EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped
Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears.
The European Council and EU parliament are still wrangling over new proposals to prevent pedophiles from misusing chat and other encrypted internet services. Today’s vote got postponed at the last minute, but nobody expects it to stay dead for good.
All of these zombie ideas simply boil down to banning math. They won’t work—yet they put privacy at risk. In today’s SB Blogwatch, we ponder the futility of it all.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Odd medley.
E2EE vs. EU: FIGHT!
What’s the craic? Erin Hale reports: ‘Orwellian’: EU’s push to mass scan private messages
“According to leaked documents”
Under the proposed legislation, … popularly known as Chat Control 2.0, … photos, videos, and URLs sent on popular apps such as WhatsApp and Signal would be scanned by an artificial intelligence-powered algorithm against a government database of known abuse material. … Under the latest iteration, scans would be limited to photos, videos, and URLs and users … who did not consent would be prevented from uploading or sharing photos and videos.
…
Messaging platforms and privacy advocates have fiercely opposed the proposals, likening them to the mass surveillance of George Orwell’s 1984. … Critics argue that Chat Control 2.0 is incompatible with end-to-end encryption, which ensures that messages can be read only by the sender and the intended recipient. [They] have slammed the measures as a “backdoor” by another name that would leave everyone’s communications vulnerable to potential hacking or interference by third parties. [And] once a backdoor exists, it could be used to scan for more than just child sex abuse material.
…
Supporters say the proposals are necessary to fight the scourge of child exploitation, which officials say is being facilitated by encrypted platforms. … Law enforcement and intelligence agencies have frequently expressed concern about criminals using encrypted messaging apps to avoid detection. … Intelligence agencies, militaries, police, and some EU ministries would be exempt from the measures, according to leaked documents.
Here we go again. Politicians think they can do the impossible just because they say so. Here’s Alexander Martin: Signal president Meredith Whittaker criticizes EU
“Can be exploited by hackers”
The European Council, the EU body that sets the bloc’s political direction, … acknowledges that E2EE is “a necessary means of protecting fundamental rights” but warns that services using it must not “inadvertently become secure zones where child sexual abuse material can be shared or disseminated without possible consequences. … Therefore, child sexual abuse material should remain detectable in all interpersonal communications services.”
…
Signal’s Whittaker argues: “There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe. … Tampering with … an encryption algorithm, … key escrow, [or] forcing communications to pass through a surveillance system before they’re encrypted, [will remove] the protection of unbreakable math and … creates a high-value vulnerability … that can be exploited by hackers and hostile nation states.”
Strong words. And JP Mens picks out the killer graf:
“We ask that those playing these word games please stop and recognize what the expert community has repeatedly made clear. Either end-to-end encryption protects everyone, and enshrines security and privacy, or it’s broken for everyone. And breaking end-to-end encryption, particularly at such a geopolitically volatile time, is a disastrous proposition.”
And then it all fell apart. I think you ought to know Ambroos is feeling very depressed:
Yesterday and early this morning there has luckily been a massive push from Belgian media. The proposal this time around came from the Belgian presidency, so it was up to them to withdraw the vote. … It’s probable that the situation became untenable for the political parties involved, one of which lost massively in the Belgian elections about two weeks ago.
…
There is a lot of “but think of the children”, and zero technical expertise. … Next time this can come up for the vote will likely be from Hungary. They are taking over the EU presidency in a few weeks, and have already said this is on the agenda for them. … There’s no time to rest, the proposal isn’t dead.
It beats actually solving problems. ThatOne waxes cynical:
“Dripping water hollows out stone, not through force but through persistence”, as they say. … It’s a waste of time and money for all, except for the people pushing it forward. If they didn’t do that, they would have to do some actual work.
We’ve seen it all before, but is there anything new and improved this time? DrMrLordX sees the silver lining and cuts to the chase:
It’s bad, but all it constrains are URLs and images. If you send raw text, the regulation doesn’t seem to apply.
Still kinda sucks that the EU is glomming onto CSAM purveyors as a way to break … encryption. The CSAM peddlers will find ways around this, while regular people will risk undue scrutiny and violations of their privacy if they dare send encrypted images or HTML links.
On the other hand, surely you’ve nothing to fear if you’ve nothing to hide? u/Kikunobehide_ is afraid that’s wrong:
If … you have nothing to hide, … why not let the government place cameras in your house so they can make sure you’re not doing anything illegal? … Surveillance by the state inevitably causes changes in behaviour to comply with what the government deems legal and acceptable. … However, what is legal or deemed acceptable can change at any time.
…
Imagine a new government takes power—a government that doesn’t like dissent. By removing encryption they can spy on the entire population and arrest anyone who says something they don’t like.
Think that’s an exaggeration? Well, a slightly sarcastic alphalone sure doesn’t:
I’m sure that having less privacy at the same time as we get fascists elected all throughout Europe is a great combination. … Surely those governments wouldn’t use that to do whatever they want and would only use it to “protect the children,” right?
How could app makers make this law an ass? miki123211 sees the funny side:
This law’s entire purpose could very well be defeated by another recent-ish EU law, namely the Digital Markets act. This law is somewhat workable if you assume that App Stores are the only way for mobile apps to be distributed. If users are allowed to sideload, … an app maker from a non-European country … can just refuse to comply.
Meanwhile, why should we care outside Europe? ThatOne explains, from under tinfoil:
This is not just an EU issue, it’s a recurring theme around the world. Every government out there is trying to implement something similar, usually under the tired, “Won’t somebody think of the children?” … I would be more concerned about governments who don’t try to push that agenda, because it would mean they have already implemented this somehow.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.