Comment by derefr
1 day ago
So... if we all care so much about shooting down the bad idea, why is nobody proposing opposite legislation: a bill enshrining a right to private communications, such that bills like this one would become impossible to even table?
Is it just that there's no "privacy lobby" interested in getting even one lawyer around to sit down and write it up?
Or is there at least one such bill floating around, but no EU member state has been willing to table it for discussion?
Quoting from the Charter of Fundamental Rights of the European Union, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12... :
"Article 7
Respect for private and family life
Everyone has the right to respect for his or her private and family life, home and communications.
Article 8
Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority."
It clearly states here in 2 “consent of the person concerned OR some other legitimate basis laid down the law”, any random law will trump personal consent
One of the reasons international human rights law is so worthless in actual practice, is that half of it is framed like this. "Everyone has the right to X, except as duly restricted by law." Cool, so that's not a right at all then.
Ditto the Canadian Charter of Rights and Freedoms, with its 'notwithstanding' clause. (Though they're presently litigating over that, so we'll see what happens!)
Any constitution or human rights instrument full of exemptions, 'emergency powers', 'notwithstanding' clauses, or 'states of exception' is not worth the paper it's written on.
8 replies →
It doesn’t remove the “right to the protection of personal data concerning him or her.” The law cannot be random, it must ensure “fair processing” and be limited to “specific purposes”, and the European Court of Justice as well as the ECHR will decide what constitutes a “legitimate basis” in that context. Furthermore, “Everyone has the right of access to data which has been collected concerning him or her”, which ensures transparency of what is being collected.
Last but not least, a number of EU countries enshrine https://en.wikipedia.org/wiki/Secrecy_of_correspondence in their constitution.
7 replies →
No, not any random law. To the extent the relevant law-making is within EU's competence (ie excluding certain areas like national security and similar), the general framework for rules on the processing of personal data has been laid down by the GDPR (and for law enforcement related stuff, a similar Directive[1]), in particular, considerably restricting, limiting and in part downright precluding national law-making within that legislative and policy area, including eg the legal bases available for in-scope processing activities (Art 6 GDPR, also Art 9 for certain sensitive data categories).
Anyway, as far as human/fundamental rights go, the encryption and related issues in Chat Control tend to fall more on the Article 7 side of the Charter[2] like many similar questions related to different forms of (mass) surveillance, secrecy / confidentiality of (electronic) communications, including related national regimes with often diverse jurisdiction-specific histories, etc.
[1] The main difference between a Directive and a Regulation under EU law is that a Directive requires implementation on the national level to work properly (ie national legislation, usually with some room for discretion and details here and there), while a Regulation is directly binding and effective law in member states wholly in itself.
[2] And similar/corresponding language in the European Convention on Human Rights (ECHR), including the related case law of the European Court of Human Rights (ECtHR). While these are not EU institutions, European human rights law is recognized and applied as constitutional / fundamental rights-level law both by the EU and member state courts.
I feel we need something much more strongly worded to protect our mail, paper or electronic, messages and other communications from being read, not just “respect”.
This exists in a number of EU member states: https://en.wikipedia.org/wiki/Secrecy_of_correspondence
15 replies →
Let's parse this a little.
Article 7 codifies "respect for [one's] private life" and "respect for [one's] private communications". Well, "respect" is a vague notion. This does not clearly imply that the government is not allowed to read your communications, or otherwise spy on you, if it believes it has good reason. It will do so "respectfully", or supposedly minimize the intrusion etc.
As for article 8: Here it is "protection of personal data" and "fair processing". It does not say "protection from government access"; and "processing" is when the government or some other party already has your data. In fact, as others point out, even this wording has an explicit legitimization of violation of privacy and 'protection' whenever there is a law which defines something as "legitimate basis" for invading your privacy.
You would have liked to see wording like:
* "Privacy in one's home, personal life, communications and digital interactions is a fundamental right."
* "The EU, its members, its bodies, its officers and whoever acts on its behalf shall not invade individuals' privacy."
and probably something about a non-absolute right to anonymity. Codified exceptions should be limited and not open-ended.
> This does not clearly imply that the government is not allowed to read your communications, or otherwise spy on you, if it believes it has good reason. It will do so "respectfully", or supposedly minimize the intrusion etc.
Which is... okay? Government gonna government, that's what we pay it to do.
[dead]
You know that those pieces of paper mean nothing.
The Charter has been used by the courts to shoot down incoming legislation. So, in a way, those pieces of paper mean everything, as without them legislation would pass without the judiciary branch being a check on the Bloc’s powers. Your comment is merely cynical.
In theory these limit the power of the EU, while anything the EU parliament passes can just be undone as easily by a future EU parliament. If you don't believe the EU charter provides any protection, why would you believe an EU law would be any different?
Thank you for telling them. Governments do not care about anyone.
4 replies →
Chat control is already illegal according to EU law, and has previously been ruled as such by the ECHR when Romania was trying to implement a chat control law that did actually pass, in 2014. But documents are documents (even the Rome statute), and can be rewritten.
It already violates Articles 7 and 8 of the EU Charter which is supposed to prevent stuff like this.
The reality is that they'll just keep pushing it from different angles, they only have to get lucky once, we (or EU citizens, we left and have our own issues) need to be lucky every time - much like an adverserial relationship where you are on the defending side from a cyberattack...funny that really.
(I mentioned this in another comment)
Because the people voting it down are the elected MEPs, whilst the people putting it up to parliament are the European Commission. The EC are appointed, rather than elected. Which means the powers that be just appoint people who are going to push through laws like this, that they want. The MEPs can't put up bills to be voted on.
And who exactly do you think elected the 'powers that be'? The issue is that voter turnout for EU parliamentary elections is awful in comparison to national elections, especially among more conservative voters - meaning that the political orientation between the parliament and commission is a little skewed.
Sure, but then you end up with stuff like this happening time and time again. If something doesn't pass the first time, put it through again, and again.
The right to private communication is already enshrined in the EU.
Article 7, EU Charter of Fundamental Rights: Respect for private and family life (and probably a couple other sections in there as well).
The problem is national security exceptions. Chat control and other similar bills are trying to carve out exceptions to privacy laws under the excuse of national security.
Also its politically cheap to introduce surveillance or to expand state power, it's comparatively extremely difficult to pass laws that specifically restrict state power.
Privacy laws are well and good, but they exist. The problem is we need to stop allowing "public safety" or "national security" to be a trump card that allows exceptions to said laws, and good luck getting any government to ever agree that privacy is more important than national security.
I think the greatest risk to the EU is the sheer volume of communications it allows to travel without end-to-end encryption. Financial, infrastructure, personal political sentiment.. What doesn't a foreign enemy get volumes of minable data on?
Past laws of this type are:
- The GDPR
- The ePrivacy directive, which is explicitly derogated (sabotaged) by chat control 1.0
If this law, or some future version of it, passes, I will derive great pleasure from a simple bash script sending a gdpr right to be forgotten request to eye European parliament in a daily basis
I don't think that's a very sensical right (like most rights, frankly). Everyone has limits to the privacy they can expect. But we should have a social contract where we can expect privacy between mutually consenting parties intending to have private communication (eg not in a public square) without reasonable suspicion of a crime being committed.
Technology means there is only one truly stable compromise, imo: I am free to use whatever technical means at my disposal to encrypt my communications and those of my customers (!), and you can try to read them as much as you want.
Combined with the right to communicate across borders, you can get quite a bit of privacy: a server in both sides of a geopolitical conflict and they've got to collaborate to track you.
And yet metadata collection is both unavoidable (if you don't collect it, your geopolitical opponents will) and should be enough. We don't need chat control in a world where I get precision-targeted ads -- it's not even about freedom of speech or privacy, it's about freedom of thought.
> a server in both sides of a geopolitical conflict and they've got to collaborate to track you.
With a server on the other side of a geopolitical conflict (actual conflict, not a mere discontinuity in legalscape) you trade a risk of the government reading your chats for a risk of the same government (which you don't trust for a good reason) locking you up for treason and espionage.
>... without reasonable suspicion of a crime being committed.
How is that supposed to work with e2e encrypted chats?
There’s no point. The only way you can fix this is to pretty heavily market the situation and publicise and shame the lobbyist scum pushing this. And their associated ties.
You don’t care by writing new legislation, you care by forming boycotts against the corporations that are not fighting back against the scanning. The world is not controlled by democracy, it is controlled by money and the oligarchs.
We can do more than one thing. Do not cede the weapon of lobbying to be used solely by opponents. You can get a lot done by talking to people.
[flagged]