return to table of content

CSAR: European Parliament rejects mass scanning of private messages

bad_alloc
58 replies
1d4h

Finally. As a next step, we need mechanisms to prevent the constant rehashing of these attempts to break security. Otherwise, it will get through during a crisis or via fatigue.

mhitza
24 replies
1d4h

Per the article

At the same time, we are still far from the end of the legislative process. This means that we must stay alert to how the other two law-making institutions – the Council of EU Member States and the European Commission – respond

To be able to fight these ludicrous attempts at privacy, we must put a spotlight on those behind these proposals (lobbyists). Coincidence or not, it wasn't transparent, but at least some journalists investigated https://privatecitizen.press/episode/160/

Angostura
17 replies
1d4h

The Parliament is very much the junior member compared with the Council and Commission

toyg
16 replies
1d3h

It still has ultimate veto powers.

Angostura
15 replies
1d2h

I've been unable to find an instance of the European Parliament vetoing legislation

toyg
13 replies
1d1h

Plenty. Some recent examples:

https://www.reuters.com/world/europe/european-parliament-scr...

https://agenceurope.eu/en/bulletin/article/13274/20

https://www.thejournal.ie/emissions-trade-system-fit-for-55-...

(Somewhat unsurprisingly, being currently dominated by right-wing parties, it happens often on "green" legislation...)

It doesn't happen every day simply because 1) MEPs typically don't want to be seen as "Mr. No", and 2) plenary votes are the end of a long legislative process, involving several steps; the Commission will typically not bring legislation to the floor if it understands, in previous committees, that it will likely be voted down.

The process is roughly this: EU Council (i.e. national governments) agree that "we should really do something about X"; the Commission drafts legislation to that effect, and brings it to Parliamentary committees; MEPs provide feedback and instructions on how to change things; Commission decides if the changes are acceptable, and if not they go back to Council asking "is this still ok if we do it in XY way?"; and back and forth they go, until the Commission decides to either withdraw it or put it to a plenary vote (in which case it's typically in a shape acceptable to Parliament, because nobody likes losing).

agent327
8 replies
22h31m

Here's an overview of the political composition of the European Parliament: https://en.wikipedia.org/wiki/European_Parliament#Elections

How do you reckon it is "dominated by right-wing parties"? Those parties make up about 20% of the parliament, whereas left-wing parties make up some 35% (with the rest being centrists and 'other').

toyg
4 replies
21h12m

I guess your definition of "right-wing" is a bit different from mine. "Centrists" in post-WW2 Europe are largely conservative: fundamentally religious, pro-business, anti-immigration. That, to me, is right-wing - respectable, not touting nazi tattoos (mostly), but still fundamentally reactionary in nature. Those blocs are usually allied with "liberal" parties, a term which in Europe carries right-wing connotations because "liberalism" is meant in the original economic sense: free-trade, unbridled capitalism, etc. Occasionally they ally even with ultra-right parties, which often include real neofascist / neonazis.

If you consider them like that, traditionally-conservative parties account for over 65% of current MEPs.

agent327
3 replies
19h48m

Predictably, someone comes along to argue that anyone who is not fully in the left must therefore be right-wing. Don't you see that the word 'centrist' indicates people who are in the center, and therefore by definition not right-wing?

Oh, and that 'mostly'? Take it down a notch. There are no actual nazis in the European Parliament.

toyg
2 replies
18h46m

Neonazi maybe not (yet), but neofascists for sure: https://www.tandfonline.com/doi/pdf/10.1080/23248823.2023.22...

The "centrism" framing, btw, is fundamentally useless. In postwar Europe, PSE parties are left-wing and PPE parties are right-wing; other parties are fundamentally defined by their primary relationship with one of these two. The "centrism" mantra is reactionary twaddle to justify one's ideological vacuum.

nvoeiah
1 replies
18h29m

If only EPP parties were really right-wing. I say this as an actual conservative. EPP parties generally are "our position is whatever the left espoused ten years ago". Which is, basically, a very progressive position.

jltsiren
0 replies
15h37m

Traditional European parties have been converging towards the center. That's largely thanks to the EU, which is a centrist project founded on ideas such as social liberalism and pro-market policies. Social democratic parties have also become pretty right-wing by their traditional standards, largely due to Third Way politics that have been dominant since the late 90s.

uxp8u61q
0 replies
21h8m

"Centrists" are right wing in European politics.

orwin
0 replies
20h52m

EPP is a right-wing party. Its basically a mix of christian democrats (basically catholics), conservative (Les Republicains, amny others) and some liberals-conservatives (pro free-trade, anti union, pro-immigration if it makes labor cheaper, but also really conservative on according right to those migrants). It is also pro EU, in a weird way (Forza Italia is a member).

ALDE-PACE is basically Emmanuel Macron's party, so more socially liberal, and by that i mean he does accept that gay people do exist and can do whatever they want, if they want (the bar is low). They also are very pro-immigration in sectors that boost economies, but accept that immigrant workers can have equal rights. Extremely pro-Europe. I'd call them right-wing, but to be fair, only its leader is, most party members are pretty much center, center-right (they would be liberal-democrat in the US), and they push a lot of the legislation the greens want to pass, for multiple reasons (the green are seen as an "acceptable compromise", citing an EPP member i ate with).

I would not call the current Green left-wing either, its a torn party. I guess after the Covid and last summer, the wars and the resulting immigration, a lot of young people joined, and politically active young people are more left-wing, but the leaders are more center, center-left. But they hold major power on the left and can work with the other center party, and sometimes even the EPP. They are also on point (and have/propose good formations) with privacy and civil liberties, which might seems left-wing if you're in the US, but to me it's basically to political proposition of the old french party "les radicaux" which was so much in the center they split in two 30 years ago).

jltsiren
0 replies
18h50m

You have a weird definition of left and right.

If you think that Social democrats (S&D; center-left) are "left", then Christian democrats and conservatives (EPP; center-right) are "right". Those two are the traditional mainstream left-wing and right-wing groups in Europe. With these, we have 141 seats for the left and 178 seats for the right.

Then we have more radical parties with a clear position on the left-right axis. The inconveniently named The Left in the European Parliament have 37 seats, while their right-wing counterparts are ECR (66 seats) and ID (60 seats). This brings the total to 178 seats for the left and 304 seats for the right.

There are also two centrist-groups: Greens/EFA (72 seats) and ALDE (102 seats). The former is a weird amalgamation of greens, regional parties, independents, and pirates ranging from left to center. The latter consists of center to center-right parties that usually have some connection to the liberal tradition. But in some cases, the party in ALDE is more conservative and less liberal than their national counterpart in EPP. If we include these centrist groups in the calculations, the balance shifts further to the right.

Finally there are 49 MEPs outside the major parties, bringing the total to 705.

Angostura
2 replies
1d1h

But if you look at the first case, for example that was a rejection a first reading - not a definitive killing off.

It's not quite clear what happens next - the Council of ministers may apparently decide to continue working on the legislation regardless of the Parliament's vote.

In other words - it is not evidence of an "ultimate veto power"

toyg
0 replies
20h58m

Council and Commission can work on whatever they want - if it's not ultimately approved by an EP plenary, it's not a Directive. Occasionally some governments will go ahead and introduce laws that they tried and failed to go past the EP, but that's just national politics in action.

tormeh
0 replies
23h30m

They can continue to work on it, but without the parliament's approval it cannot become law.

soco
0 replies
23h4m

The entire irony of this is that all rightwingers are winning local elections by blaming the EU for wokeism, while they do have majority in all the EU organizations so whatever gets through against their tastes it's only through their own failures. But who cares about the truth, if the truth doesn't get you votes at home. It's just so disappointing that the regular Joe Voter, even though very loud about "doing their own research", never actually DO their own research, just swallow whatever they're told in their bubble.

zajio1am
0 replies
1d

Once i read an analysis comparing EP legislative action to action of national parliaments and it said that EP has much higher rate of rejecting legislation.

It makes sense - in parliamentary democracy, the coalition in government has majority in parliament and government members are often party leaders (or other important people in parties), so legislature could be pushed through parliament by party lines.

In EP there is much weaker connection between government (EU Commission) and EP, which makes EP more independent.

miohtama
2 replies
1d1h

The engineers behind the scan laws

https://twitter.com/echo_pbreyer/status/1721558597769818496

Inc. people from Google. Deserve to called out.

The shady politics and the corruptive US software companies that pushed for this:

https://balkaninsight.com/2023/09/25/who-benefits-inside-the...

vlovich123
0 replies
22h57m

I didn’t check all of the people but picked 2 names at random and they were policy people not engineers.

matthewdgreen
0 replies
22h32m

Your first link is a set of experts that the EU Commission consulted while developing their regulations. It does not mean those folks were necessarily "behind" the regulations, so I would not call out anyone on that list.

Some of the folks on that list are certainly pro-scanning: it's an absurdly biased list. But to me that's reflective of the EU Commission having a desired policy from the start, then mainly seeking out experts who could help them achieve their goal.

raxxorraxor
1 replies
1d1h

Also, while the most egregious part might be cancelled, these type of bills often still bring along their slightly less bad, but still fairly ugly brothers.

So private message scanning is off the table, we now just save meta data and build a communication graph for every citizen for the last 10 years.

No idea if this bill includes such laws, but that is usually the strategy to get people distracted.

jstarfish
0 replies
18h46m

It's the sucker-punch of legal maneuvers.

xvector
0 replies
1d3h

Finally, some good name and shame. I hope someone well-funded exposes these people for who they are and turns public opinion against them en masse.

prox
17 replies
1d4h

So it needs be enshrined in a constitution I wager.

phtrivier
6 replies
1d3h

Well, the trick is, a surefire way to make voters angry in large part of the continents (or, well, large part of France anyway) it so put "Constitution" and "Europe" in the same sentence - so there is not much of a place to enshrine that at the EU level.

Besides, every member state's constitution probably already has a variant of "privacy is a fundamental right except in cases defined by law".

I will argue that we _definitely do_ want cases where privacy is not 100% respected (sadly, "investigating crime" is not always a red herring, newspeak, lobbying propaganda, etc...

People really do that for a living, and in the common interest.)

In the end, it will always be a policymaker's job to draw the lines.

What I would love to enshrine in a constitution is that "People shall choose policymakers wisely.". But I'm not sure of how to enforce that :/

dannyw
5 replies
1d3h

I think the 4th amendment did a good job and is quite specific. The courts rewrote it judicially.

The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized
waterheater
3 replies
1d1h

The Fourth Amendment protects the physical, yet other amendments also address privacy in different ways. The First Amendment protects the mind and arguably one's spirit, the Third Amendment is a specific type of physical protection, the Fifth Amendment also protects the mind, the Ninth Amendment protects the existence of privacy, and the Tenth Amendment lets states implement greater privacy protections as they see fit.

Given privacy is fundamentally related to the expression of free will, it's not surprising so much touches it.

smolder
2 replies
1d

The Fourth Amendment protects the physical,

That's a narrow reading of it. "Papers and effects" ought to extend to our data as well, something the authors could not have called out more explicitly at the time of its writing. Call it inconvenient or impractical, whatever, but it's ridiculous to conclude their intent was that government can spy on presumed innocents as long as they don't make a physical mess.

I think third party doctrine is also a pile of crap... and that data brokers shouldn't have a square inch of legal ground to stand on. GDPR sets a good example in that regard.

waterheater
1 replies
23h12m

I completely agree, and computing has flipped the table on our understanding of the Fourth Amendment. In fact, our technological development and privacy concerns are proportional, which says something quite profound. Are you familiar with Kyllo v. United States and Carpenter v. United States? If not, you'll probably find them intriguing.

Third-party doctrine is indeed a pile of crap. Still, the fact remains that zero-cost (okay, effectively zero-cost) digital information breaks virtually all historical ownership models which legal systems protect. GDPR is okay, but compliance with it is so burdensome to small businesses that corporate-driven cloud infrastructure is the only way to survive.

smolder
0 replies
19h56m

I'll look into those cases, thanks!

wuiheerfoj
0 replies
21h39m

While I agree it does a good job, ‘unreasonable’ is a term that’s up to the implementer

varispeed
3 replies
1d3h

It should be illegal to even propose this and it should be equalled to hate crime.

People who think this is okay, to the point that they want to enact this in law should be cast out of the society.

JW_00000
2 replies
23h59m

It seems dangerous to make proposing laws in a parliament illegal, don't you think? Anything should go in a parliament. I'm also not sure hate speech could be illegal when a member of parliament speaks in parliament, typically parliamentary debate is more widely protected.

varispeed
0 replies
6h53m

Are you saying that it should be perfectly acceptable for legislators to propose a law e.g. to kill all men over 60 in gas chambers and that it should be treated seriously and let go all the way through legislative process?

chopin
0 replies
20h0m

My favorite solution: Those who vote for legislation found to be anti constitutional by the respective courts lose their passive voting rights and must leave Parliament immediately.

logicchains
2 replies
1d4h

It's already enshrined in the constitution of at least one European country, the right to privacy.

bonzini
1 replies
1d4h

It is in Italy's ("Freedom and secrecy of correspondence and any other communication cannot be violated"), but I didn't think this was particularly unique?

(Note that this article of the constitution doesn't include E2E encryption because there's a carve out for the judiciary to limit this freedom).

fullspectrumdev
0 replies
1d1h

What’s deeply funny is how Italy is also where a lot of police spyware industry got its start in Europe (HackingTeam and fellow travellers).

eigenket
1 replies
1d3h

It essentially is. The right to privacy is part of the Charter of Fundamental Rights of the European Union, which is enshrined into law as part of the Treaty of Lisbon.

gpderetta
0 replies
1d2h

Yes, the Treaty of Lisbon plus the Charter act as the de-facto EU constitution.

AdrianB1
0 replies
1d2h

No rights enshrined in a constitution is guaranteed or respected, anywhere in the world. First, in come countries legislation breaching constitutional rights appear all the time and the burden is on the people to fight that legislation that is presumed valid. Second, people believe that some rights are no longer aligned with the modern times (see USA second amendment) and are willing to remove it. Third, constitutional rights that are not completely removed are brutally "regulated", with the same effect, and most people agree with that or actively support it.

In summary, there are no rights that are guaranteed even if they are in a constitution.

g-b-r
10 replies
1d

Forbid politicians to lie to and deceive the public, that's it. * Suddenly democracy works.

* (except about personal matters)

dragonwriter
7 replies
1d

Forbid politicians to lie to and deceive the public, that's it.

Forbidding something is never “it”. People do prohibited things all the time.

“Prohibit” is not “magically prevent”.

g-b-r
5 replies
1d

Of course forbid with very strong penalties and no statute of limitations...

dragonwriter
4 replies
20h58m

By whom are laws enforced, and by whom are those people appointed and to whom do they answer?

Or, to take another angle, why don't the prohibitions in FISA effectively stop the government from abusing foreign intelligence apparatus for domestic spying?

g-b-r
3 replies
20h3m

Because the US are messed up on so many levels.

Of course the judicial, legislative and executive branches should be independent and they're not that much right now.

In any case, even in such a system the proposal might have more positive than negative effects, and maybe lead to gradual improvements to everything else.

HideousKojima
2 replies
18h37m

Or it might make things even worse. After all,the FISA court system itself was created in response to abuses by the CIA and FBI (and others) as a way to check their power. Instead, it became a (secret and opaque) rubber stamp that approves over 99% of all warrant applications.

g-b-r
1 replies
9h44m

No one is proposing anything secret and opaque

HideousKojima
0 replies
2h38m

Yes, you're just proposing making it a crime for politicians to lie without addressing who/what will determine that they're lying and how, and can't seem to see any possible problems or abuses of your proposed system.

g-b-r
0 replies
1d

To be clear this would not prevent every instance of lying, but the current state is in most cases manifest shameless lying or deceits that surface some years later, so it would be a stratospheric improvement, in my opinion.

augustulus
1 replies
1d

besides the fact that you’re essentially running on a platform of “make crime illegal”, you run into the obvious problem of who decides what a lie is? who decides whether a lie has taken place?

g-b-r
0 replies
23h47m

Lying is currently usually protected for politicians, not illegal.

Lies are obvious in most cases, and I think there are established judicial systems to assess if a crime has been committed or not...

Of course investigations and indictments have to occur only with sufficient elements to suspect a malfeasance, we're not arguing for wiring politicians to mind readers

ratg13
0 replies
1d3h

The mechanisms are in place .. literally nobody was paying attention.

They spent millions on campaigns advertising this stuff and asking for feedback only to get <100 views on youtube videos about the subject.

They need to start working together with higher education institutions or something rather than just hoping that people will take an active interest, instead of everyone going about their lives and only finding out when the laws are being ratified.

freedomben
0 replies
21h53m

Yep, the standard playbook on this stuff is to table it for 6 months, at which point you reintroduce. Repeat ad infinitum until it passes. If at any point there's a crisis that can be used, reintroduce immediately.

cryptonector
0 replies
16h4m

That's the European way. Keep voting until the desired result is obtained.

bradley13
0 replies
1d1h

Absolutely this. They just keep trying, one angle or another. They'll be back for another try in a year or three, with new arguments, and having purchased a few more politicians. In the worst case, they'll do something like the USA: institute secret programs that do whatever the heck they want, with no oversight.

Part of the problem is that there are no negative consequences. Again, look at the US: Snowden reveals massive, illegal surveillance. Consequences to politicians and government officials: zero.

superjan
5 replies
23h54m

I regret that the discussion about message encryption is so black and white. Encryption is being used to evade prosecution for crimes such revenge porn, CSAM and criminal conspiracy. For one, I would not mind if encryption was forbidden for group chats bigger than 10 people, or that large groups are forbidden to share encrypted images.

aunty_helen
1 replies
23h16m

Would that put a stop to these types of criminal activity? (No)

anthk
0 replies
22h6m

They would just set groups of 5 people creating rings with token connected to outside networks. Did it solve anything as you said? No. On encryption, with base64 and rotations over text you get nonsense and still plain text.

tavavex
0 replies
23h9m

How's that justifiable in any way but "I feel like it'd be nice"? Like, what's the logical process that dictates that being in a group of more than specifically 10 people in likely to cause illegal activity? Why can I talk privately with 9 people, but not 10?

My point is that all this legislation is pushed as anti-criminal because it's the best spotlight to put mass data surveillance under. In reality, the powers that governments will reap from this ability stretch much further. Would you be okay with the exact same measures in real life? Should large gatherings of people require everyone to wear a wiretap, lest they conspire to commit something illegal? Should we mandate inspection of every postal package, just in case there are drugs or other illegal contents?

spurgu
0 replies
21h48m

Once you have it in place there's suddenly a good argument for "if 10, why not 9?" -> "if 9, why not 8?" etc etc. --> 5. ---> 2.

anthk
0 replies
22h9m

Then make everyone group >10 people go outside nude to any event/concert, just to be sure.

xiphias2
3 replies
1d4h

As shown by recent wiretappings, politicians have the most to lose if they give their chat logs away to a smaller, unelected group of people. It's a sure way of losing their power and becoming a puppet.

xkcd1963
0 replies
1d3h

Unless they team up of course

logicchains
0 replies
21h9m

It's a sure way of losing their power and becoming a puppet

They're already blackmailed puppets to the spy agencies, that's why they keep pushing this stuff. There's a reason none of the people Epstein was accused of trafficking young girls to went to jail.

almostnormal
0 replies
1d2h

As shown by recent wiretappings, politicians have the most to lose if they give their chat logs away to a smaller, unelected group of people.

Surely the creators of the policy will not forget to exclude themselves from being affected.

Roark66
3 replies
1d2h

And that exactly is why we absolutely have to keep the veto power of member states in the EU. The only reason why they backed down is because few countries said "there is no chance in hell we're agreeing to this". If we were making laws based on simple majority few biggest countries plus a couple others forced/bought into submission could override everyone else.

sofixa
0 replies
1d2h

Not simple, but qualified majority, would be better than a single country being able to stop any process. The Polish Lithuanian Commonwealth learned this the hard way, where every Sejm member could veto any legislation, so the country stagnated until it was picked apart by neighbourds.

SiempreViernes
0 replies
1d2h

Are you saying you think the EP voted to reject the mass scanning provisions because a member state promised to vote this?

HideousKojima
0 replies
15h5m

Yet you'll often see the exact opposite argument made against the Electoral College and the Senate in US politics

cabirum
1 replies
1d2h

In some sense, a constant pressure from the lawmakers to compromise privacy is vital for encryption to evolve.

No law should be able to break into private messages, and so I think CSAR should be passed, because as a consequence, new encryption schemes would be developed to counter it.

LtWorf
0 replies
21h49m

I think you don't understand what encryption is.

ReptileMan
1 replies
1d2h

There is no such thing as mass scanning. Because the cost of scaling anything digital is almost 0, every ability to break encryption or scan is mass by nature.

tavavex
0 replies
23h7m

No one would need to control every single bit that passes through the internet. The governments would just need to force most major social media and chat platforms to let them get a peek at user data, and that'd be more than enough to get information on most people.

yttribium
0 replies
1d

EU governance structure is set up so that a EU parliament resolution has basically the status of a People's Choice Award.

techwizrd
0 replies
22h41m

I think the public outcry made this outcome inevitable, and this is good to see!

nurple
0 replies
19h37m

Mass surveillance is, like most absolute power, cancer of the soul. I have read your email, and your IMs; I know first-hand how it corrupts a person. I can, without hesitation, guarantee that the situation is like that in the movie Elysium[0]: "They will hunt you to the edge of the earth for this [capability]."

The most salient point, I think, is that it is worthless, from a LEO perspective, to tap into communication systems used by the masses--whether through provider taps or client-side scanning like Apple's purported CSAM AI--unless what you're really after is a way to monitor the general public at large.

There's no way in hell that a nefarious player with technical resources, or chops themselves, would use one of these public systems to communicate with their compatriots. There are infinite and myriad bespoke channels of covert communications that these laws would never be able to touch which are much more likely to be the hubs of serious malfeasance.

[0] https://youtu.be/qUQQerrs52w?t=54

metalrain
0 replies
1d

I mean, even if messages are encrypted in the wire, surely most platform holders will comply to law enforcement requests. Exposing your messages from databases, logs, analytics, installing keyloggers..

Most of people use smartphones and there isn't secure smartphone platform. Even on PC, all you can do is to hope nothing in the chain leaks your messages.

hollow-moe
0 replies
1d2h

Awesome day for privacy ! They'll try again with another name in three months and it'll pass tho

goalonetwo
0 replies
18h54m

That's why we need to continue developing apps that are cryptographically open and secure.

Then it doesn't matter what the government wants, they will have simply no ways to read my texts.

The issue is that only the technically and privacy savy will be able to continue to encrypt their message. The masses will happily comply and continue using facebook messenger/whatsapp or whatever new bigtech "cool app of the day" full of backdoor.

dsnr
0 replies
1d1h

For now. See you at the next attempt.

TrackerFF
0 replies
19h7m

Here in Norway we (unfortunately) passed a law which allows our intelligence service to read all meta-data of traffic which crosses our borders.

Which makes no fucking sense, as pretty much all data crosses borders now. When you use facebook/twitter/tiktok/gmail/whatever, you have zero knowledge what (geolocation) server instance the owners of those products are using.

And even if one service uses one "local" (as in within borders) server, many of the others could very well not.

This is of course in the name of fighting terrorism, which makes up for such a small percentage of all data traffic, that it might as well be ZERO.

Terrorism and CP, the two things that will usher in lots of overreaching laws.

RecycledEle
0 replies
1d2h

That's half the battle.

Now the real fight begins. We need every message sent or received by the politicians who supported this absurd proposal to be public record. The public's need to stop abuses of power outweighs privacy rights they do not value.