Chat Control 2.0 has passed the first round of approval

submitted by
edited

https://discuss.tchncs.de/pictrs/image/d5404583-aa51-4696-ae87-8d0e60dacf55.jpeg

Chat Control 2.0 has passed the first round of approval

https://mastodon.social/@chatcontrol/115539210365913782

Patrick Breyer’s post warning about this from 2 days ago
https://www.patrick-breyer.de/en/chat-control-2-0-through-the-back-door-breyer-warns-the-eu-is-playing-us-for-fools-now-theyre-scanning-our-texts-and-banning-teens/

15
198

Log in to comment

Hot Top New Old
edited

This would basically shory-circuit the EU’s open source strategy which is a cornerstone for efforts to reach some amount of digital sovereignty. It is especially incompatible with using Linux as a end-user or developer - taken at the letter, it would make Linux devices illegal because they are controlled by the user. It would also undermine security and confidentiality of any digital communication, and would have bad effects for digital economic communications in any business settings:

  • Giving more control and legal means to surveillance agencies is just the wrong move in a time where extreme right parties are rising and right-wing movements are increasingly controlling governments. Abuse if this surveillance tech is not any more a hypothetical possibility, we can observe it in the US in real-time.
  • controlling end-to-end encrypted messages is only possible if either the keys/certificates are not secret (which is possible with TLS), or the software on the end-users device is not controlled any more by the user (but perhaps by law enforcement, or companies). This overturns the basis of any FLOSS software system where trust is based on transparency and user control.
  • age verification will typically done by a form of attestation, a highly problematic concept. Again, this would require to run software on the users device which can’t be controlled by him or her, which is deceptively called "trusted computing". (Technically, age verification could be done by other means, but this is not what these proposals aim for).

  • in the world of public-key cryptography, which is what TLS , GnuPG, and most other modern systems are based in, encryption and digital signatures are nothing but two sides of the same coin: Who breaks encryption keys necessarily also breaks signature keys. This means it is not possible any more to sign software such as the Linux kernel, or Email clients, or browser packages. Or even banking apps or bootloaders for smart phones. Which means to give control away to the entities, groups or induviduals controlling these keys.

  • Ironically, this will make computing lot less safe, and also undermine trust in communication networks, because communication where we can’t be sure that the communicated symbols are genuine is for humans as worthless as the numbers on fake money. As a corollary, it is also bad for business: All business is based on some amount of trust. Would you do important business with somebody if the only communication channel you have available happens to be a messenger which is a compulsory liar?

To sum up, apart from being destructive to civil rights, this would have massive negative consequences.

 reply
25
edited

Will send some mails again! At this point I want Hummelgaard to cry.

 reply
21

Done, but I am so tired of this shit.

 reply
18

That’s the point. Don’t let them win. Keep fighting it.

 reply
11

My country is already against it, so no reason to send more mails, right?

 reply
14
edited

No, always send more emails. Let them know again and again that we don’t want this and they should oppose harder and louder to MEP’s from other countries that are not yet opposed. Make them work for us, as is their job.

Edit: sent some emails and even called some of my MEP’s as well as the Danish ministry of justice (that was a weird conversation, but satisfying to do)

 reply
27

I will never get tired of this!

 reply
7

Excuse my tech illiteracy, but how is it even possible to scan end-to-end encrypted messages?

 reply
6

You can’t, it’s no longer end-to-end encrypted. The way proponents say it works is by “client-side scanning”, i.e. an app scans messages before they are encrypted. Of course, that just redefines one of the ends of “end-to-end encryption” - instead of you, the scanner is now one of the ends.

So previously, one end of a message trajectory’s is where you type it, it then gets encrypted and sent to the receiving party (the other end), who can decrypt and read it. After Chat Control, you type it, it then goes to the scanner, which scans it and potentially notifies a third party of the content, and then afterwards it gets encrypted and sent to the receiver, who can then decrypt it.

Yes, calling that end-to-end encryption is indeed a perversion of the term.

 reply
19

By forcing the providers to open their end-to-end encryption.

By scanning directly on your device after you’ve decrypted the message.

..

 reply
5

It’s not, unless you know the keys.

Keys are created by the software/app made by the service provider, like WhatsApp / Meta or Google. How is the key created, and is a copy sent back to WhatsApp? “Securely” and “No” they claim, and you just have to trust them.
That can change if WhatsApp need to comply with new laws.

Signal is a bit different because of the app is fully open source, so the code can be audited to verify the integrity of the encryption. They would still need to comply with laws or exit that market, but whatever they do would be 100% transparent.

 reply
4

Done! And I will do it again and again until the ghouls wanting to endanger all of us are finally gone.

 reply
3
Insert image