Contrast this to the 'soon to be former member of the EU' UK where Theresa May is trying to force companies to add backdoors and ban end to end encryption.
Somehow the actual EU states aren't really behind this. Germany's interior minister just recently proposed a new attempt at legalizing spying citizens devices.
Any tldr? I have a very hard time getting through this, but as the founder of a Europe-based messaging company (https://talkjs.com), I wonder whether this is trouble.
En-to-end encryption is great but it also kills quite a number of use cases. For example, our group conversations couldn't be e2e encrypted because then users can't see the message history from before they joined it. In whatsapp this is indeed the case, but for our platform it is a core feature. Same for Slack, I suppose. Similarly, Slack search would be totally out of the door. (unless, again, you make it only search the stuff sent to you)
"The providers of electronic
communications services shall ensure that
there is sufficient protection in place
against unauthorised access or alterations
to the electronic communications data,
and that the confidentiality and safety of
the transmission are also guaranteed by
the nature of the means of transmission
used or by state-of-the-art end-to-end
encryption of the electronic
communications data. Furthermore, when
encryption of electronic communications
data is used, decryption, reverse
engineering or monitoring of such
communications shall be prohibited.
Member States shall not impose any
obligations on electronic communications
service providers that would result in the
weakening of the security and encryption
of their networks and services"
I interpret this as the following clauses:
* "sufficient protection in place against unauthorised access or alterations" [through]
* "guaranteed by the nature of the means of transmission used "
* "OR"
* "state-of-the-art end-to-end encryption of the electronic communications data"
I think ubiquitous end-to-end encryption is the inevitable future of 1:1 and group communication. The momentum is in that direction. In your case, supporting the browser as a platform rules it out right now, but hopefully that will change when browsers provide an environment for doing serious crypto, where the server can't just quietly push down some new JS that leaks messages back to itself.
I'm in the alpha stage of building an end-to-end encrypted social network (https://sharewithsup.com, invite code: eff, currently iPhone only). Under the hood, it establishes E2E group channels between friends and uses those for everything (posts, comments, photos, events, etc). History is relayed between friends and search uses a local index, but the UX is still similar to Facebook. My point is - in addition to namedropping my app - that it's possible to find ways to implement features that at first seem hard with E2E. Just not on the web, yet.
Couldn't group chats be encrypted with a shared key that is provided to the new user by whoever invites them to the chat? The messages would still be encrypted and decrypted only at the ends.
Not just EP, but the Council and Commission as well, since they initiated the legislative process. That means the 27 governments are also behind it, at the moment. This is very surprising to me - no government is free of authoritarian elements, especially in centralistic States like France, Hungary, Italy or Spain. Their unilateral disarmament would be peculiar.
I don't see this proposal going all the way, to be honest, it seems too idealistic. I expect it will be perverted into its opposite, e.g. justification for "review methods" that states could apply to "check if your encryption is secure", which would result in compromising that very security. Remember that EU law is adapted at individual state level; for generic stuff like this, there is plenty of space for interpretation by national legislators.
As a supporter of the EU concept, I think this is dangerous territory for the Union, at a time when its popularity is pretty low. I hope I'll be proven wrong.
Can a 'land of the free' encompass the concept of a territory where laws are made by unelected officials working behind closed doors? Some folk across the EU especially in the eastern European countries are now seriously wondering what they've signed up to.
Well, apart from the protection racket aspects of it that are going on at the moment.
Ah, this is a nice country. It would be a shame if something were to happen to it. I'm so sorry you were thinking of leaving, and stopping paying us billions per year. We really must ask you to hand over a hundred billion before we'll talk about any kind of trading relationship with you -- it would be such a shame if we happened to design the barriers in such a way that would accidentally maximise harm to your economy. But you know you're always welcome to stay and keep paying us just a few billion each year.
don't let yourselves be fooled, fools.
if this takes any real form, it'll be gutted and ripped apart until there's nothing of essence left because it would mean the following ingenius legislation be repealed.
I often take a pessimistic view to such good-looking things too.
But taking a look at your first link, it appears to already not be in force anymore? For the same reasons that the new recommendation is being drafted- government surveillance violates fundamental rights to privacy.
"On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights. The Council's Legal Services have been reported to have stated in closed session that paragraph 59 of the European Court of Justice's ruling "suggests that general and blanket data retention is no longer possible".[15] A legal opinion funded by the Greens/EFA Group in the European Parliament finds that the blanket retention data of unsuspicious persons generally violates the EU Charter of Fundamental Rights, both in regard to national telecommunications data retention laws and to similar EU data retention schemes (PNR, TFTP, TFTS, LEA access to EES, Eurodac, VIS)."
> When the processing of electronic
communications data by providers of
electronic communications services falls
within its scope, this Regulation
is without
prejudice to
the possibility for the Union or
Member States under specific conditions to
restrict by law certain obligations and
rights
set
out in
this Regulation
when such
a restriction
is targeted
at
persons
suspected of having committed a criminal
offence
and
constitutes a necessary and
proportionate measure in a democratic
society to safeguard specific public
interests, including national security,
defence, public security and the prevention,
investigation, detection or prosecution of
criminal offences or the execution of
criminal penalties, including
the
safeguarding against and the prevention of
threats to public security. Therefore, this
Regulation should not affect the ability of
Member States to carry out lawful
interception of electronic communications
or take other measures, if necessary and
proportionate to safeguard the public
interests mentioned above, in accordance
with the Charter of Fundamental Rights of the European Union and the European
Convention for the Protection of Human
Rights and Fundamental Freedoms, as
interpreted by the Court of
Justice of the
European Union and of the European Court
of Human Rights.
This is not about preventing state surveillance, this is about regulating non-state actors' ability e.g. to track users without their consent.
Edit: However, on page 74
> The providers of electronic
communications services shall ensure that
there is sufficient protection in place
against unauthorised access or
alterations
to the electronic communications data,
and that the confidentiality and safety of
the transmission are
also guaranteed by
the nature of the means of transmission
used or by state-of-the-art end-to-end
encryption of the electronic
communications data. Furthermore, when
encryption of electronic communications
data is used, decryption, reverse
engineering or monitoring of such
communications shall be prohibited.
Member States shall not impose any
obligations on electronic communications
service providers that would result in the
weakening of the security and encryption
of their networks and services.
It seems to me that this requires end-to-end encryption, but the regulation is scoped in such a way that the requirement may be lifted when it inconveniences law enforcement.
Trying to make sense of these drafts still being written in English, given that with Brexit, none of the countries in EU zone have English as their first language (with exception of Ireland). Convention?
However, this particular document (which you can find by clicking on the “European Parliament - Legislative observatory” at the bottom) is a draft document, and I don't believe they translate those. Once it becomes official they should be translated.
Beyond ideological posturing, it's a fact of life that English is the language that most educated people across Europe know today (in addition to their national one). Blame Hollywood and Abbey Road. Dropping it just because the UK is currently in stupid-mode wouldn't achieve anything.
The US, Hollywood, Nazi Germany and The Soviet Union has made English the lingua franca of the world. It makes sense to use it. That said, French is the working language of much of the EU bureaucracy so there's probably a French version out there somewhere.
[+] [-] SimonPStevens|8 years ago|reply
:-(
[+] [-] sarnowski|8 years ago|reply
http://uk.mobile.reuters.com/article/idUKKBN1951VG
[+] [-] Xoros|8 years ago|reply
:-(
https://www.buzzfeed.com/amphtml/patricksmith/france-and-the...
[+] [-] skrebbel|8 years ago|reply
En-to-end encryption is great but it also kills quite a number of use cases. For example, our group conversations couldn't be e2e encrypted because then users can't see the message history from before they joined it. In whatsapp this is indeed the case, but for our platform it is a core feature. Same for Slack, I suppose. Similarly, Slack search would be totally out of the door. (unless, again, you make it only search the stuff sent to you)
[+] [-] HappyTypist|8 years ago|reply
I interpret this as the following clauses:
* "sufficient protection in place against unauthorised access or alterations" [through]
* "guaranteed by the nature of the means of transmission used "
* "OR"
* "state-of-the-art end-to-end encryption of the electronic communications data"
aka:
- HTTPS, non-ETE: fine
- HTTP, non-ETE: not fine
- HTTP, ETE: fine
[+] [-] sekhat|8 years ago|reply
Why not? Can't one of the other clients in the group send the history of the chat when a new member joins?
[+] [-] ghughes|8 years ago|reply
I'm in the alpha stage of building an end-to-end encrypted social network (https://sharewithsup.com, invite code: eff, currently iPhone only). Under the hood, it establishes E2E group channels between friends and uses those for everything (posts, comments, photos, events, etc). History is relayed between friends and search uses a local index, but the UX is still similar to Facebook. My point is - in addition to namedropping my app - that it's possible to find ways to implement features that at first seem hard with E2E. Just not on the web, yet.
[+] [-] c22|8 years ago|reply
[+] [-] onestone|8 years ago|reply
[+] [-] toyg|8 years ago|reply
I don't see this proposal going all the way, to be honest, it seems too idealistic. I expect it will be perverted into its opposite, e.g. justification for "review methods" that states could apply to "check if your encryption is secure", which would result in compromising that very security. Remember that EU law is adapted at individual state level; for generic stuff like this, there is plenty of space for interpretation by national legislators.
As a supporter of the EU concept, I think this is dangerous territory for the Union, at a time when its popularity is pretty low. I hope I'll be proven wrong.
[+] [-] mbroncano|8 years ago|reply
[+] [-] aneutron|8 years ago|reply
[+] [-] Buge|8 years ago|reply
[+] [-] vixen99|8 years ago|reply
[+] [-] aneutron|8 years ago|reply
[deleted]
[+] [-] wbillingsley|8 years ago|reply
Ah, this is a nice country. It would be a shame if something were to happen to it. I'm so sorry you were thinking of leaving, and stopping paying us billions per year. We really must ask you to hand over a hundred billion before we'll talk about any kind of trading relationship with you -- it would be such a shame if we happened to design the barriers in such a way that would accidentally maximise harm to your economy. But you know you're always welcome to stay and keep paying us just a few billion each year.
[+] [-] glasz|8 years ago|reply
and. that. will. never. happen.
https://en.m.wikipedia.org/wiki/Telecommunications_data_rete...
https://en.m.wikipedia.org/wiki/Passenger_name_record
[+] [-] Tyrannosaur|8 years ago|reply
But taking a look at your first link, it appears to already not be in force anymore? For the same reasons that the new recommendation is being drafted- government surveillance violates fundamental rights to privacy.
"On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights. The Council's Legal Services have been reported to have stated in closed session that paragraph 59 of the European Court of Justice's ruling "suggests that general and blanket data retention is no longer possible".[15] A legal opinion funded by the Greens/EFA Group in the European Parliament finds that the blanket retention data of unsuspicious persons generally violates the EU Charter of Fundamental Rights, both in regard to national telecommunications data retention laws and to similar EU data retention schemes (PNR, TFTP, TFTS, LEA access to EES, Eurodac, VIS)."
[+] [-] yorwba|8 years ago|reply
> When the processing of electronic communications data by providers of electronic communications services falls within its scope, this Regulation is without prejudice to the possibility for the Union or Member States under specific conditions to restrict by law certain obligations and rights set out in this Regulation when such a restriction is targeted at persons suspected of having committed a criminal offence and constitutes a necessary and proportionate measure in a democratic society to safeguard specific public interests, including national security, defence, public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. Therefore, this Regulation should not affect the ability of Member States to carry out lawful interception of electronic communications or take other measures, if necessary and proportionate to safeguard the public interests mentioned above, in accordance with the Charter of Fundamental Rights of the European Union and the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the Court of Justice of the European Union and of the European Court of Human Rights.
This is not about preventing state surveillance, this is about regulating non-state actors' ability e.g. to track users without their consent.
Edit: However, on page 74
> The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data. Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
It seems to me that this requires end-to-end encryption, but the regulation is scoped in such a way that the requirement may be lifted when it inconveniences law enforcement.
[+] [-] caiob|8 years ago|reply
[+] [-] peteretep|8 years ago|reply
[+] [-] lokedhs|8 years ago|reply
http://eur-lex.europa.eu/procedure/EN/2017_3
However, this particular document (which you can find by clicking on the “European Parliament - Legislative observatory” at the bottom) is a draft document, and I don't believe they translate those. Once it becomes official they should be translated.
[+] [-] TkTech|8 years ago|reply
It's no different then past legislation and politics being done in Latin.
[+] [-] toyg|8 years ago|reply
[+] [-] visarga|8 years ago|reply
[+] [-] tormeh|8 years ago|reply
[+] [-] bdz|8 years ago|reply
[+] [-] isostatic|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] infodroid|8 years ago|reply
[+] [-] newzzy|8 years ago|reply
[+] [-] dpflan|8 years ago|reply
http://www.tomshardware.com/news/european-parliament-end-to-...