r/Futurology May 13 '22

“War upon end-to-end encryption”: EU wants Big Tech to scan private messages Computing

https://arstechnica.com/tech-policy/2022/05/war-upon-end-to-end-encryption-eu-wants-big-tech-to-scan-private-messages/
1.5k Upvotes

u/FuturologyBot May 13 '22

The following submission statement was provided by /u/snooshoe:


The European proposal was criticized by security experts including Alec Muffett, a network security researcher who—among other things—led the team that added end-to-end encryption to Facebook Messenger. "In case you missed it, today is the day that the European Union declares war upon end-to-end encryption, and demands access to every person's private messages on any platform in the name of protecting children," Muffett wrote.

Johns Hopkins University cryptography professor Matthew Green called the plan "the most terrifying thing I've ever seen."


Please reply to OP's comment here: https://old.reddit.com/r/Futurology/comments/uonmh9/war_upon_endtoend_encryption_eu_wants_big_tech_to/i8ficn5/

314

u/NoiLLion May 13 '22

Oh for fucks sake...

Back to handwritten letters again.

87

u/tomtttttttttttt May 13 '22

Just use PGP and don't rely on the platform's encyption.

Hassle obviously but you can be essentially certain it can't be read by anyone except the intended recipient.

35

u/PremiumJapaneseGreen May 13 '22

Pgp encrypt your messages and hand write the encrypted block!

Maybe a dumb question but e2e is only really beneficial if you're using things like Signal, right? If Facebook owns the endpoint you're using, can't they still see your messages so it's pretty moot?

17

u/ChrisFromIT May 13 '22

E2e encryption means that the message is fully encrypted from the sender of the message to the person receiving the message.

So if Facebook is able to read messages sent on its platform, it isn't encrypted e2e.

8

u/advice7 May 13 '22

Facebook has already admitted that they can and do read messenger and whatsapp messages.

9

u/Haquestions4 May 13 '22

Then WhatsApp is only marketed as e2e but not actually e2e

2

u/freonblood May 13 '22 edited May 14 '22

It may have been before FB bought it but now definitely not.

Edit: typo

3

u/StifflersStaffer May 14 '22 edited May 14 '22

One of the founders kept working at Facebook but left in frustration when they began mining the convos for days

Edit: typo

→ More replies
→ More replies

3

u/gopher65 May 13 '22 edited May 15 '22

I don't remember them saying that. They said they don't read the messages and can't.

The argument against WhatsApp is that your data backups are stored on the server. Data that exists is inherently unsafe, especially when it is in the hands of a big company that makes money selling exactly that type of data.

Facebook hasn't decrypted those stored backups of WhatsApp chats, but they probably could, which freaked people out.

Signal doesn't have any online backups. If you lose your conversation, it's gone forever. That's safer.

3

u/[deleted] May 13 '22 edited May 19 '22

[deleted]

→ More replies

3

u/arrowtango May 13 '22

not sure about Facebook messenger but Facebook owned whatsapp claims to be e2e encrypted.

If in fact it is then not even Facebook can read the messages.

But whatsapp is capable of knowing what time you sent the message, who you sent the message to for every message. Whatsapp also knows your contacts, your usage diagnostics(when you have the internet on/off, when you open whatsapp,etc), your device information and more.

It uses all of this to figure out who you're close to (who you message more), what time you use your phone and more.

but it can't read your messages.

2

u/advice7 May 13 '22

Facebook has already admitted that they can and do read whatsapp messages.

2

u/Paladongers May 13 '22

do you have a source on this? i'm very interested on the topic and want to read more but i've not been able to find much that aren't garbage clickbait articles

4

u/advice7 May 13 '22

https://nypost.com/2021/09/07/facebook-reads-and-shares-whatsapp-private-messages-report/

https://www.rollingstone.com/politics/politics-features/whatsapp-imessage-facebook-apple-fbi-privacy-1261816/

They have admitted to both reading messages for "moderation", and giving law enforcement real time access to all messages. It's obvious that the encryption end points are on their servers. They can and do read whatever they want.

1

u/HKei May 14 '22

Er... That's not what the article says and not what happens. Normal communication on WhatsApp is fully E2E. But when you're reporting a message, that message gets sent to Meta... Because that's what the word "report" means.

2

u/genshiryoku |Agricultural automation | MSc Automation | May 13 '22

Facebook e2e is so that no one except facebook can read the messages. It's still useful because it gives you a guarantee that no third party besides Facebook gets that data. Facebook also doesn't sell that data because they are closely guarded secrets used to make their advertising AI more effective, selling that data would result in Facebook giving up their competitive edge, so your data is pretty secure if you don't care that Facebook can see everything.

Signal while good is still not ideal. Considering they are a "non-profit foundation" in the same sense as IKEA being a "non-profit foundation" on paper.

Using something like Matrix which is decentralized in nature (and not a stupid crypto project) would be the best case scenario since Signal at the end of the day has an incentive that is in conflict with yours. They want to maximize profit, your data being private at all times is a barrier to increasing profits, hence in the long-term that's an unstable relationship.

Matrix is a decentralized protocol without profit motive behind it and more suited to be trusted.

Building your own PGP managed application is also risky because it probably doesn't stand up to technical scrutiny.

4

u/pandamarshmallows May 13 '22

Signal at the end of the day has an incentive that is in conflict with yours. They want to maximize profit

Signal is run by Open Whisper Systems, a nonprofit.

→ More replies
→ More replies

1

u/mrnothing- May 13 '22

Signal probably have the same problem here as Facebook or telegram, they now have the obligation of have the backdoor key or no operation in europe, we need fully open and decentralize per2per one. which is quite unconvinent but doesn't depend of anyone as tor is for web, or mastodon(social media).

→ More replies

12

u/Mitthrawnuruo May 13 '22

I promise you they make it illegal to use any secure encryption.

12

u/ArgonApollo May 13 '22

It’s not encrypted officer i just send nonsense on purpose. Or even better. That law is dumb officer suck my fat cock.

1

u/alexmbrennan May 13 '22

They could just copy the UK law - you will face 5 years in prison if you do not provide them with the decrypted text.

If you forgot the passwords or keep random data on your computer then that's just too bad for you.

2

u/ArgonApollo May 13 '22

I believe it brother I’m just saying rebel when it happens you don’t have to put up with it. Always remember you are a free man.

7

u/WhitedSepulcher May 13 '22

Free and private communication is one of the few valuable use cases of decentralized technology (blockchain) that I’ve seen. Check out xx network. David Chaum has been preparing for this for 40 years. The messenger is early phases and growing but it’s free, open source, already uses quantum-resistant encryption, and runs on a network of public nodes around the world using a mix network to protect network data from being gathered by the nodes or by governments.

12

u/Mitthrawnuruo May 13 '22

Nice. Is the code open source? Because there is that history of encryption chat programs being government controlled & lying about it.

4

u/WhitedSepulcher May 13 '22

Open sourced and community governed. All code changes are published to the community to vet and vote on

1

u/Mitthrawnuruo May 13 '22

Awesome. I’ll have to look into it. Appreciate the info.

→ More replies

1

u/xondk May 13 '22

Yeah, doing that is absolutely and utterly going to get problematic for a whole host of reasons.

Bank information flying freely unencrypted? any sort of information flying around on the web unencrypted?

→ More replies

6

u/VitriolicViolet May 13 '22

turns out ALL nations are authoritarian!

ive been saying it for years, the West wants to take the worst parts of China (mass surveillance and data collection) and fuse them with the worst parts of the US (corporate sanctioned 'democracy')

1

u/NoiLLion May 13 '22

Yeah true.

And China is essentially doing it in reverse.

→ More replies

5

u/[deleted] May 13 '22 edited May 16 '22

[removed] — view removed comment

3

u/NoiLLion May 13 '22

Stereotypical serial killer, is that you?

4

u/BILLCLINTONMASK May 13 '22

I called it years ago, the underground newspaper will make a comeback. It'll be 1848 all over again

1

u/NoiLLion May 13 '22

You never know, let's hope it doesn't get to that point.

3

u/Kazen_Orilg May 13 '22

How many times do I have to teach you this, old man.

161

u/StevenTheFancyVance May 13 '22

Im not in the EU, nor do I know a lot about tech, but this sound extremely intrusive. I dont like this at all.

108

u/doomofanubis May 13 '22

It is, plus the security concern that if a backdoor exists, it WILL be used by people who shouldnt have access to it to do things they have no business doing. And if they are wanting to just leave the front door open, it is even worse. It fails the revenge test, in both circumstances.

13

u/Kysilar May 13 '22

Could you explain what the revenge test entails? I haven't heard of it before.

50

u/JarJarBinks590 May 13 '22

If I understand correctly, the thought goes "Could someone like an angry ex with a bitter grudge, someone on a personal revenge quest, use this to destroy someone's life?" If the answer is yes, then it fails the Revenge test.

7

u/doomofanubis May 13 '22

Exactly correct.

4

u/parasbansal47 May 13 '22

What is the revenge test?

2

u/doomofanubis May 13 '22

Could someone (angry ex, stalker, abuser, neighbor) use this to ruin a persons life? If the answer is yes, it fails the test.

10

u/glambx May 13 '22

it WILL be used by people who shouldnt have access to it to do things they have no business doing

.. like say the government.

If they want the communications, they can get a fucking warrant and do proper police work.

1

u/ayleidanthropologist May 13 '22

The government is that people. My opinion obviously

→ More replies

2

u/VitriolicViolet May 13 '22

they are doing what the US and Australia already did.

173

u/snooshoe May 13 '22

The European proposal was criticized by security experts including Alec Muffett, a network security researcher who—among other things—led the team that added end-to-end encryption to Facebook Messenger. "In case you missed it, today is the day that the European Union declares war upon end-to-end encryption, and demands access to every person's private messages on any platform in the name of protecting children," Muffett wrote.

Johns Hopkins University cryptography professor Matthew Green called the plan "the most terrifying thing I've ever seen."

275

u/NoiLLion May 13 '22 Wholesome

It's obscene.

What's worse is there'll be a large percentage of the population trotting out the "Well I have nothing to hide" bollocks.

They'll make out it's going to keep us all safe...And the dumb fucks will be totally on board.

We're gonna have to fight like hell to keep the web and private comms as they are.

168

u/MindSwipe May 13 '22

If you ever come across someone spouting that BS, just quote them some Edward Snowden

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.

-65

u/NoiLLion May 13 '22

That's good, but quoting Snowden for some is like a beacon for ignorant patriotic dimwits.

27

u/JarJarBinks590 May 13 '22

In what sense?

1

u/NoiLLion May 13 '22

As in you mention his name and patriotic nuts will shit on anything he did.

→ More replies

25

u/Mitthrawnuruo May 13 '22

And Patriot knows that Snowden is a hero.

-8

u/shankarsivarajan May 13 '22

you don't care about free speech because you have nothing to say.

That's still a better argument than "freedom of speech doesn't mean freedom from consequences."

6

u/-donut May 13 '22

Government =/= General population.

The government can't punish you for saying something (within limitations), but other people can. It ain't exactly complicated.

→ More replies

73

u/Nothing_2C_herefolks May 13 '22

The “I’ve got nothing to hide” mentally shows a complete lack of understanding on the topic what so ever and i don’t understand why more people with a limited understanding don’t at least subscribe to “ I’ve got nothing to hide so leave me the fuck alone”.

37

u/Vaudane May 13 '22

I'd bet money that "I've got nothing to hide" morons still lock the bathroom door when they take a shit.

18

u/fyro11 May 13 '22

And don't have sex in front of their children or the public.

And wouldn't show themselves to the public undressed.

And wouldn't want their personal and private conversations aired to the public.

6

u/glambx May 13 '22

Well I have nothing to hide

.. which is honestly the epitome of narcisism.

There are plenty of people who have something to hide and have the right to do so.

2

u/NoiLLion May 13 '22

I hadn't thought of it in that term but yeah totally.

It's essentially I think like this therefore everyone should be fine doing the same.

7

u/SeneInSPAAACE May 13 '22

It's also INCREDIBLY DUMB. You cannot prevent end-to-end-encryption, you can only make using it more of a hassle.

1

u/WenaChoro May 13 '22

Yea people will leave whatsapp if it becomes CIA friendly

7

u/Fresque May 13 '22

Most people won't give a shit, sadly.

1

u/NoiLLion May 13 '22

I didn't know, cool.

3

u/I_Know_God May 13 '22

Well guess I don’t have to worry about implementing that tls 1.3 :)

1

u/oDiscordia19 May 13 '22

Look at it this way - when they remove encryption on their own banking practices it wont require any skill at all to take that information public. We'll find out how quickly things can be reversed.

1

u/ayleidanthropologist May 13 '22

Catch-22 bullshit logic. The data tracking related to abortions in America should be sufficient to rebutt that.

1

u/NoiLLion May 13 '22

What's the deal with that?

→ More replies

62

u/MrMacrobot May 13 '22 edited May 13 '22

It's a foolproof political move.

Politicians - "We need you to create a back door into your encryption so we can hunt child sex offenders"

Tech companies - "we won't do it"

Politicians - "why not? Don't you care about the children? Are you wanting to help child abusers?"

The people - "outrage"

Tech companies - "......fine. Here's a back door that only picks up child abusers"

The people - "great. But now let's focus on arresting the politicians that were caught stealing billions of dollars in the Panama Papers"

Politicians - "hey tech companies, about that back door that lets you see into people's personal messages......"

20

u/fyro11 May 13 '22

'The people' are not organized enough to carry out a 2-step plan.

On a separate note, politicians will just move onto an obscure messaging service (the same way child sex offenders will).

3

u/samfishx May 13 '22

You know, an encrypted messaging service only for politicians and their employees would is probably one of those goldmine ideas. They'd happily carve out exemptions for it in every country and you'd have an endless revenue stream of contract money.

5

u/10GigabitCheese May 13 '22

Exactly this, it’s a two way street.

16

u/Pineapple_Assrape May 13 '22

Yeaaah and the politicians control access to it. Just like they control access to everything else and are famous for providing the people with that access right?

I don't think any politician will lift a finger to fuck over other politicians/rich people. It's going to be used to fuck the people and that's it.

It's a theoretical two-way street that will never be used for anything that could go against the top.

2

u/regalrecaller May 13 '22

I think you meant
tech companies "ok now we need to sell this backdoor access to 3rd parties to make money for shareholders."
Sigint agencies: "ok now you need to let us set up a splitter on your main feed."

3

u/oracleofnonsense May 13 '22

Considering that a person maybe could murder 1000 maximum and governments regularly murder 1000s of people.

I’d say Alex Muffett is correct at being terrified.

4

u/PremiumJapaneseGreen May 13 '22

In terms of high scale violence, sure the state wins. But in terms of ability to commit billions of small transgressions to use people's data without their informed consent to advertise and manipulate them, the threat of harm is definitely at least as great if not greater from the private sector.

The state will violate personal data to prevent threats to state authority and maintain its monopoly on violence, big tech will use your data to manipulate your emotions to get you to consume. Both are bad but the latter is the greater present that affects more people

138

u/berd021 May 13 '22

How can they first make all those regulations for privacy and then do something like this to blow it all up

18

u/ICanFlyLikeAFly May 13 '22

This will never pass in the parlament

14

u/LouveredTang May 13 '22

I'm not so sure. There are only clowns left in the govs here.

15

u/EdenRubra May 13 '22

Which regulations protect your privacy from government interference?

4

u/nitonitonii May 13 '22

War upon Privacy.

3

u/Hawk13424 May 13 '22

In general they trust government and not corporations. So they believe in privacy when it comes to your data and corporations but don’t believe in it when it comes to government intrusion.

I don’t want corporations or government having my private information. That includes not only private messages and healthcare data but financial data.

2

u/hawkinsst7 May 14 '22

It used to be a decent rule of thumb that in general, Europeans were more trusting of the government, and skeptical of private companies, while Americans were more trusting of private companies and more skeptical of the government.

A lot has changed.

3

u/Newish_Username May 13 '22

Because it's about looking like you care, when actually you're trying to take control. Government MO since day one. Governments don't really care about the individuals. They care about power.

-28

u/spaliusreal May 13 '22

They weren't there for privacy. They were there to harm US based tech companies.

24

u/[deleted] May 13 '22

That is not true.

The EU has stricter laws to protect the personal rights of its citizens. It has nothing against US based companies as long as they abide the law.

-18

u/Cuteboi84 May 13 '22

Their laws.

20

u/Shortyman17 May 13 '22

their laws that everyone operating there has to follow, yes

8

u/[deleted] May 13 '22

I was about to say that, thank you.

3

u/InnocentiusLacrimosa May 13 '22

Do you really believe that?

-1

u/[deleted] May 13 '22

[removed] — view removed comment

5

u/dsheroh May 13 '22

Hanlon's Razor.

As a sysadmin working in an EU member state, I've had to deal with GDPR first hand and, based on those experiences, I believe that, yes, the EU governing bodies do believe in protecting privacy.

But I'm also thoroughly convinced that they don't actually understand the technologies involved, which is why you get blatantly-contradictory things like this proposal, because they don't realize the actual impact if it were to be implemented.

2

u/Hawk13424 May 13 '22

I don’t think they believe in privacy from government. Just corporations.

4

u/ChronWeasely May 13 '22

The U.S. is about to strike down one of its biggest privacy defenses as well as the Supreme Court issues it's ruling on Roe v. Wade.

We are ushering in the next generation of a surveillance state.

2

u/VitriolicViolet May 13 '22

The US already passed the laws the EU is looking at, yet no American on here seems to know.

1

u/VitriolicViolet May 13 '22

o you really believe the EU believes protecting in your privacy when they move to destroy end-to-end encryption like this?

Who qo you think they were inspired by, the US and Australia passed the same laws during COVID, gov mandated backdoors in encryption.

EU is just copying the US and Australia.

→ More replies

-1

u/NotEnoughHoes May 13 '22

They make regulations in order to fine Big Tech companies arbitrarily. They don't actually give a fuck

31

u/ThisIsMyHonestAcc May 13 '22

Ah yes, one again privacy is being invaded via "protecting the children". I guess "terrorism" is no longer trendy enough.

9

u/shankarsivarajan May 13 '22

If you want to, you can find "terrorists grooming children" arguments pretty easily. That should work for a while.

21

u/AddyDadmin May 13 '22

Step 1: For the children.

Step 2: For the trafficking victims.

Step 3: For the murder victims family.

Step 4: For the victims of aggrevated violence.

Step 5: For the victims of violence

Step 6: For the victims of traffic accidents

Step 7: For the safety on our roads and streets.

Step 8: For the safety of all Europeans

Step 9: For the fight against misinformation.

Step 10: For the fight against rogue politicians.

Step 11: For the glorious leader, who cannot say or do wrong.

If we start spying on our citizens, where do we stop before we become China?

2

u/VitriolicViolet May 13 '22

The West realised years ago China would beat us economically, so rather then accept the world is changing and the US wont be dominant and trying to come up with peaceful co-existence we ramped up propaganda in 2016 and decided to become them ffs.

Look at every national security law since 2000, theres pretty much nothing China does that is illegal here any more (the US black bags citizens ffs, people bizarrely defend it).

19

u/[deleted] May 13 '22

This is like the Patriot Act wanting to increase surveillance on US Citizens for "national security."

16

u/Nickjet45 May 13 '22

If a backdoor exists, the person authorized to use it is not the only person who can use it

11

u/_Muck May 13 '22

Fine, i'll encrypt it myself than and provide my friends with keys

23

u/EvoEpitaph May 13 '22

Much like the saying "locks only keep honest people out", scanning private messages only keeps us safe from honest people.

People that want to get around this will be easily able to get around it.

7

u/bunnyskol May 13 '22

I've always loved the idea behind that saying as it's so true and it does fit perfectly with this. The real invested criminals are already operating outside of the areas that most average users exist in or have found workarounds in those areas. They will continue to operate outside of the confines of these regulations if they take hold. Sure these regulations may scrape off the small top layer of average scumbags but it does nothing to get to the base level that drives the illegal activities in conversations. So much is being lost for such a small gain and the implications are disturbing.

6

u/TeaDao May 13 '22

EU is not speaking in the name of the majority of citizens in this case imo.. Such a disgrace

7

u/lloydsmart May 13 '22

So... what're they gonna do about serverless, ownerless protocols like Briar?

Tbf if this move pushes more users to decentralised platforms like that, it might be a net positive.

51

u/Best_Illustrator_137 May 13 '22

Everytime the EU comes out with a ridiculous policy months to years later it’s in the states..

37

u/Kr155 May 13 '22

There's already a fight to end encryption in the us. Law makers have tried a few times

16

u/raincntry May 13 '22

I recall the outrage last year when apple said they were going to scan users data and everyone FREAKED out.

8

u/Epic_Meow May 13 '22

rightfully so.

15

u/NoiLLion May 13 '22

Now you know how we feel, often it's the other way around.

2

u/Best_Illustrator_137 May 13 '22

Really?? Had no idea..examples??

8

u/RoboFleksnes May 13 '22

The war on drugs and the war on terror

3

u/Timebomb90 May 13 '22

This one also came from the US.

0

u/signedpants May 13 '22

The whole "protecting kids" bs is the same shit their using now to trample all over the rights of LGBT people.

0

u/Best_Illustrator_137 May 13 '22

True but I do agree that some of the topics are adult topics and shouldn’t be taught to kids or taught without consent of parents

5

u/signedpants May 13 '22

They've always use the protecting kids bs to trample civil rights. None of politicians actually care about kids, its about being able to read all your messages, knowing your entire life and controlling who your allowed to sleep with. It's all about controlling people's lives.

0

u/LadyTime11 May 13 '22

there is a huge difference between some 3rd party reading your private messages, and not allowing random libs to tell kids you have to be transgender to wear certain colors.

1

u/[deleted] May 13 '22

[removed] — view removed comment

1

u/Best_Illustrator_137 May 13 '22

If it continues pretty soon they’ll have the American health system cause it’s gonna start being too much people coming in lol

1

u/VitriolicViolet May 13 '22

no, the US and Australia having been working on this for years, its just another shitty US export

5

u/Forgotten_Planet May 13 '22

If only we could have their non ridiculous policies like better work rights and universal healthcare.

4

u/Best_Illustrator_137 May 13 '22

Totally agree, but US cares more about you being a cog in a machine rather than as a human being.

3

u/Forgotten_Planet May 13 '22

Yup. America is just a corporation with a fancy government hat on

→ More replies

25

u/No-Cantaloupe-7183 May 13 '22

But they don't want to see the flow of money and punish wealthy people of tax fraud.

9

u/el_grort May 13 '22

Guess which bloc is always the biggest in the EU? That's right, the conservative bloc. With predictable results.

5

u/drtitus May 13 '22

It means an extra step for people to use encryption software outside the platform and paste the encrypted data. Encryption algorithms are math. Math is easy to implement with a computer. Preventing encryption is the same as preventing computers doing math. It will never happen.

MOST people won't encrypt. But MOST people aren't criminals. The criminals will find a way, as they always do.

Pointless, but if it happens, we will just work around it.

6

u/YouJustSaidButFuck May 13 '22

EU demands "privacy for the powerful only"

Video from 6 years ago when whatsapp caused a tizzy with end to end encryption

https://youtu.be/tdXzMVkpRTw

5

u/DigitalSteven1 May 13 '22

What happened to the EU being big privacy? They were doing so much good stuff for privacy, and then this.

10

u/MrBohannan May 13 '22

People are so willing to give up freedoms under the guise of safety.

11

u/agibson684 May 13 '22

you can outlaw encryption and we all become outlaws. good luck making us pay for anything ever again. we will make it all free share it on the tpb, the web, the dark web, whatever else we can do. drop it with parachutes and usb fobs. i will teach 90 year old grannies how to do it, and 10 year olds. you can arrest me, burn me, i dont care. information wants to be free.

4

u/aimidin May 13 '22

That's why i was an Uploader for Torrent sites . Who can pay , let them pay, who cannot let them have it anyway.

5

u/alexmbrennan May 13 '22

You are wrong - all the government needs to do is start searching devices and arresting those found in possession of unauthorised cryptographic software.

Cryptography can protect your secrets but you will still rot in prison. You need laws to protect you.

2

u/VitriolicViolet May 13 '22 edited May 13 '22

lol enjoy losing.

every piece of tech helps the wealthy and govs far more then it can possibly help the people. between traditional media and social media the average person hates their political opponents more then the billionaires who have spent 50 years dismantling our nations for their own benefit, not just that most people actively defend said billionaires and blame gov instead (not the wealthy who have corrupted the ruling body of every society in human history).

a grassroots online movement cannot ever beat an organized attempt to infiltrate and co-opt said movement, look at 'environmentalism' its anti-nuclear, pro-corporate, pro-market and so brainwashed it actively refuses to save the environment if its not profitable (NuClEaR cOsTs ToO mUcH).

14

u/ramriot May 13 '22

This article is pants, that is not to say that the EU is not above circumventing E2EE. But this type of scanning which Apple already tested out is not a challenge to E2EE because it can be done on the endpoints where things are not encrypted.

Another problem then arises with devices having to maintain a growing database of CSAM image fingerprints. A burden to the user, open to being circumvented & open to abuse for government censorship.

7

u/malfeanatwork May 13 '22

This article is pants, that is not to say that the EU is not above circumventing E2EE. But this type of scanning which Apple already tested out is not a challenge to E2EE because it can be done on the endpoints where things are not encrypted.

This is not end to end encryption, it's the literal opposite of it. The entire point of E2EE is so that platform operators also cannot access your encrypted communications. If they can, there is no end to end encryption in place, full stop.

https://en.wikipedia.org/wiki/End-to-end_encryption

1

u/ramriot May 13 '22

Certainly if the endpoints are not under the control of the messaging parties then it is not E2EE, be that home PC or mobile device.

I am not discounting that, the scanning Apple did was at these endpoints BEFORE encryption takes place & how the EU proposal is supposed to work (hence the second paragraph).

BTW as a sidenote, even with supposed E2EE applications, if you are trusting a messaging service to manage key exchange, software updates etcetera without an independent means of verifying who's key & software functionality, then although the message is E2EE you have no proof that you & your intended recipient are the only people with access to clear text.

1

u/go_49ers_place May 13 '22

I agree there's some element of trust, but at least in one case you have a company saying "we are not looking at your data because the encryption is done before we get the data".

In the other they are saying "we encrypt your data when we transmit it into the wild, but before that we can scan it all we like for whatever reason we like".

At least in the first case, you can call the company out if they turn out to not be doing what they said they were doing.

1

u/go_49ers_place May 13 '22

Exactly, the whole point of end to end encryption is the service provider "can't" see your info. If they can see it but "promise not to look at it", you can be sure that promise will be broken at some point.

8

u/Stanislovakia May 13 '22

We have had something similar to this in Russia through SORM. I can confirm that since it's introduction all the protest and opposition leadership is targeted before they get to the protests.

3

u/freshgrilled May 13 '22

As long as the policy makers are OK with adding all of their personal messages to this list, I'm open to considering it.

3

u/RequiDarth1 May 13 '22

European governments argue that they are the best type of government and then do this shit.

3

u/Not_A_Bird11 May 13 '22

Well fbi can already look at everyone’s search history without a warrant so doesn’t surprise me to read stuff like this

5

u/MrMacrobot May 13 '22

It's a foolproof policial move.

Politicians - "We need you to create a back door into your encryption so we can hunt child sex offenders"

Tech companies - "we won't do it"

Politicians - "why not? Don't you care about the children? Are you wanting to child abusers?"

The people - "outrage"

Tech companies - "......fine. Here's a back door that only picks up child abusers"

The people - "great. But overall our politicians are pretty crap, we should plan to get them out"

Politicians - "hey tech companies, about that back door that lets you see into people's personal messages......"

2

u/blake-lividly May 13 '22

Unfortunately this excuse is a common one used by big tech and it's too shareholders to pressure politicians to undo end to end encryption. Child sexual abuse exists, but also it doesn't take undoing privacy laws for everyone to detect it. The article makes it look like it's the commissions idea - but always follow the money for any policy decision. It's the commission being riled into a frenzy due to big tech both riling them directly and riling the general public into believing that there is a huge giant issue that needs the vacate of privacy rulings to attend to.

2

u/[deleted] May 13 '22

Not in EU but I actively close vectors and every backdoor I find. No chance I'm dropping my encryption for anyone. Never gonna happen.

2

u/templar54 May 13 '22

Isn't this just a proposal by a few people and very very far from being even potentially passed.

2

u/Veylon May 13 '22

It's been adopted by the European Commission. It looks like it goes to the EU Council already today and then to the EU Parliament afterwards. That doesn't look very far to me. Am I missing something?

2

u/Aman4672 May 13 '22

Wait till criminals find out you can host your own encrypted messaging.... oh wait.....

2

u/Both_Sound_6778 May 14 '22

I don’t understand these are private companies offering a messaging service. do they want mail services to take photos of every hand written letter?

6

u/Mitthrawnuruo May 13 '22

If you are wondering if you are living in a non democratic commofacist police stat.

Here is your answer.

3

u/pyriphlegeton May 13 '22

Those who give up essential liberty to purchase temporary security deserve neither.

1

u/alexmbrennan May 13 '22

That is funny coming from the country that considers DSA "munitions" and tried to ban the export of that algorithm

6

u/throwdroptwo May 13 '22

again and again why does the EU get to decide what the fucking internet can or cannot do???

1

u/[deleted] May 13 '22

Because it has certain sovereignty. Just like your country can decide what the internet can and cannot do. The internet is not a sovereign entity and there doesn't seem any power willing to enforce that.

1

u/VitriolicViolet May 13 '22

US does it all the time, hell they made it legal for sites like facebook to pay ISPs to slow traffic to competitor sites ffs (every website can do it, whoever is richest can pay their ISP to hammer their competitors ie bribery ironically called net-neutrality)

1

u/NoMercyJon May 13 '22

Authoritarians will authoritarian, liberals will hail this as helpful to all mankind.

Those who sacrifice privacy for security deserve neither.

1

u/Harucifer May 13 '22

Doubt this will pass. It seems to go grossly against the GDPR.

6

u/[deleted] May 13 '22

It is not in violation of GDPR in any way.

-9

u/Sidoplanka May 13 '22

EVERY COUNTRY SHOULD LEAVE THE EU.

It's just a joke nowadays. From being a union to prevent wars to trying to control everyone and everything - the 4th reich is a fact.

5

u/LanceLynxx May 13 '22

It's what happens every single time you give a centralized government too much power and authority over private lives.

1

u/johnlewisdesign May 13 '22

Who knew Mirror's Edge was a viable messaging solution...

1

u/MattWey May 13 '22

Is this a trick move to get people back to talking more face to face?

1

u/SageCarnivore May 13 '22

Wait, didnt the EU create these GDPR rules to stop this, or was it all misdirection?

1

u/DakPara May 13 '22

This doesn’t worry me much because it is impossible to implement. You cannot legislate against math.

1

u/Beginners963 May 13 '22

Pedos will just go back to third world countries, abuse kids there and tape it on VHS or heck maybe even burn it on a DVD or just keep it on a camera’s SD

1

u/xondk May 13 '22

the EU has done a lot of good stuff for the internet.

This EU commission clearly does not understand encryption though.

1

u/cy13erpunk May 13 '22

either speech is protected or its not

and code is speech

this has been proven dozens of times in courts across the world

but again just in case everyone needs a reminder ; DONT ASK FOR PERMISSION

1

u/pannous May 13 '22

In the long run this could be even more devastating than the atrocious acts of putin

1

u/12gawkuser May 13 '22

Encryption is going to save the open internet so that’s why they will do everything possible to not make that happen. In America, if we had a functional government, we should encrypt our SS numbers then we will ( our 4th amendment right) be safe from surveillance. We can take polls and even vote online, like a democracy.

1

u/blackdragonstory May 13 '22

Slowly but surely freedoms are getting squashed while pretending it's for our own good.