[Shadonototra]

nobody prevents you to use mozilla certificates, you do what you want with your love and dependency on mozilla

i want americans to mind their own business instead of trying to lobby in both EU/Asia by impersonating identities like with this .eu domain, what a trustworthy behavior btw ;)

> Cool. I trust the engineers at Mozilla far more than the politicians in EU.

> You can’t mandate or legislate security from the parliament. It takes hard work, skill, education, experience, luck and visibility.

nobody said nor want that, you should read the original articles instead of this propagandized website

[randomhodler84]

I think you will find many global corps are actually multinational and have presence and thus effected by braindead laws coming out of the EU. We live on a shared internet plane, we cannot let EU do stupid things that break the internet. You may wish to look at restrictive internet legislation by countries is an attack on the world. It’s not US corp vs EU politicians. It’s EU politicians against earth internet users.

[xg15]

Actually, it very much is EU politicians against US politicians thanks to the CLOUD act. US already has the power to force Mozilla to include whatever root certs they want.

[tzs]

People tend to think that the CLOUD Act did a lot more than it actually did. The CLOUD Act did two things.

First, it amended the Stored Communications Act (SCA) to clarify whether requests issued under the SCA were more like warrants or more like subpoenas.

Roughly, a warrant authorizes law enforcement to do something they normally would not be allowed to do, like search a place or seize something.

A subpoena authorizes law enforcement to make someone else do something, like make someone to give law enforcement a copy of a document that is under that person's control.

This didn't expand any US government powers. It just clarified what existing power applied when asking for data. In particular it had nothing to do with asserting US jurisdiction extraterritorially, which is what a lot of people seem to think it was about.

Second, it made it easier for the US to enter into agreements to share data with foreign governments. Previously this had to be done through something called a "mutual legal assistance treaty" (MLAT). The CLOUD Act authorized the executive branch to make data sharing agreements, which is much more streamlined but also has much less oversight.

There was nothing really controversial about the first part. Pretty much every major country claims similar powers to require people in their country to turn over documents to the government as part of criminal investigations.

The controversial part was the second part. Many felt that it would allow the government to easily enter into data sharing agreements to get data without needing a subpoena or warrant, thus bypassing the courts and so effectively stripping away Fourth Amendment rights.

[xg15]

Thanks a lot for the in-depth explanation. I admit, I didn't know a lot of the context, in particular the clarification between warrant and subpoena.

> This didn't expand any US government powers. It just clarified what existing power applied when asking for data. In particular it had nothing to do with asserting US jurisdiction extraterritorially, which is what a lot of people seem to think it was about.

Not a lawyer or expert in that area, but my understanding why specifically people in the EU were so upset about it (including ECJ judges apparently) was that this effectively did extend US jurisdiction - simply by virtue of US companies being active internationally, specifically tech companies.

The overwhelming part of all internet activities in the EU are facillitated through US companies (or local subsidiaries of them). This includes a large part of intra-EU activities. So if one german citizen writes another german citizen an email, chances are very high that email will be stored on a Google server - or at least on a server of a german subsidiary of Google. This makes the CLOUD act relevant to EU citizens, even though technically, the obligations of Google under it are a purely domestic affair.

So if the CLOUD act gives US agencies the power to subpoena Google to retrieve data about non-US citizens - while Google is effectively running large part of the internet for other countries - then that does feel a bit like extension of jurisdiction.

(It technically isn't, and to my knowledge the ECJ wasn't arguing that it was. The ECJ simply argued that Google's obligations under the CLOUD act are incompatible with Google's obligations under the GDPR. So something's got to give)

Going back to the beginning of the thread, I have to admit though, I have no idea if the CLOUD act would give agencies the power to force inclusion of certain root certs. So I take that back.

[tzs]

It can help to understand the jurisdiction issues to think of an analogous situation but with paper records instead of digital records. Consider this scenario.

I have a company that operates a business in the US. I keep records on paper in filing cabinets at my office.

I decide to archive some records offsite. I do this by engaging the services of a storage firm that operates a vault in an old mine in a remote area. To store records I ship them in a box to the storage firm, which slaps a barcode on the box, assigns it to an open spot in the vault, and puts the box there.

If I ever need the records I ask the storage firm for them, they look them up in their records to find where they are in the vault, retrieves the box, and ships it to me.

I later want to archive more records, and I do the same thing except this time I use a different storage company. It works the same way--they store boxes I send them, and ship those back to me upon request.

The first storage company is somewhere in the US. The second storage company is Mexico.

Suppose the US government wants to look at some of my records. If they want to get warrants to seize those records themselves by going to where they are stored (my office and/or the storage vaults) a US court would have jurisdiction to issue such warrants for the records in my office and the records in the storage vault in the US. For the records in the vault in Mexico they would have to go through whatever Mexico's procedure is to get the records seized.

They need to go through Mexico for the Mexican vault because they are trying to force someone in Mexico to do something they have no obligation to do. They want someone to go into the vault and seize the records.

If, one the other hand, the government gets a subpoena asking me for the records which in order to comply with I'll have to ask the vaults to send me the records, no one in Mexico is being asked to do anything other than provide the service to me that I hired them to do. The Mexican government does not need to be involved, and has no interest in being involved because what is happening in Mexico is just normal operation of the storage service there.

The situation with Microsoft that prompted the CLOUD Act was similar, although the records weren't archived records. Microsoft in the US operated an email service. They stored the email at various cloud providers around the world. One of those cloud providers was an EU company that was owned by Microsoft but separate from the Microsoft owned US company that provided the email service. The US Microsoft email company's relation with the EU Microsoft cloud storage company was simply that of a customer that bought their storage service.

The US Microsoft email company had the right to retrieve any data it stored at that cloud service (or at any other cloud service it used) at any time. Nobody at the cloud storage company would have to be involve or even aware when this happened. To them it is all just customers using the storage APIs to access the customer's data.

There are GDPR issues, but note those same GDPR issues would also apply if the US company was storing data about EU people in cloud storage that was entirely in the US (their own or at a separate US cloud provider whose servers were in the US).

[Shadonototra]

voted by europeans

nobody voted for mozilla, they hold their position by selling their userbase to google

if that's what you want to trust, be it, trust them

we should have alternatives for the people who do not want to trust such entity doing shady things like political interference in foreign countries

> We live on a shared internet plane

another reason to not trust an entity that is selling its userbase to the most evil company on the internet and is also selling ads to people's browser ;)

your avidity made you loose all sight, you also lack critical thinking

[randomhodler84]

Avidity is a strange word, I don’t think I have ever seen it before. It exists in English, but it is a French loan word. I believe your perspective is one of someone in France. I am personally located in NY, but cannot vote. I have not been able to vote for over a decade in multiple countries now, and don’t really believe in it anymore.

I don’t really care if every EU citizen voted to make math illegal. While there is sanity elsewhere, and an internet exists, we can route around the madness.

[Shadonototra]

I am not French, but i read a lot, i like nice words and their etymology

Nourishing yourself from multiple cultures would help you a lot developing critical thinking

You are stuck defending mozilla no matter what, fanboyism gets you nowhere, it makes you blind

> I don’t really care if every EU citizen voted to make math illegal. While there is sanity elsewhere, and an internet exists, we can route around the madness.

You'll remember that when times will make you want to go back in time and hope for an alternative path

[randomhodler84]

Buddy, you have accused me of lacking critical thinking twice. I believe you are projecting. Critical thinkers generally don’t reduce an argument to “evil corps”.

I’m intrigued by why I would want to go back in time?

[Shadonototra]

I never said i am a critical thinker, i said you lack critical thinking

Maybe i perceive wrong, maybe you perceive right, you tell me

> I’m intrigued by why I would want to go back in time?

Read between the lines, here it's me projecting, i vow apocalypse and destruction