[HN Gopher] EU Commission doesn't understand what's written in i...
___________________________________________________________________
EU Commission doesn't understand what's written in its own chat
control bill
Author : rc00
Score : 246 points
Date : 2023-03-28 18:25 UTC (4 hours ago)
(HTM) web link (mullvad.net)
(TXT) w3m dump (mullvad.net)
| bitwize wrote:
| They have to pass it to find out what's in it!
|
| Never go full American politics.
| obiwahn wrote:
| Maybe she is just saying that Google and Apple soft Keyboard are
| scanned and it does not matter if you use signal or telnet...
| mongol wrote:
| The podcast episode in Svenska Dagbladet (which is otherwise a
| very good podcast) was infuriating because the opponent and the
| host did not catch on to her ridiculous statements about
| encryption. She really needs to meet a journalist that can cross-
| examine her statements about this. She got away too easy there.
| tephra wrote:
| Knowing the opponent he indeed caught on but with 30 minutes
| (and most of that spent with Ylva) there's only so much you can
| do.
| Freeaqingme wrote:
| Someone commented something along the lines of 'but then how are
| we supposed to tackle organized crime'. As I typed the comment
| below the comment got flagged and I could no longer reply. Still,
| I think the bit below may contribute to the discussion. TL;DR; I
| think that as a society we should more often ask ourselves if
| something is actually worth fighting if it means sacrificing a
| lot of our human rights. That may not be a problem on HN, but it
| is one imho on a political level in many Western countries.
|
| There is not always a solution to a problem.
|
| Let's say you wanted to bring the number of car crashes to zero.
| Eventually there's nothing 'reasonable' left to be done, and the
| only remaining option would be to ban cars altogether. Instead,
| we accept a certain number of crashes because it's deemed more
| important to be able to drive a car than it is to bring the
| number of car crash fatalities to zero*.
|
| For example, in a country like Germany there are 0.8 homicides
| per 100K inhabitants. You could put _everybody_ under
| surveillance, just to have an easier job of finding the
| perpetrators. In the process there would be many false positives,
| wrongful imprisonments, etc.
|
| In order to preserve the rule of law, maybe it's sometimes best
| to accept that you cannot create the perfect society. At least
| not a society in which people who are innocent (the very vast
| majority) can also still enjoy their freedoms.
|
| Besides, I feel like the police has become somewhat lazy in many
| Western countries for the past 20 years. Before the rise of the
| internet, it was simply accepted that you couldn't know what two
| spouses had said to each other and you had to rely on good-old
| detective work. However, since things like Facebook Messenger,
| the cops expect to be able to get a warrant for all this data.
| That era appears to be slowly ending with E2EE, and all of a
| sudden they're struggling because those detective skills have
| slowly deteriorated.
|
| * To be clear, I think that in many countries there's still quite
| a lot of room for improvement to reduce the number of car crash
| fatalities. Not in the least in the USA.
| viktorcode wrote:
| She maybe don't understand technology, but I get the feeling that
| breaking or weakening p2p is not what she talking about. The
| scanning means scanning performed on the end devices, not of the
| communications. The idea is to force communication messengers
| providers to perform scan on end user's device.
|
| That, obviously, will fail, as many (including child predators)
| will migrate to messengers that don't do that.
| walkhour wrote:
| Reminds me of the senator that asked Zuckerberg how do they make
| money [0], and Zuckerberg simply said they run ads. What a way to
| use your questioning time, with something that was a google
| search away.
|
| [0] https://youtu.be/n2H8wx1aBiQ
| decremental wrote:
| Often the point of seemingly obvious questions like that is to
| have the person on record making that statement and potentially
| what they might omit.
| jll29 wrote:
| Don't believe vendors' lies about "end-to-end" encryption.
|
| If caught red handed, they will always say it depends on how you
| define where both "ends" begin.
|
| Do not trust a cloud service that you have not developed and
| deployed yourself.
|
| You may trust untrusted hardware with your encrypted content, but
| only if you have given it your content pre-encrypted by yourself,
| not trusted a third party to encrypt it on your behalf.
| Obviously, this excludes mobile devices.
|
| Do not trust a tree of certificates if you cannot trust the root
| certificate because it belongs to an organization that is in a
| jurisdiction where people may be interested in what you have
| written and said in your encrypted message.
|
| Don't trust old-school typewriters and the postal system either.
| Letters are routinely opened and typewriters can be matched. For
| example, the Stasi (secret police of the former GDR - German
| "Democratic" Republic) had an archive of type samples of all sold
| models of typewriters for re-identification of political
| pamphlets.
|
| You can trust a few things: You can trust your Linux box with
| your self-compiled kernel (no 3rd party drivers), at least as
| long as it is not on a network. To build a safe environment, you
| could start there, taking a defensive approach. Remember, last
| time the paranoid turned out to be naive when Snowden revealed
| the real status quo in 2013 (ten years ago, when I couldn't buy a
| 1 TB USB stick).
| tablespoon wrote:
| > Don't trust old-school typewriters and the postal system
| either. Letters are routinely opened and typewriters can be
| matched. For example, the Stasi (secret police of the former
| GDR - German "Democratic" Republic) had an archive of type
| samples of all sold models of typewriters for re-identification
| of political pamphlets.
|
| That's theoretical. I highly doubt _anyone_ extends that much
| effort to target typewriters anymore. The best they could
| probably do is match a series of messages to the same
| typewriter. Though they might not even be able to do that,
| because the law-enforcement skills to match typewriter
| documents to each other have also probably nearly completely
| atrophied.
|
| You're probably more likely to be caught by being the weirdo
| still buying typewriter ribbons.
| voxic11 wrote:
| > You may trust untrusted hardware with your encrypted content
|
| Couldn't someone still capture them from the untrusted
| hardware, wait until quantum computer technology is available,
| then decrypt them?
| beisner wrote:
| There are quantum-resistant encryption schemes.
|
| See: https://en.wikipedia.org/wiki/Post-quantum_cryptography
| Anonboxis wrote:
| Here is the Regulation in question:
|
| https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2022...
|
| https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb...
|
| Its full name is the: Proposal for a REGULATION OF THE EUROPEAN
| PARLIAMENT AND OF THE COUNCIL laying down rules to prevent and
| combat child sexual abuse
| mecsred wrote:
| Neither of those links are functional
| seydor wrote:
| The purpose of most eurocrats is to write long reports to other
| eurocrats justifying their time and expenses. It's normal to see
| people claim authority on things they have very little idea of.
| The recently-caught MEP who took bribes was apparently in charge
| of science and tech, AI & blockchain , and the things she would
| say in public were astounding.
| https://www.youtube.com/watch?v=ylCxsN3qlkU?t=5m30s
| cowpig wrote:
| Making cynical blanket statements about large groups of people
| doesn't do anything to address any kind of issue, and instead
| normalizes negative behaviors both within that group.
|
| Within the group, the more people believe that it's the norm,
| the less social impetus there is to address individual bad
| actors.
|
| Outside that group, people are less likely to treat people
| fairly if they are perceived to be part of a group of bad
| actors. How is someone making a positive difference supposed to
| navigate an environment where everyone assumes they are bad
| actors?
|
| Finally, pointing to a single case of someone who was arrested
| for corruption among literal thousands of bureaucrats does not
| make a compelling case.
| LudwigNagasena wrote:
| > How is someone making a positive difference supposed to
| navigate an environment where everyone assumes they are bad
| actors?
|
| By increasing transparency and accountability.
| zaphar wrote:
| I have observed multiple instances where someone had
| proposed that and been shorted down by the crowd e saying,
| we don't believe it trust you because you (work in govt,
| represent a company, are in $political party). Clearly that
| doesn't work.
| fnmron wrote:
| [flagged]
| seydor wrote:
| i m not within that group -- very few people are within that
| group and the vast majority are unelected and unaccountable
| to us. I m not the only one complaining about the brussels
| bubble. dont try to shift the blame on us
|
| my experince with eurocracy is from projects i ve
| participated in
| lwhi wrote:
| No.
|
| You're making a politically motivated comment, that
| involves your opinion more than fact.
| seydor wrote:
| the EU is a political organization so , yes? having an
| opinion is allowed , but like i said there is no way to
| express it somehow. In fact i usually learn about EU
| regulations affecting my business from hacker news
| hilios wrote:
| The EU does public consultations, usually years in
| advance. If those regulations are affecting your business
| it might be worthwhile to check their site every once in
| a while.
| actually_a_dog wrote:
| I don't see any facts coming from you, either.
| ClumsyPilot wrote:
| > are unelected and unaccountable to us
|
| Elected ones are so accountable - lets see
|
| 1. Iraq war - Tony Blair mislwd parliament, as cobcluded in
| official report, not held to account
|
| 2. 2008 - noone held to account
|
| 3. Brexit campaign broke electoral law - noone held to
| account
|
| 4 - Covid responce in UK involved handing out billions to
| political donors for PPE that did not meet legal
| requirements and so was burned.
|
| 5 - Trump...
|
| In fact I striggle to think of a recent disaster that was
| caused by a civil cervant or eurocrat
| livelielife wrote:
| your response contains some very valid points around the
| dynamics of groups with bad reputations. You point out real
| negative consequences.
|
| But you misidentify the group being criticized. it's not euro
| bureaucrats.
|
| it's literal morons who take ownership and responsibility
| over things they don't understand well enough to even
| surround themselves with advisors who know what they're
| talking about.
|
| I've seen this attitude from many very wealthy people, a
| willingness, a bravado even, to be ignorant about what they
| do for a living, e.g. I met a dude who told me had a software
| business, but he didn't even know what programing language
| his own property was written in.
|
| what really sets me off is their unwillingness to find out.
| (oh, and that this are the kind of people at the top of our
| society)
| [deleted]
| akomtu wrote:
| I bet Ylva didn't even write it. She's just a talking head for
| those who don't want visibility.
| A4ET8a8uTh0 wrote:
| I wish I could believe that the individual is just a useful
| idiot. Part of that rhetoric mostly works in US too, where I
| kinda place the blame on the old guard for not understanding
| technology, where it is not exactly given that they do not.
|
| edit: From where they sit ( position where they have to champion
| this effort ), it is just not part of the equation that is
| relevant to them so any means to get public on your side even
| with comments about sniffing is justified. HN will ridicule it,
| but a lot of people will swallow it wholesale.
| Waterluvian wrote:
| This is more common than the opposite.
|
| I'm reminded of that recent embarrassing display of US government
| where the TikTok CEO was peppered with the kinds of questions
| that betray the fact that the congresscritter doesn't comprehend
| the topic.
|
| If they wanted real answers they'd say, "I yield my time to this
| SME I brought in." But they're just there to look tough on
| whatever.
| raverbashing wrote:
| Pretty much that. Your average politician on this side of the
| pond is not much better than the ones on the other side
|
| And to be even more honest, technical people have a very hard
| time getting their point across non-technical people and
| engaging in politics
| ben_w wrote:
| Perfect use case for ChatGPT.
|
| Sure, I'd be as surprised as anyone else if it could straight
| up write good laws, _but it can almost certainly talk in
| political jargon better than any of us software developers
| can manage_.
| bbarnett wrote:
| _Perfect use case for ChatGPT._
|
| You lunatic!! You have damned us all! The genie, it is
| released, the bottle broken, forever unstopped.
|
| PoliticianGPT, oh the humanity!
| ouid wrote:
| You don't need to be a subject matter expert to understand how
| encryption works. E2E can be explained to an 8 year old. The
| problem is that the skills selected for in politicians is the
| same as the skills selected for in non-venomous snakes, ie,
| their resemblance to venomous snakes, without the metabolic
| overhead of actually producing venom.
| ben_w wrote:
| I don't understand your metaphor.
|
| > E2E can be explained to an 8 year old.
|
| Can.
|
| Also, the main problem here isn't explaining the tech itself
| (although the quotations in the link indicate this is _also_
| a problem), but rather explaining why it 's (a) actually
| good, and (b) impossible to prevent even if it wasn't good.
|
| But even if it was the tech itself, most people don't have
| maths skills and fundamentally don't (care to?) think
| logically.
|
| When I was a kid, I couldn't understand why the adults kept
| joking about why it was so hard to stop the VCR from flashing
| 12:00 when I found it trivial.
|
| (I think we're getting to the point where you could run an
| image detection process on the display itself, totally
| circumventing any encryption. This will have a lot of
| consequences that are totally obvious and yet it may be done
| regardless).
| willtemperley wrote:
| Funny - the European Commission told its staff to "Switch to
| Signal messaging app" in Feb 2020:
|
| https://www.politico.eu/article/eu-commission-to-staff-switc...
|
| I wonder what changed.
| 12j1l2io3 wrote:
| The only useful laws eurocrats created were "Digital Markets Act"
| and "Digital Services Act". So now Apple will finally be
| penalized for their antihuman practices, like promoting bullying
| and mobbing against non-apple (android) users across teenagers.
| 12j1l2io3 wrote:
| https://www.wsj.com/articles/why-apples-imessage-is-winning-...
| throwaway426079 wrote:
| Is there any legitimate purpose or utility to the user in
| that green bubble?
|
| I'm an Android user with no knowledge of iMessage.
| ulimn wrote:
| If I write a message to someone, them being blue or green
| means I will either pay for the message (sms) or it's free
| (iMessage).
| prophesi wrote:
| And to piggyback off this, to have an iPhone is often a
| status symbol for teens or some societies. So whether you
| know anything about iMessage or not, a teen with an
| Android phone may be heckled when their iPhone recipient
| sees a green bubble.
| max51 wrote:
| This is so common (not just in the EU) that it makes me feel like
| it was done by design in a lot of cases. By creating these
| massive overcomplicated bills, they make sure only a handful of
| individuals are capable of reading them and the rest of us
| (including other politicians) will never read them and instead
| have to rely on faith. It feels to me like they want to give you
| the illusion that it's all open/public but at the same time they
| don't want other people to read it. The fact that even the
| politicians signing on it can't understand it should raise a lot
| of red flags.
|
| We should treat them the same way that an anti-virus treats
| "safe" code with payloads that are obfuscated using techniques
| also used by viruses (a big reason why you get false positives on
| cracks and keygens btw). We should assume that they are trying to
| hide something they don't want us to see when they make their
| bills extremely hard to read even for lawyers.
| Dalewyn wrote:
| Legalese is like that thanks to a long history of people
| looking for and abusing any and all loopholes.
|
| That led to the natural conclusion of legal words holding
| standardized definitions that might differ from common
| understanding, and extreme specification of all details in an
| effort to preemptively close off any and all loopholes.
|
| Anyone who tries to make legalese simpler finds themselves
| immediately torn asunder by the aforementioned people looking
| for and abusing any and all loopholes as lawyers and those who
| learned the hard way look on shaking their heads.
| max51 wrote:
| I have no problem with the vocabulary itself and most of the
| Legalese. I try to use more of it in my documentation
| because, as you mentioned, it has less room to interpretation
| and loopholes compared to more commonly used phrasing.
|
| My problem is when they take what should have been a simple
| table with a few columns and turn it into a 9-line long
| sentence with triple negations, exceptions to the exceptions
| to the exceptions and abusing references to other sections to
| create these puzzles that are very hard to solve. If they
| need it for some reason, they should also provide the easy-
| to-read version alongside it. I would prefer that the easy
| version came from the same people who wrote the original bill
| instead of a college textbook or a journalist relying on
| second hand information because he also can't read it
| properly.
|
| Mixing multiple unrelated subject into a single bill is also
| completely unnecessary from the pov preventing loopholes.
|
| When it gets to the point that even the people voting on it
| can't understand/read it, something needs to change. How do
| you know they didn't slip in intentional loophole? Even with
| a well intentioned politicians, the intern typing it could
| sneak something in.
| goobma wrote:
| [flagged]
| favsq wrote:
| The fact that something needs to be done does not mean that
| this needs to be done.
| s1artibartfast wrote:
| Sometimes the cure is worse than the poison. You don't need a
| better proposal to condemn one
| alphanullmeric wrote:
| Not surprised to see EU residents defending the redistribution
| of consequences, it really is their bread and butter after all.
| rcoveson wrote:
| It is sufficient to demonstrate that the a proposal is worse
| than the status quo. A problem doesn't demand an immediate
| resolution just because somebody proposed a bad solution.
| jjulius wrote:
| Having a solution is not a prerequisite for providing
| criticism. It is okay to see a flaw but not yet have an answer.
| goobma wrote:
| No but it makes it an empty criticism. It's like the
| activists who say "abolish the police!" but either have no
| insight into or are deliberately ignoring why the police
| exist, and have no ideas regarding who would perform the
| equivalent function instead.
| AnimalMuppet wrote:
| Here's a real problem. Let's call it X. Someone proposes a
| solution: "Let's do Y!". It is perfectly valid criticism to
| say that _Y doesn 't actually fix X_.
|
| I don't care if that counts as "empty criticism" by your
| definition. If someone proposes a solution, it's perfectly
| valid criticism to point out that the "solution" doesn't
| actually _solve_.
| CP3f6kMA wrote:
| We are very aware of why police exist.
| delecti wrote:
| I think you must not have interacted with many people who
| advocate for police abolition. Even just googling "abolish
| the police" returns a page full of results of various
| proposals, with detailed breakdowns. It's quite simple:
| just how we don't call the police for house fires or heart
| attacks, there are a large variety of other societal
| problems which would be better served by more specialized
| (and less heavily armed) services.
|
| Also, police exist to protect capital, not us. It evolved
| from slave catching forces, and does relatively little to
| prevent or solve most crime.
| jjulius wrote:
| >It's like the activists who say "abolish the police!"...
|
| I would also caution you to focus less on these kinds of
| catchphrases and more on the crux of their message[1] (and
| I should point out that this applies to any kind of
| movement), lest you not see the forest for the trees.
|
| [1]https://news.ycombinator.com/item?id=35346925
| WhereIsTheTruth wrote:
| That's indeed quite worrying, this plus the American Cloud Act
| means online privacy is at risk..
|
| I wonder why Mullvad doesn't complain about the American Cloud
| Act, or did they already? Mullvad employees could be extradited
| to the US if they do not comply (opening up your servers for
| example), since it's a bilateral agreement with the EU
|
| It's a pretty dark era ahead of us:
| https://www.justice.gov/criminal-oia/cloud-act-resources
| legitster wrote:
| For all the faults that lobbying brings with it, there is
| something to be said for actually bringing in outside experts
| into the legislative process. You can seek intellectual purity
| all you want, but at the end of the day you are going to have to
| have _some_ trust that farmers know where seeds go and tech
| companies know how encryption works.
|
| Similar bills have died several times in the US, if only because
| there were actual experts available (aka, lobbyists) who could
| tell them why this idea was dumb and impossible.
|
| It's hard not to see this following in the line of "right to be
| forgotten" or "tracking consent" where legitimate concerns about
| the language of the rules were completely dismissed as industry
| noise.
| s1k3s wrote:
| I'd be happy if they understood what's written in their GDPR bill
| passed 7 years ago.
| pestaa wrote:
| How do they not understand it?
| ginsider_oaks wrote:
| just give me the NSA putting backdoors in my chips rather than
| this two-faced nonsense.
___________________________________________________________________
(page generated 2023-03-28 23:00 UTC)