Comment by watwut
1 day ago
This is existing regulation being extended. It allows sites to scan messages. Not mandates.
These kind of responses is why it is hard to trust privacy advocates on HN. They are high on rhetorics, but half the time dont know what they are talking about.
I hope I'm being pessimistic about that. If I'm wrong, great.
I did saw it was an extension of the 1.0. To my understanding, "allows to scan" can also mean enabling a pipeline for accepting requests of scanning lawful content because, well, they can. In practice, it creates a mechanism to crawl people's information because when they feel like. While the law do make it explicit that this 'allowance' should not be used for anything else outside of the scope, i can't trust they won't. Once the mechanism is there, and that is valid for other countries, it might be used for stuff outside this scope since it's possible.
I work in the ISP field, and this happened in another context. First, a pipeline was built to block sites without a judge, because doing it only with court orders made it to difficult. After a few months of many ISPs complying the scope grew, now they can target piracy websites at will, and you must comply. Why stop there?
My fear is that this sets an example. I hope I'm wrong, but i don't trust them. There's a reason it was rejected before and it is being passed like that now.
Sorry for copypaste, but I still hope people will see true intentions of govt.
Just a recap how it happened in Russia:
1. First, year ~2015 legal framework was created under disguise of banning pirated media(specifically torrents.ru)(legislative push). State-wide DNS ban introduced. Very easy to circumvent via quering 8.8.8.8
2. Then, having legal basis, govt included extra stuff in banned list(casinos, terrorist orgs, etc)(executive push). IP bans introduced, applied very carefully.
3. Legal expanded allowing govt to ban specific media on very vague criterias(legislative push). IP blocks tried on some large websites. DPI hardware mandated to be installed by ISPs to filter by HTTPS SNI(executive push).
4. At ~2019 Roskomnadzor(RKN) created, special govt entity which enforces bans without court orders(legislative push).
5. ~2021 sites become banned if they are not filtering content by Russian laws by request of RKN(executive push). VPN services were obligated to also DPI-filter traffic(legislative push).
6. ~2023 Crackdown on VPN started(executive push). Popular commercial services were IP-banned, OpenVPN and IPSec connections selectively degraded by DPI.
7. ~2025 Heavy VPN filtering(vless, wireguard, etc) introduced(executive push). Performance of certain sites were degraded(youtube, twitter, etc).
Yes - this allowed companies like Google, Facebook, Snapchat etc to do what they already do (voluntarily) in the US and other territories - scan unencrypted user-uploaded or shared media for matches against NCMEC hashes, and image classifiers trained to find novel CSAM.
When you hear of "person arrested after NCMEC cyber tip" that's what this enables - people sharing or storing CSAM that was caught by this scanning, reported to NCMEC, and then sent to local authorities.
I have zero problems with Chat Control 1.0 as the existing derogation brought the EU into line with the rest of the world. Chat Control 2.0 is problematic however, but again, is not what's being voted on here.