[Humorist2290]

> Chat Control would make it mandatory for all service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan all communications and all files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."

I wonder why there has been such silence on this, with the exception of a handful of well written blog posts. The scope of such a dragnet, the economic impact, the societal damage, all seems rather broad. Yet why don't any major operators in the EU take a stance? Is it really so below the radar, or being kept so below the radar?

Just the network egress costs to whatever state sanctioned scanner gets built will in aggregate probably exceed a few hundred MEUR yearly.

[CGMthrowaway]

> I wonder why there has been such silence on this

Yes, I would think that if there were any real journalism left, they would be all over this. For the sake of their profession, and the protection of their sources.

[m463]

Cory Doctorow points out a lot of things: https://pluralistic.net/

But I don't think mainstream journalism points out computer nonsense because they're so intertwined with it all.

I mean, "we have a surveillance state" first points to "advertising" which is their revenue stream.

[conductr]

Quite the leap IMO, I actually think the strongest defense of the status quo is pointing out how much worse things could be

[docmars]

This has been used as an effective way to gaslight people with concerns about government censorship or surveillance, especially when 2020's myriad lies and sociopolitical events ensued.

[HPsquared]

Maybe it's safer not to say anything.

[mr90210]

Safer for whom?

[reactordev]

The news outlet

[godelski]

In the moment, yes. In the long run, no.

[KetoManx64]

Majority of news outlets have government subsidies of one sort or another, I wouldn't be surprised if those are the things keeping a lot of the legacy outlets in the green.

[api]

Big tech would be for this -- it would create a huge moat in terms of costly and complicated compliance overhead that would keep small challengers and startups out.

Complicated or costly regulation is a regressive tax -- it affects smaller companies a lot more than larger ones and tends to prevent new entrants to a market.

[Humorist2290]

That's exactly my point though. Google, AWS, Meta etc all stand to gain from this. But plenty of middle tier providers are entirely silent even if it poses a potentially existential threat. Some people are going to get rich from this of course, but many will be ruined.

And that's before even accounting for the lives to be destroyed by a blurry photo of a tree being classified as abuse material.

[varispeed]

This is because they are one audit away from being off the market. This is how companies stay silent in authoritarian regimes. One wrong comms and company is toast.

[marcus_holmes]

Except that it creates a market for circumvention tech that would also cut Big Tech out from understanding what its users are saying to each other.

Age restriction laws don't stop underage folks from doing anything, they just increase the market demand for VPNs, and improve VPNs so they get less easily detected. The net result is that platforms can't use IP addresses to meaningfully infer anything about their users.

Same with this. This legislation will create a demand for private encryption tech that isn't part of the platform. Someone is going to provide that and make money, and in the process may remove the demand for the platform in the first place.

I get the logic you're talking about, and agree that they must be thinking this, but it's very short-sighted.

[ortusdux]

I hadn't thought of the regulatory capture implications. As if this could not get worse.

[spwa4]

Add to this that law enforcement is human, and famously opposed to checking their members. Resulting in things like this:

https://www.heraldnet.com/news/investigation-seattle-cop-use...

https://www.kansas.com/news/politics-government/article29105...

If the lowest level of law enforcement can figure out how to use the system for this, imagine what a government ministry can do.

[blitzar]

Big tech would be for this - because they already do it

[BoredPositron]

Fatigue? We are fighting this with different names since 2002. I guess normal people just can't hear about it anymore and that's probably on purpose.

[jonaharagon]

Totally. This is exactly the problem with things like Chat Control in the EU and KOSA in the US. They will just introduce the same bill over and over and over again until they get the desired result.

What we need is for legislatures to pass "NO Chat Control" and "NO KOSA" bills that specifically block this behavior, but unsurprisingly governments don't seem to be too keen about limiting their own rights, only those of their citizens.

[Geezus_42]

Attackers only need to win once. Defenders have to win every round.

[Uupis]

I think I like this phrasing. Thank you!

[anikom15]

In Britain, such a thing is not even possible because no Parliament can limit the power of a future Parliament.

[jonaharagon]

True, and this is also the case in many other countries. Even if it is revocable by future legislation though, having pro-privacy laws on the books to prevent the current executive powers-that-be from abusing them would still be helpful.

[tormeh]

You mean enshrine a right to messaging privacy in a constitution? That's going to be difficult.

[AnthonyMouse]

A lot of these laws are now attempting to apply extra-territorially, e.g. to servers and companies in the US just because people in the UK are connected to the same internet, with punishments meted out if any part of that company does any business in the UK even if it's unrelated.

It might be interesting to go the other way: Get it put into the constitution of a major country that these kind of backdoors are banned world-wide and you can't do business in that country if any part of your enterprise implements them anywhere else.

To begin with this would make it harder to pass laws like this in other places -- domestic companies with international operations would put up stronger opposition because it would compromise their ability to do business elsewhere, and legislators might actually be concerned about that. And then on top of that it would force the companies to choose which subset of the world they want to operate in, allowing people in oppressive countries to pick up uncompromised devices from the places where compromised devices are banned.

[nine_k]

The US constitution already has a provision against unreasonable search properly enshrined, and well tested in courts. Things like KOSA can be rejected as clearly violating it.

The EU does not seem to have such simple and ironclad norm.

[tremon]

Ah, that constitution must explain why we never see people being abducted in broad daylight by goon squads in the US, right? Because anything that clearly violates the constitution would obviously never happen there. Because you're the best country. The greatest.

For reference, the EU does have an equivalent norm: https://fra.europa.eu/en/eu-charter/article/7-respect-privat...

[beeflet]

I'm not sure if the 4th amendment applies to deportation of non-citizens, and secondly you would have to take it to supreme court to find out.

In comparison to the US constitution, EU "norms" might as well be toilet paper. For example, they have some notion of "free expression" which sounds like free speech but is defined to be so weak as to be useless. The european public broadly does not seem to care, they certainly aren't willing to kill for their rights.

[BrenBarn]

Other commenters already mentioned that the current situation in the US shows how fragile this "ironclad" norm is. Aside from that, though, the fourth amendment wouldn't necessarily prevent a law that requires companies to scan the data and creates certain liabilities if they don't. The weakness in the US's version of such "rights" is that none of them are actually guarantee that any individual rights are to be protected against all comers; they restrict the government from doing certain things but allow private actors to do those same things.

[jeremyjh]

This means nothing when the Supreme Court is playing Calvinball. It turns out a constitution has zero value if you purchase the highest courts.

[asdff]

Do you imagine the current SCOTUS stepping up to bat for the common person in the face of three letter agencies and federal autocracy?

[jonaharagon]

I mean that'd certainly be nice, and it is also their only job, but even if they wanted to do it in regular legislation that'd be better than nothing.

Make a law that says companies have to protect the data of their citizens without the possibility of any intentional backdoor, perhaps. Make a law that says companies can't require people to dox themselves with ID scans simply to use a publicly available internet platform that provides no services in the physical world. Make a law that says OS developers can't create client-side scanning services that upload results off-device without revocable user consent.

[fbhabbed]

We already have a such thing in Italy - Constitution (the highest hierarchy in law here), article 15.

Since decades.

[asdfasvea]

You've not been paying attention. Laws can be undone easily with laws.

Pass your 'no KOSA' law. And then when they want KOSA, they just pass KOSA with a sentence that says this KOSA law supersedes prior 'No KOSA' laws.

You need to limit their power to do that and the only way is constitutionally.

[godelski]

No security is perfect, you can only create walls and speedbumps. It makes it harder. You're right, limit the power, but that doesn't mean you can't do both. The latter is much harder

[allenrb]

It’s this. Even when an effort fails, there are no consequences for the politicians behind it. Nobody gets voted out of office. Nobody loses power. All they need to do is wait a year or two or five and try again. Eventual success is almost guaranteed.

Trust only software and systems you control and even then, approach with a hefty amount of side-eye.

[nullc]

the price of Liberty is eternal vigilance

[tremon]

And periodically washing the streets with the blood of tyrants. People always seem to forget that part.

[Y_Y]

Of course nowadays it's much cleaner and less sticky to use synthetic tyrant blood

[01HNNWZ0MV43FF]

It's hard to reach normal people, too. At least here in America the right wing has consolidated a lot of propaganda power into cable news like Fox

[beeflet]

Blast! Those propagandists will soon have an iron grip over every nursing home in the country that forgot to cancel their cable subscription.

[ToValueFunfetti]

Cable everything is dead. FOX is doing relatively well, but they reach maybe 1% or 2% of the population, and presumably that's almost all already unshifting right-wing people. I'm not saying it's impossible that it's a propaganda power center, but I don't personally know how that would work. It feels like a leftover enemy from the early 2000s that just doesn't make sense post-internet.

[icameron]

"According to data from Nielsen, Fox News — from the period spanning June 20 through Sept. 1 — finished as the no. 1 network in all of broadcast television during the primetime hours of 8-11 PM. During those hours, Fox News averaged 2.43 million total nightly viewers in primetime — topping ABC at 2.38 million, NBC at 2.21 million, and CBS at 2.03 million. It is the second time in the network’s history they accomplished that feat — with the other coming in the summer of 2020."

Whlie it sounds accurate that maybe 1-2% of the population watches it live, it is also the most highly rated and influencing "news" outlet in the US. Their reach is far deeper than 1-2%. It gets retweeted, talked about, and trickles down. It sure seems like at least 1/3rd of the population has a FOX brainworm infection. I've seen in on 24/7 in hotels and some sport bars or restaurants too.

[switchbak]

"It sure seems like at least 1/3rd of the population has a FOX brainworm infection" - you had me right until you pulled this completely out of thin air.

All the main news outlets totalling less than 9 million viewers? That's not compelling at all.

[icameron]

Appreciate it- thanks for the feedback. I was admittedly being inflammatory, much in the spirit of the network we are discussing. In my perception it was not always this way and when it first came out I remember liking it. It was generally "fair and balanced" as their slogan was (they dropped it around 2017 when Obama left the WH). I have only been paying attention the last 30 years or so, and what started with AM radio on the fringe seems to have become mainstream in the last 25 years since 9/11 basically and has accelerated to the point we are at now in the US.

[bongodongobob]

Exactly. Come to the Midwest and you'll see Fox News on in bars, oil change waiting rooms, dentist offices, etc. The other thing to keep in mind is that thanks to the electoral college, that percentage of viewers translates to a higher percentage of electoral votes.

[AnthonyMouse]

> The other thing to keep in mind is that thanks to the electoral college, that percentage of viewers translates to a higher percentage of electoral votes.

Except that it's the opposite. The Dakotas are over-represented in the electoral college but getting them from 60% Republican to even 99% Republican wouldn't gain them a single electoral college vote. Meanwhile states like Michigan and Ohio where changing minds could change outcomes are under-represented in terms of electoral college votes.

But the vote allocations are the least impactful part of the electoral college. If you got rid of the +2 electoral college votes for each state independent of its population, votes in Arizona would still matter more than California. The primary thing the electoral college does isn't to give red states slightly more power than blue states, it's to give swing states dramatically more power than safe states.

[ToValueFunfetti]

If I gather right-wing propaganda retweets, what fraction do you think will be retweets of FOX clips versus retweets of a right-wing propaganda twitter account? I don't have a methodology in mind, but I'm curious and will come up with something if you think substantially higher than me (<10%). I don't see why anyone would center FOX in the current media landscape. Musk alone has more than an order of magnitude more reach.

My understanding is that Nielsen does track what people encounter at hotels etc. (though only recently), so that should be included (?)

[BrenBarn]

But what about all the re-presentations of the same content in YouTube clips, etc.? It's true that cable as a delivery mechanism is declining but that doesn't necessarily mean stuff like Fox as a content source is declining in influence.

[mr_toad]

Having the service provider handle the encryption is very convenient for the users. And, it turns out, the government.

[Humorist2290]

Sure, but the way this was written it also includes everything from Gmail to root access servers hosted by Hetzner. Gmail has been doing this for years, but (I assume) not Hetzner. If even hosting providers are dragged into this the scale grows dramatically. Can Hetzner really not even be bothered about having to comply with such ridiculous requirements?

To give a simple example: imagine a script that constantly dumps /dev/urandom into JPG-like files nonstop onto a 16 TB disk, then repeats. I've seen enterprise systems that aren't so dissimilar. If indeed the EU commission wants all files scanned, then will Hetzner need to spy on all of their machines at least enough to check for compliance? I'm guessing their board members think it can't possibly be so dumb, or stand to gain handsomely and privately.

[Tixx7]

Its obviously not broadly announced, they're silently trying to push it through. But its also fatigue, Chat Control or the same thing under a different name is a thing the EU has been trying to push for a couple years. Every time the internet complains, somtimes on a larger scale, sometimes just the privacy niche and until now it luckily has always failed because not enough member states agreed on it. They will try until it goes through.

[munksbeer]

> Chat Control or the same thing under a different name is a thing the EU

Correction, not the EU, the member nations.

[port11]

I agree with most reasons others have pointed out (fatigue, lack of good journalism, deplatforming, alienation…).

Another one: it's holiday season, a clever time to get things through.

Another one: most EU parties stand for it, even my usual go-tos, namely Greens, S&D, and The Left.

[mbrochh]

Time consider your party affiliation then.

[port11]

I'd love to, but we're very limited right now. The right-wingers aren't exactly against Chat Control either; or some are but also voted against very good legislation. The EPP is so corrupt it makes the Balkans seem clean. What's left? I'm not a single-issue voter.

[moffkalast]

We've been mostly deplatformed for any kind of organized action against it, there's just writing an email to your MEP or... a change.org petition. Yes really. Nothing official one could sign their name under.

But even so, the commission does whatever it wants anyway, they are complete autocrats when it comes to law proposal, it's up to the parliament and the courts to something about it afterwards. And they should given that it's unconstitutional in many EU countries and incompatible with GDPR as it currently exists.

[gmueckl]

Any EU citizen also has the right to petition the EU parliament directly.

[Saline9515]

Which is totally useless. Various lobbies have infinite money and time, unlike citizens.

[api]

Would it be correct to compare the EU's autocratic pronouncements to Presidential executive orders in the US? In the sense that they can pass whatever they want with little feedback but then the courts can tear them apart?

[pas]

It's ridiculously different, there's no single person or country that can do anything like that

there are multiple ways to make EU law, there are regulations (that apply directly) and directives that member states need to implement (basically ratify)

the Commission proposed something and then the Council votes on it and then there's the EP which votes on it

this one is a regulation proposal

https://en.m.wikipedia.org/wiki/Regulation_to_Prevent_and_Co...

the treaties have some areas that are under "Special legislative procedures" where the EP cannot propose amendments, but still has consent power, but in some cases like internal market exemptions and competition law only consultation right

https://www.consilium.europa.eu/en/council-eu/decision-makin...

[varispeed]

Why this even got to a stage of being official?

It's something a Nazi regime would implement today had it existed.

There is no one in the EU that would tell those people are you fkin insane and give them a sack?

[supermatt]

I assume from your comment history you are from the USA.

It’s surprising how quickly you have forgotten CISPA, EARN IT, etc - which were much more invasive proposals than chat control (slurping of all data of everyone, not just client side scanning for csam).

Of course, now you just cram unrelated shit into “big beautiful bills”, speed it through with minimal oversight using loopholes, and hope no one will notice. Has no one told you how fkin insane that is?

[pas]

because we still live in the shadows of those times, unfortunately.

there is at least one very bad quasi-dictatorship in the EU, Hungary, where "protecting the children" is used as the perfect propaganda slogen, but when it comes to holding abusers accountable, things are 240% farcical.

https://en.wikipedia.org/wiki/Katalin_Nov%C3%A1k_presidentia...

https://en.wikipedia.org/w/index.php?title=G%C3%A1bor_Kaleta...

and of course Hungary supports this. who would have thought.

[tpm]

Not at all, the Commission and the Council together can do a lot but it's important to understand both are collective bodies formed by governments of member states and can only act in some limited areas (defined very exactly by the various treaties). But then most of the important decisions have to be approved either by the directly elected Parliament or by all national parliaments (like some international agreements). And that's for legislation that doesn't have to be transposed into national law (can be applied directly), but most of the legislation has to be transposed and the member states have some leeway there.

[kypro]

Not really.

Unlike the president the EU commission are unelected and the commission is the only branch of government which can propose laws, however they can't force anything through in the same way the US president can with an executive order (it must go through parliament).

I guess it's good/bad, but in different ways to the US. It's bad in the sense EU citizens can't elect the people proposing their laws, but it's good in the sense that the commission can't just force things through without approval from the parliament which consists of MEPs which europeans elect.

As far as I'm aware the courts function in more or less the same way. Here in the UK parliament is sovereign and therefore can overrule any court decision with new law. This isn't true for the EU and I believe it also isn't true in the US.

[somewhereoutth]

The EU Council is the highest body in the EU (not the Parliament, especially not the Commission - who are basically the civil service or secretariat for the EU).

The EU is founded on the pooled sovereignty of the member states (unlike in the US, where the reverse is the case). The Council represents those member states (each has a seat), and so holds this pooled sovereignty.

[supermatt]

> they can pass whatever they want

The EC can’t pass anything.

[munksbeer]

> But even so, the commission does whatever it wants anyway, they are complete autocrats when it comes to law proposal

For anyone reading this drivel, this is a complete misrepresentation of how the EU works. The commission changes and is appointed by the elected heads of the member nations to do their bidding. The push for chat control is coming from the member nations, not some "evil mysterious third party" that appeared out of nowhere to control us all.

People who don't understand the EU and resort to blaming it for these sort of problems are actually causing more harm, because they're directing people's anger at the wrong targets. Target your own elected officials, because they are the ones pushing for this and the ones who steer the commission.

[egorfine]

> why there has been such silence on this

Government trying to break your privacy is routine at this point.

[JoshTriplett]

Among many other reasons: because the proponents are using the usual "think of the children" tactics to impugn and libel the opposition.

[chairmansteve]

Anybody who thinks they have online privacy is deluded. Regardless of Chat Control.

[freddyym]

It would appear that you suffer from acute privacy nihilism [0].

[0] https://www.theatlantic.com/technology/archive/2018/08/the-a...

[chairmansteve]

I would call it despair.

[beeflet]

Wowee! Good point sir, might as well hand all of my rights away because they are sometimes infringed already.

If you give away something for nothing, that usually means you're a sucker. But it takes a real genius to justify giving everything away for nothing.

[petertodd]

Nonsense.

If online privacy was that impossible Ukraine couldn't successfully organize sabotage operations in Russia. They do it all the time.

[asdff]

On the open internet? The drone strike in January that made headlines was not quite that simple. The drones were directed using dead reckoning. The drivers of the trucks were not informed what was happening with their cargo. Even the American government was kept in the dark.

[petertodd]

Not at all. Ukraine had operatives inside Russia. The trucks were not driven in from outside Russia. The system was assembled inside Russia. Also, every single drone had its own pilot: https://www.bbc.com/news/articles/cq69qnvj6nlo

That's also just one of many operations inside Russia. There's lots of sabotage and assassinations that have been done.

You just can't do operations like that without secure communications.

[rhizome]

>I wonder why there has been such silence on this

Some combination of cowardice, conflict of interest, and fear of ICE.

[atty]

Which ICE are you referring to? This is an EU law.

[varispeed]

This is coming from WEF and major operators are members of that organisation.

In the end, these organisations want to slice and dice private conversations. It will be a goldmine for AI training and hence the push and silence.

This is all corrupt.

[bigfishrunning]

"including end-to-end encrypted ones"

How? If they're end-to-end encrypted, they really can't be monitored unless there's a flaw in the encryption system. Don't trust messages to systems that aren't auditable.

[petertodd]

Chat control will require client-side AI scanning of all messages, bypassing end-to-end encryption. Since the AI will be an unauditable blackbox, it will make it effectively illegal to have secure end-to-end encryption.

Yes, it is that fascist.

[puppycodes]

I predict a massive uptick in linux use

[petertodd]

Installing open source software on phones is becoming more and more difficult. It used to be the case that bootloaders were generally unlocked or unlockable. That is no longer true, including on Android. Google is also planning on banning APKs from unregistered sources soon.

We need end-to-end encryption on phones to have reasonably convenient privacy. We can definitely lose that, and open source software won't help.

Worse, once phones are locked down desktops and laptops can be locked down as well.

[kogasa240p]

Until TPM shenanigans take root and you're only allowed to use locked down devices to use the internet.

[fbhabbed]

If this becomes a widespread way to bypass this, wouldn't they just pass a law to make Linux usage illegal unless you install some module?

I mean, look at all the geniuses saying "I'll just use a VPN" in response to the latest ID for age verification. A week later, the law was amended to also involve VPNs.

[asdff]

How long until hardware vendors prevent you from installing a certified OS that is specifically not anything like linux? Before you call it a conspiracy, know that we are already there with our phones, which represent an overwhelming share of consumer compute use today.

[GartzenDeHaes]

Hardware attestation. They say vendors are pushing this like crazy at security and government conferences.

[shiandow]

You will be forced to run surveillance on yourself on your own device.

No you will not have freedom to choose how to use your own property.

[m463]

The thing is although your exact message text is end-to-end encrypted, the messages are scanned locally on the device and information about your messages is sent out-of-band to whereever it needs to go.

this is happening now on most* services.

* ok, not every single one.

[Terr_]

Most likely the service-provided will have simply a copy of the key. Encryption without protection.

[fleischhauf]

as far as I understand they want the software on your device, at one point you need to decrypt if you want to read the message content

[mort96]

This illustrates why I'm so skeptical of all these "end to end encrypted" closed source solutions like WhatsApp: yes, they're end to end encrypted so the server doesn't necessarily get to see what's going on, but what's the point in that when I can't trust the client?