The CDU/CSU is doing something good. That didn't happened for a long time? I appreciate it.
Ausgerechnet Spahn. Manchmal glaubt man seinen Augen und Ohren nicht.
Wir müssen Wachsam bleiben. Mit dem Argument das es böse Menschen gibt, wurde schon viel böses getan. Massenüberwachung zerstört jede Gesellschaft. Deutschland hat mehrfach darunter gelitten. Und die Versuche Massenüberwachung einzuführen wiederholen sich.
This is strange, because not long ago it was Germany (!!) that pushed heavily for mass-sniffing of people. I don't trust this. People should watch very, very carefully what Germany is actually doing next. I would not be surprised if the mass-sniffing comes in a few months when nobody is looking.
There is considerable opposition in Germany against these things. It’s true that some political circles keep pushing for it, but there is also a strong constitutional and civil basis against it. It’s exceedingly unlikely to happen that “nobody is looking”. The biggest risk is the far right coming into power.
No, they position themselves against it, because they have a narrative similar to the (former) “deep state” narrative in the US, but you can be assured that they will reverse course as soon as they can afford it.
Other European countries like Switzerland, also banned full face veils(burqas) in public. Try entering a bank with a ski mask or motorcycle helmet see how that goes.
Ring wing conservatives avidly throw our freedoms under the bus when convenient. Their electoral base is also very susceptible to thinkofyoungsebastian narratives.
Extreme collectivism affects both extreme, that is the concept that people are nothing but sacrificial lambs for the religion, the country, or the revolution.
Because, similar to the US, they have authoritarian tendencies - strong nationalism and anti-immigration. How are you going to round up the bad people if you don't have surveillance everywhere?
Well the Axis powers from World War II are the most obvious demonstrations of nationalism begetting authoritarianism. Germany, Italy, and Japan were nationalist in the extreme. And Italy from that time is such a clear example that it's basically the canonical example used to teach how fascism emerges.
Contemporary examples include the Philippines, Hungary, Poland's Law and Justice Party, and arguably Russia, Turkey and India. Modi is a Hindu nationalist. The United States unfortunately is shaping up to count as an example as well.
Extreme forms of nationalism tend to have a narrative of grievance, a desire to restore a once a great national identity, and a tendency to divide the world into loyal citizens, and enemies without and within, against whom authoritarians powers must be mobilized.
So there's a conceptual basis, in terms of setting the stage for rationalizing authoritarianism, as well as abundant historical examples demonstrating the marriage of nationalism and authoritarianism in action. There's nothing wrong with not knowing, but I would say there's an extremely strong and familiar historical canon to those who study the topic.
> No, they position themselves against it, because they have a narrative similar to the (former) “deep state” narrative in the US, but you can be assured that they will reverse course as soon as they can afford it.
We seem to have a general problem with people not understanding that democracies have regular elections and the other party is going to get back in at some point. So then whenever one party is in power, instead of thinking ahead by five minutes and realizing that adding new constraints on the government and adding rather than eroding checks and balances will help you the next time the other team gets in, everybody thinks of them as an impediment to doing whatever they want immediately.
And then like clockwork they get butthurt when they checks they eroded or failed to put into place aren't there after the next election, as if they had nothing to do with it.
1. Censorship in German constitutional law is only defined as the state pre-screening before publication. That's a very narrow area and rarely applies. Most people from an US legal tradition will consider censorship to include other things such as mandating removal of certain content after the fact, but that's different legal branches with different mechanisms (i.e. libel).
2. What Schulz is talking about in the second link definitely is state censorship (blocking a TV station), but it's not implemented by Germany but on the EU level. (Germany is still involved - complicated matter).
Finally we should appreciate that the US government's opinion on censorship seems to have pivoted quite a lot, so I would expect free speech maximalism to not remain a very popular position on the government level (even though many people may still support it, either naïvely or with robust arguments).
Yes, you read that right. German law is especially protective of politicians, which is why politicians are very active suing random supporters of their opponents, because that is an effective way to police speech, open specifically to politicians.
I do think a lot of people care, but censorship in Germany does a lot to protect the people who could change the law. That law obviously needs to be abolished, politicians are uniquely unworthy of protection when it comes to speech.
If you look at the concrete laws, they are less spectacular.
For example, the concept of privacy protecting against media coverage is actually weaker for politicians (when in official duty) than for ordinary citizens (Allgemeines Persönlichkeitsrecht).
And libel only applies to statements of facts. I.e. you can't (easily) be prosecuted for opinions, just for making harmful false claims.
> I would not be surprised if the mass-sniffing comes in a few months when nobody is looking.
That's the problem with these proposed laws.
We (privacy advocates) have to constantly fight and win over and over again. The nations that want this mass spying only have to win once.
We need a way to permanently stop these proposals once defeated the first time so that they cannot just continue to try over and over again until it passes.
> We (privacy advocates) have to constantly fight and win over and over again.
We do have a way to reinforce our position, though!
We can design and consume technology that makes this hard.
We can stop working for companies that build centralized platforms for messaging.
We can teach our neighbors how important rights to privacy and speech are in language that they understand.
There can be enough friction that this becomes harder for politicians. Remember the Reddit Sopa and Pipa protests? - that was pretty epic! I don't think Reddit will help us in its current state, but we can absolutely mount those defenses on Wikipedia, Mastodon, Bluesky, and others.
And we should continue to move off of platforms that don't align with our freedoms. And build our platforms in a way that encourages "normies" to join.
Yes to all of the above! I just want to whine a bit that every time I try to educate anybody about this, I am promised a tin foil hat in return (even from Software Engineers!).
I can't remember where I read it, but I read that Signal's popularity was high (highest?) in Germany. Assuming I'm not misremembering or that the situation hasn't changed, it seems that Germans care enough about the issue to stake out a position.
Germany will not abandon chat control just like the data perseveration they're so keen on. Europe is preparing for war so they need ways to make opposition more difficult. They're just waiting for the opportune moment where the opposition to these acts won't be as organized or is distracted with something else.
What war, against who? I don't know what kind of narrative you are tying to push here but know that any attempt would immediately meet strong opposition (I've seen the graves of Verdun and I for one would do anything to actively undermine and sabotage any kind of active war effort)
Never trust the CDU. They were the ones pushing for the illegal data retention (Vorratsdatenspeicherung) and von der Leyen from the CDU is big on censorship and mass surveillance. They are just against it now because the country has bigger problems and the CDU has the worst approval ratings in history.
At voting is a bit late probably. You don't just trust leaders, you watch, you criticize, you communicate and sometimes you act. Political or otherwise as a matter of fact
Jens Spahn, the speaker in the video OP shared, is not a member of the government but a leading member of the parliament and of one of the ruling parties. A tiny but important difference.
I expect it to become settled, just not in the way we want it.
Sure, there is the rollercoaster, ups and downs, small wins and losses going on all the time. But look at the general trends - these freedoms that we enjoyed are by and large being chipped away, it's all trending down, worldwide. It's two steps back, one step forward. Maybe CC doesn't get put in place this particular time, but they will ram it through eventually, at some point the right angle will be found to make the right people vote for it. Then the battleground will move onto something even more egregious, and so on. I'm not seeing why there would be a sudden reversal of this trend in the coming decades.
Freedom will not ever be finally settled in this life. Laws can be changed, constitutions amended, and of course the law is only as good as willingness to enforce it. The price of freedom is eternal vigilance, as nice as it would be if that wasn't so.
Speech is restricted the world over for things (fraud, threats, libel/slander, secrets, and more), and we're almost universally in favour of that.
It's a balancing act, and the point where we set the balance is difficult, and constantly changing (should we allow speech that encourages the persecution of other people, sometimes called "hate speech" or should people be allowed to advocate for the murder/rape/extermination of other human beings because of the way they look)
I'm not sure that's relevant to Chat Control. What's at stake here is not a definition of 'acceptable communication' in public, but the possibility of all private communication being scanned.
That's not to say that private communication can't already be illegal; mere 'conspiracy' is a crime in many places. Yet the level of surveillance that would be enabled by legislation like Chat Control is greater than any other in history. Even notorious agencies like the Stasi had to pick and choose their targets based on prior suspicion, simply because of the logistics involved in traditional surveillance.
We don't fully know what effects this kind of unceasing, universal monitoring would have on society, and what little historical precedent exists doesn't bode well. Restrictions on public speech however are pretty well understood; we've had censorship in various forms pretty much everywhere in the world at one point or another. We can look to history for lessons about what happens, and can properly discuss (even if not agree!) about when censorship is good or bad for society.
My comment is 100% relevant to the comment I was replying to. (Sometimes I do wish people who down vote were forced to comment why they were making such erroneous decisions)
Chat control very likely violates at least german law, if not EU law too already. As experts as well as the ministry of justice of the previous government in germany have pointed out time and time again.
Yet still that was never enough for a clear and definitive "no".
It is very likely that the people in favor of this would still try to push it through, or let that happen. They know that the legal battle afterwards to determine its unlawfulness would take years.
And during that time it could already be put it place. And once the legal battle is over (and likely won) severe damage is done and they could still adapt the law or just offer companies to continue doing this "voluntarily". And personally I wouldn't count on Apple, Google, or Facebook to roll this back quickly in that case once they've put it into place.
Laws can be changed, can be reinterpreted, there are no absolutes. What matters is who is in power, and how powers are kept in check. There is no finality to any of that. It’s a constant process of keeping things up, or failing to keep things up.
This is actually one of my own fears for efficient organization at state level and above:
- any new technology, any new opportunity either has checks and balances or gets exploited by smart optimizers with no regards for the commons or human flourishing
- checks and balances are as you say a constant drain on public attention and resources: you need smart people doing the checking (finite resource), and receptive eyeballs (finite also)
- it is thus an optimization problem. attack_surface - check_capacity = societal_explots
I worry that the check_capacity term is constrained, but that the attack_surface keeps aexpanding with new technologies. At some point, we started playing whack a mole, frantically jumping from one check to another, and we're holding the fray stochastically. but at some point it's going to become extremely adversarial.
It's difficult to entrench things. In the UK they have often said "one Parliament can't bind another Parliament", and in the U.S. it's also sometimes said "one Congress can't bind another Congress".
The most obvious mechanism is a constitutional amendment, but in the U.S. the only amendment to be drafted and adopted in modern times is the 26th amendment (1971), 54 years ago. (The 27th amendment had a weird status where it was belatedly adopted with a 200-year delay.) It's hard to imagine many constitutional amendments actually being passed now because it's been challenging to find consensus on many things within U.S. politics lately.
I don't know that the EU at a supranational level has any mechanism at all to ban future EU directives. Maybe they could decide to remove something from the list of areas of competence of the EU? But Chat Control is under the "Area of Freedom, Security and Justice" and I can't imagine the EU deciding that that should be abandoned as an area of Union competence.
Edit: The international human rights treaties, at least in regulating law enforcement, have tended not to follow the idea that some kind of regulation or law enforcement power is completely off-limits, but just that they need procedural safeguards -- especially for surveillance and investigatory powers. In this case, Chat Control opponents (including me) would like it to be completely off-limits, but the human rights instruments arguments might more naturally go into "did they create enough surrounding rules and mechanisms about how it's used and how it's regulated?" rather than "can we just say governments just can't make this rule?".
Given that freedom can mean different things even to the same society at different times and in different circumstances, such a law would essentially have to be sentient.
I mean, the right to privacy is already enshrined in the EU's human rights. The courts would likely strike Chat Control down if it were to pass. But I wish there was a way to prevent our politicians from even trying this shit.
Other things are enshrined in the EU human rights as well, many of them ultimately contradicting each other if you follow them to their logical conclusion.
It's the task of parliaments, governments, and courts to reevaluate and resolve all these contradictions over and over again. It's tedious and takes a lot of resources, but that's the price for democracy.
Just imagine some other people will carry the burden and mentally distance yourself from it to relax from it wearing you out. You can take up the burden again later once you've recovered and others are worn out
"anlasslose Chatkontrolle" => Chat Control without cause.
Ok, maybe these are not weasel words in this case. The CDU probably wants to present itself as a friend of the people using a popular issue that they don't really care about. My suspicion is that this is exactly why the ChatControl issue is brought up yearly. It distracts people from wars, the economy etc., there is a big discussion and finally the government graciously comes down on the side of the people. Each and every year.
Were this true, some politicians would do it for that reason. It would need to get a lot of attention to be an effective distraction, and it does not. The mainstream press barely covers the issue. Many people who would be directly harmed by it don't even know what's being considered.
Yeah, this isn't being covered at all. At least, up to its significance. Most people are computer illiterate too, so it is unlikely they would understand or care either.
It's no wonder we see the countries that oppose this as well. Makes one think.
Sweden's case is peculiar given their military opposed it. I wonder what's going on there.
No matter what the state says, or what legislatures pass what laws, we're going to continue to live out our right to general purpose computing, including sending only what we choose to send over the wire, and encrypting content as we see fit.
I like the sentiment but it sounds very similar to Soverign Citizen nonsense. You can't just plug your ears and say that a law doesn't apply to you because you didn't consent to it.
The reasoning isn't about consent or social contracts, but about the evolutionary trajectory of humankind.
By way of example: in the United States, the 1st amendment to the constitution guarantees freedom of "the press" - it is referenced not by the right to print what one wants, but specifically in reference to the technology of the time, the printing press.
It's obvious that our evolutionary trajectory is one in which widely distributed general purpose computing is normal.
Making laws that contradict this is just childish, and at some point the adults in the room need to be willing to ignore them.
That works until the government and media successfully push the narrative to the public that anyone using encryption is supporting child molesters and terrorists.
That doesn't counter the argument. The people arguing against encryption would just liken it to the government being able to use military equipment that you, as an individual, can't have. "Free communication is a dangerous tool, only the government can be entrusted with the power it provides" and so on.
This may work on boomers but for younger people 90% of the use of a phone is for messaging and obviously you don't want anyone listening in to your private conversations especially for sexting.
People are not going to stop sending each other their boobs or penii, and while that remains the case, encrypted messaging will thrive.
the internet is already dying and social media largely sucks. the whole ass thing is going to be 100% ai driven ads, scams, astroturfing, propaganda, trolls and other fuckery sooner rather than later. just let chat control kill it, fuck it. accelerate to a cyberpunk future of local mesh networks.
It won't but luckily no government is powerful enough to govern math and therefore cryptography. Mathematics is more of a liberator than the second amendment in this respect.
Physical hardware can be controlled, yes. Decentralization and obfuscation similar to TOR is probably needed here.
If running a mesh network is illegal, does it matter that the traffic is just math? Without a network, there's no data transmission of that math. The government controls the airwaves. It doesn't matter if you're broadcasting Top40 or encrypted messages, if they say no to your transmitting, you're going nowhere.
> if they say no to your transmitting, you're going nowhere.
> if they say no to your forgetting to scan the case of water on the bottom of your cart, you're going nowhere.
> if they say no to your hacked cable box, you're going nowhere.
> if they say no to your speeding, you're going nowhere.
> if they say no to your weed, you're going nowhere.
> if they say no to your growing a mushroom and mailing it to your friend, you're going nowhere.
There's a whole spectrum of how illegal something is to consider. People break the law every day for a range of reasons from accident, to ignorance, to convenience, to want, to need, etc.
In the hypothetical world that you've set out, where surveillance is so extreme and overreaching as to help finish off the entirety of the internet for good, there's no way it would stop at the internet. The goal isn't controlling this set of standards and protocols that defines just the internet, the goal is controlling communication and the internet is the #1 way of communicating between people at the moment.
If people all started talking through letter mail, you'd get Letter Control, they wouldn't just forget about it because it's not the internet. If the people somehow become smart and coordinated enough to move to some cryptographically-secure method of communication, your government will probably outlaw the equipment and actions associated with using it in the first place instead of trying to decrypt all communications.
The goal is control of information, and the way of doing that is to force everyone to use unsecured communication with no feasible alternatives. I wouldn't expect kid glove treatment with that, unlike speeding or minor shoplifting.
running an actively transmitting network is an easy thing for them to come and shut down. you doing any of the other things can easily be done without them knowing about it. you can be flippant about it all you want, but you don't look intelligent by doing so
More than anything, this is a good lesson in information theory. A blank sheet of paper isn't devoid of information just because it doesn't contain ink - rather, it is the context of the current situation that defines the information being conveyed. This is true in all forms of communication.
This reminds me of a story I read once about when Victor Hugo had just published Les Miserables. Just after publication, he went to his vacation home due to the controversy he was sure was going to follow the publication of the book. Wanting to know how the reception was going, he mailed his publisher a letter simply containing a question mark. The publisher responded with only an exclamation mark, and Hugo immediately understood - he had written an eternal classic.
(BTW, I read this in the book The User Illusion - a fantastic read)
you missed the reference. as a history lesson, the deCSS code was written on a t-shirt and was deemed acceptable. having the deCSS compiled as an executable was deemed not acceptable.
I got the reference. Seems like it worked out quite nicely for the government/court though, given that deCSS isn't much use printed on a t-shirt, compared to in a binary on a computer?
you can't share the compiled binary, but you can share a shirt. if you have the shirt, you can compile on your own. the t-shirt became the sharing network
-ChatControl, as it is currently defined, is not going to happen, because it's absolutely stupid and would make impossible, amongst other things, online banking
-Yet, there is a growing and legitimate demand for lawful interception of 'chat' services. I mean, "sure, your bank account got emptied, but we can't look into that because it happened via Signal" just isn't a good look
-So, something has got to give. Either 'chat' services need to become 'providers of telecoms services' and therefore implement lawful interception laws, or the malware industry will continue to flourish, or something even more stupid will happen
> -Yet, there is a growing and legitimate demand for lawful interception of 'chat' services. I mean, "sure, your bank account got emptied, but we can't look into that because it happened via Signal" just isn't a good look
Why on earth would mass intercept be necessary or even help in that?
If you got scammed by someone, then you can contact the police and hand over your message history. Why would the cops be interested in someone else's message history for this?
It's the ability to surveil traffic from/to a clearly identified party, upon a judicial order for specific reason, for a limited time.
ChatControl, on the other hand, is mass interception. I'm against it. Most people in the EU are against it. But to prevent things like ChatControl coming up over and over again, a basic tool to combat Internet crime is required.
I am having a legitimately hard time wrapping my head around not being able to prosecute bank fraud because signal exists. Was it impossible before when criminals would talk in person instead over a recorded telephone?
No, there is definitely abuse of lawful interception.
But, in a jurisdiction with a functioning rule of law, these abuses can be spotted and remedied.
Doing the same for mass surveillance (such as ChatControl) or state-sponsored malware is much harder.
I'm advocating against ChatControl and malware, and proposing existing lawful interception frameworks as an alternative. But, apparently it's not my day :)
There is a famous case of US Mafia meeting in rooms, or out on streets to discuss their "business activities" face to face to prevent authorities from surveilling the phone calls.
The reason we know is because authorities were able to place listening devices into the rooms that they were in, or surveil them from other buildings.
This is analogous to getting a warrant to someone’s phone. (Chat control is like putting a microphone into every room in case the government wants to listen after the fact.)
I’m still unconvinced that this make’s law enforcement’s job so hard that something has to give.
Something does have to give: the constant demands for interception capabilities on end-to-end encrypted protocols. Those demands must be thoroughly destroyed every time they rear their head again.
It's interesting that this initiative seems to be mostly driven by influential actors in the "online safety" space that want their flawed scanning tech embedded into every device. Thorn is the most public-facing one, but if you dig into advocacy groups you'll find there's a dozen or so more, and they competed for being the technical solution to the UK online safety act too. But if it involves CSAM it's an even more perfect monopoly - only a very select group of people can train these models because the training data is literally illegal to possess.
If you needed any indication for how these pseudo-charities (usually it's a charity front and a commercial "technology partner") are not interested in the public good, SafeToNet, a company that up until last year was trying to sell a CSAM livestream detection system to tech companies to "help become compliant" ("SafeToWatch") now sells a locked down Android phone to overprotective parents that puts an overlay on screen whenever naked skin can be seen (of any kind). It's based on a phone that retails for 150 pounds - but costs almost 500 with this app preinstalled into your system partition. That's exceptionally steep for a company that up until last year was all about moral imperatives to build this tech.
Why would the malware industry benefit from digital message privacy?
If you're the victim, just hand over the relevant chats yourself. Otherwise, just follow the money. And if the attackers are sitting in a country whose banks you can't get to cooperate, intercepting chat messages from within that country won't do you any good either.
Also, if someone has malicious intent and is part of a criminal network, the people within that network would hardly feel burdened by all digital messages on all popular apps being listened in on by the government. These people will just use their own private applications. Making one is like 30min of work or starting at $50 on fiverr.
”Follow the money”. Yes, let’s decide that no bank is to have anything to do with crypto from next year. And not do business with other banks that accepts crypto. That would help stop fraud much more effective than
Chat Control.
For the vast majority of crypto currencies tracing the transactions is trivial. And even currencies like XMR are hardly as anonymous as people think.
The challenging regulations around technically anonymous crypto currencies require you to actively make trackable arrangements with your financial service providers. VERY few people will ever do this, and therefore if anything suspicious were to occur, all you've achieved is putting yourself on the suspect list preemptively.
Sure, if you want to read the messages, but the whole point is that that's rarely necessary and the price isn't worth the minimal gain.
Of the serious criminals, the only ones you'll be catching are those with low technical knowledge (everyone else will just be using their own applications) and the Venn diagram of those with little tech knowledge and those whose digital privacy practices could deceive law enforcement resembles AA cups against a pane of glass.
Regarding Encrochat, it is no surprise that an (unintentional?) watering hole gathered up a bunch of tech-illiterate, the fallacy is that those people wouldn't have been caught if they weren't allowed to flock to a single platform for some time.
Would some people have not been caught until much later or even not at all? Sure, but if LE would do its job (and not ignoring, or even covering up, well known problem areas and organizations for years to decades), only those of low priority.
Is that little gain worth creating a tool to allow Iran or similar countries to check every families' messages if they suspect some family member might be gay?
Hard nope.
> Or just downvoting me.
Don't worry, I rarely do that and that's not just because I can't...
The prevailing opinion here seems to be that we’d really like for there to not be an omnipresent panopticon because protect the children or terrorists or, apparently, malware. If your imagination is particularly lacking on how this might be weaponized just remember that antifa is now designated as an terrorist organization in US, so you better not be a suspected member of it — as in, you best not have sent a buddy a message on signal about how those tiki torch carrying nazi larpers aren’t exactly great guys, or off to a black site you go for supporting terrorism.
If you want to prosecute people send physical goons, which are of limited quantity, rather than limitless, cheaper and better by the day pervasive surveillance of everybody and everything.
OK, sorry to keep repeating myself here, but... I strongly oppose any kind of "panopticon" like ChatControl.
What I would like to see, is, say, Signal complying with lawful interception orders in the same way that any EU telecoms provider currently does.
So, provide cleartext contents of communications to/from a cleary identified party, for a limited time, by judicial order, for a clearly specified reason.
> pervasive surveillance of everybody and everything
This is exactly what lawful intercept laws are supposed to prevent. And yeah, of course, abuse, but under a functioning rule of law there are at least ways to remedy that, unlike with mass surveillance and/or malware...
> I strongly oppose any kind of "panopticon" like ChatControl. What I would like to see, is, say, Signal [...] provide cleartext contents of communications to/from a cleary identified party
Those statements simply aren't compatible.
Right now, Signal is designed by cryptography experts to provide the best privacy we know how to build: messages are only readable by you or the intended recipient. "Lawful intercept" necessarily means some additional third party is given the ability to read messages.
It doesn't matter what kind of legal framework you have around that, because you can't just build a cryptosystem where the key is "a warrant issued under due process." There has to be a system, somewhere, that has access to plaintext messages and can give law enforcement and courts access. The judges, officers, technicians, suppliers, and software involved in building and using this system are all potential vectors by which this access can be compromised or misused -- whether via software or hardware attacks, social engineering, or abuse of power.
Maybe your country has "functioning rule of law", and every single government official and all the vendors they hire are pure as snow, but what about all the rest of us living in imperfect countries? What about when a less-than-totally-law-abiding regime comes into power?
You're proposing that we secure our private conversations with TSA luggage locks.
For a real-world example of the problem you're describing, China's Salt Typhoon attacks compromised lawful intercept infrastructure in the USA to engage in espionage. A mandatory backdoor in Signal would be at risk from similar attacks.
> You're proposing that we secure our private conversations with TSA luggage locks
No -- that's an incredibly reductive summary, and the attitude you display here is, if left unchecked, exactly what will allow something equally ridiculous like ChatControl to pass eventually.
There has been plenty of previous debate when innovations like postal mail, telegraph traffic and phone calls were introduced. This debate has resulted in laws, jurisprudence, and corresponding operating procedures for law enforcement.
You may believe there are no legitimate reasons to intercept private communications, but the actual laws of the country you live in right now say otherwise, I guarantee you. You may not like that, and/or not believe in the rule of law anymore anyway, but I can't help you with that.
What I can hopefully convince you of, is that there needs to be some way to bring modern technology in line with existing laws, while avoiding "9/11"-style breakdowns of civil rights.
We can draw analogy between any two things. An encrypted chat is not a letter in the mail or a call on the telephone. It is an entirely new thing. Backdooring such chats is not "bringing technology in line with existing laws" it is, very clearly, passing new laws, and creating new invasions of privacy. It must be justified anew. The justification for wiretapping was not that there was no way to fight crime without it. Otherwise, when the criminals became wise to it, and began to hold their conversations offline, there would have been a new law, requiring that all rooms be fitted with microphones that the police could tap into as necessary. No such law was passed. Instead, the justification for wiretapping was simply that, once police had identified some transmission as relating to the committing of a crime, they could obtain a warrant, and then tap into the communication. The physical capacity without any effort by uninvolved individuals was the entire justification. That capacity does not exist with encrypted chats. The analogy is therefore much closer to the "mandated microphones" described above. Everyone is being required to take action to reduce their own privacy, regardless of whether they are subject to a warrant.
What is most striking about our "mandated microphone" analogy is the utter futility of it. Criminals have no issue breaking the law, and hence have no issue outfitting a room with no microphones in which to carry out their dealings. The same is true of any law targeting encrypted chats.
A hot take: removing protections guaranteed by constitution should require modification of the constitution. There is already a "temporary" European regulation [1] that is in violation of the German constitution [2]. CSAR would be a further erosion of the legal foundation. Americans were happy when their federal laws that restrict marijuana use were simply ignored by executive fiat without proper processes, well, they aren't so happy now to see that other laws can be freely ignored too.
If people speak up and say "take away our rights" at a referendum, let that be their decision, not a political backroom deal.
> A hot take: removing protections guaranteed by constitution
Lawful intercept laws exist in most, if not all, EU countries.
It's just that super-national overlay services like Signal don't entirely fall within the framework of those.
So, there is now a choice: expand interception powers indefinitely (a.k.a. ChatControl, which, to make things crystal-clear, I'm 100% against), or bring new services into the fold of existing legislation.
No existing legislation requires proactive interception of mail, physical or electronic. Bringing new services into the fold of existing legislation would mean forbidding any proactive scanning by civilians and forbidding such scanning by authorities without a warrant or court order.
> proactive interception of mail, physical or electronic
Lawful interception is not proactive: it requires a judicial order to collect plaintext communications from/to specifically identified individuals (resident in the country demanding the interception), for a limited time and for a specific purpose.
ChatControl, which I strongly argue AGAINST would sort-of be what you describe. But: I. Am. Arguing. AGAINST. That.
I would rather online banking be impossible, or only available to those that take training and sign waivers, than have all my communications surveiled.
OK, you be you, But please note that I did not list "online banking becoming impossible" as a likely outcome. Merely malware continuing to be state-sponsored, or certain communications to be surveilled. Not all of yours, unless you draw an especially vinidicative judge (and yes, I'm assuming a functioning rule of law here -- if that's gone, what's left?)
> But please note that I did not list "online banking becoming impossible" as a likely outcome.
No, but it should be a likely and maybe even desired outcome, especially if a justification for surveillance is the prevention of online banking fraud among other crimes.
> Merely malware continuing to be state-sponsored, or certain communications to be surveilled.
Norms and mores change over time, so the only conclusion is that "certain communications" will become "all communications" at some point in the future. I'd love to be proven wrong.
Yeah, but laws tend to be more constant, and lawful interception laws are, 100% guaranteed, a thing, right now, in the country where you live.
They apply to telegrams, postal mail, telephone conversations, and a whole bunch of other things nobody really does anymore. They don't really apply to the things people do tend to do these days.
ChatControl is an incompetent attempt to remediate the lapses in law enforcement that this has caused. I strongly oppose it. But I also strongly oppose the idea that the Internet should be off limits for any kind of law enforcement, unless it is through dubious mechanisms like state-sponsored malware.
Your "slippery slope" argument is much more compelling in the absense of extended lawful interception than in the situation where Signal messages would somehow be equated to postcards or SMS messages...
And yet lawful intercept laws cannot force you to decrypt the OTP-encrypted physical letter you sent to your friend. (Except in authoritarian shitholes like the UK.) Same principles would seem to apply here.
why do you think they want relation trust. unless you mean trusting that if you go against the man, the man will come for you. maybe it would be better for s/trust/fear/
Malware has existed nearly since the dawn of computing. Making the world even less secure under the guise of combating w/e today's latest bogeyman is is not gonna solve that. And having secure private communications is not gonna make it worse.
That anyone thinks this blatantly obvious attack on free speech is actually going to be used only for law enforcement is wild to me.
> You want the police to regularily intercept and check your signal chats for fraud
No, that's not how lawful intercept laws work.
I want police to be able to obtain a judicial order to intercept, for a limited time, in cleartext, the (Signal chats, or whatever other encrypted communications) of identified parties reasonably suspected to be involved with criminal activity.
ChatControl is not that, and it's one of the reasons it's a nonstarter.
"I want police to be able to obtain a judicial order to intercept, for a limited time, in cleartext, the (Signal chats, or whatever other encrypted communications) of identified parties reasonably suspected to be involved with criminal activity."
They already have that in most (?) jurisdictions by now.
With a warrant, they can install a virus on the device that will then do targeted surveillance.
ChatControl is bad, because it is blanket surveillance of everyone without warrant.
But to further clarify: I would like existing lawful interception laws to be extended to services like Signal.
Not in the sense that any EU country should be able to break Signal crypto (as ChatControl proposes, and which I think is an utterly ill-advised idea), but that competent law enforcement agencies should be able to demand unencrypted Signal communications from/to an identified EU party, for a limited time and purpose, upon a (reviewable) judicial order.
Most, if not all, EU countries currently have similar laws applying to telegrams, snail mail, email, telephony and whatnot. If you don't like those either, that's fine, but that's the status quo, and I would like to see that extended to services like Signal, as opposed to incompetently dumb measures like ChatControl...
Ok, so you want to break Encryption by law demand.
Because this is what this means. Or how exactly would it work, technically?
Signal does not know the private key of the 2 parties. Signal would have to inject a infected update into the client .. which is also malware. I rather have just those on target devices with a warrant, instead of breaking all encryption.
Or would you go extreme and outlaw decentraliced encrypted communication alltogether?
> law enforcement of which countries, under which sets of laws?
We're taking about ChatControl here, so law enforcement of EU countries, under their respective laws, into which EU law should have been incorporated
> Should Thailand be granted access to enforce their lease majeste laws
Same answer as "should Thailand be granted arrest rights to enforce <whatever>": they submit a legal assistance request to the country where the alleged crime occurred.
In the case of a lawful interception request for "lease[sic] majeste" reasons, I'm pretty sure this would be immediately rejected.
But, if not, the EU subject of such interception would have lots and lots of avenues to get redress.
Again, and I'm getting sort of tired from repeating myself: "lawful interception" does not mean "indiscriminate surveillance at the whim of whomever" -- it is a well-defined concept that has been used to determine which telegrams and mail pieces to open and which telephone calls to record for ages now. Your country absolutely does it, as we speak, no matter where you live. It's just that modern technology has far outpaced the scope of this legislation, and things like ChatControl are (incompetent) responses to that.
ChatControl is not a good idea, and has very little chance of becoming reality. But to stop dumb proposals like this from coming up over and over again, something has got to give.
I’ll go a step further: if EU sovereigns claim the right to “lawfully intercept” their citizens' private communications, why shouldn’t every state enjoy the same privilege? Russia, Saudi Arabia, Egypt, and Uganda will be exemplary custodians of such technology. You have nothing to fear, citizen: their democratic constitutions and impeccable legal codes will protect you.
Fail to see that it would even work. If the scam has happened how would lawful interception afterwards help? The criminal can just use burner accounts and the chat log exist on the scammed persons device.
The CDU/CSU is doing something good. That didn't happened for a long time? I appreciate it.
Ausgerechnet Spahn. Manchmal glaubt man seinen Augen und Ohren nicht. Wir müssen Wachsam bleiben. Mit dem Argument das es böse Menschen gibt, wurde schon viel böses getan. Massenüberwachung zerstört jede Gesellschaft. Deutschland hat mehrfach darunter gelitten. Und die Versuche Massenüberwachung einzuführen wiederholen sich.
ja, aber Wachsamkeit ist Pflicht. Wer Freiheit für Sicherheit aufgibt, verliert am Ende beides - das haben wir mehrfach erlebt.
Maybe they've learned something from history and they're not doing the AfD a service before they grab onto more power?
Or maybe this course of action is just more convenient at this time?
Probably the latter.
This is strange, because not long ago it was Germany (!!) that pushed heavily for mass-sniffing of people. I don't trust this. People should watch very, very carefully what Germany is actually doing next. I would not be surprised if the mass-sniffing comes in a few months when nobody is looking.
There is considerable opposition in Germany against these things. It’s true that some political circles keep pushing for it, but there is also a strong constitutional and civil basis against it. It’s exceedingly unlikely to happen that “nobody is looking”. The biggest risk is the far right coming into power.
Are they pushing for it?
No, they position themselves against it, because they have a narrative similar to the (former) “deep state” narrative in the US, but you can be assured that they will reverse course as soon as they can afford it.
I'm not familiar with the far right in Germany. Why should we be assured that they will reverse course as soon as they can afford it?
In simple terms, because the far right is about authoritarianism and control, not about civil liberties.
Interesting. So they have a history of attempting to legislate authoritarian rules that restrict civil liberties for citizens?
Yes, for example:
https://www.bundestag.de/dokumente/textarchiv/2021/kw02-de-p...
https://www.bundestag.de/webarchiv/textarchiv/2018/kw08-de-v...
https://dserver.bundestag.de/btd/19/304/1930412.pdf
https://dserver.bundestag.de/btd/19/111/1911127.pdf
What's so "authoritarian" about these two?
>https://www.bundestag.de/webarchiv/textarchiv/2018/kw08-de-v...
Other European countries like Switzerland, also banned full face veils(burqas) in public. Try entering a bank with a ski mask or motorcycle helmet see how that goes.
>https://dserver.bundestag.de/btd/19/111/1911127.pdf
Taking citizenship away from those who voluntarily join terrorist organizations like ISIS? 100% agree with this.
These are common sense viewpoints a lot of Europeans agree with, not authoritarian ones.
The tried to prohibit inclusive language
In Germany? Yes. Yes, they do.
Ring wing conservatives avidly throw our freedoms under the bus when convenient. Their electoral base is also very susceptible to thinkofyoungsebastian narratives.
Extreme collectivism affects both extreme, that is the concept that people are nothing but sacrificial lambs for the religion, the country, or the revolution.
Because, similar to the US, they have authoritarian tendencies - strong nationalism and anti-immigration. How are you going to round up the bad people if you don't have surveillance everywhere?
I am unclear on how strong nationalism is an authoritarian signal. Can you go into more detail there?
Because it makes it easier to create scapegoats, and excuses for why restrictions must be created.
Blame the Jews, the immigrants, the trans, and then people will grudgingly accept the Gestapo, ICE, prosecution without proof or courts.
Which then allows you to target the opposition without proof.
Well the Axis powers from World War II are the most obvious demonstrations of nationalism begetting authoritarianism. Germany, Italy, and Japan were nationalist in the extreme. And Italy from that time is such a clear example that it's basically the canonical example used to teach how fascism emerges.
Contemporary examples include the Philippines, Hungary, Poland's Law and Justice Party, and arguably Russia, Turkey and India. Modi is a Hindu nationalist. The United States unfortunately is shaping up to count as an example as well.
Extreme forms of nationalism tend to have a narrative of grievance, a desire to restore a once a great national identity, and a tendency to divide the world into loyal citizens, and enemies without and within, against whom authoritarians powers must be mobilized.
So there's a conceptual basis, in terms of setting the stage for rationalizing authoritarianism, as well as abundant historical examples demonstrating the marriage of nationalism and authoritarianism in action. There's nothing wrong with not knowing, but I would say there's an extremely strong and familiar historical canon to those who study the topic.
Because it’s a fake nationalism where they decide who and what is considered part of the nation and who and what not.
> No, they position themselves against it, because they have a narrative similar to the (former) “deep state” narrative in the US, but you can be assured that they will reverse course as soon as they can afford it.
We seem to have a general problem with people not understanding that democracies have regular elections and the other party is going to get back in at some point. So then whenever one party is in power, instead of thinking ahead by five minutes and realizing that adding new constraints on the government and adding rather than eroding checks and balances will help you the next time the other team gets in, everybody thinks of them as an impediment to doing whatever they want immediately.
And then like clockwork they get butthurt when they checks they eroded or failed to put into place aren't there after the next election, as if they had nothing to do with it.
There is a lot of censorship in Germany. People do not care.
https://en.wikipedia.org/wiki/Censorship_in_Germany
https://www.lto.de/recht/hintergruende/h/russia-today-verbot...
Nitpick:
1. Censorship in German constitutional law is only defined as the state pre-screening before publication. That's a very narrow area and rarely applies. Most people from an US legal tradition will consider censorship to include other things such as mandating removal of certain content after the fact, but that's different legal branches with different mechanisms (i.e. libel).
2. What Schulz is talking about in the second link definitely is state censorship (blocking a TV station), but it's not implemented by Germany but on the EU level. (Germany is still involved - complicated matter).
Finally we should appreciate that the US government's opinion on censorship seems to have pivoted quite a lot, so I would expect free speech maximalism to not remain a very popular position on the government level (even though many people may still support it, either naïvely or with robust arguments).
Censorship != forced breaking of E2EE. People can care differently about different things.
This might sound insane to every American, but German law especially protects politicians from insults, slander and libel. (See https://www.gesetze-im-internet.de/stgb/__188.html for the actual law)
Yes, you read that right. German law is especially protective of politicians, which is why politicians are very active suing random supporters of their opponents, because that is an effective way to police speech, open specifically to politicians.
I do think a lot of people care, but censorship in Germany does a lot to protect the people who could change the law. That law obviously needs to be abolished, politicians are uniquely unworthy of protection when it comes to speech.
If you look at the concrete laws, they are less spectacular.
For example, the concept of privacy protecting against media coverage is actually weaker for politicians (when in official duty) than for ordinary citizens (Allgemeines Persönlichkeitsrecht).
And libel only applies to statements of facts. I.e. you can't (easily) be prosecuted for opinions, just for making harmful false claims.
“This person is corrupt!”
Is that an opinion or a harmful false claim?
Depends, when talking about Jens Spahn it's a Statement of fact.
> I would not be surprised if the mass-sniffing comes in a few months when nobody is looking.
That's the problem with these proposed laws.
We (privacy advocates) have to constantly fight and win over and over again. The nations that want this mass spying only have to win once.
We need a way to permanently stop these proposals once defeated the first time so that they cannot just continue to try over and over again until it passes.
> We (privacy advocates) have to constantly fight and win over and over again.
We do have a way to reinforce our position, though!
We can design and consume technology that makes this hard.
We can stop working for companies that build centralized platforms for messaging.
We can teach our neighbors how important rights to privacy and speech are in language that they understand.
There can be enough friction that this becomes harder for politicians. Remember the Reddit Sopa and Pipa protests? - that was pretty epic! I don't think Reddit will help us in its current state, but we can absolutely mount those defenses on Wikipedia, Mastodon, Bluesky, and others.
And we should continue to move off of platforms that don't align with our freedoms. And build our platforms in a way that encourages "normies" to join.
Yes to all of the above! I just want to whine a bit that every time I try to educate anybody about this, I am promised a tin foil hat in return (even from Software Engineers!).
I can't remember where I read it, but I read that Signal's popularity was high (highest?) in Germany. Assuming I'm not misremembering or that the situation hasn't changed, it seems that Germans care enough about the issue to stake out a position.
They probably missed a fax
Germany will not abandon chat control just like the data perseveration they're so keen on. Europe is preparing for war so they need ways to make opposition more difficult. They're just waiting for the opportune moment where the opposition to these acts won't be as organized or is distracted with something else.
What war, against who? I don't know what kind of narrative you are tying to push here but know that any attempt would immediately meet strong opposition (I've seen the graves of Verdun and I for one would do anything to actively undermine and sabotage any kind of active war effort)
Zensursula von der Leyen is from the CDU, specifically.
Never trust the CDU. They were the ones pushing for the illegal data retention (Vorratsdatenspeicherung) and von der Leyen from the CDU is big on censorship and mass surveillance. They are just against it now because the country has bigger problems and the CDU has the worst approval ratings in history.
> Never trust the CDU. > Never trust the SPD.
I'm borderline not joking that there should be warning labels like those on cigarettes on the ballot when voting.
At voting is a bit late probably. You don't just trust leaders, you watch, you criticize, you communicate and sometimes you act. Political or otherwise as a matter of fact
Netzpolitik.org says it's not decided yet: https://netzpolitik.org/2025/eu-ueberwachungsplaene-unionsfr...
Jens Spahn, the speaker in the video OP shared, is not a member of the government but a leading member of the parliament and of one of the ruling parties. A tiny but important difference.
Had to double check the original account because I was worried about falling for an AI-generated video (account is legit). Weird times.
Article in German: https://netzpolitik.org/2025/eu-ueberwachungsplaene-unionsfr...
This rollercoaster is wearing me out. I hope this finally settles it!
I wouldn’t expect the general topic to become “finally settled” within our lifetime.
I expect it to become settled, just not in the way we want it.
Sure, there is the rollercoaster, ups and downs, small wins and losses going on all the time. But look at the general trends - these freedoms that we enjoyed are by and large being chipped away, it's all trending down, worldwide. It's two steps back, one step forward. Maybe CC doesn't get put in place this particular time, but they will ram it through eventually, at some point the right angle will be found to make the right people vote for it. Then the battleground will move onto something even more egregious, and so on. I'm not seeing why there would be a sudden reversal of this trend in the coming decades.
Freedom will not ever be finally settled in this life. Laws can be changed, constitutions amended, and of course the law is only as good as willingness to enforce it. The price of freedom is eternal vigilance, as nice as it would be if that wasn't so.
At issue here is... what exactly "freedom" is
Speech is restricted the world over for things (fraud, threats, libel/slander, secrets, and more), and we're almost universally in favour of that.
It's a balancing act, and the point where we set the balance is difficult, and constantly changing (should we allow speech that encourages the persecution of other people, sometimes called "hate speech" or should people be allowed to advocate for the murder/rape/extermination of other human beings because of the way they look)
I'm not sure that's relevant to Chat Control. What's at stake here is not a definition of 'acceptable communication' in public, but the possibility of all private communication being scanned.
That's not to say that private communication can't already be illegal; mere 'conspiracy' is a crime in many places. Yet the level of surveillance that would be enabled by legislation like Chat Control is greater than any other in history. Even notorious agencies like the Stasi had to pick and choose their targets based on prior suspicion, simply because of the logistics involved in traditional surveillance.
We don't fully know what effects this kind of unceasing, universal monitoring would have on society, and what little historical precedent exists doesn't bode well. Restrictions on public speech however are pretty well understood; we've had censorship in various forms pretty much everywhere in the world at one point or another. We can look to history for lessons about what happens, and can properly discuss (even if not agree!) about when censorship is good or bad for society.
My comment is 100% relevant to the comment I was replying to. (Sometimes I do wish people who down vote were forced to comment why they were making such erroneous decisions)
Unless there's a law ensuring our freedoms.
Chat control very likely violates at least german law, if not EU law too already. As experts as well as the ministry of justice of the previous government in germany have pointed out time and time again.
Yet still that was never enough for a clear and definitive "no".
It is very likely that the people in favor of this would still try to push it through, or let that happen. They know that the legal battle afterwards to determine its unlawfulness would take years.
And during that time it could already be put it place. And once the legal battle is over (and likely won) severe damage is done and they could still adapt the law or just offer companies to continue doing this "voluntarily". And personally I wouldn't count on Apple, Google, or Facebook to roll this back quickly in that case once they've put it into place.
Laws can be changed, can be reinterpreted, there are no absolutes. What matters is who is in power, and how powers are kept in check. There is no finality to any of that. It’s a constant process of keeping things up, or failing to keep things up.
This is actually one of my own fears for efficient organization at state level and above: - any new technology, any new opportunity either has checks and balances or gets exploited by smart optimizers with no regards for the commons or human flourishing - checks and balances are as you say a constant drain on public attention and resources: you need smart people doing the checking (finite resource), and receptive eyeballs (finite also) - it is thus an optimization problem. attack_surface - check_capacity = societal_explots I worry that the check_capacity term is constrained, but that the attack_surface keeps aexpanding with new technologies. At some point, we started playing whack a mole, frantically jumping from one check to another, and we're holding the fray stochastically. but at some point it's going to become extremely adversarial.
Well, where's the megaproject to raise the public's IQ by 50 so that basic game-theoretic checkings become child's play?
I agree. There's an old saying: those who want to become president (leader of a country) should in no way be allowed to do so.
It's difficult to entrench things. In the UK they have often said "one Parliament can't bind another Parliament", and in the U.S. it's also sometimes said "one Congress can't bind another Congress".
The most obvious mechanism is a constitutional amendment, but in the U.S. the only amendment to be drafted and adopted in modern times is the 26th amendment (1971), 54 years ago. (The 27th amendment had a weird status where it was belatedly adopted with a 200-year delay.) It's hard to imagine many constitutional amendments actually being passed now because it's been challenging to find consensus on many things within U.S. politics lately.
I don't know that the EU at a supranational level has any mechanism at all to ban future EU directives. Maybe they could decide to remove something from the list of areas of competence of the EU? But Chat Control is under the "Area of Freedom, Security and Justice" and I can't imagine the EU deciding that that should be abandoned as an area of Union competence.
Edit: The international human rights treaties, at least in regulating law enforcement, have tended not to follow the idea that some kind of regulation or law enforcement power is completely off-limits, but just that they need procedural safeguards -- especially for surveillance and investigatory powers. In this case, Chat Control opponents (including me) would like it to be completely off-limits, but the human rights instruments arguments might more naturally go into "did they create enough surrounding rules and mechanisms about how it's used and how it's regulated?" rather than "can we just say governments just can't make this rule?".
Ask the U.S. lately just how binding those laws are.
Edward Snowden approves of this reminder :)
Given that freedom can mean different things even to the same society at different times and in different circumstances, such a law would essentially have to be sentient.
I mean, the right to privacy is already enshrined in the EU's human rights. The courts would likely strike Chat Control down if it were to pass. But I wish there was a way to prevent our politicians from even trying this shit.
Other things are enshrined in the EU human rights as well, many of them ultimately contradicting each other if you follow them to their logical conclusion.
It's the task of parliaments, governments, and courts to reevaluate and resolve all these contradictions over and over again. It's tedious and takes a lot of resources, but that's the price for democracy.
Finally settled? Forget it. The autocrats will try, try again.
In fact, if ChatControl does fail, they have already planned to include this in ProtectEU - a larger package coming soon...
Just imagine some other people will carry the burden and mentally distance yourself from it to relax from it wearing you out. You can take up the burden again later once you've recovered and others are worn out
It goes in waves, the forces behind it will continue and keep pushing until they can get it through, its a setback though.
It's working. It will not be settled.
"anlasslose Chatkontrolle" => Chat Control without cause.
Ok, maybe these are not weasel words in this case. The CDU probably wants to present itself as a friend of the people using a popular issue that they don't really care about. My suspicion is that this is exactly why the ChatControl issue is brought up yearly. It distracts people from wars, the economy etc., there is a big discussion and finally the government graciously comes down on the side of the people. Each and every year.
> It distracts people from wars, the economy etc
Were this true, some politicians would do it for that reason. It would need to get a lot of attention to be an effective distraction, and it does not. The mainstream press barely covers the issue. Many people who would be directly harmed by it don't even know what's being considered.
Yeah, this isn't being covered at all. At least, up to its significance. Most people are computer illiterate too, so it is unlikely they would understand or care either.
It's no wonder we see the countries that oppose this as well. Makes one think. Sweden's case is peculiar given their military opposed it. I wonder what's going on there.
I mean, there is already "Quellen-TKÜ"¹ for the "with cause" situation… however bonkers that one might be on a modern secure Apple or Android device…
¹ Quelle = source, TKÜ = Telekommunikationsüberwachung = telecommunication surveillance. aka installing trojans on your devices.
Well that kills it.
A simple way to end the discussion:
No matter what the state says, or what legislatures pass what laws, we're going to continue to live out our right to general purpose computing, including sending only what we choose to send over the wire, and encrypting content as we see fit.
Now let's talk about something else.
I like the sentiment but it sounds very similar to Soverign Citizen nonsense. You can't just plug your ears and say that a law doesn't apply to you because you didn't consent to it.
Yes you can, it's called civil disobedience. Sovcits are stupid because they break the law but don't know it.
Civil disobedience involves breaking the law with full knowledge that it's illegal, to protest injustice.
The reasoning isn't about consent or social contracts, but about the evolutionary trajectory of humankind.
By way of example: in the United States, the 1st amendment to the constitution guarantees freedom of "the press" - it is referenced not by the right to print what one wants, but specifically in reference to the technology of the time, the printing press.
It's obvious that our evolutionary trajectory is one in which widely distributed general purpose computing is normal.
Making laws that contradict this is just childish, and at some point the adults in the room need to be willing to ignore them.
That works until the government and media successfully push the narrative to the public that anyone using encryption is supporting child molesters and terrorists.
The government itself uses encryption.
In fact the proposed chat control law has an exception for government agencies
That doesn't counter the argument. The people arguing against encryption would just liken it to the government being able to use military equipment that you, as an individual, can't have. "Free communication is a dangerous tool, only the government can be entrusted with the power it provides" and so on.
This may work on boomers but for younger people 90% of the use of a phone is for messaging and obviously you don't want anyone listening in to your private conversations especially for sexting.
People are not going to stop sending each other their boobs or penii, and while that remains the case, encrypted messaging will thrive.
the internet is already dying and social media largely sucks. the whole ass thing is going to be 100% ai driven ads, scams, astroturfing, propaganda, trolls and other fuckery sooner rather than later. just let chat control kill it, fuck it. accelerate to a cyberpunk future of local mesh networks.
What makes you think local mesh networks would remain legal?
It won't but luckily no government is powerful enough to govern math and therefore cryptography. Mathematics is more of a liberator than the second amendment in this respect.
Physical hardware can be controlled, yes. Decentralization and obfuscation similar to TOR is probably needed here.
If running a mesh network is illegal, does it matter that the traffic is just math? Without a network, there's no data transmission of that math. The government controls the airwaves. It doesn't matter if you're broadcasting Top40 or encrypted messages, if they say no to your transmitting, you're going nowhere.
> if they say no to your transmitting, you're going nowhere.
> if they say no to your forgetting to scan the case of water on the bottom of your cart, you're going nowhere.
> if they say no to your hacked cable box, you're going nowhere.
> if they say no to your speeding, you're going nowhere.
> if they say no to your weed, you're going nowhere.
> if they say no to your growing a mushroom and mailing it to your friend, you're going nowhere.
There's a whole spectrum of how illegal something is to consider. People break the law every day for a range of reasons from accident, to ignorance, to convenience, to want, to need, etc.
In the hypothetical world that you've set out, where surveillance is so extreme and overreaching as to help finish off the entirety of the internet for good, there's no way it would stop at the internet. The goal isn't controlling this set of standards and protocols that defines just the internet, the goal is controlling communication and the internet is the #1 way of communicating between people at the moment.
If people all started talking through letter mail, you'd get Letter Control, they wouldn't just forget about it because it's not the internet. If the people somehow become smart and coordinated enough to move to some cryptographically-secure method of communication, your government will probably outlaw the equipment and actions associated with using it in the first place instead of trying to decrypt all communications.
The goal is control of information, and the way of doing that is to force everyone to use unsecured communication with no feasible alternatives. I wouldn't expect kid glove treatment with that, unlike speeding or minor shoplifting.
running an actively transmitting network is an easy thing for them to come and shut down. you doing any of the other things can easily be done without them knowing about it. you can be flippant about it all you want, but you don't look intelligent by doing so
Cryptography is privacy. Privacy can taken away by law.
It is the same as free speech. You can say what you want, but you can go to jail for saying the wrong thing in many countries.
Ah yes, fortunately governments have never in history successfully declared certain large integers illegal and prosecuted people for sharing them.
Shooting someone is also "just physics", yet many governments have been known to frown upon it (depending on the context).
You'll be okay as long as you print them on a t-shirt
Yep, good thing nobody has ever been jailed for wearing a t-shirt with the wrong slogan.
Even a blank sheet of paper I think was enough to get someone in jail.
It is true: https://en.wikipedia.org/wiki/Blank_paper_protest
More than anything, this is a good lesson in information theory. A blank sheet of paper isn't devoid of information just because it doesn't contain ink - rather, it is the context of the current situation that defines the information being conveyed. This is true in all forms of communication.
This reminds me of a story I read once about when Victor Hugo had just published Les Miserables. Just after publication, he went to his vacation home due to the controversy he was sure was going to follow the publication of the book. Wanting to know how the reception was going, he mailed his publisher a letter simply containing a question mark. The publisher responded with only an exclamation mark, and Hugo immediately understood - he had written an eternal classic.
(BTW, I read this in the book The User Illusion - a fantastic read)
you missed the reference. as a history lesson, the deCSS code was written on a t-shirt and was deemed acceptable. having the deCSS compiled as an executable was deemed not acceptable.
I got the reference. Seems like it worked out quite nicely for the government/court though, given that deCSS isn't much use printed on a t-shirt, compared to in a binary on a computer?
you can't share the compiled binary, but you can share a shirt. if you have the shirt, you can compile on your own. the t-shirt became the sharing network
¿Por qué no los dos?
you mean like Bluesky?
OK, really hot take here:
-ChatControl, as it is currently defined, is not going to happen, because it's absolutely stupid and would make impossible, amongst other things, online banking
-Yet, there is a growing and legitimate demand for lawful interception of 'chat' services. I mean, "sure, your bank account got emptied, but we can't look into that because it happened via Signal" just isn't a good look
-So, something has got to give. Either 'chat' services need to become 'providers of telecoms services' and therefore implement lawful interception laws, or the malware industry will continue to flourish, or something even more stupid will happen
Pick your poison.
> -Yet, there is a growing and legitimate demand for lawful interception of 'chat' services. I mean, "sure, your bank account got emptied, but we can't look into that because it happened via Signal" just isn't a good look
Why on earth would mass intercept be necessary or even help in that?
If you got scammed by someone, then you can contact the police and hand over your message history. Why would the cops be interested in someone else's message history for this?
> Why on earth would mass intercept be necessary
Lawful interception is not "mass intercept."
It's the ability to surveil traffic from/to a clearly identified party, upon a judicial order for specific reason, for a limited time.
ChatControl, on the other hand, is mass interception. I'm against it. Most people in the EU are against it. But to prevent things like ChatControl coming up over and over again, a basic tool to combat Internet crime is required.
I am having a legitimately hard time wrapping my head around not being able to prosecute bank fraud because signal exists. Was it impossible before when criminals would talk in person instead over a recorded telephone?
No? But lawful intercept laws were never about "criminals [talking] in person".
There's a different set of laws for that...
And we all know those laws are never abused and are absolutely only used to target criminals.
No, there is definitely abuse of lawful interception.
But, in a jurisdiction with a functioning rule of law, these abuses can be spotted and remedied.
Doing the same for mass surveillance (such as ChatControl) or state-sponsored malware is much harder.
I'm advocating against ChatControl and malware, and proposing existing lawful interception frameworks as an alternative. But, apparently it's not my day :)
There is a famous case of US Mafia meeting in rooms, or out on streets to discuss their "business activities" face to face to prevent authorities from surveilling the phone calls.
The reason we know is because authorities were able to place listening devices into the rooms that they were in, or surveil them from other buildings.
This is analogous to getting a warrant to someone’s phone. (Chat control is like putting a microphone into every room in case the government wants to listen after the fact.)
I’m still unconvinced that this make’s law enforcement’s job so hard that something has to give.
> So, something has got to give.
Something does have to give: the constant demands for interception capabilities on end-to-end encrypted protocols. Those demands must be thoroughly destroyed every time they rear their head again.
It's interesting that this initiative seems to be mostly driven by influential actors in the "online safety" space that want their flawed scanning tech embedded into every device. Thorn is the most public-facing one, but if you dig into advocacy groups you'll find there's a dozen or so more, and they competed for being the technical solution to the UK online safety act too. But if it involves CSAM it's an even more perfect monopoly - only a very select group of people can train these models because the training data is literally illegal to possess.
If you needed any indication for how these pseudo-charities (usually it's a charity front and a commercial "technology partner") are not interested in the public good, SafeToNet, a company that up until last year was trying to sell a CSAM livestream detection system to tech companies to "help become compliant" ("SafeToWatch") now sells a locked down Android phone to overprotective parents that puts an overlay on screen whenever naked skin can be seen (of any kind). It's based on a phone that retails for 150 pounds - but costs almost 500 with this app preinstalled into your system partition. That's exceptionally steep for a company that up until last year was all about moral imperatives to build this tech.
Why would the malware industry benefit from digital message privacy?
If you're the victim, just hand over the relevant chats yourself. Otherwise, just follow the money. And if the attackers are sitting in a country whose banks you can't get to cooperate, intercepting chat messages from within that country won't do you any good either.
Also, if someone has malicious intent and is part of a criminal network, the people within that network would hardly feel burdened by all digital messages on all popular apps being listened in on by the government. These people will just use their own private applications. Making one is like 30min of work or starting at $50 on fiverr.
”Follow the money”. Yes, let’s decide that no bank is to have anything to do with crypto from next year. And not do business with other banks that accepts crypto. That would help stop fraud much more effective than Chat Control.
For the vast majority of crypto currencies tracing the transactions is trivial. And even currencies like XMR are hardly as anonymous as people think.
The challenging regulations around technically anonymous crypto currencies require you to actively make trackable arrangements with your financial service providers. VERY few people will ever do this, and therefore if anything suspicious were to occur, all you've achieved is putting yourself on the suspect list preemptively.
> Why would the malware industry benefit from digital message privacy?
Because if lawful interception of in-transit messages is not possible or permitted, hacking either the client or the server becomes the only option.
You may enjoy reading https://therecord.media/encrochat-police-arrest-6500-suspect.... Or just downvoting me. Or both.
Sure, if you want to read the messages, but the whole point is that that's rarely necessary and the price isn't worth the minimal gain.
Of the serious criminals, the only ones you'll be catching are those with low technical knowledge (everyone else will just be using their own applications) and the Venn diagram of those with little tech knowledge and those whose digital privacy practices could deceive law enforcement resembles AA cups against a pane of glass.
Regarding Encrochat, it is no surprise that an (unintentional?) watering hole gathered up a bunch of tech-illiterate, the fallacy is that those people wouldn't have been caught if they weren't allowed to flock to a single platform for some time.
Would some people have not been caught until much later or even not at all? Sure, but if LE would do its job (and not ignoring, or even covering up, well known problem areas and organizations for years to decades), only those of low priority.
Is that little gain worth creating a tool to allow Iran or similar countries to check every families' messages if they suspect some family member might be gay?
Hard nope.
> Or just downvoting me.
Don't worry, I rarely do that and that's not just because I can't...
How do you propose it's implemented though?
The two sides in this debate seem to be talking at cross purposes, which is why it goes round and round.
A: "We need to do this, however it's done, it was possible before so it must be possible now"
B: "You can't do this because of the implementation details (i.e. you can't break encryption without breaking it for everyone)"
ad infinitum.
Regardless of my own views on this, it seems to me that A needs to make a concrete proposal
Lawful intercept laws exist, and they've been sort-of functional for ages.
Apps like Signal don't entirely fall within the scope of these, which is the cause of the current manic attempts to grab more powers.
My point is that these powers grabs should be resisted, and that new services should be brought into the fold of existing laws.
The prevailing opinion here seems to be that, instead, state hacking should be endorsed. Which, well...
The prevailing opinion here seems to be that we’d really like for there to not be an omnipresent panopticon because protect the children or terrorists or, apparently, malware. If your imagination is particularly lacking on how this might be weaponized just remember that antifa is now designated as an terrorist organization in US, so you better not be a suspected member of it — as in, you best not have sent a buddy a message on signal about how those tiki torch carrying nazi larpers aren’t exactly great guys, or off to a black site you go for supporting terrorism.
If you want to prosecute people send physical goons, which are of limited quantity, rather than limitless, cheaper and better by the day pervasive surveillance of everybody and everything.
> an omnipresent panopticon
OK, sorry to keep repeating myself here, but... I strongly oppose any kind of "panopticon" like ChatControl.
What I would like to see, is, say, Signal complying with lawful interception orders in the same way that any EU telecoms provider currently does.
So, provide cleartext contents of communications to/from a cleary identified party, for a limited time, by judicial order, for a clearly specified reason.
> pervasive surveillance of everybody and everything
This is exactly what lawful intercept laws are supposed to prevent. And yeah, of course, abuse, but under a functioning rule of law there are at least ways to remedy that, unlike with mass surveillance and/or malware...
> I strongly oppose any kind of "panopticon" like ChatControl. What I would like to see, is, say, Signal [...] provide cleartext contents of communications to/from a cleary identified party
Those statements simply aren't compatible.
Right now, Signal is designed by cryptography experts to provide the best privacy we know how to build: messages are only readable by you or the intended recipient. "Lawful intercept" necessarily means some additional third party is given the ability to read messages.
It doesn't matter what kind of legal framework you have around that, because you can't just build a cryptosystem where the key is "a warrant issued under due process." There has to be a system, somewhere, that has access to plaintext messages and can give law enforcement and courts access. The judges, officers, technicians, suppliers, and software involved in building and using this system are all potential vectors by which this access can be compromised or misused -- whether via software or hardware attacks, social engineering, or abuse of power.
Maybe your country has "functioning rule of law", and every single government official and all the vendors they hire are pure as snow, but what about all the rest of us living in imperfect countries? What about when a less-than-totally-law-abiding regime comes into power?
You're proposing that we secure our private conversations with TSA luggage locks.
For a real-world example of the problem you're describing, China's Salt Typhoon attacks compromised lawful intercept infrastructure in the USA to engage in espionage. A mandatory backdoor in Signal would be at risk from similar attacks.
https://en.wikipedia.org/wiki/Salt_Typhoon
> You're proposing that we secure our private conversations with TSA luggage locks
No -- that's an incredibly reductive summary, and the attitude you display here is, if left unchecked, exactly what will allow something equally ridiculous like ChatControl to pass eventually.
There has been plenty of previous debate when innovations like postal mail, telegraph traffic and phone calls were introduced. This debate has resulted in laws, jurisprudence, and corresponding operating procedures for law enforcement.
You may believe there are no legitimate reasons to intercept private communications, but the actual laws of the country you live in right now say otherwise, I guarantee you. You may not like that, and/or not believe in the rule of law anymore anyway, but I can't help you with that.
What I can hopefully convince you of, is that there needs to be some way to bring modern technology in line with existing laws, while avoiding "9/11"-style breakdowns of civil rights.
We can draw analogy between any two things. An encrypted chat is not a letter in the mail or a call on the telephone. It is an entirely new thing. Backdooring such chats is not "bringing technology in line with existing laws" it is, very clearly, passing new laws, and creating new invasions of privacy. It must be justified anew. The justification for wiretapping was not that there was no way to fight crime without it. Otherwise, when the criminals became wise to it, and began to hold their conversations offline, there would have been a new law, requiring that all rooms be fitted with microphones that the police could tap into as necessary. No such law was passed. Instead, the justification for wiretapping was simply that, once police had identified some transmission as relating to the committing of a crime, they could obtain a warrant, and then tap into the communication. The physical capacity without any effort by uninvolved individuals was the entire justification. That capacity does not exist with encrypted chats. The analogy is therefore much closer to the "mandated microphones" described above. Everyone is being required to take action to reduce their own privacy, regardless of whether they are subject to a warrant.
What is most striking about our "mandated microphone" analogy is the utter futility of it. Criminals have no issue breaking the law, and hence have no issue outfitting a room with no microphones in which to carry out their dealings. The same is true of any law targeting encrypted chats.
A hot take: removing protections guaranteed by constitution should require modification of the constitution. There is already a "temporary" European regulation [1] that is in violation of the German constitution [2]. CSAR would be a further erosion of the legal foundation. Americans were happy when their federal laws that restrict marijuana use were simply ignored by executive fiat without proper processes, well, they aren't so happy now to see that other laws can be freely ignored too.
If people speak up and say "take away our rights" at a referendum, let that be their decision, not a political backroom deal.
[1] https://eur-lex.europa.eu/eli/reg/2021/1232/oj
[2] Article 10 at https://www.gesetze-im-internet.de/englisch_gg/englisch_gg.h...
> A hot take: removing protections guaranteed by constitution
Lawful intercept laws exist in most, if not all, EU countries.
It's just that super-national overlay services like Signal don't entirely fall within the framework of those.
So, there is now a choice: expand interception powers indefinitely (a.k.a. ChatControl, which, to make things crystal-clear, I'm 100% against), or bring new services into the fold of existing legislation.
No existing legislation requires proactive interception of mail, physical or electronic. Bringing new services into the fold of existing legislation would mean forbidding any proactive scanning by civilians and forbidding such scanning by authorities without a warrant or court order.
> proactive interception of mail, physical or electronic
Lawful interception is not proactive: it requires a judicial order to collect plaintext communications from/to specifically identified individuals (resident in the country demanding the interception), for a limited time and for a specific purpose.
ChatControl, which I strongly argue AGAINST would sort-of be what you describe. But: I. Am. Arguing. AGAINST. That.
> modification of the constitution
Don’t give them any ideas!
I would rather online banking be impossible, or only available to those that take training and sign waivers, than have all my communications surveiled.
OK, you be you, But please note that I did not list "online banking becoming impossible" as a likely outcome. Merely malware continuing to be state-sponsored, or certain communications to be surveilled. Not all of yours, unless you draw an especially vinidicative judge (and yes, I'm assuming a functioning rule of law here -- if that's gone, what's left?)
> OK, you be you
I don't know what you mean by this.
> But please note that I did not list "online banking becoming impossible" as a likely outcome.
No, but it should be a likely and maybe even desired outcome, especially if a justification for surveillance is the prevention of online banking fraud among other crimes.
> Merely malware continuing to be state-sponsored, or certain communications to be surveilled.
Norms and mores change over time, so the only conclusion is that "certain communications" will become "all communications" at some point in the future. I'd love to be proven wrong.
> Norms and mores change over time
Yeah, but laws tend to be more constant, and lawful interception laws are, 100% guaranteed, a thing, right now, in the country where you live.
They apply to telegrams, postal mail, telephone conversations, and a whole bunch of other things nobody really does anymore. They don't really apply to the things people do tend to do these days.
ChatControl is an incompetent attempt to remediate the lapses in law enforcement that this has caused. I strongly oppose it. But I also strongly oppose the idea that the Internet should be off limits for any kind of law enforcement, unless it is through dubious mechanisms like state-sponsored malware.
Your "slippery slope" argument is much more compelling in the absense of extended lawful interception than in the situation where Signal messages would somehow be equated to postcards or SMS messages...
And yet lawful intercept laws cannot force you to decrypt the OTP-encrypted physical letter you sent to your friend. (Except in authoritarian shitholes like the UK.) Same principles would seem to apply here.
I’ll take the malware thanks
while this is a link to the malware site x.com, it is shown in a protective trustworthy hull, called xcancel.com
Without confidential and private spaces, how in the world can relational trust be cultivated?
And how in the world can we have safety if relational trust is suffocated before it can even take root?
Please use your imagination! Those aren't the only options if we embrace trust as essential rather than looking at any need for it as a liability.
why do you think they want relation trust. unless you mean trusting that if you go against the man, the man will come for you. maybe it would be better for s/trust/fear/
Malware has existed nearly since the dawn of computing. Making the world even less secure under the guise of combating w/e today's latest bogeyman is is not gonna solve that. And having secure private communications is not gonna make it worse.
That anyone thinks this blatantly obvious attack on free speech is actually going to be used only for law enforcement is wild to me.
" "sure, your bank account got emptied, but we can't look into that because it happened via Signal" just isn't a good look"
Do you want the police to regularily intercept and check your signal chats for fraud and crime so this does not happen, or what is the point here?
> You want the police to regularily intercept and check your signal chats for fraud
No, that's not how lawful intercept laws work.
I want police to be able to obtain a judicial order to intercept, for a limited time, in cleartext, the (Signal chats, or whatever other encrypted communications) of identified parties reasonably suspected to be involved with criminal activity.
ChatControl is not that, and it's one of the reasons it's a nonstarter.
"I want police to be able to obtain a judicial order to intercept, for a limited time, in cleartext, the (Signal chats, or whatever other encrypted communications) of identified parties reasonably suspected to be involved with criminal activity."
They already have that in most (?) jurisdictions by now.
With a warrant, they can install a virus on the device that will then do targeted surveillance.
ChatControl is bad, because it is blanket surveillance of everyone without warrant.
> With a warrant, they can install a virus on the device that will then do targeted surveillance
Yeah, and that sponsors an entire malware industry!
I don't really know how I can make my position any clearer, but...
-Malware: bad!
-ChatControl (encryption backdoors): bad!
-Inability to do any kind of law enforcement involving "the Internet": double-plus bad!
-Enforcement of existing lawful interception laws in the face of new technology: maybe look at that?
"I don't really know how I can make my position any clearer, but..."
You could state in plain words what do you propose as an alternative.
I read what you wrote, but have no idea what you propose.
> I [...] have no idea what you propose
It's literally the last item in my list?
But to further clarify: I would like existing lawful interception laws to be extended to services like Signal.
Not in the sense that any EU country should be able to break Signal crypto (as ChatControl proposes, and which I think is an utterly ill-advised idea), but that competent law enforcement agencies should be able to demand unencrypted Signal communications from/to an identified EU party, for a limited time and purpose, upon a (reviewable) judicial order.
Most, if not all, EU countries currently have similar laws applying to telegrams, snail mail, email, telephony and whatnot. If you don't like those either, that's fine, but that's the status quo, and I would like to see that extended to services like Signal, as opposed to incompetently dumb measures like ChatControl...
Ok, so you want to break Encryption by law demand. Because this is what this means. Or how exactly would it work, technically? Signal does not know the private key of the 2 parties. Signal would have to inject a infected update into the client .. which is also malware. I rather have just those on target devices with a warrant, instead of breaking all encryption.
Or would you go extreme and outlaw decentraliced encrypted communication alltogether?
The law enforcement of which countries, under which sets of laws?
Should Thailand be granted access to enforce their lease majeste laws, for example? https://en.m.wikipedia.org/wiki/L%C3%A8se-majest%C3%A9_in_Th...
Who gets to decide what gets made available to who?
> law enforcement of which countries, under which sets of laws?
We're taking about ChatControl here, so law enforcement of EU countries, under their respective laws, into which EU law should have been incorporated
> Should Thailand be granted access to enforce their lease majeste laws
Same answer as "should Thailand be granted arrest rights to enforce <whatever>": they submit a legal assistance request to the country where the alleged crime occurred.
In the case of a lawful interception request for "lease[sic] majeste" reasons, I'm pretty sure this would be immediately rejected.
But, if not, the EU subject of such interception would have lots and lots of avenues to get redress.
Again, and I'm getting sort of tired from repeating myself: "lawful interception" does not mean "indiscriminate surveillance at the whim of whomever" -- it is a well-defined concept that has been used to determine which telegrams and mail pieces to open and which telephone calls to record for ages now. Your country absolutely does it, as we speak, no matter where you live. It's just that modern technology has far outpaced the scope of this legislation, and things like ChatControl are (incompetent) responses to that.
ChatControl is not a good idea, and has very little chance of becoming reality. But to stop dumb proposals like this from coming up over and over again, something has got to give.
And when some other countries pass laws demanding access to the same mechanism that the EU gets?
I’ll go a step further: if EU sovereigns claim the right to “lawfully intercept” their citizens' private communications, why shouldn’t every state enjoy the same privilege? Russia, Saudi Arabia, Egypt, and Uganda will be exemplary custodians of such technology. You have nothing to fear, citizen: their democratic constitutions and impeccable legal codes will protect you.
Fail to see that it would even work. If the scam has happened how would lawful interception afterwards help? The criminal can just use burner accounts and the chat log exist on the scammed persons device.
Malware, easily
Im sorry but I know my countries history, there is no good in "lawful interception"