EU Parliament Civil Liberties Committee adopts position on CSAR(europarl.europa.eu) |
EU Parliament Civil Liberties Committee adopts position on CSAR(europarl.europa.eu) |
It's all well and good to consider user privacy and user safety but not when it stifles the market.
[Please note that this is a satirical comment based on some of the arguments I've seen here in the past]
In the USA it's easy for a new tech company to put out a commercial to target the entire US population of more than 300 million people. This is practically impossible in the EU. The market here is actually very fractured.
We have "big" tech companies in each EU nation, but they cater only to the domestic market. "Big" as in they are dominant in their field inside their nation.
Take online payment systems for instance. While there are global EU companies like Klarna, most EU nations has their own system that everyone uses. So while you usually have a bunch of payment options to chose from, 99% picks the national one (usually no processing fees).
This also applies to a bunch of other apps in the EU.
If you create an app or a service in the EU and you want it to succeed, you need to target your domestic market first. However chances are there's already an app or service for your idea and you'll have zero chance to compete on the international market, even if you translate your service to as many languages you can think of.
doh, ARM?
edit: please add "edit" when you edit
Open standards, open-source code. That's really the only option for code people are supposed to trust.
Do I trust Apple and Microsoft? I think sort of.
I don’t trust them to be perfect, but if your prior is to say that you don’t trust them at all, then it means you basically can’t use them at all bc no amount of security will get around an untrustworthy OS.
They control what gets displayed on screen, they control how memory is laid out and accessed for a program. There are already so many more important things we entrust to them. So, yeah, I prefer OS’s (all vendors) to provide APIs, and for app stores to enforce their use. I especially would trust this more than EU laws, and I certainly would trust that more than everyone doing their own thing, regardless if it’s open source.
If for no other better reason I trust the OS more, since all of these open solutions will still run on those supposedly untrustworthy os vendors.
You basically have to trust your OS, Don’t you think? Otherwise, the answer is you do nothing.
I mean if they are claiming their messaging system is E2E and it turns out it isn't the cost to them (not only financial) would be much higher than whatever they earn from having access to your data.
If EU would introduce such legislation, it could potentially make software doing end2end encryption illegal. In such case, google would be removing it from EU Play Stores, and this would be more/less end of such messaging apps unless they comply. :-)
This is why it's important to have a reasonable legislature and laws.
And multiple points of control. In the EU the council acts as a check on populism through parliament (even if the nazis took over parliament it wouldn't give them a lot of power), parliament acts as a check on the council (even if the heads of 70% of EU countries decided something, parliament gets its say). Neither of those are the executive so they would be unable to push through laws which favour specific countries or groups of countries (as the commission are supposed to act primarily on behalf of the union, in the same way the US president is supposed to not favour his home state). Then outside of government you have the judiciary who look at the laws passed and interpret them in line with other laws, throwing out ones which are incompatible.
If you have to ask governments for permission then that's a bad design and your system will be taken away from you when the next think-of-the-children populists are elected
If you work on the assumption all governments are eternally nice and well interventioned .. then E2E chat systems aren't all that necessary in the first place
I'm not saying I don't believe it - I have zero trust in Meta, and use Matrix and Signal with everyone that I can. But I would like evidence of foul play before making specific claims.
Because historically we've already caught these companies doing dubious things and they're still in business, still making money hand over fist.
For example, Facebook saying they would only use phone numbers for two-factor authentication and just ignoring that because it was profitable.
Or Biobank saying they wouldn't share private medical data with insurance companies and then just ignoring that because it was profitable.
Or Microsoft and its subsidiaries bribing foreign officials to gain sales and block use of FOSS alternatives because it was profitable.
The naughty list is long and it doesn't seem to cause much reputational damage if any.
Yeah I agree that's the core issue. I'd only "trust" them because I don't see how promising E2E and then breaking it on a widescale would be profitable for them
The Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted a "draft Parliament position" [0] and that's that.
This still needs to go through so-called "tri(a?)logue negotiations", held between the EU parliament, commission and council. [1]
Still a tad early for calling this a win!
[0] - https://www.europarl.europa.eu/news/en/press-room/20231110IP...
[1] - https://netzpolitik.org/2023/ueberwachung-eu-innenausschuss-... (German)
The heading indicates a committee adopted a position, and that's true.
https://web.archive.org/web/20231114102908/https://news.ycom...
It’s not a trial-ogue. It’s a tri-logue because it involves three parties.
* https://dictionary.cambridge.org/dictionary/english/trialogu...
We need some laws to swing our way; enshrine our rights to privacy in clear terms so implementing laws like chat control become a non-starter.
> Chat control - one of the worst EU plans that is also being described as a surveillance monster - must be stopped. And the EU Parliament has just decided to do so! In a historic agreement on the EU Commission's Child Sexual Abuse Regulation (CSAR) the European Parliament wants to remove chat control requirements and safeguard secure encryption. The decision came after extensive backlash against the original proposal from technology and security experts, to international scientists and to citizens across Europe. This is a great win for our right to privacy and for upholding our democratic values in Europe, but the fight continues!
What did the EU Parliament decide?
Breyer writes on his website that internet services and apps must be "secure by design and default". The EU Parliament has agreed to:
"safeguard the digital secrecy of correspondence and remove the plans for blanket chat control, which violate fundamental rights and stand no chance in court. The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material."
In contrast to the original chat control proposal, the version of the EU Parliament wants that a new EU Child Protection Centre proactively searches publicly accessible parts of the internet for child sexual abuse material with automatic crawling, which can also take place in darknet and would be much more efficient than private surveillance measures by providers. Found abuse material must be reported and taken down by the provider. Fight is not over
While the EU Parliament's decision is a huge win, the fight is not over. It is expected that the EU Commission will continue to push for general surveillance chat control measures. Now is the time for each and everyone of us to join this fight!
[1] https://www.thorn.org/partnerships/
[2]https://web.archive.org/web/20130420162917/http://www.wearet...
Which moreover came with a fineprint specifying that it'd be illegal for browsers to warn users about certificate being swapped?
Is that out of the window for now too?
That was a (probably) unintended consequence of the eIDAS legislation, where specific Certificate Authorities must be trusted by browsers to enable digital certificates and signing to work EU-wide. This has since been corrected and the legislation explicitly states that those CAs and the regular CAs can and should be kept separate, thus MITM won't be possible unless the browser chooses to mix things.
Let's see how quickly it'll resurface again
GDPR, forced interoperability from gatekeepers, the 2 year warranty on anything bought online
This attempt at breaking encryption completely stood out with the usual things
The EU seems like the only governmental organization that's working well to improve my life, in my country. Everything else is either decaying or opposing my values.
That'll have a massive (I think positive) effect on the digital economy.
That will be a lot harder though cause way more people actually pay attention to what their governates are doing compared to the EU (assuming of course a significant proportion of the population actually cares and opposes stuff like this).
(Thanks)
The EU Parliament giveth and taketh away.
When you compare how scandalous and impossibly excessive was looking the story of "1984" a few dozen years ago and that now it is the new normal. In a lot of countries, even democratic ones, we are already far worse than what was described in the book. But very little persons are shocked about that...
This is a good start, if it is sufficiently well-funded and appropriately staffed.
I hope that they crawl much more than the public "clearnet" and "darknet", since a lot of media is shared inside the various walled gardens that make up the internet here in the '20s.
I know about statewatch and some individuals I follow who do a pretty good job, but feels like there is a gap for an organization to step and replicate what EFF does in the US.
I would happily support with money and time.
I used to have Stylebot pinned to my extensions to fix it, but haven't had to do it in ages. Designers - please don't do this.
(I think it comes from people designing on much higher contrast Apple monitors and not testing on anything else)
But you are right, the Tuta article has a contrast ratio of 4.35:1, which doesn't pass even the lower WCAG level (AA = 4.5:1).
Accessibility is important. We are all going to depend on it if we live long enough.
Some politician gets the genius idea to have backdoors in encryption, initial support, then reality sets in and the plans are abandoned.
There is just no sensible way to implement this, therefore it's not going to happen.
This iteration did go a bit further than usual.
The "Mandatory government-issue SSL certificate" is still on the table.
When I heard an interview with a Swedish EU politician, I thought it was a lost cause. She was completely blinded by the possibilities and saw no downside whatsoever.
In my opinion you should be upset at the EU commission, and especially commissioner Ylva Johansson from Sweden who seems to be the one pushing this stupid stuff.
I think those are already in place - one major point against the previously suggested approach was that it would conflict with a bunch of existing regulation, and so it would never get past the courts even if it was passed.
Two convenient examples:
- Article 8 of the EU convention of human rights guarantees a right to privacy, specifically that "Everyone has the right to respect for his private and family life, his home and his correspondence": https://en.wikipedia.org/wiki/Article_8_of_the_European_Conv.... Clearly conflicts with "let's scan everybody's correspondence".
- The E-Commerce Directive defined the rules for online business in the EU back in 2000, and specifically prohibits states from ever imposing general monitoring obligations: https://en.wikipedia.org/wiki/Electronic_Commerce_Directive_....
For all its problems, in areas like this the EU is actually pretty well set up.
Worth noting that this isn't just a regulation; since the Lisbon Treaty it is effectively part of the EU's _constitution_, and can't simply be regulated or legislated away.
Though also note that it's the European convention on human rights, not the EU one. It's from the Council of Europe, a separate body, but the Lisbon Treaty effectively enshrined it in EU law.
EDIT: Nope, see comment below. The terminology is a bit of a mess...
So it doesn't have de-jure legislative powers, but de-facto it does.
I think you see this dynamic in action more with the commission vs EU parliament dynamic than you do with national government vs national parliament because in many countries there are, in practice, consequences to the government losing a vote in parliament, so governments will generally mostly restrict themselves to bills that they think they can win. There are no such consequences in the EU system, so you see a lot of this.
Thankfully the EU still has the European Convention on Human Rights and an associated court which individuals can go to and sue their state: the European Court of Human Rights. This is unlike the European Court of Justice which cannot directly be seized by individuals.
That EU Convention on Human Rights contains the "right to privacy" (art. 8).
This may be what they meant by saying that this horrible text stood no chance in court: a deluge of individual going to to the EU Court of Human Rights invoking article 8.
Now I don't doubt that the sold outs and enemy of the EU states at the European Commission are going to come back with other horrible measures.
As a sidenote this whole "good cop (European Parliament) / bad cop (European Commission)" is a bit of a farce played on the EU people too.
That's why we have strong checks and balances, the commission (made up of appointees of the 26 EU government heads) will push things, the council (made up of those heads) have to agree, and the Parliament (made up from a popular vote) has to agree, then if all that fails the courts step in
But the fight isn't as much against the government, it's the hearts and minds of the people to make them care more about their own privacy and security rather than "someone think of the children".
Checks and balances are working this time hopefully. Regardless our (good) multi-stage processes and multi-chamber structure and even, regardless matters of lobbying and money - in the moment of quiet while smoke is still on the wind - look for the shooter. "Who wants this?" and "What are their fears?" leads to a better leverage point closer to values than parameters.
There are a lot of people in the world right now anxious about the digital future. The EU Commission seem to hear too much from Chicken-Licken's gang of sky-repellant gizmo salesmen and not from calmer humane optimists.
Naively I thought it would cost millions to get a politician to support you but actually it's cheap enough a FAANG engineer could individually pay enough to lobby someone lol.
Edit: Literally the user base on HN would be able to crowdfund and organise a lobbying group greater than the NRA ($2.93M in 2022) if we wanted to - lobbying is such a smaller industry than I intuitively expect
This is... a little misleading. They also have at least two PACs (here's the big one: https://www.opensecrets.org/political-action-committees-pacs...)
Now, you could claim, though not particularly credibly, that money spent on PACs is not lobbying money.
I'm sure there is additional money for lobbying that is not on the books. Holidays, houses, good bullion, crypto, free memberships to exclusive clubs and the like that is gifted to politician's and their spouses by big industry.
Knowing you are losing an election and getting dumped into a $350k/yr easy-mode job takes the edge off.
"Be thankful for your government, it's the best that money can buy"
In the EU, a lot of laws are effectively written or co-authored by companies, which saves the politicians and their staffs incredible amounts of time and expertise. This must be quite expensive, just to have the lawyers on payroll who are able to do that.
https://youtu.be/1nBx-37c3c8?si=vA0IIew7ripABUTD
I think the idea that if an opposing idea went to an NRA friend and offered more money, in almost all cases they would refuse because the lobbying dollars aren’t to convince but to support someone who asked believes what you do.
In some cases, probably like crypto laws, a politician might think “sure I don’t care or have an opinion, you bought some donations and I don’t hate your opinion so I’ll help out”, but that is a lot different than “you pay me x and I vote y.”
I think taking the agency out of the politicians hands, in most cases, is the wrong perspective.
2) You aren’t going to move the needle much with 5 figures for anything at a national level.
The real work comes when you hire the congressman’s favorite PR firm for X and their cousins polling firm for Y and their former chief of staff for $15k a month retainer and so on. The vast majority of this gets done via “consulting” agreements and public relations firms and law firms, where the nominal work is irrelevant and the relationships and introductions are the product.
It just happens that most lobbyists are paid by groups who are seeking to enrich themselves at the cost of everyone else.
However, there are some lobbyists who work for organizations that attempt to guide policy that helps under-represented groups (like nature, animal welfare, human welfare). Those lobbyists are fewer and poorly paid (as their "clients" typically have little or no money), but they work hard to at least inform policymakers of their perspective.
Same with "expats" vs "immigrants".
Lobbying I'd argue is an essential part of democracy because it allows groups of people that have a shared concern to come together and make their case to the politicians.
page 26 (or page 24 in in-document numbering) ... amazing that Thorn was just an "NGO" .. instead of the company that wants to sell filtering tech.
so, can we get the actual expert opinion of these wonderful folk?
I'm sure it'll get reintroduced in a year or so, and if it doesn't get enough media attention, it'll pass.
They only have to win once, we have to win every goddamn time.
If you look at the developments in Hungary and Poland (or the polls in Austria), any form of surveillance will be just used as another vehicle to keep autocrats and would-be dictators in power.
I doubt that the election in Poland in 2023 would have turned out like this if the PiS had seamless protocols of the opposition's communication.
If legislators feel strongly ideologically about an issue, no amount of lobbying will make them vote the other way.
https://www.reuters.com/business/healthcare-pharmaceuticals/...
I don't think there's a topic where lobbying doesn't work to at least some degree. Or do you have an example?
Well maybe a tiny bit of doubt.
I'm sure some companies would make a fortune, but their lobbying power would be outweighed by other multinational companies like whatsapp and smaller companies like mullvad.
I wasn't saying lobbying doesn't work at all.
Actually no, ECHR rulings and the ECHR itself are considered guiding principles when the ECJ decides related questions but the EU is not technically bound by the ECHR
This is made moot by the fact that the EU doesn't have independent enforcement so all EU law is enforced by the member states and all member states are members of the CoE and the ECHR has already ruled that a member state can't violate the ECHR and justify itself by saying they were following EU law
But the comment above could also be referring to the EU charter of fundamental right which is binding on EU institutions and EU member states (when they're implementing/enforcing EU law), article 8 of the charter is about the protection of personal data so you can read the original comment both ways.
Either they said EU instead of European and were talking about the ECHR's "Right to respect for private and family life, home and correspondence" or they said convention of human rights instead of "charter on fundamental rights" and were referring to the EU's "Protection of personal data"
Fun
Somehow it seems different when 'presenting the case' is accompanied by gifts and money.
This is the main problem, and there is a solution. If campaigns are financed by enough public money, donations have less power and can be regulated more heavily.
Similarly, if individual politicians get enough from the state to feel secure even if voted out, we take away the power of the promise of a next job and can enforce a grace period before working on anything related.
So divide 57 by 115, and you get about 0.5 million euros on average for the high estimate.
(Some of the respondents may work for the same organization which complicates calculating the average. Hence why they’re reporting the sums instead, I guess.)
>Now, you could claim, though not particularly credibly, that money spent on PACs is not lobbying money.
There are PACs and then there's AIPAC with a 70M/year budget.
Just for the folks on the West side of the Pond, pretty much means to drop the bill. "To table" is so weird.
[1]: https://en.wikipedia.org/wiki/Table_(parliamentary_procedure...
Of course the parliament doesn't need to ask the commission to drop a law, it can simply vote against it.
Here's a few examples of registered organisations that lobby the EU:
* the Electronic Frontier Foundation https://ec.europa.eu/transparencyregister/public/consultatio...
* the Mozilla Foundation https://ec.europa.eu/transparencyregister/public/consultatio...
Do you think it's corruption when they inform the EU of the risks of legislation (like eIDAS) and fight against potential loopholes (successfully in the case of eIDAS)?
There's no difference between companies and people here; no one, spending their company's money or their own, should be able to influence solely through money. They only can because of corrupt state employees, who should be replaced.
There is because individuals are not normally the clients of lobbyists, nor do they - normally - approach politicians directly with money in hand except for some countries where campaign donations are a thing. They shouldn't be because they are effectively corruption but unsurprisingly countries where this practice is established never get around to abolishing it because it put the people who are in power in power in the first place.
> They only can because of corrupt state employees, who should be replaced.
If the state employees receive that money off the books then yes, but if it is structural it is not the employees that should be replaced but the system that should be replaced. And that is a much harder task. Because you could replace employees until the cows come home, if the system remains the same nothing will really change.
There are lots of things where we trust individuals to do a good job. If we can identify things as being the results of corruption via lobbying, why not fire them or prosecute them?
> Companies don't have the right to vote
https://www.businessinsider.com/some-cities-are-allowing-cor...
Let's not pretend that a slick lobbyist hired by vested interests to talk to representatives with no money changing hands is comparable to the stuff that goes down in high corruption countries, where there's literally briefcases full of cash given to politicians.
> “…it was publicly disclosed that Boehner in the last week of June 1995 walked around the House floor delivering six or more of the Brown & Williamson Tobacco Corp. PAC checks.
> “in the same week Boehner was giving out the checks on the House floor, the House Appropriations Committee met in its room in the Rayburn House Office Building and voted down (17 to 30) an amendment that would have ended the government's price support program for tobacco. Seven Appropriations Committee members each had received a $500 check from Brown & Williamson's PAC, including one for the committee chairman, Rep. Bob Livingston (R-La.).”
This kind of activity seems to refute the “objective difference” you’re imagining.
2. 500, even in 1995, is a token amount of money to the representatives. I highly doubt they changed their vote for that little money.
That's just a make-up, parfumerie on top of the same exact concept: use money in some way to corrupt decision making.
Just because in some countries it's done with a veneer of legitimacy, in a way that doesn't look as dirty and disgusting as "those other over there with their dirty hands full of bags of money", it's just corruption with a façade of high-class. It's still the same thing, just has more layers of indirection and make-up on top.
> The CPI measures perception of corruption due to the difficulty of measuring absolute levels of corruption
So the difference consists primarily in perception, the slickness of it all as you put it? How well we can hide corruption with a facade of legality and civility. Somehow the crude briefcase full of cash feels more honest and direct.
https://www.etymonline.com/word/dialogue explains the common confusion with di-
Could //di-a-logos// mean dividing (like in dissecting) something that ISN'T understood?
That would be solved by referenda, with their results and number of people affected being presented to the politicians so that they must deal with the problem. Lobbying as it is now in many countries (possibly all of them) has nothing to do with that and to me is just legalized corruption.
Otherwise I'm very curious how NGOs can lobby.
Princcccesssssssssss!
https://en.wikipedia.org/wiki/Data_Protection_Directive
Big tech and the advertising industry responded by sidestepping the new regulation to make deals with the individual countries to undermine it, and actually managed to get close to getting their way, and possibly to get it repealed completely.
https://www.nu.nl/internet/2849758/druk-van-lobby-opstelten-...
But the EU responded with the GDPR.
And now big tech is again lobbying and pressuring member states for exemptions, for example, Facebook:
https://www.theguardian.com/technology/2019/mar/02/facebook-...
This is just venue shopping, can't get what you want in one place then you just fragment it and try to get multiple smaller deals. So I totally expect a similar thing to happen around this subject, the stakes are just too high for them to ignore the whole EU for their games.
Though admittedly the example Cyprus indicates that the strategy could be to simply quietly ignore the law when it comes to foreign interests.
The point that I and several others have made is that what “low corruption” often corresponds to is that corruption has been legalized in various ways.
Re the amount, the fact that it’s a token is kind of the point in those cases. It’s a public display and reminder to everyone where their campaign funding is coming from. Other amounts are often donated at other times, and larger amounts may come from other companies in the same industry. They didn’t change their vote for those specific checks, it’s more like a reminder that the vote that had already been bought was coming up.
Their tactics apparently worked on you to make you inclined to ignore the exact kind of blatant corruption you had just been criticizing. It’s not “low corruption”, it’s corruption that’s apparently less easy for many people to recognize.
In the post-soviet countries (many of them now in EU), you can't imagine how much you can "get done" by "gifting" the right person a bottle of their favourite poison - which costs a token amount by almost any standard (like, high school pocket money).
My point is that these are two names for the same thing, an attempt to justify the "rules for you but not for us" on the moral spectrum. Microsoft can launder open source code with generative AI, but don't you dare even look at their sources.
Same shit, dressed pretty.
Lobbying is not inherently money oriented.
I'm just Dan Aris.
That's an excellent question. In many places 'lobbying' is legal, technically it is supposedly to inform the clueless legislators about various interests. But in practice it very quickly turns into 'soft' corruption, meetings in holiday resorts (oh, do bring your family) and so on. Whatever lines are drawn the amount of money available to get around them is practically infinite and politicians (and civil servants) are not all equally good at determining when they are targeted and might be across the line before they realize it (and then it gets much harder to go back than to have never crossed it before).
Occasionally people are terminated, and occasionally there are prosecutions. But there is a very large amount of information about who may have been involved in corruption and only a limited amount of prosecution and investigatory power so the bulk of these cases will end up being ignored.
I don't think many people would get such a pass. The whole point of paying them from money taken from people's incomes is so they can be impartial. There's no point having them if they don't add value.
You'd be surprised. Especially if the last review of the rules is a while ago or if they have been recently updated. People are sloppy, especially if they think nobody is looking and that it doesn't matter.
> The whole point of paying them from money taken from people's incomes is so they can be impartial.
That's the theory, but as the US supreme court proves that doesn't mean much.
> There's no point having them if they don't add value.
It's never that black and white except for the most extreme cases and those are the ones that in the end usually do make it to prosecution. Also note that in the EU different member states have entirely different views on what constitutes corruption and normality.
The prices are available at https://www.medicinpriser.dk/?lng=2
As far as I can tell looking from the outside the US system is set up so that if you aren't ridiculously wealthy yourself you pretty much need lobbyist money to fund your campaign to get elected.
Considering their whole country started as a place where only wealthy male landowners could vote, and they literally deify some of those wealthy male land and slave owners, as well as their written works, it's no surprise really.
Out of curiosity, how accurately do you feel are the opinions of outsiders with no experience living in your country who comment on your country's state of affairs?
But outsiders have no emotional stakes in convincing themselves that your country is the best on earth. Consequently, I feel the non-US media are freer than US mass media to discuss the true state of American healthcare. Outsiders are less susceptible to your country's patriotic propaganda.
This does go both (or all) ways. The US are an example here, not a singular special case. Every country tries to convince its citizens that it's better than everywhere else.
In general I would expect someone who speaks the language of the country I live in now at roughly the same level I speak English to have a pretty accurate understanding of what is going on here. It would, frankly, be quite weird to speak the language and have no idea of what is happening here. Of course America is a special case because of how the internet is dominated by US media, commentary and content.
Also if everyone can give/spend as much as they want legally it at least stays semi transparent so in theory voters can base their decisions on that. Illegal bribes, kickbacks etc. are a bit harder to track.
Some people really do have principles they won't violate. We just don't get enough people in politics who don't have a price.
> If legislators feel strongly ideologically about an issue, no amount of lobbying will make them vote the other way.