[HN Gopher] EU Commission doesn't understand what's written in i... ___________________________________________________________________ EU Commission doesn't understand what's written in its own chat control bill Author : rc00 Score : 246 points Date : 2023-03-28 18:25 UTC (4 hours ago) (HTM) web link (mullvad.net) (TXT) w3m dump (mullvad.net) | bitwize wrote: | They have to pass it to find out what's in it! | | Never go full American politics. | obiwahn wrote: | Maybe she is just saying that Google and Apple soft Keyboard are | scanned and it does not matter if you use signal or telnet... | mongol wrote: | The podcast episode in Svenska Dagbladet (which is otherwise a | very good podcast) was infuriating because the opponent and the | host did not catch on to her ridiculous statements about | encryption. She really needs to meet a journalist that can cross- | examine her statements about this. She got away too easy there. | tephra wrote: | Knowing the opponent he indeed caught on but with 30 minutes | (and most of that spent with Ylva) there's only so much you can | do. | Freeaqingme wrote: | Someone commented something along the lines of 'but then how are | we supposed to tackle organized crime'. As I typed the comment | below the comment got flagged and I could no longer reply. Still, | I think the bit below may contribute to the discussion. TL;DR; I | think that as a society we should more often ask ourselves if | something is actually worth fighting if it means sacrificing a | lot of our human rights. That may not be a problem on HN, but it | is one imho on a political level in many Western countries. | | There is not always a solution to a problem. | | Let's say you wanted to bring the number of car crashes to zero. | Eventually there's nothing 'reasonable' left to be done, and the | only remaining option would be to ban cars altogether. Instead, | we accept a certain number of crashes because it's deemed more | important to be able to drive a car than it is to bring the | number of car crash fatalities to zero*. | | For example, in a country like Germany there are 0.8 homicides | per 100K inhabitants. You could put _everybody_ under | surveillance, just to have an easier job of finding the | perpetrators. In the process there would be many false positives, | wrongful imprisonments, etc. | | In order to preserve the rule of law, maybe it's sometimes best | to accept that you cannot create the perfect society. At least | not a society in which people who are innocent (the very vast | majority) can also still enjoy their freedoms. | | Besides, I feel like the police has become somewhat lazy in many | Western countries for the past 20 years. Before the rise of the | internet, it was simply accepted that you couldn't know what two | spouses had said to each other and you had to rely on good-old | detective work. However, since things like Facebook Messenger, | the cops expect to be able to get a warrant for all this data. | That era appears to be slowly ending with E2EE, and all of a | sudden they're struggling because those detective skills have | slowly deteriorated. | | * To be clear, I think that in many countries there's still quite | a lot of room for improvement to reduce the number of car crash | fatalities. Not in the least in the USA. | viktorcode wrote: | She maybe don't understand technology, but I get the feeling that | breaking or weakening p2p is not what she talking about. The | scanning means scanning performed on the end devices, not of the | communications. The idea is to force communication messengers | providers to perform scan on end user's device. | | That, obviously, will fail, as many (including child predators) | will migrate to messengers that don't do that. | walkhour wrote: | Reminds me of the senator that asked Zuckerberg how do they make | money [0], and Zuckerberg simply said they run ads. What a way to | use your questioning time, with something that was a google | search away. | | [0] https://youtu.be/n2H8wx1aBiQ | decremental wrote: | Often the point of seemingly obvious questions like that is to | have the person on record making that statement and potentially | what they might omit. | jll29 wrote: | Don't believe vendors' lies about "end-to-end" encryption. | | If caught red handed, they will always say it depends on how you | define where both "ends" begin. | | Do not trust a cloud service that you have not developed and | deployed yourself. | | You may trust untrusted hardware with your encrypted content, but | only if you have given it your content pre-encrypted by yourself, | not trusted a third party to encrypt it on your behalf. | Obviously, this excludes mobile devices. | | Do not trust a tree of certificates if you cannot trust the root | certificate because it belongs to an organization that is in a | jurisdiction where people may be interested in what you have | written and said in your encrypted message. | | Don't trust old-school typewriters and the postal system either. | Letters are routinely opened and typewriters can be matched. For | example, the Stasi (secret police of the former GDR - German | "Democratic" Republic) had an archive of type samples of all sold | models of typewriters for re-identification of political | pamphlets. | | You can trust a few things: You can trust your Linux box with | your self-compiled kernel (no 3rd party drivers), at least as | long as it is not on a network. To build a safe environment, you | could start there, taking a defensive approach. Remember, last | time the paranoid turned out to be naive when Snowden revealed | the real status quo in 2013 (ten years ago, when I couldn't buy a | 1 TB USB stick). | tablespoon wrote: | > Don't trust old-school typewriters and the postal system | either. Letters are routinely opened and typewriters can be | matched. For example, the Stasi (secret police of the former | GDR - German "Democratic" Republic) had an archive of type | samples of all sold models of typewriters for re-identification | of political pamphlets. | | That's theoretical. I highly doubt _anyone_ extends that much | effort to target typewriters anymore. The best they could | probably do is match a series of messages to the same | typewriter. Though they might not even be able to do that, | because the law-enforcement skills to match typewriter | documents to each other have also probably nearly completely | atrophied. | | You're probably more likely to be caught by being the weirdo | still buying typewriter ribbons. | voxic11 wrote: | > You may trust untrusted hardware with your encrypted content | | Couldn't someone still capture them from the untrusted | hardware, wait until quantum computer technology is available, | then decrypt them? | beisner wrote: | There are quantum-resistant encryption schemes. | | See: https://en.wikipedia.org/wiki/Post-quantum_cryptography | Anonboxis wrote: | Here is the Regulation in question: | | https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2022... | | https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb... | | Its full name is the: Proposal for a REGULATION OF THE EUROPEAN | PARLIAMENT AND OF THE COUNCIL laying down rules to prevent and | combat child sexual abuse | mecsred wrote: | Neither of those links are functional | seydor wrote: | The purpose of most eurocrats is to write long reports to other | eurocrats justifying their time and expenses. It's normal to see | people claim authority on things they have very little idea of. | The recently-caught MEP who took bribes was apparently in charge | of science and tech, AI & blockchain , and the things she would | say in public were astounding. | https://www.youtube.com/watch?v=ylCxsN3qlkU?t=5m30s | cowpig wrote: | Making cynical blanket statements about large groups of people | doesn't do anything to address any kind of issue, and instead | normalizes negative behaviors both within that group. | | Within the group, the more people believe that it's the norm, | the less social impetus there is to address individual bad | actors. | | Outside that group, people are less likely to treat people | fairly if they are perceived to be part of a group of bad | actors. How is someone making a positive difference supposed to | navigate an environment where everyone assumes they are bad | actors? | | Finally, pointing to a single case of someone who was arrested | for corruption among literal thousands of bureaucrats does not | make a compelling case. | LudwigNagasena wrote: | > How is someone making a positive difference supposed to | navigate an environment where everyone assumes they are bad | actors? | | By increasing transparency and accountability. | zaphar wrote: | I have observed multiple instances where someone had | proposed that and been shorted down by the crowd e saying, | we don't believe it trust you because you (work in govt, | represent a company, are in $political party). Clearly that | doesn't work. | fnmron wrote: | [flagged] | seydor wrote: | i m not within that group -- very few people are within that | group and the vast majority are unelected and unaccountable | to us. I m not the only one complaining about the brussels | bubble. dont try to shift the blame on us | | my experince with eurocracy is from projects i ve | participated in | lwhi wrote: | No. | | You're making a politically motivated comment, that | involves your opinion more than fact. | seydor wrote: | the EU is a political organization so , yes? having an | opinion is allowed , but like i said there is no way to | express it somehow. In fact i usually learn about EU | regulations affecting my business from hacker news | hilios wrote: | The EU does public consultations, usually years in | advance. If those regulations are affecting your business | it might be worthwhile to check their site every once in | a while. | actually_a_dog wrote: | I don't see any facts coming from you, either. | ClumsyPilot wrote: | > are unelected and unaccountable to us | | Elected ones are so accountable - lets see | | 1. Iraq war - Tony Blair mislwd parliament, as cobcluded in | official report, not held to account | | 2. 2008 - noone held to account | | 3. Brexit campaign broke electoral law - noone held to | account | | 4 - Covid responce in UK involved handing out billions to | political donors for PPE that did not meet legal | requirements and so was burned. | | 5 - Trump... | | In fact I striggle to think of a recent disaster that was | caused by a civil cervant or eurocrat | livelielife wrote: | your response contains some very valid points around the | dynamics of groups with bad reputations. You point out real | negative consequences. | | But you misidentify the group being criticized. it's not euro | bureaucrats. | | it's literal morons who take ownership and responsibility | over things they don't understand well enough to even | surround themselves with advisors who know what they're | talking about. | | I've seen this attitude from many very wealthy people, a | willingness, a bravado even, to be ignorant about what they | do for a living, e.g. I met a dude who told me had a software | business, but he didn't even know what programing language | his own property was written in. | | what really sets me off is their unwillingness to find out. | (oh, and that this are the kind of people at the top of our | society) | [deleted] | akomtu wrote: | I bet Ylva didn't even write it. She's just a talking head for | those who don't want visibility. | A4ET8a8uTh0 wrote: | I wish I could believe that the individual is just a useful | idiot. Part of that rhetoric mostly works in US too, where I | kinda place the blame on the old guard for not understanding | technology, where it is not exactly given that they do not. | | edit: From where they sit ( position where they have to champion | this effort ), it is just not part of the equation that is | relevant to them so any means to get public on your side even | with comments about sniffing is justified. HN will ridicule it, | but a lot of people will swallow it wholesale. | Waterluvian wrote: | This is more common than the opposite. | | I'm reminded of that recent embarrassing display of US government | where the TikTok CEO was peppered with the kinds of questions | that betray the fact that the congresscritter doesn't comprehend | the topic. | | If they wanted real answers they'd say, "I yield my time to this | SME I brought in." But they're just there to look tough on | whatever. | raverbashing wrote: | Pretty much that. Your average politician on this side of the | pond is not much better than the ones on the other side | | And to be even more honest, technical people have a very hard | time getting their point across non-technical people and | engaging in politics | ben_w wrote: | Perfect use case for ChatGPT. | | Sure, I'd be as surprised as anyone else if it could straight | up write good laws, _but it can almost certainly talk in | political jargon better than any of us software developers | can manage_. | bbarnett wrote: | _Perfect use case for ChatGPT._ | | You lunatic!! You have damned us all! The genie, it is | released, the bottle broken, forever unstopped. | | PoliticianGPT, oh the humanity! | ouid wrote: | You don't need to be a subject matter expert to understand how | encryption works. E2E can be explained to an 8 year old. The | problem is that the skills selected for in politicians is the | same as the skills selected for in non-venomous snakes, ie, | their resemblance to venomous snakes, without the metabolic | overhead of actually producing venom. | ben_w wrote: | I don't understand your metaphor. | | > E2E can be explained to an 8 year old. | | Can. | | Also, the main problem here isn't explaining the tech itself | (although the quotations in the link indicate this is _also_ | a problem), but rather explaining why it 's (a) actually | good, and (b) impossible to prevent even if it wasn't good. | | But even if it was the tech itself, most people don't have | maths skills and fundamentally don't (care to?) think | logically. | | When I was a kid, I couldn't understand why the adults kept | joking about why it was so hard to stop the VCR from flashing | 12:00 when I found it trivial. | | (I think we're getting to the point where you could run an | image detection process on the display itself, totally | circumventing any encryption. This will have a lot of | consequences that are totally obvious and yet it may be done | regardless). | willtemperley wrote: | Funny - the European Commission told its staff to "Switch to | Signal messaging app" in Feb 2020: | | https://www.politico.eu/article/eu-commission-to-staff-switc... | | I wonder what changed. | 12j1l2io3 wrote: | The only useful laws eurocrats created were "Digital Markets Act" | and "Digital Services Act". So now Apple will finally be | penalized for their antihuman practices, like promoting bullying | and mobbing against non-apple (android) users across teenagers. | 12j1l2io3 wrote: | https://www.wsj.com/articles/why-apples-imessage-is-winning-... | throwaway426079 wrote: | Is there any legitimate purpose or utility to the user in | that green bubble? | | I'm an Android user with no knowledge of iMessage. | ulimn wrote: | If I write a message to someone, them being blue or green | means I will either pay for the message (sms) or it's free | (iMessage). | prophesi wrote: | And to piggyback off this, to have an iPhone is often a | status symbol for teens or some societies. So whether you | know anything about iMessage or not, a teen with an | Android phone may be heckled when their iPhone recipient | sees a green bubble. | max51 wrote: | This is so common (not just in the EU) that it makes me feel like | it was done by design in a lot of cases. By creating these | massive overcomplicated bills, they make sure only a handful of | individuals are capable of reading them and the rest of us | (including other politicians) will never read them and instead | have to rely on faith. It feels to me like they want to give you | the illusion that it's all open/public but at the same time they | don't want other people to read it. The fact that even the | politicians signing on it can't understand it should raise a lot | of red flags. | | We should treat them the same way that an anti-virus treats | "safe" code with payloads that are obfuscated using techniques | also used by viruses (a big reason why you get false positives on | cracks and keygens btw). We should assume that they are trying to | hide something they don't want us to see when they make their | bills extremely hard to read even for lawyers. | Dalewyn wrote: | Legalese is like that thanks to a long history of people | looking for and abusing any and all loopholes. | | That led to the natural conclusion of legal words holding | standardized definitions that might differ from common | understanding, and extreme specification of all details in an | effort to preemptively close off any and all loopholes. | | Anyone who tries to make legalese simpler finds themselves | immediately torn asunder by the aforementioned people looking | for and abusing any and all loopholes as lawyers and those who | learned the hard way look on shaking their heads. | max51 wrote: | I have no problem with the vocabulary itself and most of the | Legalese. I try to use more of it in my documentation | because, as you mentioned, it has less room to interpretation | and loopholes compared to more commonly used phrasing. | | My problem is when they take what should have been a simple | table with a few columns and turn it into a 9-line long | sentence with triple negations, exceptions to the exceptions | to the exceptions and abusing references to other sections to | create these puzzles that are very hard to solve. If they | need it for some reason, they should also provide the easy- | to-read version alongside it. I would prefer that the easy | version came from the same people who wrote the original bill | instead of a college textbook or a journalist relying on | second hand information because he also can't read it | properly. | | Mixing multiple unrelated subject into a single bill is also | completely unnecessary from the pov preventing loopholes. | | When it gets to the point that even the people voting on it | can't understand/read it, something needs to change. How do | you know they didn't slip in intentional loophole? Even with | a well intentioned politicians, the intern typing it could | sneak something in. | goobma wrote: | [flagged] | favsq wrote: | The fact that something needs to be done does not mean that | this needs to be done. | s1artibartfast wrote: | Sometimes the cure is worse than the poison. You don't need a | better proposal to condemn one | alphanullmeric wrote: | Not surprised to see EU residents defending the redistribution | of consequences, it really is their bread and butter after all. | rcoveson wrote: | It is sufficient to demonstrate that the a proposal is worse | than the status quo. A problem doesn't demand an immediate | resolution just because somebody proposed a bad solution. | jjulius wrote: | Having a solution is not a prerequisite for providing | criticism. It is okay to see a flaw but not yet have an answer. | goobma wrote: | No but it makes it an empty criticism. It's like the | activists who say "abolish the police!" but either have no | insight into or are deliberately ignoring why the police | exist, and have no ideas regarding who would perform the | equivalent function instead. | AnimalMuppet wrote: | Here's a real problem. Let's call it X. Someone proposes a | solution: "Let's do Y!". It is perfectly valid criticism to | say that _Y doesn 't actually fix X_. | | I don't care if that counts as "empty criticism" by your | definition. If someone proposes a solution, it's perfectly | valid criticism to point out that the "solution" doesn't | actually _solve_. | CP3f6kMA wrote: | We are very aware of why police exist. | delecti wrote: | I think you must not have interacted with many people who | advocate for police abolition. Even just googling "abolish | the police" returns a page full of results of various | proposals, with detailed breakdowns. It's quite simple: | just how we don't call the police for house fires or heart | attacks, there are a large variety of other societal | problems which would be better served by more specialized | (and less heavily armed) services. | | Also, police exist to protect capital, not us. It evolved | from slave catching forces, and does relatively little to | prevent or solve most crime. | jjulius wrote: | >It's like the activists who say "abolish the police!"... | | I would also caution you to focus less on these kinds of | catchphrases and more on the crux of their message[1] (and | I should point out that this applies to any kind of | movement), lest you not see the forest for the trees. | | [1]https://news.ycombinator.com/item?id=35346925 | WhereIsTheTruth wrote: | That's indeed quite worrying, this plus the American Cloud Act | means online privacy is at risk.. | | I wonder why Mullvad doesn't complain about the American Cloud | Act, or did they already? Mullvad employees could be extradited | to the US if they do not comply (opening up your servers for | example), since it's a bilateral agreement with the EU | | It's a pretty dark era ahead of us: | https://www.justice.gov/criminal-oia/cloud-act-resources | legitster wrote: | For all the faults that lobbying brings with it, there is | something to be said for actually bringing in outside experts | into the legislative process. You can seek intellectual purity | all you want, but at the end of the day you are going to have to | have _some_ trust that farmers know where seeds go and tech | companies know how encryption works. | | Similar bills have died several times in the US, if only because | there were actual experts available (aka, lobbyists) who could | tell them why this idea was dumb and impossible. | | It's hard not to see this following in the line of "right to be | forgotten" or "tracking consent" where legitimate concerns about | the language of the rules were completely dismissed as industry | noise. | s1k3s wrote: | I'd be happy if they understood what's written in their GDPR bill | passed 7 years ago. | pestaa wrote: | How do they not understand it? | ginsider_oaks wrote: | just give me the NSA putting backdoors in my chips rather than | this two-faced nonsense. ___________________________________________________________________ (page generated 2023-03-28 23:00 UTC)