top | item 45174649

(no title)

Totally. This is exactly the problem with things like Chat Control in the EU and KOSA in the US. They will just introduce the same bill over and over and over again until they get the desired result.

What we need is for legislatures to pass "NO Chat Control" and "NO KOSA" bills that specifically block this behavior, but unsurprisingly governments don't seem to be too keen about limiting their own rights, only those of their citizens.

discuss

Geezus_42|5 months ago

Attackers only need to win once. Defenders have to win every round.

Uupis|5 months ago

I think I like this phrasing. Thank you!

anikom15|5 months ago

In Britain, such a thing is not even possible because no Parliament can limit the power of a future Parliament.

jonaharagon|5 months ago

True, and this is also the case in many other countries. Even if it is revocable by future legislation though, having pro-privacy laws on the books to prevent the current executive powers-that-be from abusing them would still be helpful.

tormeh|5 months ago

You mean enshrine a right to messaging privacy in a constitution? That's going to be difficult.

AnthonyMouse|5 months ago

A lot of these laws are now attempting to apply extra-territorially, e.g. to servers and companies in the US just because people in the UK are connected to the same internet, with punishments meted out if any part of that company does any business in the UK even if it's unrelated.

It might be interesting to go the other way: Get it put into the constitution of a major country that these kind of backdoors are banned world-wide and you can't do business in that country if any part of your enterprise implements them anywhere else.

To begin with this would make it harder to pass laws like this in other places -- domestic companies with international operations would put up stronger opposition because it would compromise their ability to do business elsewhere, and legislators might actually be concerned about that. And then on top of that it would force the companies to choose which subset of the world they want to operate in, allowing people in oppressive countries to pick up uncompromised devices from the places where compromised devices are banned.

nine_k|5 months ago

The US constitution already has a provision against unreasonable search properly enshrined, and well tested in courts. Things like KOSA can be rejected as clearly violating it.

The EU does not seem to have such simple and ironclad norm.

jonaharagon|5 months ago

I mean that'd certainly be nice, and it is also their only job, but even if they wanted to do it in regular legislation that'd be better than nothing.

Make a law that says companies have to protect the data of their citizens without the possibility of any intentional backdoor, perhaps. Make a law that says companies can't require people to dox themselves with ID scans simply to use a publicly available internet platform that provides no services in the physical world. Make a law that says OS developers can't create client-side scanning services that upload results off-device without revocable user consent.

fbhabbed|5 months ago

We already have a such thing in Italy - Constitution (the highest hierarchy in law here), article 15.

Since decades.

asdfasvea|5 months ago

You've not been paying attention. Laws can be undone easily with laws.

Pass your 'no KOSA' law. And then when they want KOSA, they just pass KOSA with a sentence that says this KOSA law supersedes prior 'No KOSA' laws.

You need to limit their power to do that and the only way is constitutionally.

godelski|5 months ago

No security is perfect, you can only create walls and speedbumps. It makes it harder. You're right, limit the power, but that doesn't mean you can't do both. The latter is much harder

unknown|5 months ago

[deleted]