return to table of content

Going Dark: The war on encryption is on the rise

miohtama
76 replies
6h40m

Here is the latest.

The bill could not be passed on Spain’s presidency. The presidency is now on Belgium and Stasi-fans are trying to get this bill passed again, hoping not to cause too much noise this time.

The text of the bill was modified a bit, and this time they added an exception, though

- Politicians and police are not subject to monitoring, only ordinal citizens messages’ should be wiretapped

https://european-pirateparty.eu/chatcontrol-eu-ministers-wan...

dlachausse
33 replies
6h11m

Politicians and police are not subject to monitoring, only ordinal citizens messages’ should be wiretapped

Of course, in 1984, their instruction manual, the top members of the party can turn their telescreens off.

unclebucknasty
31 replies
6h0m

Of course, in 1984

Kind of funny to hear people refer to 1984 these days. We're so far past it now, and we did it to ourselves; giving up location data for maps (and mobile phone function for that matter), a Ring doorbell on every front door, participation in social media, etc.

But somehow it's all OK, because it's corporations instead of the government (a blurry line itself) on the other end.

BSDobelix
14 replies
5h37m

We're so far past it now, and we did it to ourselves

No we are not, you are not forced to have a smartphone, your are still allowed to have sex and most democracy's don't torture you for speak against it.

Don't just fixate on the surveillance aspect in 1984, there's much much more in the book.

elric
6 replies
5h14m

You're effectively forced to have a smartphone. It pisses me off, because aside from the privacy aspect, it marganalises a lot of people. As with many things, how true this is depends on where you are. But many restaurants refuse to hand out menus, many places require mobile payments, gyms require apps for access, etc.

1over137
4 replies
4h53m

Whoa, really? What country is that?

dt3ft
3 replies
4h17m

Sweden. Good luck living there without a smartphone.

nicce
2 replies
3h43m

It is not only about the smartphone but social media too, to be precise. You are less attractive, "odd" or "strange" if you are not there. There is huge social pressure.

hiatus
0 replies
3h26m

You are less attractive, "odd" or "strange" if you are not there. There is huge social pressure

Other people's thoughts of you are not under your control. That people feel pressured to be on these platforms says more about the company they keep than anything else.

93po
0 replies
1h42m

If someone evaluates whether to socialize with you based off of this, and it's important enough to you to not have or carry a smart phone, then they're probably not super compatible as friends or a partner anyway

BSDobelix
0 replies
3h48m

because aside from the privacy aspect, it marganalises a lot of people.

Why not go to the European Court of Justice?

And I did not say that there are no parallels to 1984, but I would argue that there are more parallels to Lord of the (key)ring than to 1984 ATM.

By the way, the driving force behind this law is also Swedish (Ylva Johansson), so maybe Sweden has some work to do ;)

orochimaaru
3 replies
4h51m

You have to have a smartphone these days. All 2FA use a smartphone and Authenticator apps. Companies actively deprioritize human agents in favor of automated ones. If this comes to pass, you will live with the risk of your information being leaked out by government incompetence - which they will try their best to cover up and blame you.

Edit: No power given to government rarely not become something grotesque. US social security cards were “only for benefits”, now they are some ubiquitous identity number. In recent times, Covid vaccination cards were supposed to “only a patient record” until everyone started demanding them. So if your information starts leaking out your “conformance” will follow one way or another.

Tijdreiziger
2 replies
2h55m

You can use any TOTP authenticator implementation you want for 2FA.

Recently, implementations for PalmOS and J2ME phones featured on HN [1], among others.

Password managers such as Bitwarden or 1Password also feature implementations.

[1] https://news.ycombinator.com/item?id=40279305

Teever
1 replies
2h15m

You've totally missed the point of the post you're replying to.

How do I opt out of all of this bullshit?

I just want to go back to paper forms and letters mailboxes and stuff.

Tijdreiziger
0 replies
1h35m

Uh, by just doing it?

You can still file your taxes and apply for benefits on paper, if you’re so inclined.

Banks and government departments still have phone lines.

You can still send letters to your friends or call them on the phone.

miohtama
1 replies
1h47m

you are not forced to have a smartphone

In most European countries, you are forced to have smart phone to access banking services, many other online services. Even some government agencies use WhatsApp for communications.

crtasm
0 replies
1h33m

Do you mean there's banks that no longer offer a website interface to your accounts?

unclebucknasty
0 replies
5h22m

you are not forced to have a smartphone

Yes. That was my point. We are not forced to (though life would be hard without one). As I said, we did it to ourselves.

Don't just fixate on the surveillance aspect

I'm referring to the context of this thread, which is largely around surveillance. That, BTW, is also the context in which references to 1984 most often arise.

ruszki
6 replies
5h50m

we did it to ourselves

Most people don't know that we did it. They still happily click on "accept all" and blame it on EU to need to do that. They don't know what the heck is that, and why they should understand what's written there.

When they are asked cleanly, and simply whether they want to share their data to thousands of shady companies, about only a quarter choose yes. That's why Facebook had to force everybody in the EU to choose between paying and accepting it.

globular-toast
4 replies
5h27m

Everyone I know did, because I told them. But they did it anyway. Now we wish it was only as bad as Facebook was 15 years ago.

Divide and conquer tactics work. Microsoft, Facebook and Apple all use it to great advantage. The funny thing is it was always about free software. Not enough people listened to Stallman. None of this could have happened if people rejected non-free software.

nalekberov
3 replies
5h12m

It could, and it happened, not long time ago, everyone thought just because xz software was free software, it's 100% safe, but it was not. There are numerous examples.

Stallman lives in his own delusional world, and GPL not only solved the problem, it created more burden, that developers decided to use other less restrictive licenses.

globular-toast
2 replies
4h37m

There are numerous examples

Such as?

it created more burden

In what way?

nalekberov
1 replies
3h51m

Such as?

You can search the web, but as an appetiser here you go: https://jfrog.com/blog/malware-civil-war-malicious-npm-packa...

In what way?

Well, you can't bundle GPL licensed software with less restrictive one such as BSD, which is a big deal, that's why BSD and GNU/Linux are so separated in many ways. That's just one problem. It'c clear that all-or-nothing approach doesn't work in free and open source software world.

dmm
0 replies
56m

Well, you can't bundle GPL licensed software with less restrictive one such as BSD

Sure you can. If the result is a derivative work redistribution is subject to the terms of the GPL but you can bundle all you want.

unclebucknasty
0 replies
5h4m

Many know by now, but find the trade-off worth it for convenience or whatever they're getting in return. I mean, people are willingly giving up their DNA.

But, if it was the government receiving all of this data, they'd be in a panic. This has basis in current day fear-mongering about government power, as well as warnings about authoritarian governments from Orwell and beyond.

Not to say there's no reason to be concerned, but the casual mentions of 1984 are hilariously dated and ironic in 2024.

More substantively, it also reveals the naivete of those who wish to completely disempower their democratic governments. That is, someone will still retain the power when it's taken from the government. The only question is who and whether everyday people will have a voice in their own governance.

One look at corporate power and our deference there is a pretty big hint.

throw_nbvc1234
5 replies
5h50m

Because it's a narrative baked into western culture. People collectively respond to stories/narratives more then pure facts.

dlachausse
3 replies
5h46m

The fact is that we are shockingly close to the world of 1984. Two minutes hate, newspeak, and our smartphones are telescreens on steroids. Orwell was frighteningly prophetic.

jenadine
2 replies
5h27m

Orwell wasn't prophetic but was a reflection of the world as it already was is 1948. That's what I learnt at school.

seanw444
0 replies
2h59m

Then the message is even more dire: the world has always been a dystopia. And even 70+ years later, with more (and better) education, higher standards of living, and a wealth of dystopias to read and learn from, nothing has changed.

lukan
0 replies
1h37m

To add some details, he worked for the BBC during wartime - that was the inspiration for the job in the truth ministry of the main character in 1984. Basically inventing the truth.

nalekberov
0 replies
5h21m

"than" not "then"

rusk
2 replies
5h48m

We're so far past it now,

For me it was more like 2014. Though it was going on long before this … I think it was the pandemonium and ultimately the widespread acceptance … that sealed the deal!

iamacyborg
1 replies
5h44m

I know you meant to write pandemic instead of pandemonium but “the pandemonium” sounds like a fun future event.

rusk
0 replies
4h10m

I meant pandemonium in the wake of the Snowden revelations :)

surfingdino
0 replies
5h39m

Time to stash some paper notebooks and pencils while they are still not banned.

2OEH8eoCRo0
19 replies
6h10m

Stasi-fans

Is this language necessary?

baxtr
10 replies
6h6m

What’s wrong with it? It’s basically marketing.

It’s the use of a certain language to draw attention to a very important topic.

blueflow
9 replies
5h0m

Its a needless emotionalisation of the topic. It might work with NPCs but people who can see behind it will get irritated.

pseudalopex
5 replies
3h52m

NPCs

You believe this is better than Stasi fans?

blueflow
4 replies
3h32m

Not really. But any euphemism (like sheep, lemming) i could use to refer to "people who are incapable of critical thinking" would, by that use, become a pejorative, so there is no way to win that battle.

I picked NPC because it entered youth slang in the last years and understanding of that word is widespread.

pseudalopex
3 replies
3h23m

Not really. But any euphemism (like sheep, lemming) i could use to refer to "people who are incapable of critical thinking" would, by that use, become a pejorative, so there is no way to win that battle.

Any euphemism they could use to refer to people who support mass surveillance would, by that use, become a pejorative, so there is no way to win that battle. In your reasoning at least.

And none of these are euphemisms really.

blueflow
2 replies
3h15m

Nice try but that didn't work out. "Chat Control Advocates".

Edit: Child Protectors. Cheese Haters. Dickpic Stealers. Now i get all the ideas for funny euphemisms.

pseudalopex
1 replies
2h33m

Nice try but that didn't work out. "Chat Control Advocates".

The groups overlap but are not identical.

And you could have said some people. But you wanted to show your disdain.

Child Protectors. Cheese Haters. Dickpic Stealers.

You believe these are not pejorative?

blueflow
0 replies
2h19m

I think they are more some kind of joke than pejorative.

baxtr
2 replies
2h16m

Needless in your view.

Drawing attention always requires emotionalisation.

blueflow
1 replies
2h13m

How will that attention be converted into some useful action?

baxtr
0 replies
2h6m

That’s a valid follow-up question.

But for any goal, the first step is attention.

throwuxiytayq
7 replies
6h6m

Perhaps not, but it sure is appropriate.

blueflow
3 replies
5h57m

No it is not. Comparing the current surveillance capitalism with the Stasi is a trivialization of the former.

rusk
2 replies
5h46m

but it is important to point out their possible aspirations

blueflow
1 replies
5h40m

You could get access to your Stasi file and work on getting yourself arranged with the State. It was not some secret algorithm like it is today.

rusk
0 replies
4h10m

Funny how when they're proposing these things they never address FOI issues like this :-)

2OEH8eoCRo0
2 replies
6h1m

Maybe so but I don't like applying labels to people and their complex positions.

They're stasi-fans? Why bother listening to them?

fallingknife
1 replies
5h50m

Why indeed? I already don't bother listening to the authoritarians who favor censorship and surveillance.

2OEH8eoCRo0
0 replies
3h37m

Right! Someone on a forum labeled them stasi-fans and saved me from thinking for myself.

Teever
10 replies
6h34m

Ugh.

Imagine living in a Bizarro world where the law said that private citizens could not be tapped without a warrant and probable cause but politicians and police must be surveilled to mitigate corruption.

gpvos
9 replies
6h20m

You'd have to pay politicians and police a lot more then.

andy_ppp
5 replies
6h13m

Maybe you’d just get better people becoming politicians, ones that couldn’t be corrupted?

moffkalast
4 replies
5h30m

Those people don't want to be politicians.

squarefoot
2 replies
4h32m

This. We should never give power to those who are after it; the mere desire for power is a good clue that said power will be abused. Maybe not always, but it's often the case.

Now, how do we vote someone who doesn't run for a seat? Heh, good question!

Teever
1 replies
2h18m

You make the job more appealing to those kinds of people.

I think one of the ways to do that is to make the job less appealing to the people who currently hold it.

moffkalast
0 replies
2h13m

I think the hitchhiker's guide solution is not the worst, don't even tell them that they're doing the job and just take whatever they say and implement it.

forgetfreeman
0 replies
4h29m

Nobody that actually wants the job is fit by definition.

hulitu
2 replies
6h10m

Oh, come on. Police, ok, but politicians ?

rcxdude
0 replies
5h31m

Lower-level local politicians are probably the main issue. They're often paid so little it's effectively only a career option for the already-wealthy. And when that's the path towards the high-level, reasonably paid positions, it biases your pool a lot. (Not unlike industries with an expectation of a long period of unpaid internships in high cost-of-living areas)

noworld
0 replies
6h0m

The corrupted politicians by and large have the money already and have it through things like rent and capital gains, not salary. Paying more as a salary enables more average people to leave their current jobs to take part in politics.

mantas
2 replies
6h15m

Politicians and police are not subject to monitoring

Wonder how low would be the bar to become a politician. Signing up for a local council elections definitely makes one a politician, right!

logicchains
0 replies
5h47m

Don't worry, they'll eventually close that loophole by banning unapproved political parties and candidates, like in China.

_heimdall
0 replies
5h58m

Robert Kennedy Jr had to make his own political party in some states to get on the ballot. I'd assume the average person in many areas could create their own party with a stack of paperwork. Then track down local laws that define what would be considered a politician, my guess would be something like actively running for an office or being named as a party's candidate or political leader.

dandanua
2 replies
6h22m

Politicians and police are not subject to monitoring, only ordinal citizens messages’ should be wiretapped

Animal order, at its best.

highcountess
0 replies
5h27m

It's far simpler than that, it's just the reconstitution of what we call aristocracy from the past, the reversal of the American Revolution and Constitution, the pole-flip of the power relationship between the "ordinary citizens" and the powerful/government.

It is he same abusive pattern of lying used to manipulate people against the right to self-defense agains a tyrannical government through the supreme law that prohibits the government from infringing on the people's inalienable, God given right to the means of self-defense, as enshrined in the Second Amendment to the US Constitution. "Think of the children" the tyrants wail as they demand you give up your ability to defend yourself against the bombs they threaten to use against their own population that refuses to submit to the desires of the ruling class and they are also busy slaughtering children by the tens of thousands.

andy_ppp
0 replies
6h16m

All animals are equal, but some animals are more equal than others.

luxcem
1 replies
5h48m

Politicians and police are not subject to monitoring, only ordinal citizens messages’ should be wiretapped

The inversion of values is frightening, politicians and police should be among the very few under scrutiny.

oooyay
0 replies
2h27m

This is what struck me as well. This is in the vein of, "Who watches the watchmen?" I can understand a world, albeit it sounds chaotic, where nothing is monitored. I'm worried about a world where the only unmonitored people are people with definitive authority.

consp
1 replies
6h5m

Politicians and police are not subject to monitoring

Isn't that -again- a direct violation of the charter of fundamental rights (article 20)? (all are equal before the law)

psychoslave
0 replies
5h59m

but some are more equal than others

hulitu
0 replies
6h12m

What they never seem to get is that the status of "politician" or "police" might not last forever.

dlachausse
9 replies
6h37m

The war on personal freedom in general is on the rise.

swayvil
3 replies
6h14m

It's for your health.

The scientists know better than you.

consp
1 replies
6h4m

The scientists know better than you.

No scientists were harmed (or involved) in this farce.

dlachausse
0 replies
5h43m

I’m presuming that was a reference to the “trust the science” that was used to silence any dissent against the official narrative during the COVID pandemic.

lopis
0 replies
6h6m

It's for the sake of the children, as always.

coldtea
2 replies
6h30m

It's for your own good. Democracy is under danger, especially by the voters /s

vundercind
1 replies
4h29m

To be fair, death-by-voter is a fairly common way for democracies to die, so—putting aside what that may or may not justify from a policy perspective, the sentiment isn’t silly. Voters really are one of the greatest dangers to democracy, that’s just true.

nojvek
0 replies
4h15m

Well, we vote for representatives, not for the policies.

And there isn't much choice in representatives. Wish we had more choice than Trump or Biden but here we are again after 4 years.

There is little churn in Senate as well.

Supreme court justice positions are for life.

We're not that far from the ways of Monarchs. The powerful will guard their power.

DoodahMan
1 replies
6h8m

why won't you think of the children?

ranyume
0 replies
26m

maybe he is

rasengan
8 replies
6h30m

This article reads weird to me.

Definitely appreciate the depth of this - thorough research was definitely done. Secondly, I’m definitely quick to blame the US policies for a lot of things.

However, this article is mostly about casting shade on the US about the EU’s mass surveillance. I don’t think anyone is to blame for what the EU does other than the EU, and for sure attacking the US isn’t going to prevent the EU from doing this.

I wonder if there is a better way to go about bringing awareness and taking action?

coldtea
4 replies
6h29m

I don’t think anyone is to blame for what the EU does other than the EU

Well, some charade aside, the US usually says jump and EU politicians say "how high?" - the EU population be damned

klabb3
3 replies
5h46m

I think the EU has been better in that regard than individual European countries. The Wikileaks diplomatic cables in particular showed US coercion on a country by country basis. In Sweden, Wikileaks showed US diplomats gave a list of laws and executive actions (at the time around IP - the Pirate Bay was based there), with veiled threats about getting gray-listed as a “partner” which can affect trade etc, and they said how high. Now to be fair, at least Sweden was unofficially a NATO/US intel/security collaborator. But EU is in a different position, mostly oriented around trade, and notably lacking in security and military bodies. But the EU has absolutely stood up against US interests, especially their predatory corporations.

However, if the EU is collaborating or even aligning with the US on intel gathering, it’s pretty far outside their openly stated mandate, afaik. Especially since the UK left, who were the most hawkish on mass surveillance, it’s creepy to think there are clandestine efforts to push for aggressive monitoring and even worse aligning with the US without oversight. If Mullvad is right, it’s also an absolute failure of MSM to not properly cover such geopolitically crucial issues.

the EU population be damned

For sure it’s a concern, but overall many/most Europeans think the EU is a net positive today. Things have changed a lot since the crises of Greece etc. And with increasing geo-political tensions (Russia in the short term and China in the medium term), there’s an argument to establish stronger security and military efforts independent of US-led NATO, which have quite different goals.

4bpp
2 replies
4h38m

But EU is in a different position, mostly oriented around trade, and notably lacking in security and military bodies. But the EU has absolutely stood up against US interests, especially their predatory corporations.

I think this understanding of the EU's behaviour may be insufficiently cynical. There's one pattern in politics that is very hard to not see everywhere once you have been primed to, which is "high + low against middle": the faction that is in power allies with one(s) that is so far away from power as to never become a credible threat to it, in order to put the squeeze on a third faction that is actually a serious contender for the position of the first.

A canonical example that's sufficiently historical that it hopefully won't be too incendiary was the practice of early communist states to elevate individuals of peasant/worker background into positions they were unqualified for, as in the famous case of Lysenko - here, high (party brass) supported low (peasants/workers) at the expense of the middle (bourgeois intellectuals, represented in that particular instance by academia, who could have been organised and experienced enough to orchestrate a palace coup).

Within the US, the federal government/military/foreign policy complex and tech-based New Money are widely recognised as two distinct power centres, with it at times being unclear if the former can actually fully dictate terms to the latter. Under normal circumstances one would expect the former to champion the interests of its industries on the international stage, and indeed the US is known to have very sharp elbows in this regard (from the famous oil wars in the Middle East via the slightly less famous fruit ones in Central America to the backdoor arm-twisting in copyright matters). The picture for the tech industry looks quite different - far from starting a war or even merely successfully lobbying the EU to drop its regulation, the USG is looking away and whistling. As it happens, out of the four industries mentioned (oil, fruit, media, tech), the tech industry happens to be the one that is by far the most autonomous and misaligned with federal government interests (Apple randomly grandstanding on privacy, everyone wanting to keep their Chinese supply contracts and market access, general abundance of politically engaged progressives and libertarians...). Wouldn't it make sense if what happened was that the USG (high) actually gave the EU (low) a tacit go-ahead for their anti-US-tech measures, and perhaps even indicated to everyone involved that they may let them crack down even harder if the tech industry (contender for high) keeps falling out of line?

klabb3
1 replies
1h26m

the faction that is in power allies with one(s) that is so far away from power as to never become a credible threat to it, in order to put the squeeze on a third faction that is actually a serious contender for the position of the first.

Makes sense. I’m sure it happens. However, it’s an advanced construct and just one out of several incentives in a complex system, so I wouldn’t necessarily blanket attribute it to explain things.

That said I also think you’re right that the USG does seem less imperialistically engaged with tech than say oil. That could have other explanations, such as less cozy relationships around subsidies and historical geopolitical interest. I mean, I think it’s entirely possible that there’s enough inertia in these systems to explain why one looks different than another. It doesn’t have to be a delicately played 4D chess by a bunch of boomers who don’t even know what encryption is. Don’t attribute to malice yadda yadda.

In either case, from my European perspective, I’m not looking so much what the end goals are for the Americans, but rather how the countries in Europe can stand up to geopolitical winds, ie protect their interests. And in my lifetime, there’s a noticeable increase in alignment and strength, at the expense of a (imo) much less harmful set of compromises between individual countries.

It all depends on what are the hot issues of the day. When it’s pollution in the Baltic Sea, or the Greeks treating the euro-wallet as a gift card, then we were all like pissy siblings. But now when the issues are war (Russia), economic hollowing (China) or having big brother deciding what’s best for you (US - although this is old), it’s better to set the differences aside, and band together.

coldtea
0 replies
1h0m

or the Greeks treating the euro-wallet as a gift card

You mean the Germans treating the Euro and ECB as a monetary vehicle to boost their economy and milk the periphery, side-stepping any "hard rules" imposed for others when it was convenient for them, explicitly carot-and-whiping the South to de-industrialize over decades, and then strong-arming the indebted states as a means to pad German investors by moving money from the taxpayers to their banks and investment firms, while buying state assets (from airports and roads to utility companies) for themselves (with a few bones thrown to the French)?

At the same time imposing stupid austerity policies (against the advice of expert economists) that made recovery impossible and amounted to war-level destruction for the economies involved?

All the while cheerfully reviving racist language and imagery (like "rats" in the european kitchen, and other such niceties, of which calling the southern economies PIGGS was among the most prominent).

noutella
0 replies
6h0m

The article explains how Ashton Kutcher backed non-profit "Thorn" was a cornerstone of the Chat Control bill that was to be passed a few years back ; it also explains how Palantir pushed for the bill behind the scenes and how at least one former FBI agent and other members of non-EU security agencies participated in meetings to kickstart that new version of the bill.

marginalia_nu
0 replies
6h5m

A big part of the problem is democratic.

There's nearly nonexistent political accountability in the EU. If the EU decides something, there's really no effective way for its citizens to do anything about it even if it's a fairly unpopular change. There are too many layers of indirection between the elections and the decision making to hold the responsible politicians accountable to the voters.

This in turn makes the EU extremely susceptible to lobbying from special interests inside and outside of Europe.

More so than these campaigns, big reason why these laws have been hard to push through is probably Germany and their strong influence in the EU. Since the Germans still have a living memory of the DDR and the Stasi fallout made a significant impression in the public conscience, being seen as moving back in that direction is a really tough sell. 1984 is fiction, the east germans lived that shit.

jjtheblunt
0 replies
6h11m

It reads weird perhaps since it’s written by a provider of VPN software.

croes
8 replies
6h49m

And in the end everyone is amazed why hostile hackers could read confidential messages.

balder1991
6 replies
6h27m

We might need a huge leak to open people’s eyes.

reaperman
3 replies
6h0m

The only leak I can imagine impacting this would be a giant dump of politician’s personal communications and they are exempt from encryption bans in this particular bill.

balder1991
2 replies
5h19m

IDK there are powerful people in society aside from politicians that can influence public opinion too.

reaperman
0 replies
4h46m

Very good point. I should think more deeply before commenting and not rush out off-the-cuff remarks.

FpUser
0 replies
3h32m

Well it'll still be a start. A very good one I think

ranger_danger
1 replies
3h12m

Tons of data leaks all the time but surprisingly nothing seems to happen with it. Not only are companies not being held liable, but for some reason nobody is weaponizing that leaked data either. Imagine framing somebody with manipulated leak data, nobody even questions if it was ever real in the first place!

croes
0 replies
2h48m

It's a software problem, nothing we can do about it.

For leaks the hackers are always to blame, never the poor security of the companies.

lolc
0 replies
5h59m

Quote from the article:

Stefan Hector, a representative of the Swedish Police Authority, said that “a society cannot accept that criminals today have a space to communicate safely in order to commit serious crimes.”[0] A week later, it was revealed that the Swedish police had been infiltrated and were leaking information to criminals.[1]

[0] https://polisen.se/aktuellt/nyheter/nationell/2024/april/eur...

[1] https://www.svd.se/a/8qwGbx/granskning-poliser-lacker-till-g...

muzani
6 replies
5h39m

The real danger is criminal profiling. Read a book on criminal profiling as done by the FBI. You hear things like "the suspect appeared nervous when his eyes saw the murder weapon" or "serial killers match two of three: cruelty to animals, obsession with fire-setting, and persistent bedwetting past the age of five" (aka Macdonald triad). Impulsive killers are in their teens or early 20s, while more careful killers will be at least in their 30s.

I'm sure the motives were good - sometimes it's like finding a needle in a haystack, and it saved lives back then.

But you have mass surveillance, you can go through every hay in the haystack. Yet likely they won't. They'll settle on a middle ground with these outdated methodologies, and combine it with AI/data, to create some form of data-driven astrology. Someone will be inspired by CSI to ask AI to blow up a blurry photo, and AI might just hallucinate it. There will be experts out there who would oppose this, and these could be shut down by their bosses, the politicians who don't understand how it all works.

The Macdonald triad detects the worst criminals, sure, but it mainly detects victims of abuse. Privacy isn't important to the privileged groups; but it's a level of protection for the innocents who could be profiled wrongly.

belter
3 replies
4h58m

Just use Steganography...For example the next phrase contains the first seven decimal digits of Pi: I view a plane welcoming me aboard

vindex10
2 replies
4h39m

you meant, Steganography :)

belter
1 replies
4h22m

Damn...of course...corrected! Thank you my Thesaurus as a Service. Do you have an API?

cowboylowrez
0 replies
4h10m

lol i'm always spell checking with google, course probably a small percentage of alternative spellings will probably be hallucinated by google's chatbot but thats just the cost of doing business nowadays. my poor grammar is all me tho.

donmcronald
0 replies
5h36m

some form of data-driven astrology

That’s such an apt description of the junk science that’s going to get justified by AI.

SXX
0 replies
5h16m

to create some form of data-driven astrology

Polygraphs are still heavily used in US even though everyone know it's anti-scientific bullshit.

palata
5 replies
4h57m

I believe decision makers really need to understand 3 basic points:

1. End-to-end encryption does exist today (and it is deployed at scale). There is no going back.

2. There is no middle ground: either it is end-to-end encrypted, or it is not. "Sniffing" encrypted messages is not a thing, period.

3. Make all the laws you want, criminals will always be able to use end-to-end encryption. Those laws will only prevent honest people from protecting their communications.

filleokus
2 replies
4h5m

I strongly agree with 2) and 3), but sadly I think 1) is overplaying our collective hand.

I would guess that the largest deployments of end-to-end-encryption today is Whatsapp and iMessage by a quite large margin. E2EE for "real people" is provided by the grace of two massive publicly traded companies who have to follow local regulation. If Apple complies [1] with dubious requirements in China, I wouldn't bet against them doing it elsewhere either.

Sure, we have Signal, but how many normal users would start delving into side loading if the application simply was banned and not allowed on the marketplaces? We can always use PGP-over-whatever, but that's an argument for 3) - not 1).

I think politicians / police (and honestly many normal people) believe that the government have the right to do lawful interception of private communication and see E2EE as a step to far. The US has been wiretapping phones for a century already.

We as privacy arguers have a pedagogical challenge of explaining why regulation like this is bad and not equivalent to 1930's style phone wiretapping.

[1]: Chinese iOS users have their iCloud data (that for the vast majority includes the decryption keys) on Chinese servers, subject to the Chinese legal system. For the rest of the world the situation is the same, but s/China/U.S, which is arguably problematic as well.

tga_d
1 replies
34m

I don't think their first point meant to say that there is no going back on deployed e2ee at scale, I believe they were just providing ground for connecting the next two points: it's so pervasive currently that, even if outlawed, criminals will always have no problem retaining access to it somehow. Even Signal, which relies on fairly centralized infrastructure, still has an open source server implementation that I suspect wouldn't be terribly difficult for a motivated criminal enterprise to deploy privately. Contrast with something like advanced weapon systems, where rarity makes it still viable to control and legislate.

palata
0 replies
18m

Yes that was exactly what I meant! E2EE exists out there in so many different forms that it is impossible to make it disappear as a technology. You don't need a world expert to deploy it: it's just a matter of using one of the available libraries. I mentioned that it is deployed as scale because it is not a niche thing anymore: most people in the world have benefited from E2EE already! It's not something one could hide or make disappear.

The point is that policy makers need to accept this as a reality: they cannot wish E2EE did not exist, that ship has sailed long ago.

FpUser
1 replies
3h39m

"End-to-end encryption does exist today (and it is deployed at scale). There is no going back."

It is useless if the spyware can scrape screen, log your keyboard / etc

palata
0 replies
16m

This is my second point: there is no middle ground. Either it is useful (because it works), or is it useless. There is no "it works for the good guys but it does not work for the bad guys". There is no tradeoff. Either it works for everybody, or it does not work at all.

sjducb
3 replies
5h56m

The debate is framed as privacy vs security.

Really it’s internal threat security vs external threat security.

Measures to reduce personal security also reduce the security of the traditional armed forces.

1) The armed forces use most of the same networking software and hardware as civilians. They also rely on the same protocols.

2) In a total war scenario, like Ukraine, civilian communication infrastructure becomes military communication infrastructure. See soldiers relying on phones for communication and apps to aim artillery.

3) The vulnerabilities that get built into civilian communications are obvious cyber warfare targets.

The framing of privacy vs security tricks the traditional armed forces into thinking that they have the same interests as the NSA.

npteljes
1 replies
4h9m

I think that using a secure layer on top of the insecure layer undermines this argument, similar to how HTTPS is secure while using HTTP with a twist, and using every underlying system in the same way. Or how GPS functionality is regulated for civilians.

So especially "1)" won't be true. Yes, right now they may be using same or similar things, but then after the new regulation they would be using superior stuff, problem solved.

"3)" is considerable because that's true, whatever difference there is in comms security, adversaries will have the same power over the civilian comms as their own government. Right now of course this is the case already, but especially after regulating it, will it become prevalent. I think governments are fine with this in general, though, which I deduct from the lack of countermeasures to it.

In reality, encryption is power, and the more power individuals have, the less power those have who want to control individuals. Everything else is smoke and mirrors, like the classic "think of the children" argument.

sjducb
0 replies
3h2m

Regarding #1. Will there be performance implications when adding the secure layer?

Will there be cost implications when adding a secure layer?

Will the secure layer add risks to the project? Governments are already bad at delivering defence projects on time, will the extra complexity make it worse?

How do we know which layers are insecure? Will there be a published list of vulnerabilities that need to be mitigated by the military?

maga_2020
0 replies
5h33m

Famous quote by Benjamin Franklin (from 1755) : “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”

...

"... Franklin was thus complaining of the choice facing the legislature between being able to make funds available for frontier defense and maintaining its right of self-governance--and he was criticizing the governor for suggesting it should be willing to give up the latter to ensure the former. ..." [0]

[0] https://www.lawfaremedia.org/article/what-ben-franklin-reall...

williamcotton
2 replies
6h12m

The underlying tension here is the expectation of privacy for signals broadcast outside of one’s property and into the commons.

We don’t yet have a firm grasp on how to handle the issue of extending privacy into these shared spaces. There just seems to be two unreconcilable polar extremes at the current moment without a clear path forward.

At least in the United States it could mean needing an amendment to the constitution as the 4th doesn’t properly cover these protections.

strix_varius
1 replies
6h1m

Fundamentally, the tension is between the universal laws of mathematics on which encryption is based and the politicians and police who don't understand them.

This quote from the article brings that into stark relief: "we do not accept that there need be a binary choice between cyber security or privacy on the one hand and public safety on the other. Absolutism on either side is not helpful"

Clearly, Europol misunderstands the fundamental, mathematically binary, nature of encryption as man-made "absolutism" that could be dispelled with just enough laws and warrants and wiretaps.

williamcotton
0 replies
5h20m

The laws of math and physics have very little to do with the determinations of the laws of people.

You can’t ban the chemistry of creating alcohol from homegrown grapes but you can ban and enforce against the practice well enough to limit bootlegging. The average person buys from the state regulated dispenser regardless of the possibility of doing otherwise.

The same COULD (uh oh, about to be misread and downvoted into oblivion) be said for cryptography, where bans of consumer friendly and easily available messaging applications would be similar to curbing bootlegging.

Of course the practice would continue for those who are capable but with consequences.

These are issues that must be reconciled. Hiding behind numbers will not work, as we are seeing play out in front of us, so we need constitutional protections.

andy_ppp
2 replies
6h8m

Are these people absolutely stupid, we could end up in a potentially catastrophic cyber war at some point and we need to be looking at better more secure systems than making even further holes in what we have!

jeltz
0 replies
4h6m

Kinda. My guess is that they are very narrowly focused and miss th bigger picture. They worry about organized crime and the war on drugs while forgetting the bigger picture.

hoseja
0 replies
5h44m

What they actually want is to lose that war. Very badly. Or, their sponsors do.

BLKNSLVR
2 replies
4h26m

Executive Summary: "They", as in, whoever will have access to all this gathered information, will not know how to use it. Therefore, it is inevitable that this gathered data will not be used intelligently or responsibly. Law enforcement bodies in any country on the planet just do not possess the smarts to handle it.

They don't know how to read, and these politicians want to give them more books.

I've mentioned the below a few times on HN because, for me, it was a traumatic incident with an outcome that was essentially an unknown for 8 months of my life: My house was raided by police for suspicion of distribution of CSAM.

Skip-to-the-end: They took about $10k worth of my homelab gear, had it for 8 months, and then I was told I could come and pick it up. No charges, no nothing.

There are pages and pages of things I've written to document this incident, these are a couple of notables:

They didn't know to expect there to be children in the house. At ~7am on a school day. That's the amount of additional investigation they do into the 'subject' prior to raiding their property. ie. Fucking None. I have two teenaged children that have impeccable school attendance and academic results that I'd assume would be easily accessible to law enforcement, had they cared to do any background research.

This was a traumatic event for MY CHILDREN caused by quote-unquote Law Enforcement.

They said the raid was based on information provided from an overseas (I'm assuming US-based, I'm in Australia) source (private company, law enforcement, intelligence, I have no idea) that identified my household's street address via an IP address, and this "evidence" was gathered over a number of years.

They asked my eldest "does your dad use your computer", he replied "no" (truthfully), and they didn't take it, didn't even look at it. I pointed out a laptop on the breakfast table that I said was was my wife's (truthfully) and they didn't take, didn't even look at it (as far as I recall). I specifically asked if this was about "me, personally" (since they showed no interest in my wife's laptop), and they repeated their (what became somewhat of a mantra) of "this specific address, not your neighbour's address, this address". And yet they had no interest in computers identified as not belonging to me.

One of the first things they asked me was "do you use a VPN?" I answered "no". Which was true then, and is sure-the-fuck not true now (split routing, the fucking works) - as a learning outcome, to protect myself from further blind police incompetence.

As part of the phone call when I received the "good news" that I could come and pick my shit up (I guess they came out of their way to pick it up from my place, I had to return the favour), the detective in charge of the investigation gave me the impression that she thought that she / the system couldn't be wrong about me. She made a point to say the following three things:

- Use of virtual machines is suspicious

- MEGA is almost exclusively used for CSAM and they found evidence that I'd downloaded things from MEGA (I think I may have used MEGA to download android ROMs)

- They found "TOR" installed on one of my computers

The last one. Where do I start? It's so incorrect an understanding that it was a 'cherry on top' data point that I didn't really need to confirm how hopelessly out of their depth law enforcement is with technology.

To repeat: They don't know how to read, and these politicians want to give them more books.

One of the ironies is (because I've got this sort of sense of humour) if I was living in an actual panopticon, I'd have easily been exonerated as I'm far too boring a person without enough spare time to engage in any of that behaviour.

In addition to the above, my better half is a teacher. Teachers in Australia have a "Mandatory Reporting" responsibility to report possible cases of child abuse based on their observations as a teacher.

The suicidally depressing thing about it is, the organisations responsible for visiting the homes and families that have been reported are so under-staffed and under-funded that they only have the time to investigate cases where the child is in immediate life-threatening danger.

Combine the two above anecdotes together and you've got a society that's gone wrong and is still applying increasing pressure to the accelerator.

Politicians calling for laws against encryption who are not also calling for massively increased budgets to child protection organisations are pushing an agenda that has nothing to do with real, actual protection of children, and they should be called out.

which
0 replies
1h28m

That is disturbing. Were you running an exit node from your home? Or maybe they were watching Tor users and some sort of traffic analysis heuristics they were using gave them a false positive?

ranger_danger
0 replies
3h7m

Uses VMs, mega and tor, but no full disk encryption

Talked to the police

I think this is a lesson in what not to do in the future. And that equipment they took? Consider it all 100% compromised.

jillesvangurp
1 replies
5h29m

Two people can keep a secret if one of them is dead. Anything involving secret backdoors, intentionally compromised crypto, not so secret master keys, etc. is doomed to leak to a hostile entities abusing this. The weakest part of the system becomes secret weaknesses staying secret.

Intentionally compromised encryption is going to be enormously appreciated by North Korea, Iran, China, and all the others one would normally want to keep from looking at secret data related to finances, personal communication, military secrets, industrial R&D, etc.

Countries need to get their priorities straight on national security. The enemy is outside of their country, not inside. And they don't play by the rules, generally.

highcountess
0 replies
5h15m

It seems to me that you may be making a mistake in assuming these counties do no in fact have their priorities straight, only that those priorities do not align with most people's interests.

The purpose of a system is what it does, not what it consistently and persistently fails to do.

Far too long and far too much, people have assumed a good will of our governments because we have intenionlaly been conditioned to accept with blind faith that "democracy" is a universal "good", never asking oneself why the tiny psychopathic ruling class would be such vehement proponents and rabid advocates of "Our Democracy"™, a supposed rule by majority. It appears that not everyone gets as suspicious of things that contain inherent fundamental contradictions.

gala8y
1 replies
6h43m

  Knowledge is a deadly friend
  If no one sets the rules
  The fate of all mankind, I see
  Is in the hands of fools

  _King Crimson - Epitaph_

BSDobelix
0 replies
6h17m

But knowledge prevents that the fate of mankind is in the hands of fools.

Knowledge and information need no rules, but humans do.

andersa
1 replies
6h9m

I thought Chat Control was dead. Is it coming back? The article is far too long.

noutella
0 replies
6h3m

Yes, basically it's back under another name after having been knocked off.

amelius
1 replies
5h40m

Can't they just put back doors in our silicon and be done with it?

ranger_danger
0 replies
3h11m

You don't think this is already the case for years?

TacticalCoder
1 replies
5h20m

The one thing that makes sick to my stomach is that all around Europe there are criminals committing actual crimes and getting a slap on the wrist from heavily politicized judges. There have been rapists freed because "in their culture it's different" (these are documented facts: it happened in several countries, more than once... For example in the UK because an 18 y/o muslim raped a teenager after his religious teacher taught him that "women are worthless" the judge relaxed him).

It's not about protecting the children. They actually love it when children and teenagers are sexually assaulted: that gives more fuel to put in place a totalitarian state, using the pretext of protecting the kids.

It's the same everywhere. In France many crimes are committed by people Macron promised to deport: illegal migrants already caught for a crime. He said, before being elected, that he'd deport 100% of the illegal migrants committing crimes. Instead of that socialist judges are constantly releasing these dangerous criminals in the street.

But the actual victims? And victims' families? Zero concern. None.

And if a victim dares to fight back and should hurt the illegal migrants: then the whole power of the state falls upon him and he'll get an incredibly harsh sentence.

The world is upside down: politicians do not get to have their communication monitored, victims are sent to jail if they dare to defend themselves.

And why do they want to wage their war on encryption? To fight me. Because I hate the EU I live in and they want to silence me. And all those like me.

The tyranny of the government is a very real thing and anyone longing for more government and more government spending should look deep down in his heart and conscience and wonder if it ever did any good for a country to have ever more government.

Meanwhile people shall hate on the libertarians, calling them names ("ladder pullers"), but I'll tell you this...

Libertarians would never ever vote complete and total surveillance of citizens, while protecting the politicians.

But do not worry: the world you deserve for hating on libertarians is coming to you soon enough.

npteljes
0 replies
3h58m

The world is exactly there as it ever was, power structures and power struggles. Two major differences to the past is that there is more people than ever, and that we currently have near-instant global communication.

I'm with you on the "think of the children" argument. That is 100% what's happening, and I think that it boils down to how the human mind works, particularly on how putting out a fire feels much better than preventing the same fire.

"Libertarian" means a lot of things, so it's hard to criticize, I especially struggle with the closing thought. Who are these libertarians that we should support, in order to have a better world?

Nevermark
1 replies
5h23m

Wide surveillance that aids the government in creating portfolios of “incriminating” circumstantial ”evidence” greatly increases the risk to the innocent, especially the under privileged, if it isn’t counter balanced by an increase in stronger protections for the innocent.

Unfortunately, in the US there is no bottom line constitutional protection for the (actually or credibly) innocent.

Procedure pre-empts innocence.

This impacts everything from permanent property confiscation based on subjective declarations of “suspicion” without any criminal indictment [0], general crime [1], to execution of the likely innocent [2].

Without a fundamental right for the innocent to have convictions vacated, after they are revealed to be highly suspect, procedure pre-empts information, even when the case for innocence is widely considered credible.

Executing the (credibly) innocent can even become a strategic politically advantageous performance. [3].

Constitutional protection of the incident would compel the courts to address catch 22 problems for the credibly innocent directly, providing a mechanism for relief when the gears of formal justice otherwise create no balanced recourse.

[0] https://www.npr.org/sections/thetwo-way/2014/11/10/363102433...

[1] https://en.m.wikipedia.org/wiki/List_of_wrongful_convictions...

[2] https://en.m.wikipedia.org/wiki/Execution_of_Nathaniel_Woods

[3] https://www.endfmrnow.org/arkansas-governor-denies-clemency-....

—-

Telling: what government is also pushing for all internal deliberations, materials and search queries, databases and algorithms leading up to prosecutions to be archived for the defense? Or to open up comprehensive surveillance systems search to the defense team?

Centralizing power and information in a way that supports convictions, but not defense, is a recipe for increased motivated, convenient, and incidental injustice.

FpUser
0 replies
3h5m

[3] is total madness. I think that highest level politicians who allow it to continue after being made aware should fucking rot in jail.

vasergen
0 replies
5h22m

Sorry for off-topic, just wanted to say that the price page on mullvad.net is the best one I saw comparing to other SaaS. Everything simple and straight forward!

varispeed
0 replies
6h27m

Can't help but think these laws are pushed by pervs who would love to be hired as moderators for such filtering systems to watch, store and sell the content the system has fished out for them.

paganel
0 replies
5h21m

But Ylva stood by her claim. She came back to the same argument over and over again. She avoided answering the questions (she obviously didn’t understand how the technology worked) but instead turned the direction of the discussion, saying, for example, that a court order would be required to carry out scanning, which in itself was deliberately misleading.

Is there currently a way for us, EU citizens, to vote those Brussels ghouls out of power? No, or at least none that I know of. Is this how a democracy is supposed to work? Certainly not.

Which is to say that events like this one should make most of the people see that the EU and the European Commission are certainly not democratic and they certainly do not represent the European electorate, because, as a matter of fact, the European electorate has no power over those people. But the propaganda still coming from those circles is too powerful, so, here we are.

bloopernova
0 replies
5h26m

They really said they had a foolproof way to read encrypted content to determine if it was "bad"?

I'm still flabbergasted that anyone supported danny masterson. That the head of an anti-csam org did it is just astonishing to me.

NeutralForest
0 replies
5h23m

This is terribly depressing. How can we, as citizens, protect ourselves and vote with our best interest in mind?