EU Proposes It’s Own Version Of EARN IT: Effectively Mandates Full Surveillance Of All Messaging & No Encryption
from the this-is-so-so-bad dept
What the actual fuck, EU? While they pretend to be all about protecting privacy, they then push out this bit of utter nonsense: a bill to “protect the children” by literally requiring online services scan all messaging all the time. In some ways, the bill is similar to the EARN IT Act in the US, but it’s bizarrely even worse than that.
The law requires messaging providers to do “risk assessment” and “risk mitigation” but if the government feels that the services aren’t doing enough (which, of course, they’ll claim about everyone), it can get a court to issue “detection orders” which require the site to monitor communications for “new child sexual abuse material or grooming.”
Ah, yeah, good one, EU. Just as the Trumpists of the US have declared anyone who supports the ability to respect the sexual orientation and gender of other human beings “groomers” you’re now saying websites can be forced to scan private messages for evidence of “grooming.” I’m sure that won’t be abused at all.
There is a lot of language in there to pretend that this will be limited and that it doesn’t need to break encryption, but there is no way to do any of this without basically breaking encryption and creating massive surveillance systems that snoop on basically every communication. As the EFF notes in response to this proposal:
The new proposal is overbroad, not proportionate, and hurts everyone’s privacy and safety. By damaging encryption, it could actually make the problem of child safety worse, not better, for some minors. Abused minors, as much as anyone, need private channels to report what is happening to them. The scanning requirements are subject to safeguards, but they aren’t strong enough to prevent the privacy-intrusive actions that platforms will be required to undertake.
Cryptographer Matthew Green called this proposal “the most terrifying thing I’ve ever seen.”
It truly is incredible that at the very same time they’re claiming that Silicon Valley companies are doing too much surveillance, they’re now going to demand much, much more surveillance.
This proposal is still in the early stages, but it could move somewhat quickly. Things that claim they’re about “protecting the children” often do. However, if this became law, it would do the opposite of protecting children. It would put way more children at risk, by removing the ability for them to have safe and secure communications, including spying on their communications with others in ways that could be massively intrusive. At the very least, it may intimidate children at risk from speaking up or reaching out for help, because those communications will no longer be secure.
What a complete disaster, proposed by clueless bureaucrats who have been told how ridiculous this proposal would be and still decided to push forward with it.
Filed Under: csam, encryption, eu, for the children, grooming, scanning, surveillance
Comments on “EU Proposes It’s Own Version Of EARN IT: Effectively Mandates Full Surveillance Of All Messaging & No Encryption”
Shitty legislation like this is making even Remainers now bless Brexit. Just sayin’.
Re:
Sorry, Autie. What were you saying about blessing brexit? I must not have been paying close enough attention to UK legislation.
Re: Re:
But the UK has still to come up with legislation anywhere near as horrible as what the EU manages every few months. Did you even read the content of your links?
Re: Re: Re:
The Online Safety Bill is pretty damn bad.
Re: Re: Re:2
The Online ‘Safety’ Bill is unlikely to pass. In the EU, a bill has to gain a majority of votes only once to become law; in the UK, it’s twice. As has been pointed out, this proposed law is worse than anything in the UK.
Re: Re: Re:3
“Thank goodness for Brexit, so we don’t have any of these draconian EU laws!”
What about these?
“Those aren’t as bad, did you even read the content?”
Here’s a specific example of one that’s bad.
“That won’t become a law because we have special double-secret voting magic!!1 Plus it isn’t as bad as those EU laws!!!’
(rinse, repeat)
Re: Re: Re:4
Nice what-aboutism. Chump. ಠ_ಠ
Re: Re: Re:4
Oh yes, because “less likely to pass” totally equals “not as bad”. Go back to elementary school and learn some reading comprehension. Dumbass.
Re: Re: Re:3
Honestly, what this shows is how futile Brexit was, because both UK and mainland politicians are infected with the same streak of uncritical authoritarianism.
Re:
Make things up all you want, the Tories are quite capable of coming up with worse crap on their own. Those strawman remainers you’re using to defend them won’t hold up to scrutiny when they are no longer able to blame their incompetence on EU bureaucrats getting in the way of their worst impulses.
Re: Re:
Nobody’s defending the Tories that I can see. Careful. Tangentially related comments like yours look like spam.
Re: Re:
And as has already been pointed out, the UK government has an extra hill to climb in getting any bills passed, making it less likely for perverse legislation to make it through their process now the UK’s no longer part of the EU. Nice what-aboutism on your part, though.
Re: Re:
Oh yes, because “less likely to pass” totally equals “not as bad”. Go back to elementary school and learn some reading comprehension. Dumbass.
Re: total bollocks
I live in the UK.
Your talking bollocks.
Brexit is a Kremlin plan to destabilised Europe. What do you think happend on bojo’s trip to Lebednev’s party? Why did we sign this impossible treaty with us leaving the EU, no border between Northern and Southern ireland and no border between us and the north?
Every stupid brexit “tactic” puts more pressure on the EU, who are already watching a war on their borders.
This is serious shit junior, grow up.
Re: Re:
(>_<) =3
Re: Re:
So no passport control equals no border? So why is there a border sign between England and Wales if there’s no border? Get an education, ignoramus
Re:
“Shitty legislation like this is making even Remainers now bless Brexit. Just sayin’.”
Unfortunately.
The UK’s “Brexit” may have been plotted primarily by xenophobic nationalists and executed by inept morons, but…the EU has, for the last twenty years, produced some astonishingly bad legislation fit to match chinese totalitarianism.
The UK will be going through a very bad time due to their brexit handling, but I’m afraid that if the EU keeps progressing down this path it’s going to be followed by a lot of member nations.
Because although European Unity is a great dream, the current EU isn’t it. More like an all-consuming totalitarian bureaucracy governed by a new feudal class.
Re:
You think the UK won’t come up with a similar law on their own?
Can I have some of what you’re smoking?
Re: Re:
They may do, but it would have to go through two votes opposed to just one, as others have already pointed out. Can I have whatever it is you’re smoking that so screwed up your critical thinking skills?
Get this into law, and the scope will creep to terrorism, and then any illegal activities.
I swear to god this is becoming ridiculous dick-measuring
The U.S: We’re proposing a law that blows a hole and “””””might””””” try to cuck over end-to-end encryption for the children.
The U.K: We’re gonna go dirty to ensure that encryption is defeated and the children are safe.
The E.U.: We just wanna be Big Brother lol.
Reminder to the EU:
1984 was an allegory, not a fucking how-to manual. Q-/
According to Patrick Breyer (European Parliament Pirate Party, Europol was failing to report CSAM to providers after discovering it.
concerns
This is a backdoor method to Unlock ALL Phones.
What other countries demand this?
China? Russia? parts of the middle east?
NEXT the EU and onto the USA.
Political comment:
“See, everyone else does it, why not we?”
From what I’ve seen with bills in other domains (e.g. copyright, computer security), being told how ridiculous a proposal is seems like an incentive for them to push it forward.
You tell them “it’s a stupid proposal”, they hear “I double-dog dare you”.
Off the top of my head, doesn’t this completely mess with whatever infrastructure the EU has due to the GDPR?
Re:
Well this proposal tries to sneakily get around that by not specifying what kind of tech has to be implemented leaving that for the companies to determine. Only that it meets a certain requirement.
They also say it’s going targeted but as the rest of the proposal lays out, it is anything BUT targeted and tries to dance around that by not saying it.
Someone on Twitter named That Privacy Guy has noted that this proposal as it currently stands runs afowl of EU treaties and case law in terms of proportionality and necessity.
Re: Re:
So in other words, the only reason why it wouldn’t violate the GDPR is because the people proposing it pinky swore it wouldn’t. As reassuring as an anvil over your head.
Re: Re:
…this proposal as it currently stands runs afowl of EU treaties and case law…
Chicken or turkey?
Ah, ChatControl, as it’s being called by Patrick Breyer. I was wondering when TechDirt might cover it. Had this on my radar since EARN IT got reintroduced and noticed some Europeans mulling about what ChatControl could entail. Now we know for sure, and it’s every bit as bad as speculated.
It’s worse than EARN IT because right now, EARN IT seems to be going after encrypted services specifically. This doesn’t just impact E2E, it impacts any service with a messenger aspect. So if a company currently doesn’t scan non-E2E encrypted messages, they may be forced to do what Facebook and Google and etc. do and scan literally every message.
The comparisons to EARN IT are apt though, in that not only the negative effects are even more pronounced, but the method in which it could be taken down is more blatant. Aspects of EARN IT may be foiled by the Fourth Amendment. This ChatControl in entirety goes completely against established EU constitutional and case law regarding privacy and government intervention, and would likely be stricken down in the courts.
But that requires a company or individual standing up to it and having the funds to do so. Given it claims to be about protecting kids… who wants to bite that bullet? Certainly no company big enough that bad press about “not helping kids” would hurt, and certainly no company so small they lack the funds. And even if someone steps up, that’s still a few years’ of companies feeling like they need to snoop on everyone.
Hopefully- knock on wood, not wishing on anything resembling a monkey’s paw- like EARN IT, it stalls out and nothing comes of it.
How likely is it to pass? Some are saying its likely illegal under the EU Treaties and Case Law under the principles of proportionality and necessity. Also heard many MEPs are not keen on it.
Re:
“How likely is it to pass?”
Highly. It took a massive effort to shutter ACTA despite the utterly horrible way that was handled, and even when almost every EU PM was against it the shenanigans pulled to make it pass anyway became so ridiculous the EU’s own shadow rapporteur resigned, leaving an open resignation letter where he condemned the various maneuvers as the most corrupt practice he had ever seen or heard of in his lifetime as a politician.
It may afterwards be struck down by the EU court of justice, the way the Data Retention Directive was abolished…but the damage will remain done, in any nation quick and eager to embrace a governance of mass surveillance.
Well this is one way to keep republicans out of the EU.
Can’t wait to see how many high powered people they manage to catch in this net.
They might not have enough people to have a quorum to vote it out of existence.
Working as intended, government by, of, and for nonces.
Take away all the places kids can safely discuss stuff with their peers, etc. and you drive them to confide instead in sympathetic-acting individuals in positions of authority in closed rooms instead. The kind of people pushing bills like this.
Working as intended, government by, of, and for nonces.
Take away all the places kids can safely discuss stuff with their peers, etc. and you drive them to confide instead in sympathetic-acting individuals in positions of authority in closed rooms instead. The kind of people pushing bills like this.
Not everyone that uses encryption type platforms are nonces, we for example use different platforms to pass on documents and new contacts to each other on the fly
surely this will conflict with our heavy GDPR laws in the UK that we’ve been working hard at getting right.