this post was submitted on 05 Jun 2024
253 points (97.4% liked)

Technology

59589 readers
3300 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

cross-posted from: https://feddit.de/post/12846267

After Sunday‘s European elections, the EU is planning to reintroduce indiscriminate communications data retention without suspicion and force manufacturers to allow law enforcement access to digital devices such as smartphones and cars.

Specifically, according to the 42-point surveillance plan, manufacturers are to be legally obliged to make digital devices such as smartphones, smart homes, IoT devices, and cars monitorable at all times (“access by design”). Messenger services that were previously securely encrypted are to be forced to allow for interception.

The secure encryption of metadata and subscriber data is to be prohibited. Where requested by the police, GPS location tracking should be activated by service providers (“tracking switch”).

The EU Commission has already contributed specific proposals to the surveillance plan, according to two presentations obtained by the Pirates.

Make sure to vote in the upcoming elections!

top 46 comments
sorted by: hot top controversial new old
[–] BeatTakeshi@lemmy.world 48 points 5 months ago

This is 1984 dystopia level

[–] justdoitlater@lemmy.world 33 points 5 months ago

Very worrying

[–] Obonga@feddit.de 33 points 5 months ago

Are they trying to push tech savy people into full blown criminality? Way to go.

[–] admin@lemmy.my-box.dev 28 points 5 months ago (1 children)
[–] PiratPartiet@feddit.nu 16 points 5 months ago

I see we have another salilor on our ship! Welcome aboard fellow Pirate! Let's sail the seven seas and the great Internet to a brighter future! 🏴‍☠️💜

[–] zweieuro@lemmy.world 24 points 5 months ago (3 children)

As someone who sees these articles, who should I not vote for? Is there some ranking for 'most asshole-ish politician' regarding the EU? I know every politician has somewhat dirt on them but I'd love to know what to avoid since apparently some of those turds are worse than others.

[–] far_university1990@feddit.de 22 points 5 months ago (2 children)

If want more what patrick breyer doing, he is pirate party.

Von der leyen is cdu, some call her zensursula (censor-sula), her first name is ursula.

[–] rottingleaf@lemmy.zip 13 points 5 months ago* (last edited 5 months ago) (1 children)

About UvdL - one can also google about her and Azerbaijan, her and Russia, her and defense ministry.

Censorship is consistent with her other undertakings, but is not morally the worst of them.

[–] uis@lemm.ee 1 points 5 months ago (1 children)

Foreign member of United Russia)))

[–] rottingleaf@lemmy.zip 3 points 5 months ago

I'd argue the Azerbaijan part is more notable and disgusting.

But then that's an extension of the same. There's a faction in Edro strongly intermingled with Azerbaijan, and it seems to be gaining power over time.

[–] barsoap@lemm.ee 1 points 5 months ago

He's a judge by profession, btw. Any law weasel's worst nightmare.

[–] Unskilled5117@feddit.de 11 points 5 months ago (1 children)

It depends on the country you live in. You will have to research that. As a rule of thumb, it is conservative/ right wing parties pushing for heavier surveillance of citizens.

As it stands right now, the Eu parliament (which consists of people who we vote in to office), is the government body which opposes these measures. But there are only a few member countries left in the parliament which do that, so our votes are important!

[–] plactagonic@sopuli.xyz 7 points 5 months ago

From some more articles I grasped that it is shady. Some lobbying groups, secret commissions and stuff like that. They try really hard to not be the ones to point fingers at.

[–] PlutoniumAcid@lemmy.world 23 points 5 months ago (2 children)

How can people, "experts" even, work on shit like this with a good conscience? Even if they earn millions, they are still undressing all of us including their own families!

I refuse to believe they don't know, but why don't they care?

[–] surewhynotlem@lemmy.world 9 points 5 months ago (1 children)

Because they don't use technology. Their crimes are done in person.

[–] rottingleaf@lemmy.zip 3 points 5 months ago

The do use it, but they are very conscious of the fact that they won't be caught by their own rules and procedures.

[–] rottingleaf@lemmy.zip 6 points 5 months ago

Like asking how could people join Gestapo.

[–] GregorTacTac@lemm.ee 21 points 5 months ago (1 children)

How many times have they tried to do bullshit like this? This is the third time iirc.

[–] muntedcrocodile@lemm.ee 14 points 5 months ago

It wont be the last

[–] cyborganism@lemmy.ca 14 points 5 months ago

Wow..... No words.

[–] makeasnek@lemmy.ml 11 points 5 months ago (1 children)

Let your MEP know their voters care about privacy. These efforts have been defeated before, it just requires vigilance. Your letter can be as simple as "I care about privacy". That's all you have to write.

https://www.europarl.europa.eu/meps/en/home

[–] TheGrandNagus@lemmy.world 3 points 5 months ago

So fucking annoying that this shit gets rejected time and time again and yet they're allowed to just keep on asking and asking.

[–] muntedcrocodile@lemm.ee 8 points 5 months ago

It would be a lie to say i didnt see this coming. Its 1984 we just cant see it yet.

[–] ricdeh@lemmy.world 8 points 5 months ago

How can that be legal? Many European countries have the secrecy of correspondence enshrined in their constitutions, any EU legislation on that matter would doubtlessly be challenged in court in those countries and become ineffectual.

[–] photonic_sorcerer@lemmy.dbzer0.com 7 points 5 months ago (1 children)

The relevant points outlined in "Recommendations from the High-Level Group on Access to Data for Effective Law Enforcement":

  1. Implementing lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security. To that end, experts recommend developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure.
  2. Ensuring that possible new obligations, a new legal instrument and/or standards do not lead, directly or indirectly, to obligations for the providers to weaken the security of communications by generally undermining or weakening E2EE. Therefore, potential new rules on access to data in clear would need to undergo a cautious assessment based on stateof-the-art technological solutions (which should in turn consider the challenges of encryption). When ensuring the possibility of lawful access by design as provided by law, manufacturers or service providers should do so in a way that it has no negative impact on the security posture of their hardware or software architectures.
  3. Enhancing EU coordination and support to address situations where technical solutions exist to enable lawful interception but are not implemented by providers of Electronic Communications Services. In such cases, for example when home-routing agreements or when specific implementation of Rich Communication System (RCS) do not allow lawful interception capabilities, clear guidance and a dialogue facilitated at EU level would improve the cooperation with Electronic Communications Services.
  4. Conducting a comprehensive mapping of the current legislation in Member States to detail the legal responsibilities of digital hardware and software manufacturers to comply with data requests from law enforcement. It would also take into account specific scenarios and requirements that compel companies to access devices, in compliance also with CJEU caselaw and case law of the European Court of Human Rights. The goal should be to develop an EU-level handbook on that basis, and depending on the aforementioned mapping, to promote the approximation of legislation within this area, and to develop binding industry standards for devices brought to market in the EU, to integrate lawful access.
  5. Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users as well as without weakening or undermining the security of communications.
[–] pseud@lemmy.world 3 points 5 months ago

So... Everything, everywhere, all at once? Establish an expert group to figure out how immovable objects are to be met with unstoppable forces. And mandate the findings.

JFC

[–] Mikina@programming.dev 5 points 5 months ago* (last edited 5 months ago) (5 children)

I suppose it's written in a way to sound way worse and alarming than it actually is, due to the upcoming elections. It sounds almost unreal, i mean "EU secret plan to ban any kind of encryption or privacy" can't be reallistically happening, right?

I know about Chatcontrol, so I wouldn't be surprised, but this article sounds pretty overblown, to the point of sounding more like a wild conspiracy theory. Does anyone have more resources or info about this, that don't read like an election ad?

I'm not trying to dismiss or disrespect the author, and I trust that it was written with best intentions, but it's a really worrying topic about which I'd like to get more information about.

However, thanks for bringing it up, I contacted our local Pirate party about the topic, because they don't have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

[–] barsoap@lemm.ee 7 points 5 months ago (2 children)

I contacted our local Pirate party about the topic, because they don’t have anything related to crime prevention vs. privacy in their programe.

The general attitude in the German PP back in the days when I kept track (it's been a while) was "stop slurping data you'll never need from people not even under investigation, hire more investigators and do actual police work instead".

A good example here is the arrest of the founder of silk road: No computers were hacked in the process. They put a team of investigators on it who found OPSEC failures which are kinda unavoidable when you're up against a state-level actor. All without mass surveillance, only thing needed was good ole police work.

Also, side note, "prevention" and "enforcement" should never be used in the same sentence. The best crime prevention is social policy, not law enforcement. Next in line, swift and fair sentences in juvenile courts, time is very crucial there to form an association in still malleable minds. Next in line, sentences that forego retribution and focus on reintegration.

[–] rottingleaf@lemmy.zip 1 points 5 months ago

OPSEC failures which are kinda unavoidable when you’re up against a state-level actor

Which is all you need to confirm that surveillance plans are intended not to help investigate crimes, but to help warn criminals and even help them commit crimes which would otherwise be prevented by technology.

[–] pseud@lemmy.world 1 points 5 months ago (1 children)

Just to add -- last I remember researching this, none of the terrorists attacks in Europe in the last two decades that were coordinated (and we know how), were coordinated using secure communications. Bataclan was planned over SMS, for instance.

Based German PP.

[–] rottingleaf@lemmy.zip 1 points 5 months ago

The idea of arguing whether this helps the intended goal is harmful, because it's a distraction.

You are arguing with people you shouldn't even respect, thus "confirming" their right to even attempt such laws.

These are bazaar thieves. You can only punch them in the face. See the good French tradition of actual protest, I don't think they get written permissions to burn cars.

[–] rottingleaf@lemmy.zip 2 points 5 months ago

It mentions support from politicians who, I'm certain, would approve of Mexican cartel or Pinochet style actions against their enemies if they were unchecked (UvdL). So this doesn't seem to be more alarming that it actually is.

Also I don't want to invoke Godwin's law here, but the actual coming of original Hitler to power happened very fast. So if your argument is "EU can't undergo such a change so easily", then I suggest you find something better.

[–] wanderingmagus@lemm.ee 1 points 5 months ago

https://cdn.netzpolitik.org/wp-upload/2024/06/2024-05-22-Recommendation-HLG-Going-Dark-c.pdf

  1. Implementing lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security. To that end, experts recommend developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure.
  2. Ensuring that possible new obligations, a new legal instrument and/or standards do not lead, directly or indirectly, to obligations for the providers to weaken the security of communications by generally undermining or weakening E2EE. Therefore, potential new rules on access to data in clear would need to undergo a cautious assessment based on stateof-the-art technological solutions (which should in turn consider the challenges of encryption). When ensuring the possibility of lawful access by design as provided by law, manufacturers or service providers should do so in a way that it has no negative impact on the security posture of their hardware or software architectures.
  3. Enhancing EU coordination and support to address situations where technical solutions exist to enable lawful interception but are not implemented by providers of Electronic Communications Services. In such cases, for example when home-routing agreements or when specific implementation of Rich Communication System (RCS) do not allow lawful interception capabilities, clear guidance and a dialogue facilitated at EU level would improve the cooperation with Electronic Communications Services.
  4. Conducting a comprehensive mapping of the current legislation in Member States to detail the legal responsibilities of digital hardware and software manufacturers to comply with data requests from law enforcement. It would also take into account specific scenarios and requirements that compel companies to access devices, in compliance also with CJEU caselaw and case law of the European Court of Human Rights. The goal should be to develop an EU-level handbook on that basis, and depending on the aforementioned mapping, to promote the approximation of legislation within this area, and to develop binding industry standards for devices brought to market in the EU, to integrate lawful access.
  5. Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users as well as without weakening or undermining the security of communications. Recommendations from the High-Level Group on Access to Data for Effective Law Enforcement, Council of the European Union, 22 May 2024, pp. 23-24.
[–] PiratPartiet@feddit.nu 1 points 5 months ago

I contacted our local Pirate party about the topic, because they don't have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

The Swedish pirates are happy to hear that you contacted your local pirates! And feel free to send us a DM here on lemmy if you need help to get in contact with them! Together we sail into a better tomorrow for all Citizens!

[–] nifty@lemmy.world 4 points 5 months ago

This indicates to me that EU citizens who care about privacy are not reaching out to their representatives