https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix... is our attempt at Matrix to spell out what a catastrophic idea it is to backdoor end-to-end encryption (and to provide an alternative proposal in the form of using decentralised reputation to mitigate abuse. We're kicking decentralised reputation work off in earnest tomorrow, so watch this space to see how it goes).
I guess we'll be weighing in on the EU proposal as well as the 7-eyes one.
This is madness. Oh, of course, it's much easier to put a wrench into some gears to show that you are actually working at "solving the terrorism problem" than shaving the yaks, but that machine is actually important for other things.
We live in a dangerous world. We cannot control everything. I don't mind a slight risk of terrorist attack on myself or my family (caveat lector: I am young), if that means greater freedom.
In my book this is the first step towards authoritarianism: ensure that the state survives at all costs. And being able to spy on the whole population to track outlaws and dissidents is part of this. There is an invisible barrier between what's legal and what's not. Crossing it isn't hard, look at extinction rebellion and other civil disobedience protestors. Yet, on the other side, your trusted options are very limited, and encryption is one of those. I'd argue that letting citizens communicate and organize privately is a vital component of democracy, even allowing citizens to seize control of the state if they deem it necessary. More so than U.S.A.'s "Second amendment", encryption is an arm citizens should legally be able to bear.
Now, it is obviously hypocritical to offer such a thing, as politicians certainly wouldn't want their texts to be snooped on, would they? Any bill that requests backdoors should request them from everyone.
And don't get me started on how governments recommend their own to use Matrix and Signal, the very apps they aim to backdoor, because they are secure. You can't both have your cake and eat it, too.
Their very existence made locks less secure (possibility of a key leak), and those are worthless against thieves now that master keys have leaked (you can 3D print them).
1. Terrorism and trafficking of children will win the moral high ground.
2. App stores will be forced locale by locale to conform to these policies.
3. Most people will not notice or care.
4. This will be used by N-Eyes and totalitarian governments to quash dissent.
5. Meanwhile the tech crowd will create alternate app distribution mechanisms allowing those who care to communicate securely.
6. Those secure methods will be used by people with the most to lose. (e.g. the drivers of point 1)
Given this predictable series of events I see the primary question as: How do we prevent (4)? How can we make people secure by default again and make adoption easy in the face of app store capture.
> 1. Terrorism and trafficking of children will win the moral high ground.
Requisite:
> The term was coined by Timothy C. May in 1988. May referred to "child pornographers, terrorists, drug dealers, etc."[2]. May used the phrase to express disdain for what he perceived as "Think of the children" argumentation by government officials and others seeking to justify limiting civilian use of cryptography tools. Connotations related to such argumentation continue to be attached to the phrase, and it is more commonly used by those who wish to deride various restrictions on Internet activity than by those who support such restrictions.
• By maintaining democracy, by which I mean the tenet of electing governments from the citizenry as well as by the citizenry, and specifically rather than any of the oligarchical forms.
• By maintaining the rule of law.
The consequences being, if all encryption is backdoored, then any encryption used by politicians is by definition eavesdroppable by their opponents and enemies. Since all politicians thrive in a web of mendacity and confidences, they have a strong incentive for strong encryption, and will eventually terminate/abandon legislation that weakens it.
Any politician that threatens otherwise is therefore a) grandstanding, and/or b) using the issue to leverage/negotiate something else.
Corollaries:
• Any government seriously implementing such a plan is operating as an oligarchy rather than a democracy, and will have plans to defend themselves from the surveillance imposed on the citizens.
• The first instinct of every would-be oligarch is to undermine the machinery of democracy and compromise the rule of law.
c.f. Utopia (Australia, 2014) Season 4 Episode 4 "Mission Creeps", and probably at least one Jim Hacker moment.
7. People in group 6 will be subject to increased abuse by authorities simply because they fall into this category regardless of whether other evidence suggests that they're a likely privacy advocate, political activist, or actual terrorist.
8. Privacy activists will leave group 6 by attrition, further reinforcing justification by authorities for 7.
In my view there is a good chance that (2) will not be EU law for the foreseeable future, although this does require some opposition work. I guess one can see it as education of the politicians (the commissioners in this case).
As is always the case with these fights, the fundamental fact is that the war is asymmetric. We have to be right all of the time, they have to be right once. We have to break all encryption everywhere forever, they have to find one non-backdoor'd solution.
If you really hold the backdoor proponents' feet to the fire, they'll admit that yes, this is true, but at least with a backdoor you can catch some of the terrorists/child abusers/etc, some of the time (of course, you only get the dumb ones...), and we wouldn't want to let the perfect be the enemy of the good. But of course, saying you want to compromise all privacy in the developed world to catch a few dumb traffickers doesn't get votes.
Terrorists and other criminals already have more than enough tools in their possession to exchange data absolutely without fear of their messages being compromised.
We need actual software like https://Matrix.org or https://qbix.com/platform to be good enough that people will install it. Like the Web Browser did killed AOL and MSN. Otherwise we will live with Facebook Google etc. and this is moot. But that is just the beginning.
Secondly, we need open source hardware. We are nowhere close to competing with Apple and Android. But as we have seen over the last 20 years - there is a war on general purpose computing and the closed systems have started to win. Just today I read that Android doesn’t let you take a screenshot of your own phone.
Third of all - the open distribution mechanisms you rely on today to not block you (eg web browsers) can be closed or ship updates with backdoors tomorrow to most users. Apple and Google together control most of the market. It isn’t hard to pressure them to do this.
Apple blocked blockchain dapps being distributed on iOS, unless they are made by an Apple developer whose app they can revoke. Amazon can yank your movies and books out of your hands.
Anything you think is secure (eg secure enclave) may not be. Trusted Computing Environments are made by two companies essentially.
In fact, I am surprised that more “stuxnet” attacks arent done in nuclear reactors across various countries. As self driving cars get hooked up to the net or delivery drones become ubiquitous we may see massive vulnerabilities that can be exploited all at once. Not just by state actors but anyone. Really scary stuff.
Sadly the same entities locking down the computing devices also start requiring uplinks to their servers and can push any updates. Regular people are at the mercy of corporations and the state.
Unless open source companies step up and build a decentralized hardware distribution infrastructure, with multiple actors (like VOIP relaced centralized telephone switchboard operators) all these arguments are moot. There is a handful of tech companies whose arms need to be twisted and that’s all.
PART II:
To be honest ... I no longer think that end-to-end encryption is the right solution to human rights problems. If citizens are reduced to sneaking around and denying their activities to survive, their governmental system is way past due for fixing. This is like the “good slave owners” delaying the abolition of slavery. You’re solving the wrong problem.
I believe that crypto is needed to secure decentralized byzantine fault tolerant systems like Ethereum etc. to be TRUSTED, not to hide information. Signatures, not encryption, if you will. If anything, it is the government who doesn’t want encryption to be broken (eg of copyrighted DVD content etc.) and there is an inherent contradiction since anyone who consumes unencrypted content can reshare it.
What we really need is to decentralize the personal data in many places, and use zero-knowledge proofs for attestation, but that is different than encrypting and hiding information.
I want to also give some perspective why this is bad even IF we can make sure that only governments will have the keys. We have just uncovered an organized crime at the top levels in Slovakia where even the President of police is part of it and they influenced many court cases and were accessing secret information and databases on citizens, basically a mafia. And we are part of EU. I don't trust our goverment to use they keys only for good purpose. And I speak from the recent experience.
I was told that this only happens in authoritarian regimes like China. Turns out that while everybody was talking about China exact same things were happening here in the West. It's as if the whole focus on China was specifically designed to distract people from what's happening in their own countries.
What concerns me is that with the increase in arguably totalitarian laws and the constant attempts on once sacrosanct principles like the above we're moving in a direction where we'll run out of room to point at that side and say "yes they've got X but I'd still rather us because they have Y" when more and more we have Y as well.
"China exact same things were happening here in the West"
No, there's really no comparison.
A justice system, with reasonable information to infer a crime, seeking a warrant, using rules and regulations that have integrity, oversight, sanctioned by a Judge, following specific rules of access with certain, proportional criteria - is nothing like 'China'.
In fact, we are already subject to that, everywhere in Europe, just not your messaging apps.
It is not totalitarian whatsoever - there is just the risk of totalitarianism creeping in. A risk, which quite frankly is overstated. There is almost zero material harm that comes to innocent individuals as a result of these policies in states with lawful civic infrastructure. There can be, but it's rare and again, the 'problem' is more expansive and that an authoritarian takes power and uses the system for unlawful purposes.
China does not have an independent legal system, or much concern for human rights. The CCP uses these things to censor every day speech on a variety of topics - even for the most innocuous things like comparing Xi to 'Winnie the Pooh' let alone for discussing things like Tibet, Hong Kong, or Taiwan privately.
The CPP uses these controls as an 'total and complete information and thought control system' that interjects into every aspect of life. If you talk bad about Xi on your 'chat'- that will literally go on your file. It could affect your credit, promotional opportunities, how the justice system treats you etc..
They have successfully suppressed and controlled dialogue on a variety of issues - this system is frankly the CCP's most powerful means of control, far more so than anything physical like the 'police' or the 'army'.
Western governments want to use it to go after people making bombs, sex traffickers, and tax evaders. There is no chance that the German government is going to send police to your house because you said 'Angela Merkel is a clown and needs to go!' to your buddy on WeChat. There is a chance some future government could to it, for the wrong reasons, and that's cause for come concern, but it's not pragmaticaly the issue.
My german isn't that good, but from what I understand and from the translation below, the source seems a bit conspiratorial.
I completely agree with the concerns raised elsewhere in this thread, but I'm not sure I see the clear link to recent events in Vienna etc claimed here.
Here[0] is an earlier document from 21 october which the article seems to take some screenshots from, so it seems that this has been coming either way.
I wonder how this effects countries like Switzerland and the UK?
I don't have a nice name for people in EU parliament that write these things, they don't really understand what encryption is. It's not a technology. You can't ban encryption. Terrorists can just use unencrypted chat and either use their own encryption or they can use predefined words and sentences that actually have a totally different meaning.
This is not from the Parliament. This is from the Council of Ministers. All shitty ideas in the EU come from there or from the Commission. These bodies are not elected and have very little, and very indirect, democratic legitimation.
It's not about listening to terrorists (there were many terrorist attacks, where the police was informed about the terrrists in advance, and still didn't do anything). It's about listening to the masses of their own people.
A middle ground in the encryption/privacy debate seems to be "the authorities can spy on what I do, but have to notify me first".
That could be implemented by having full e2e encryption as today, but requiring clients to hand over the keys when requested by a local governing authority. The client/app would then immediately show to the user "Local Authorities have viewed a copy of this message".
Why isn't this middle ground being discussed?
I understand authorities don't want to alert their targets about an investigation, but let's be honest - if they read the messages and find you've done some crime, authorities will eventually track you down.
They keep saying "encryption is important" and "law enforcement needs to be able to access relevant data" without ever elaborating why encryption is important, why law enforcement needs access to the data, or even what data law enforcement needs access to. It's just a collection of assertions without any of the insight necessary to have a useful conversation on the subject.
They also completely fail to address the elephant in the room: bad actors already have access to strong encryption and they don't need the blessings of Apple, Microsoft, Google, Facebook, or any organization to use it. Encryption is an idea, not a product. They cannot prevent terrorists from using strong encryption any more than they can prevent terrorists from using algebra.
Less relevant to European regulation, but the FBI's attempt to use phone taps/hotel room bugs to blackmail Dr. Martin Luther King, Jr. int committing suicide[0], is a good example of why we should be suspicious of even lawful intercept. Terrorism is bad, but I think we can all agree a world where the US civil rights movement was stillborn would be much worse than what we have. (They went after more civil rights leaders than just Dr. King.) More recently, FISA courts have a terrible record of filtering out unreasonable lawful intercept requests.
Are there any comparable post-WWII Eurpopean abuses that should make citizens think twice about blanket law enforcement back-doors?
This makes me sad and somewhat angry. How does mass spying help in cases like the Vienna attack? If the authorities had done their work as I would expect as citizen and tax payer (the government already admitted massive failures, basically they clearly failed to act on existing intelligence) this would not have happened.
I also think this could spawn lots of Signal-like, self hostable chat-server solutions that will be much harder to spy on. So this could be a shoot in the foot.
The real fight is against general purpose computing. If I control my CPU, then I can easily implement the Diffie-Hellman algorithm and communicate secretly with my friends around the world. Any ban against encryption is ineffective unless it attacks general purpose computing. We live in scary times!
For someone currently living in Germany, I'd say that protection against government surveillance is one of the main arguments for encrypted conversations between citizens.
If the government can break encryption, so can hackers. If hackers can break your encryption, and my records are being held in it, then your competition will eat your lunch as I move my records to their services.
Either my data is safe from rogue agents and rogue governments or it is not. If encryption is outlawed, only outlaws will use it.
The EU can make as many logical conclusions it wants to, but reality will come back and bite their law enforcement offices that their criminals won't stop using unbreakable encryption.
The difference between theory and practice is greater in practice than it is in theory.
What can someone like me do to help? Someone who know little about politics or policy, who k ow little about encryption, but who is concerned about the development?
I live in the EU but I am not even sure who my representatives are to whom I could raise my concern. Where in the EU is this being worked on?
[+] [-] Arathorn|5 years ago|reply
I guess we'll be weighing in on the EU proposal as well as the 7-eyes one.
[+] [-] MayeulC|5 years ago|reply
We live in a dangerous world. We cannot control everything. I don't mind a slight risk of terrorist attack on myself or my family (caveat lector: I am young), if that means greater freedom.
In my book this is the first step towards authoritarianism: ensure that the state survives at all costs. And being able to spy on the whole population to track outlaws and dissidents is part of this. There is an invisible barrier between what's legal and what's not. Crossing it isn't hard, look at extinction rebellion and other civil disobedience protestors. Yet, on the other side, your trusted options are very limited, and encryption is one of those. I'd argue that letting citizens communicate and organize privately is a vital component of democracy, even allowing citizens to seize control of the state if they deem it necessary. More so than U.S.A.'s "Second amendment", encryption is an arm citizens should legally be able to bear.
Now, it is obviously hypocritical to offer such a thing, as politicians certainly wouldn't want their texts to be snooped on, would they? Any bill that requests backdoors should request them from everyone.
And don't get me started on how governments recommend their own to use Matrix and Signal, the very apps they aim to backdoor, because they are secure. You can't both have your cake and eat it, too.
A useful thing to explain encryption backdoors is the TSA master keys: https://news.ycombinator.com/item?id=12177079
Their very existence made locks less secure (possibility of a key leak), and those are worthless against thieves now that master keys have leaked (you can 3D print them).
[+] [-] nix23|5 years ago|reply
No we don't, but that's what the Politicians try to implement in our brains.
[+] [-] raxxorrax|5 years ago|reply
It is by definition. Their ambitions haven't changed the last 30 years.
[+] [-] einpoklum|5 years ago|reply
Actually you can have your cake and eat it. What you can't do is eat your cake and have it :-P
[+] [-] tasogare|5 years ago|reply
[deleted]
[+] [-] iandanforth|5 years ago|reply
1. Terrorism and trafficking of children will win the moral high ground.
2. App stores will be forced locale by locale to conform to these policies.
3. Most people will not notice or care.
4. This will be used by N-Eyes and totalitarian governments to quash dissent.
5. Meanwhile the tech crowd will create alternate app distribution mechanisms allowing those who care to communicate securely.
6. Those secure methods will be used by people with the most to lose. (e.g. the drivers of point 1)
Given this predictable series of events I see the primary question as: How do we prevent (4)? How can we make people secure by default again and make adoption easy in the face of app store capture.
[+] [-] throw0101a|5 years ago|reply
Requisite:
> The term was coined by Timothy C. May in 1988. May referred to "child pornographers, terrorists, drug dealers, etc."[2]. May used the phrase to express disdain for what he perceived as "Think of the children" argumentation by government officials and others seeking to justify limiting civilian use of cryptography tools. Connotations related to such argumentation continue to be attached to the phrase, and it is more commonly used by those who wish to deride various restrictions on Internet activity than by those who support such restrictions.
* https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
[+] [-] inopinatus|5 years ago|reply
• By ensuring there is always an opposing power.
• By maintaining democracy, by which I mean the tenet of electing governments from the citizenry as well as by the citizenry, and specifically rather than any of the oligarchical forms.
• By maintaining the rule of law.
The consequences being, if all encryption is backdoored, then any encryption used by politicians is by definition eavesdroppable by their opponents and enemies. Since all politicians thrive in a web of mendacity and confidences, they have a strong incentive for strong encryption, and will eventually terminate/abandon legislation that weakens it.
Any politician that threatens otherwise is therefore a) grandstanding, and/or b) using the issue to leverage/negotiate something else.
Corollaries:
• Any government seriously implementing such a plan is operating as an oligarchy rather than a democracy, and will have plans to defend themselves from the surveillance imposed on the citizens.
• The first instinct of every would-be oligarch is to undermine the machinery of democracy and compromise the rule of law.
c.f. Utopia (Australia, 2014) Season 4 Episode 4 "Mission Creeps", and probably at least one Jim Hacker moment.
[+] [-] ohazi|5 years ago|reply
8. Privacy activists will leave group 6 by attrition, further reinforcing justification by authorities for 7.
[+] [-] prof-dr-ir|5 years ago|reply
https://www.politico.eu/wp-content/uploads/2020/09/SKM_C4582...
In my view there is a good chance that (2) will not be EU law for the foreseeable future, although this does require some opposition work. I guess one can see it as education of the politicians (the commissioners in this case).
[+] [-] thw0rted|5 years ago|reply
As is always the case with these fights, the fundamental fact is that the war is asymmetric. We have to be right all of the time, they have to be right once. We have to break all encryption everywhere forever, they have to find one non-backdoor'd solution.
If you really hold the backdoor proponents' feet to the fire, they'll admit that yes, this is true, but at least with a backdoor you can catch some of the terrorists/child abusers/etc, some of the time (of course, you only get the dumb ones...), and we wouldn't want to let the perfect be the enemy of the good. But of course, saying you want to compromise all privacy in the developed world to catch a few dumb traffickers doesn't get votes.
[+] [-] Andrew_nenakhov|5 years ago|reply
[+] [-] j0ba|5 years ago|reply
I hope that if we ever reach a steady state, it will be unbreakable privacy.
[+] [-] ptman|5 years ago|reply
[+] [-] headshock1111|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] RosanaAnaDana|5 years ago|reply
https://f-droid.org/
[+] [-] EGreg|5 years ago|reply
We need actual software like https://Matrix.org or https://qbix.com/platform to be good enough that people will install it. Like the Web Browser did killed AOL and MSN. Otherwise we will live with Facebook Google etc. and this is moot. But that is just the beginning.
Secondly, we need open source hardware. We are nowhere close to competing with Apple and Android. But as we have seen over the last 20 years - there is a war on general purpose computing and the closed systems have started to win. Just today I read that Android doesn’t let you take a screenshot of your own phone.
Third of all - the open distribution mechanisms you rely on today to not block you (eg web browsers) can be closed or ship updates with backdoors tomorrow to most users. Apple and Google together control most of the market. It isn’t hard to pressure them to do this.
Apple blocked blockchain dapps being distributed on iOS, unless they are made by an Apple developer whose app they can revoke. Amazon can yank your movies and books out of your hands.
Anything you think is secure (eg secure enclave) may not be. Trusted Computing Environments are made by two companies essentially.
In fact, I am surprised that more “stuxnet” attacks arent done in nuclear reactors across various countries. As self driving cars get hooked up to the net or delivery drones become ubiquitous we may see massive vulnerabilities that can be exploited all at once. Not just by state actors but anyone. Really scary stuff.
Sadly the same entities locking down the computing devices also start requiring uplinks to their servers and can push any updates. Regular people are at the mercy of corporations and the state.
Unless open source companies step up and build a decentralized hardware distribution infrastructure, with multiple actors (like VOIP relaced centralized telephone switchboard operators) all these arguments are moot. There is a handful of tech companies whose arms need to be twisted and that’s all.
PART II:
To be honest ... I no longer think that end-to-end encryption is the right solution to human rights problems. If citizens are reduced to sneaking around and denying their activities to survive, their governmental system is way past due for fixing. This is like the “good slave owners” delaying the abolition of slavery. You’re solving the wrong problem.
I believe that crypto is needed to secure decentralized byzantine fault tolerant systems like Ethereum etc. to be TRUSTED, not to hide information. Signatures, not encryption, if you will. If anything, it is the government who doesn’t want encryption to be broken (eg of copyrighted DVD content etc.) and there is an inherent contradiction since anyone who consumes unencrypted content can reshare it.
What we really need is to decentralize the personal data in many places, and use zero-knowledge proofs for attestation, but that is different than encrypting and hiding information.
[+] [-] camgunz|5 years ago|reply
[+] [-] Daniel_sk|5 years ago|reply
[+] [-] yogthos|5 years ago|reply
[+] [-] textgel|5 years ago|reply
[+] [-] pjc50|5 years ago|reply
Security services always demand total access to communications. It requires constant democratic pushback.
[+] [-] romanoderoma|5 years ago|reply
USA has been doing it as long as the second war started and never stopped.
And they consider strong encryption a weapon.
Are you familiar with the Zimmermann case?
[+] [-] jariel|5 years ago|reply
No, there's really no comparison.
A justice system, with reasonable information to infer a crime, seeking a warrant, using rules and regulations that have integrity, oversight, sanctioned by a Judge, following specific rules of access with certain, proportional criteria - is nothing like 'China'.
In fact, we are already subject to that, everywhere in Europe, just not your messaging apps.
It is not totalitarian whatsoever - there is just the risk of totalitarianism creeping in. A risk, which quite frankly is overstated. There is almost zero material harm that comes to innocent individuals as a result of these policies in states with lawful civic infrastructure. There can be, but it's rare and again, the 'problem' is more expansive and that an authoritarian takes power and uses the system for unlawful purposes.
China does not have an independent legal system, or much concern for human rights. The CCP uses these things to censor every day speech on a variety of topics - even for the most innocuous things like comparing Xi to 'Winnie the Pooh' let alone for discussing things like Tibet, Hong Kong, or Taiwan privately.
The CPP uses these controls as an 'total and complete information and thought control system' that interjects into every aspect of life. If you talk bad about Xi on your 'chat'- that will literally go on your file. It could affect your credit, promotional opportunities, how the justice system treats you etc..
They have successfully suppressed and controlled dialogue on a variety of issues - this system is frankly the CCP's most powerful means of control, far more so than anything physical like the 'police' or the 'army'.
Western governments want to use it to go after people making bombs, sex traffickers, and tax evaders. There is no chance that the German government is going to send police to your house because you said 'Angela Merkel is a clown and needs to go!' to your buddy on WeChat. There is a chance some future government could to it, for the wrong reasons, and that's cause for come concern, but it's not pragmaticaly the issue.
[+] [-] chimen|5 years ago|reply
[+] [-] jjd33|5 years ago|reply
[+] [-] sharken|5 years ago|reply
So it’s really not a surprise that the idea of banning encryption is on the table.
So encryption as a basic human right sounds like the way to fight this.
[+] [-] sixhobbits|5 years ago|reply
I completely agree with the concerns raised elsewhere in this thread, but I'm not sure I see the clear link to recent events in Vienna etc claimed here.
Here[0] is an earlier document from 21 october which the article seems to take some screenshots from, so it seems that this has been coming either way.
I wonder how this effects countries like Switzerland and the UK?
[0] https://www.statewatch.org/media/1434/eu-council-draft-decla...
[+] [-] Daniel_sk|5 years ago|reply
[+] [-] tom_mellior|5 years ago|reply
[+] [-] romanoderoma|5 years ago|reply
EU commission chose signal as official chat app and has been pushing E2E encryption for everybody for a long time.
A law proposal has been presented to enforce mandatory E2E encryption in 2017
https://eur-lex.europa.eu/procedure/EN/2017_3
UK particularly opposed to it.
Also Germany.
This is another proposal, and that's just what it is, a proposal, it has no other value than that.
[+] [-] ajsnigrutin|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] petra|5 years ago|reply
[+] [-] notjes|5 years ago|reply
[+] [-] londons_explore|5 years ago|reply
That could be implemented by having full e2e encryption as today, but requiring clients to hand over the keys when requested by a local governing authority. The client/app would then immediately show to the user "Local Authorities have viewed a copy of this message".
Why isn't this middle ground being discussed?
I understand authorities don't want to alert their targets about an investigation, but let's be honest - if they read the messages and find you've done some crime, authorities will eventually track you down.
[+] [-] CivBase|5 years ago|reply
They also completely fail to address the elephant in the room: bad actors already have access to strong encryption and they don't need the blessings of Apple, Microsoft, Google, Facebook, or any organization to use it. Encryption is an idea, not a product. They cannot prevent terrorists from using strong encryption any more than they can prevent terrorists from using algebra.
[+] [-] KMag|5 years ago|reply
Are there any comparable post-WWII Eurpopean abuses that should make citizens think twice about blanket law enforcement back-doors?
[0] https://en.wikipedia.org/wiki/COINTELPRO
[+] [-] mantenpanther|5 years ago|reply
I also think this could spawn lots of Signal-like, self hostable chat-server solutions that will be much harder to spy on. So this could be a shoot in the foot.
[+] [-] Kim_Bruning|5 years ago|reply
The few times I've called, they do have people who pick up the phone and listen to you. It's actually quite cool.
Have your story ready, and remember to be polite. (If only because a lot of MEPs really do deserve our respect.)
https://www.europarl.europa.eu/meps/en/home
[+] [-] enriquto|5 years ago|reply
The real fight is against general purpose computing. If I control my CPU, then I can easily implement the Diffie-Hellman algorithm and communicate secretly with my friends around the world. Any ban against encryption is ineffective unless it attacks general purpose computing. We live in scary times!
[+] [-] kleiba|5 years ago|reply
[+] [-] prof-dr-ir|5 years ago|reply
https://www.eff.org/deeplinks/2020/10/orders-top-eus-timetab...
But maybe that is just because it contains fewer German words.
Edit: the top link has now changed to the actual proposal instead of a German source. The EFF's opinion may still interest people.
[+] [-] tripue|5 years ago|reply
[+] [-] mbf1|5 years ago|reply
Either my data is safe from rogue agents and rogue governments or it is not. If encryption is outlawed, only outlaws will use it.
The EU can make as many logical conclusions it wants to, but reality will come back and bite their law enforcement offices that their criminals won't stop using unbreakable encryption.
The difference between theory and practice is greater in practice than it is in theory.
[+] [-] eivarv|5 years ago|reply
Does anyone know what we or I can do (in this case specifically) to help fight this idiocy?
[+] [-] surfsvammel|5 years ago|reply
[+] [-] qayxc|5 years ago|reply
Just drop them a letter or call their office (both works fine).