The Internet Watch Foundation, an organisation funded by almost all of big tech, is already at work pushing for client side scanning next [1], for the children, of course.
I feel like if people wanted to counter this push, the more effective route would be addressing the "for the children" motivations seriously rather than fully dismissing them. You could cut the legs out of this effort by capturing the part of the population that does have an honest desire to protect children by offering an alternative that actually protects children. Instead, that concern is treated as 100% disingenuous which pushes many normal people to the side of wanting to enact these controls. This is a political problem, you need to solve it with politics.
I know a number of people who have gone down this route, including Senators. For example, here's Senator Wyden's proposal to add $5 billion in mandatory funding to investigate and target sexual abusers [1]. The problem with these efforts is that they're expensive: fighting child exploitation requires enormous amounts of funding.
Guess what doesn't require billions of dollars? Mandatory scanning paid for by tech companies, followed by dumping the billions of hits they produce [2] on overworked police and clearinghouses that mostly ignore them.
I don't think I agree - "think of the children" is not primarily a rational argument, it's more an emotional and political lever that is used to frame anyone in opposition as being opposed to more child safety, which is very obviously a bad thing.
It creates a moral asymmetry where one group is "defending children" and another group is "defending an abstract concept", but group A wins out primarily due to millions of years of human evolution. It has very little (IMO) to do with the actual underlying concepts being debated.
> an organisation funded by almost all of big tech
Agreed, and this sucks, but what should be done about this? Some NGO called "We Stop Bad Guys" approaches your company with its hand out. You have two choices:
1. kick down some money, get great headlines
2. don't, and then have it known that you don't support stopping Bad Guys -- then maybe write ten thousand never-to-be-read words about how your position is actually quite principled
Why stop there? This system can easily be used to target welfare recipients, immigrants, LGBT+ people, black/brown/indigenous people, pretty much any disfavored group of choice!
You're just one election away from "that was during the previous term of office"
Kind of surprised they don't just pitch it as a way to root out Russian propaganda and right-wing extremism. Public opinion would shift overnight. They'd practically demand it!
Actually, what are the partisan leanings of the parties actually actively pushing this, since you’ve brought it up?
Despite being fairly left-leaning I wouldn’t automatically blame the right for this particular type of invasive nonsense… is this a centrist spawned nuisance, or something?
The Chat Control 1.0 rule is simply that organisations like Meta are allowed to scan messages if they want to. In other words your Facebook messages are not private from Facebook. Surely we already knew and expected that.
Chat Control 2.0 is the worrying one because it mandates scanning and bans E2EE.
These two things should not have both been given the same branding.
I think it's the contrary. People don't want Zuckerberg reading their private messages, and everyone in Eutope uses WhatsApp, which is advertised as E2E encrypted.
Therefore it makes Chat Control 2 a harder sell.
To be fair I think "<anything> Control" makes it pretty clesr it's nefarious. They missed the opportunity to call it "Chat Safety".
I think the name is meaningless to the average layman, therefore useless. Something like "(private) chat police" would probably transmit what this is about but is not as catchy.
Not everyone. Politicians and all their communication are to be excluded, for they have decided it is obvious that we can trust them. It's just the rest of the world that is considered untrustworthy. This also absolves them from having to go through a trial period of having the software tested on themselves, so they will never have to know about any ridiculous false positives. Or worse: all the stuff they communicate which they never considered to be problematic - it would have been so nice if they had at least had such a trial run, for say, about one or two years, with anything that is being flagged open for anyone who wishes to see.
The problem with this software is at the very core of why any sane person should reject it; a company like Thorn has no incentive whatsoever to actually come up with something that would work properly, especially since the target demographic that is to be monitored, is European. No worries if some firmware update bricks a massive amount of devices. Good for business. And I bet the US Government would also prefer if they prioritized having the backdoors work properly for listening in, over having the software scan properly (taking all the cultural and linguistic differences across the continent into account) just so that it will be capable of actually flagging what it is (for now) meant to flag.
Having your entire infrastructure of digital devices augmented with surveillance software is a bad idea in itself, but it's sheer madness if you're having this done for the whole of Europe, by using an American software endlosung/solution that was pushed by a Hollywood-actor who was so genuine in his motivation to save the children... truly impressive show of tears for someone who had the chance to save a number of girls from his predatory co-star a long time ago, like, to save them for real, yet he chose not to intervene... Years later, he's with Thorn, but still what he knows best is acting, so instead of focussing on actual victims, he's acting as if he gives a toss about present day children, knowing full well he is selling a dodgy technology using horror-scenarios they actually invented themselves for this very purpose.
In subsequent years this has led to an actual increase in number and variety of perpetrators in the field of sexual abuse and/or trafficking of minors - where it was quite a niche field in crime before - niche and overall way more predictable, making it possible to prevent quite a bit of it, too. Thanks to the fearmongering and constant need for succesfull detection of victims (as it is the metric they've used for years to keep the people providing them with money and power excited about the project) it has become much more problematic. The efforts of groups like Thorn have so effectively spread these horrorstories by pushing them as 'news' using so many newsoutlets, that this in itself caused a whole new demographic of messed up people to act them out, making the horrors a reality.
All this should be enough for anyone to know that, if you're totally hellbent on having a thing like chat control implemented, doing so by choosing to stick with software sold by these people or anyone from their circles will be disastrous.
Yes but that's how all of these objectionable legislations are introduced - first it's voluntary, then they wait a bit and say "companies aren't doing it, we'll need to make it mandatory".
Easier to push through if the only thing they're changing is "may" to "must".
Perhaps in the future cars will not only record your face but also listen in for hate speech. Most cars have SOS and GPS modules so calling the police if someone in the car shouts a slur is just connecting some code together.
Why do you think this is only going to be in Europe? This will be the global norm modulo some astroid hitting earth or civilizational crash.
The trajectory is crystal clear: access to information (AI), control over personal finance (CBDC), privacy of personal communications (handful of big tech MITM in everything), metered social interactions (today China, tomorrow the world over).
I think this should go one step further. If you don't praise the magnificence of your local EU politicians then your car's breaks will stop working and an electric shot will be administered to everyone presently in the car. That will satisfy EU-rocrats.
The coming revolution will be well deserved I think.
Didn't Biden's big infrastructure bill already mandate that NHTSA develop regulations to require driver monitoring sensors starting next year? Or was that provision cut or reverted?
> The worst thing I have to hide is knowledge about my intentions, none of which are bad/illegal/immoral.
Correction: None of which are bad/illegal/immoral _right now_. The "I have nothing to hide" crowd will surely change their tune the moment any of their data starts to be used against them.
This is about 1.0, which sounds ok - it basically allows providers a legitimate exception from data privacy laws to scan for CSAM in not E2EE communications. I reckon gmail, iCloud mail and the like already scan attachments for malware and emails for phishing scams, now they can also scan for child abuse.
"We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back." -- Jean-Claude Juncker
Can anyone explain something? Since there are so many open source chat applications, what keeps anyone from "just" exchanging a key with someone else out of band, and then modifying the client so that it uses that key to encrypt all communication? I understand that this does not scale to big groups, but surely whoever is pushing this crap must have thought about this? Or is the idea that we will have completely locked down PCs as well ala android and ios so you can't run anything unapproved?
Nothing is stopping people from doing that. It’s just more inconvenient than other available options. If I were a politician trying to remove private communication, I would first pass something that allows scanning communications, then pass something that allows e2ee messages to be scanned, then make it illegal to use non-scannable e2ee messaging. People could still do it, but now they could be punished if they’re ever caught
They won't scan my messages since I run my own XMPP server and clients using only free software - prosody for the server, Conversations/dino/gajim/converse.js for the clients. OMEMO (the encryption scheme used by 'modern' XMPP systems) uses the same double-ratchet encryption as Signal without the dependency on a central Signal server.
Prosody can run on just about anything and is mostly maintenance-free, give it a try I'd say. You'll want to get a domain for it but that's easy and cheap.
Some of 'm have been doing things for decades now, moving to self-hosted services free from the government censors. The harder they squeeze, the more people will move to that server-under-the-stairs or hitch a ride on one hosted by a family member or friend.
What is the US legislation on this - I thought providers were already mandated to take action against distribution of CSAM, or is that only for public-facing posts?
Somewhat unsurprisingly too, since the negotiations about a more comprehensive CSAM legislation (the one that now doesn't contain chat control 2.0) isn't done yet.
The unquestioned view in certain circles - including here - is that when the EU/UK does something that chips away at people's online privacy, there's un ulterior motive.
It's entirely possible that politicians just want to do something about CSAM and young people having their mind twisted by social media. The electorate do seem to be keen on some sort of action.
Other governments across the Channel also want to protect children online, while at the same time dismissing thousands of reports of grooming, for fear of being labelled "racist".
The EU's position on privacy seems pretty consistent to me - they're against your data being monetized by private entities but not against building governmental tools to monitor private entities.
In good faith this could be summarized as "Personal data should be used for public safety but not for profit" - but that philosophy is definitely a strong contrast with the basic American philosophy towards civil liberties.
Not "access to ALL of your data". Also, as confusing as it might be, it is in the nature of EU (at least IMHO) to not have a clear position over multiple legislatures.
Maybe big tech weren't good a lobbying bureaucrats against GDPR but got better at lobbying in the EU for this. There's also been a slight shift towards authoritarianism in the last decade, which naturally love the possibilities of stricter communication control.
Children protection and russian propaganda are the tried and tested covers at enforcing age verification, message scanning, and probably any future pan-european surveillance network.
It seems fairly consistent, doesn't it? CC 2.0 is that the government must be able to access things, and GDPR has a legal basis exemption that is defacto used every time by government entities. The general idea is that private parties cannot consent to things to each other but that residents of a place consent to being governed by the government. e.g. you can't consent to having someone jail you; but you also can't opt out of jail by the government.
Personally, the politics of Europe is really not for me, but I can see why others might find it attractive. In the end, history will show us which path is adaptive.
There's no position on privacy. They make whatever laws the corporate laws and elites like, and that furthers their own bureucratic reach. GDPR is a good way to create a "compliance moat" against smaller players, and to give the EU bureucrats more power.
Not even that. The government outsources a lot of their functions, so a LOT of organizations have access to extremely private data, where necessary.
For example, Palantir gets access to "large and diverse (government) databases with Dutch citizens’ data for analysis" (including mental health treatment data) under the GPDR to help police in the Netherlands do terror investigations (from 2012 to 2019). I'm sure you can appreciate the wisdom and privacy-enhancement in that just as much as me!
There are large lists of private organizations that get access to government data about citizens ... every country has multiple (public and secret ones).
Oh, they also "failed to mention" this to parliament, and this was only discovered after a journalist got a tipoff and requested financial data about the deal ... for about 5 years. Of course, there was never even the slightest investigation into this.
The thing is that according to the Universal Declaration of Human Rights privacy and the right to private communication is a basic human right. And GDPR was literally enacted to enforce this human right.
Now one basic principle of democracy is that supreme courts are superior to the people in power. Someone needs to watch the lawmakers so to say. Because it could actually be that the European commission enacts laws that are illegal. And Chat Control 2.0 could actually be illegal because it violates the Universal Declaration of Human Rights. However, somebody has to take them to The Court of Justice of the European Union to test it.
I think the position can best be approximated as "companies should not be able to do this, but you should trust your government to do this to you". (That's a bad position that needs to be defeated every time it arises, but it's a consistent position.)
Easier? You mean easier to duplicate? No need to split up the discussion. There's the link, welcome to continue discussing over there, instead of pushing the news back in front of the rest of those who may not have missed it.
lol, say someone publishes an E2E distributed extension to an existing chat protocol.
Are you going to arrest someone for writing code? Are you going to arrest people who use private communications? Sounds like a legislator carve out hot and ready to happen.
I get the point, ban E2E, OK sure, but what if some software is designed in such a way that the company doesn't provide it, but it just happens to be compatible with the protocol extension? Are you going to arrest the authors if they don't explicitly ban it?
It's all coming together:
Even if an open protocol was developed and published, and everyone would just use AI to create their own app in order to be private, Google is shutting down that path by preventing "unsanctioned" apps from being installed (not to mention Apple, which already does it).
People wouldn't be arrested for writing code, but as it happened in Spain, people with Pixels and GrapheneOS are already treated as drug dealers
The Internet Watch Foundation, an organisation funded by almost all of big tech, is already at work pushing for client side scanning next [1], for the children, of course.
[1] https://www.iwf.org.uk/policy-work/preventing-the-upload-of-...
I feel like if people wanted to counter this push, the more effective route would be addressing the "for the children" motivations seriously rather than fully dismissing them. You could cut the legs out of this effort by capturing the part of the population that does have an honest desire to protect children by offering an alternative that actually protects children. Instead, that concern is treated as 100% disingenuous which pushes many normal people to the side of wanting to enact these controls. This is a political problem, you need to solve it with politics.
I know a number of people who have gone down this route, including Senators. For example, here's Senator Wyden's proposal to add $5 billion in mandatory funding to investigate and target sexual abusers [1]. The problem with these efforts is that they're expensive: fighting child exploitation requires enormous amounts of funding.
Guess what doesn't require billions of dollars? Mandatory scanning paid for by tech companies, followed by dumping the billions of hits they produce [2] on overworked police and clearinghouses that mostly ignore them.
[1] https://www.wyden.senate.gov/news/press-releases/wyden-eshoo... [2] https://www.hstoday.us/subject-matter-areas/cybersecurity/su...
3 replies →
I don't think I agree - "think of the children" is not primarily a rational argument, it's more an emotional and political lever that is used to frame anyone in opposition as being opposed to more child safety, which is very obviously a bad thing.
It creates a moral asymmetry where one group is "defending children" and another group is "defending an abstract concept", but group A wins out primarily due to millions of years of human evolution. It has very little (IMO) to do with the actual underlying concepts being debated.
1 reply →
> an organisation funded by almost all of big tech
Agreed, and this sucks, but what should be done about this? Some NGO called "We Stop Bad Guys" approaches your company with its hand out. You have two choices:
1. kick down some money, get great headlines
2. don't, and then have it known that you don't support stopping Bad Guys -- then maybe write ten thousand never-to-be-read words about how your position is actually quite principled
I hate it, but the first is obviously rational?
Interesting. It would be easy to detect hate speech client-side too I’d imagine. My phone already listens for certain words.
Why stop there? This system can easily be used to target welfare recipients, immigrants, LGBT+ people, black/brown/indigenous people, pretty much any disfavored group of choice!
You're just one election away from "that was during the previous term of office"
https://media.mullvad.net/web/chatcontrol2_en.jpg
2 replies →
> for the children, of course.
Kind of surprised they don't just pitch it as a way to root out Russian propaganda and right-wing extremism. Public opinion would shift overnight. They'd practically demand it!
Actually, what are the partisan leanings of the parties actually actively pushing this, since you’ve brought it up?
Despite being fairly left-leaning I wouldn’t automatically blame the right for this particular type of invasive nonsense… is this a centrist spawned nuisance, or something?
1 reply →
The Chat Control 1.0 rule is simply that organisations like Meta are allowed to scan messages if they want to. In other words your Facebook messages are not private from Facebook. Surely we already knew and expected that.
Chat Control 2.0 is the worrying one because it mandates scanning and bans E2EE.
These two things should not have both been given the same branding.
>These two things should not have both been given the same branding.
the confusion is purposeful, because it is easier to convince people that 1.0 is okay, which makes 2.0 appear like a version bump of the same thing.
“Chat Control”, along with the version numbers, is a naming invented by the opponents, not by the proponents.
3 replies →
I think it's the contrary. People don't want Zuckerberg reading their private messages, and everyone in Eutope uses WhatsApp, which is advertised as E2E encrypted.
Therefore it makes Chat Control 2 a harder sell.
To be fair I think "<anything> Control" makes it pretty clesr it's nefarious. They missed the opportunity to call it "Chat Safety".
The name "Chat Control" is great because it implies a lockdown on free speech and the exact consequences that are going to happen to everyone.
I think the name is meaningless to the average layman, therefore useless. Something like "(private) chat police" would probably transmit what this is about but is not as catchy.
1 reply →
That's suitable for Chat Control 2.0. Applying the same name to v1 just muddies the waters, probably intentionally..
1 reply →
Not everyone. Politicians and all their communication are to be excluded, for they have decided it is obvious that we can trust them. It's just the rest of the world that is considered untrustworthy. This also absolves them from having to go through a trial period of having the software tested on themselves, so they will never have to know about any ridiculous false positives. Or worse: all the stuff they communicate which they never considered to be problematic - it would have been so nice if they had at least had such a trial run, for say, about one or two years, with anything that is being flagged open for anyone who wishes to see.
The problem with this software is at the very core of why any sane person should reject it; a company like Thorn has no incentive whatsoever to actually come up with something that would work properly, especially since the target demographic that is to be monitored, is European. No worries if some firmware update bricks a massive amount of devices. Good for business. And I bet the US Government would also prefer if they prioritized having the backdoors work properly for listening in, over having the software scan properly (taking all the cultural and linguistic differences across the continent into account) just so that it will be capable of actually flagging what it is (for now) meant to flag.
Having your entire infrastructure of digital devices augmented with surveillance software is a bad idea in itself, but it's sheer madness if you're having this done for the whole of Europe, by using an American software endlosung/solution that was pushed by a Hollywood-actor who was so genuine in his motivation to save the children... truly impressive show of tears for someone who had the chance to save a number of girls from his predatory co-star a long time ago, like, to save them for real, yet he chose not to intervene... Years later, he's with Thorn, but still what he knows best is acting, so instead of focussing on actual victims, he's acting as if he gives a toss about present day children, knowing full well he is selling a dodgy technology using horror-scenarios they actually invented themselves for this very purpose.
In subsequent years this has led to an actual increase in number and variety of perpetrators in the field of sexual abuse and/or trafficking of minors - where it was quite a niche field in crime before - niche and overall way more predictable, making it possible to prevent quite a bit of it, too. Thanks to the fearmongering and constant need for succesfull detection of victims (as it is the metric they've used for years to keep the people providing them with money and power excited about the project) it has become much more problematic. The efforts of groups like Thorn have so effectively spread these horrorstories by pushing them as 'news' using so many newsoutlets, that this in itself caused a whole new demographic of messed up people to act them out, making the horrors a reality.
All this should be enough for anyone to know that, if you're totally hellbent on having a thing like chat control implemented, doing so by choosing to stick with software sold by these people or anyone from their circles will be disastrous.
1 reply →
Yes but that's how all of these objectionable legislations are introduced - first it's voluntary, then they wait a bit and say "companies aren't doing it, we'll need to make it mandatory".
Easier to push through if the only thing they're changing is "may" to "must".
Tough week for euros. Cars that record your face while driving and now apps snooping on communications.
Perhaps in the future cars will not only record your face but also listen in for hate speech. Most cars have SOS and GPS modules so calling the police if someone in the car shouts a slur is just connecting some code together.
Why do you think this is only going to be in Europe? This will be the global norm modulo some astroid hitting earth or civilizational crash.
The trajectory is crystal clear: access to information (AI), control over personal finance (CBDC), privacy of personal communications (handful of big tech MITM in everything), metered social interactions (today China, tomorrow the world over).
10 replies →
I think this should go one step further. If you don't praise the magnificence of your local EU politicians then your car's breaks will stop working and an electric shot will be administered to everyone presently in the car. That will satisfy EU-rocrats.
The coming revolution will be well deserved I think.
1 reply →
Car could also become judge and executioner. Swift justice is just one curve away
4 replies →
The car’s computer voice: John Spartan you are fined one credit for a violation of the verbal morality code!
This is called eCall, a fairly intrusive system built into even some motorcycles.
Danger, danger. Cannabis detected in the vehicle.
Well, it is some kind of social control. People who conform, have more rights than those who reject fascism.
Boy, do I have news for you: https://www.tesla.com/ownersmanual/model3/en_us/GUID-EDAD116...
Didn't Biden's big infrastructure bill already mandate that NHTSA develop regulations to require driver monitoring sensors starting next year? Or was that provision cut or reverted?
That provision did get removed, but only for ICE cars.
the children... :)
It's not particularly effective with school shootings in the USA.
2 replies →
I wait for mandated methane sensor in everyone's anus.
Cars sold for the past years already record and transmit all your movements and telemetry, I'm sad to say.
Maybe they should pause on being such snobs towards American politics to take a long hard look at themselves.
[flagged]
[flagged]
Honestly, it is mostly a reaction to how society has evolved, for the worse. Rock and hard place.
The worst thing I have to hide is knowledge about my intentions, none of which are bad/illegal/immoral.
Scan away, I'd rather try to protect my children, other children from unscrupulous characters.
> The worst thing I have to hide is knowledge about my intentions, none of which are bad/illegal/immoral.
Correction: None of which are bad/illegal/immoral _right now_. The "I have nothing to hide" crowd will surely change their tune the moment any of their data starts to be used against them.
2 replies →
For my fellow EU citizens, you can contact your representatives here: https://fightchatcontrol.eu/
I did. Only 1 replied.
I did.
This is about 1.0, which sounds ok - it basically allows providers a legitimate exception from data privacy laws to scan for CSAM in not E2EE communications. I reckon gmail, iCloud mail and the like already scan attachments for malware and emails for phishing scams, now they can also scan for child abuse.
cc 2.0 is a different beast.
"We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back." -- Jean-Claude Juncker
It's still objectionable with a false positive rate of 50-80%.
Even if defeated, this is Terminator legislation - it will never stop coming back until it wins.
Can anyone explain something? Since there are so many open source chat applications, what keeps anyone from "just" exchanging a key with someone else out of band, and then modifying the client so that it uses that key to encrypt all communication? I understand that this does not scale to big groups, but surely whoever is pushing this crap must have thought about this? Or is the idea that we will have completely locked down PCs as well ala android and ios so you can't run anything unapproved?
Nothing is stopping people from doing that. It’s just more inconvenient than other available options. If I were a politician trying to remove private communication, I would first pass something that allows scanning communications, then pass something that allows e2ee messages to be scanned, then make it illegal to use non-scannable e2ee messaging. People could still do it, but now they could be punished if they’re ever caught
They won't scan my messages since I run my own XMPP server and clients using only free software - prosody for the server, Conversations/dino/gajim/converse.js for the clients. OMEMO (the encryption scheme used by 'modern' XMPP systems) uses the same double-ratchet encryption as Signal without the dependency on a central Signal server.
Prosody can run on just about anything and is mostly maintenance-free, give it a try I'd say. You'll want to get a domain for it but that's easy and cheap.
Waiting to see what the Europeans do. They talked the talk. Let’s see what is the next move.
Some of 'm have been doing things for decades now, moving to self-hosted services free from the government censors. The harder they squeeze, the more people will move to that server-under-the-stairs or hitch a ride on one hosted by a family member or friend.
What is the US legislation on this - I thought providers were already mandated to take action against distribution of CSAM, or is that only for public-facing posts?
When is it coming online? I have seen so many of these headlines that I feel it's always about to kick in, but I never get any closure.
Had expired in April. This is a tentative of bringing it back up even though it expired after a number of previous extensions.
This was online already. It is existing law that is being extended rather then expired.
Somewhat unsurprisingly too, since the negotiations about a more comprehensive CSAM legislation (the one that now doesn't contain chat control 2.0) isn't done yet.
1 reply →
Hmm, so… what happened while it was online? Any scandals?
2 August 2021.
It already was in force, and EU states are presumably using it right now despite that being illegal. Only to protect the children, of course.
Give it time. I’ll see you in 5 years
Slaves also have no right to privacy. This EU variant is doomed to failure.
I don't understand the EU's position on privacy. On the one hand, they enacted GDPR to give you control over access to your personal data.
On the other, they need access to all of your data.
The unquestioned view in certain circles - including here - is that when the EU/UK does something that chips away at people's online privacy, there's un ulterior motive.
It's entirely possible that politicians just want to do something about CSAM and young people having their mind twisted by social media. The electorate do seem to be keen on some sort of action.
This is being heavily pushed by certain actors so it's not just politicians wanting to do something about CSAM: https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
Many abuse survivors and youth advocates strongly oppose Chat Control; here is one voice detailing why: https://www.linkedin.com/pulse/why-i-dont-support-privacy-in...
Other governments across the Channel also want to protect children online, while at the same time dismissing thousands of reports of grooming, for fear of being labelled "racist".
>It's entirely possible that politicians just want to do something about CSAM
except that honest-to-God child rapists get extremely lenient sentences in Western Europe and rarely (if ever) get deported afterwards.
The EU's position on privacy seems pretty consistent to me - they're against your data being monetized by private entities but not against building governmental tools to monitor private entities.
In good faith this could be summarized as "Personal data should be used for public safety but not for profit" - but that philosophy is definitely a strong contrast with the basic American philosophy towards civil liberties.
> basic American philosophy towards civil liberties.
Errrr, america does not look like country that cares about that. It does care about liberties of rich companies tho.
1 reply →
Not "access to ALL of your data". Also, as confusing as it might be, it is in the nature of EU (at least IMHO) to not have a clear position over multiple legislatures.
This is a wedge.
The one that passed doesn't give them access to anything. It is different from the scary one.
Maybe big tech weren't good a lobbying bureaucrats against GDPR but got better at lobbying in the EU for this. There's also been a slight shift towards authoritarianism in the last decade, which naturally love the possibilities of stricter communication control.
Children protection and russian propaganda are the tried and tested covers at enforcing age verification, message scanning, and probably any future pan-european surveillance network.
It seems fairly consistent, doesn't it? CC 2.0 is that the government must be able to access things, and GDPR has a legal basis exemption that is defacto used every time by government entities. The general idea is that private parties cannot consent to things to each other but that residents of a place consent to being governed by the government. e.g. you can't consent to having someone jail you; but you also can't opt out of jail by the government.
Personally, the politics of Europe is really not for me, but I can see why others might find it attractive. In the end, history will show us which path is adaptive.
There's no position on privacy. They make whatever laws the corporate laws and elites like, and that furthers their own bureucratic reach. GDPR is a good way to create a "compliance moat" against smaller players, and to give the EU bureucrats more power.
It is simple. GDPR is aimed at private entities misusing your data. Keyword private.
Not even that. The government outsources a lot of their functions, so a LOT of organizations have access to extremely private data, where necessary.
For example, Palantir gets access to "large and diverse (government) databases with Dutch citizens’ data for analysis" (including mental health treatment data) under the GPDR to help police in the Netherlands do terror investigations (from 2012 to 2019). I'm sure you can appreciate the wisdom and privacy-enhancement in that just as much as me!
There are large lists of private organizations that get access to government data about citizens ... every country has multiple (public and secret ones).
Oh, they also "failed to mention" this to parliament, and this was only discovered after a journalist got a tipoff and requested financial data about the deal ... for about 5 years. Of course, there was never even the slightest investigation into this.
https://nltimes.nl/2025/08/22/dutch-police-also-use-controve...
(paywalled) https://www.volkskrant.nl/tech/ook-nederlandse-politie-gebru...
[flagged]
The thing is that according to the Universal Declaration of Human Rights privacy and the right to private communication is a basic human right. And GDPR was literally enacted to enforce this human right.
Now one basic principle of democracy is that supreme courts are superior to the people in power. Someone needs to watch the lawmakers so to say. Because it could actually be that the European commission enacts laws that are illegal. And Chat Control 2.0 could actually be illegal because it violates the Universal Declaration of Human Rights. However, somebody has to take them to The Court of Justice of the European Union to test it.
I think the position can best be approximated as "companies should not be able to do this, but you should trust your government to do this to you". (That's a bad position that needs to be defeated every time it arises, but it's a consistent position.)
Given the choice of trust between, lets say Amazon/Meta/Google and the EU (or some European government), 9 times out of 10, the EU is the lesser evil.
14 replies →
Each passing day we are moving closer to a dystopian state and nobody is doing anything.
People are doing something (e.g. [0][1][2]). That’s why Chat Control 2.0 hasn’t passed and is unlikely to pass in the foreseeable future.
[0] https://www.patrick-breyer.de/en/posts/chat-control/
[1] https://edri.org/our-work/european-commission-must-uphold-pr...
[2] https://freiheitsrechte.org/en/themen/freiheit-im-digitalen-...
[dupe] https://news.ycombinator.com/item?id=48819008
I feel like this one should not be removed because people want to continue discussing and that's easier on a newer thread.
Easier? You mean easier to duplicate? No need to split up the discussion. There's the link, welcome to continue discussing over there, instead of pushing the news back in front of the rest of those who may not have missed it.
1 reply →
Different news source. But same topic.
Welcome to share the url over there. Duplicate discussion.
lol, say someone publishes an E2E distributed extension to an existing chat protocol.
Are you going to arrest someone for writing code? Are you going to arrest people who use private communications? Sounds like a legislator carve out hot and ready to happen.
I get the point, ban E2E, OK sure, but what if some software is designed in such a way that the company doesn't provide it, but it just happens to be compatible with the protocol extension? Are you going to arrest the authors if they don't explicitly ban it?
Yeah, right.
It's all coming together: Even if an open protocol was developed and published, and everyone would just use AI to create their own app in order to be private, Google is shutting down that path by preventing "unsanctioned" apps from being installed (not to mention Apple, which already does it).
People wouldn't be arrested for writing code, but as it happened in Spain, people with Pixels and GrapheneOS are already treated as drug dealers
The government's worse nightmare: People who own Pixels talking to their family members.
[flagged]