant or Muslim is a rapist. I am not saying they rape at a much higher rate than the native population. This is why I prefaced everything with "I feel" because these 4 reasons are the narrative I see from the media. OTOH I would be surprised if there wasn't _some_ measurable correlation - I would love to see this quantified but at the same time it's the kind of thing where you get accused of being an -ist or -phobe no matter which result you get.
Anyway, taking away people's privacy does not help with any of these.
But that's not the point.
The most danger to a politician's life is from:
- Terrorists.[0]
- Non-deranged (sane) people who are so ideologically opposed to the politician's views and actions that they decide the only way to stop them is to attack them physically.
Taking away people's privacy helps with both of these. If performed by a group of people, there's the obvious need to communicate and organize. If performed by a single individual, then he still has to perform reconnaissance and acquire tools, both of which are likely to be done online to some degree.
---
So you see, it's not about people's safety. It's about politicians' safety.
[0]: Terrorism is by definition the intention to cause fear among the population. It was later redefined as trying to affect political change through violence, which is stupid but it serves the purpose of politicians using terrorists as a source of fear, despite the average person being incredibly unlikely to be hurt by one.
New Pact on Migration and Asylum (https://en.wikipedia.org/wiki/New_Pact_on_Migration_and_Asyl...)
'Women Are No Longer Safe': Critics Blame Surge in Migrant Crime Across Europe (https://www.ibtimes.co.uk/women-are-no-longer-safe-critics-b...)
While crime has gone up significantly in Britain in the last 10 years, many other dramatic events have also occurred, including voting itself out of the largest regional trading block and losing out on financial markets to the middle east.
1. Have you ever texted someone from EU? You are now chat controlled too.
2. EU is pumping billions to foreign countries to promote EU values. How long until they condition this "help" with chat control?
Obviously, some groups are more right than others. If you are into cryptography, you know about the risks coming from Chat Control. But politicians are not part of your group. And what they see, from their point of view, is what I said above: whatever they try to do, there will be a vocal group of people who will genuinely believe that it is completely unreasonable.
That, to me, explains why it keeps coming back: because really, if we could break cryptography only for the bad guys, it would help a lot. "Okay, those people say that it is stupid, just like for everything else we try to do. What makes this group of people more right than the others?"
Am4TIfIsER0ppos•2h ago
https://blog.mozilla.org/en/mozilla/we-need-more-than-deplat... https://archive.ph/ia2z4
I see the link is now broken on their site so perhaps they have thought better. STFU and just make firefox.
saubeidl•1h ago
ozgrakkurt•1h ago
cedws•1h ago
Vinnl•1h ago
Still true that cool URLs shouldn't change, of course.
cedws•1h ago
johnisgood•1h ago