ChatControl: EU wants to scan all private messages, even in encrypted apps (metalhearf.fr)

>You can't even organize a resistance because all channels of communication are monitored.

One of the awful things about this proposed legislation is that what I quoted you saying is not true. Software like PGP is easy to use, and criminals already do. The government has absolutely no possibility of breaking RSA the way things are now, and as such scanning all messages will do nothing other than prove more definitively that criminals are still beyond their gavel. In reality, the only individuals who will get spied on are regular people who don't open their terminal just to send a text; exactly the people who should not be spied on in the first place.

When the government realizes this invasive legislature is ineffective, they will probably crack down even harder. After all, what we are willing to accept from rulers has by the looks of it already increased dramatically. I wonder if it at some point it becomes illegal simply to posses encryption software on your personal devices, perhaps even possession of prime numbers that could theoretically be used in modern encryption. How far will the government go to take this illegal math from you?

> Start a revolution? You have no weapons.

LOL. People nowadays don't start revolutions not because of weapons or lack thereof. It's because they're thoroughly entertained and fed; even the entire political circus is a sort of morbid reality show: people tune in to the news to shake their head in disgust at today's latest antics, and will do so tomorrow, because it's all panem et circenses for grown-ups.

The Internet has become the greatest instrument of mass control ever created in the history of the world. It's done. As long people have their Doordash and Netflix, and are too busy working or scrolling instead of thinking deep thoughts, and reading anarchist philosophy, the kings has nothing to fear.

Also, no need to single out the EU. The entire government-as-reality-TV is well and truly an American creation, and your three-letter agencies don't even have to pass any laws to collect information about its citizens. We're all in the same shit, my brother/sister.

> Start a revolution? You have no weapons. You can't even organize a resistance because all channels of communication are monitored.

Unlike which country? The US I presume? I see very much a lack of any revolutions in the US, and the most resistance done in the past few decades was done by people with no weapons.

I'd say most revolution-like movements of any kind in the US since the Civil War happened without weapons.

Dear citizens of the US:

Please stop funding, allying with and protecting the manufacturers of surveillance tools. Stop exporting Palantir products and importing privacy-destroying devices from businesses like Greyshift and Cellebrite. Insist that the US government stop shielding hackers-for-hire like NSO Group who indiscriminately lease their products for discriminatory and illegal purposes. Stop defending "OEM" control that we have all known is a stand-in for federal steering since the Snowden leaks. Stop marketing E2EE while backdooring server and client hardware for "emergency" purposes.

Do that, and you'll never be accused of hypocrisy again. Signed, a US citizen.

> you will gradually lose control of your government

That happened the moment European countries surrendered their sovereignty to EU.

This has nothing to do with csam and arguing that point is on purpose, to distract people and the politicians can say “xp84 supports child pornography!”

It has everything to do with censorship and complete control over people’s ability to communicate. Politicians hate free speech and they want to control their citizens completely including their thoughts. This is true evil.

Disclaimer: I am against ChatControl.

> Does anyone believe that predators commit those heinous offenses because of the availability of encrypted channels to distribute those products of their crimes?

Who says that? I don't think they say that.

> The authorities really think every predator will just give up and stop abusing just because of that?

Nope, they think they will be able to arrest more predators.

> More likely of course, those criminals will just use [...]

You'd be surprised how many criminals are technically illiterate and just use whatever is the default.

The thing that is crazy to me is that they choose to go after Signal of all things. Certainly there would be higher priority targets than a messaging app that has no social networking features to speak of, if child predators were really the target here.

They better ban password protected zip files too!

Absolutely, evidence of abuse is secondary to the actual abuse.

Plus, the fact you could use/make AI/LLM/etc generate nefarious content that is hard to tell is fake, tells you the abuse isn't even what they are interested in.

Best case scenario would be, lots of children will be saved from abuse because the magic software somehow discovers that. I kind of doubt it though.

>The authorities really think every predator will just give up and stop abusing just because of that? What a joke.

Yes, the framing is disingenuous, but so is yours. You're seriously suggesting that any policy that doesn't 100% eliminate a problem is a joke?

Is text-only CSAM even a thing?

That's not a bug, that's a feature. They'll say that current surveillance tools are insufficient, and demand more.

> Best case scenario (and this is wildly optimistic) the offenders won't be able to find any 'safe' channels to distribute their materials to each other.

The theory is based on the documented fact that most crime is poorly thought through with terrible operational security. 41% is straight up opportunistic, spur of the moment, zero planning.

It won't stop technologically savvy predators who plan things carefully; but that statistically is probably only a few percent of predators; so yes, it's probably pretty darn effective. There are no shortage of laws that are less effective that you probably don't want repealed - like how 40% of murderers and 75% of rapists get away with it. Sleep well tonight.

The accepted solution is to have a constitution that says otherwise.

Which is a bit complicated here, as the EU has no real constitution and this 'law' (really a regulation) is a blatant violation of the constitutions of countries that did choose to establish secrecy of correspondence.

The only way I see to prevent the constant pushing is that every single time some council or committee presents something like this every single of one of their private communication gets leaked for everyone to peruse at their leisure from whatsapp to bank statements.

They want to erode people's privacy? Let them walk their talk first and see how that goes.

I'm convinced the people suggesting this type of thing are influenced or even compromised by their constituent's enemies and NOT the result of poor education on the topic.

This policy for example would be most helpful to enemies to the EU. It would lower the cost of acquiring the data for China and Russia as it allows them to mass acquire data in transmission without incurring the cost of local operations. The easiest system in the world to hack is that of a policy maker.

I would argue that a surefire way of guaranteeing the right to privacy is to instead continuously push for absolute-transparency laws for politicians and governments. If they’re going to demand every private citizen’s records are always open for view, then the same should be said for governments - no security clearances, no redactions, no “National Security” excuse.

Is it patently unreasonable? Yes, but cloaked in the “combat corruption” excuse it can be just as effective in a highly-partisan society such as this - just like their “bUt WhAt AbOuT tHe ChIlDrEn” bullshit props up their demands for global surveillance.

The only real option is to get your country to leave the EU. An unelected cabal of people making sweeping decisions for countless member states isn't democratic, so yeet it while you can.

If only we could show them how this kind of things may go wrong. I don't know, the case of some leader of a nation they are having trouble with, abusing of a similar access with their data.

But they will probably think that is only bad when others do it to them.

Strip the privileges from the bureaucrats who are involved in any type of government work or activity. No immunities, no security.

If you want to be a servant to the public be one.

By implementing direct democracy via internet, which creates laws which disallow that.

But, amongst a few others, there is a technical problem, how do we log in to vote? That mechanism must be unhackable, configurable by computer illiterates, and it must not invade privacy.

Serious question.

This has to be written in the constitution somehow ; it has to comes down to the values of everyone - and i believe a lot of education has to do with it. Currently people are simply not tilted by it as much - or not in a way comparable to other topics.

Explicit digital privacy right in each country constitution?

Priva rights are already there in most countries constitutions, but maybe adding the digital part will make it harder to push back.

Can't be done. It's pushed by the Commission - the technocratic deep state.

The prevention has to be in the underlying layer of physics / math / the internet such that the state is _unable _ to make (or at least enforce) such laws.

We need to accept and celebrate a world in which the capabilities of states are constrained by our innovations, not merely the extremely occasional votes we cast.

Agreed. In this case, there needs to be some sort of 'privacy bill of rights'. Something fundamental where any law like this cannot be passed.

There are no solutions to that which wouldn't sound absurd. But if you could get past absurdity...

Politicians should agree to to be executed if they lose an election. Only those willing to risk their lives should be allowed to legislate. This also gives the voters the option of punishing those who pass onerous laws at the next election.

If you need extra zing, this would also apply to recall elections, so they could even be punished early.

> prevent them from being pushed over and over

Solve the problem it's trying to solve, then it won't be proposed again.

Source on that?

> Governments should be transparent and the people should be opaque.

I'm going to add this to my repertoire since it's a lot more concise than most of my rantings on the topic

Yes, I love this idea. I've heard it framed as "Transparency for the powerful and privacy for the weak."

Governments need privacy. They literally investigate child mollestation cases. They hunt spies. They handle all sorts of messy things like divorce between couples with abuse.

I'm not commenting on the government coming in at unveiling encrypted communications, but certainly a better approach than "governments should be transparent and the people should be opaque" would be "governments should be translucent and the people should be translucent too".

Or as someone put it, "People shouldn't fear the government. The government should fear the people."

I feel like we've lost the vocabulary we ought to be using to talk about the legitimacy and role of the state. More people need to read J.S. Mill (and probably Hobbes.) Even today, works by both are surprisingly good reads and embed a lot of thoughtful and timeless wisdom.

> what is the legal argument solid enough to justify interfering with everybody's right to privacy?

"... except such as is in accordance with the law"

And the "interfering" coming from ChatControl is that "some algorithm" locally scans and detects illegal material, and doesn't do anything if there is no illegal material.

> Watching everyone's communications also seems at odds with the principle of proportionality

It's a bit delicate here because one can argue it's not "watching everyone's communications". The scanning is done locally. Nobody would say that your OS is "watching your communications", right? Even though the OS has to "read" your messages in order to print them on your screen.

Note that I am against ChatControl. My problem with it is that the list of illegal material (or the "weights" of the model deciding what is illegal) cannot be audited easily (it won't be published as it is illegal material) and can be abused by whoever has control over it.

>Imagine a future where it becomes easier to commit terrorism because of some technological advancements

Imagine a future where aliens invade, and all of our civil rights have to be suspended in order for society to be re-focused on fighting an existential war against the invaders. I suppose this sci-fi hypothetical could happen and if it did happen then the sacrifice might even be necessary. But it's not happening now, and it's entirely reasonable to classify it as both (1) unlikely, and (2) an incredibly bad outcome we should hope that we never have to face.

If murder is common in the populace, then that means the social norms of that society have already drifted to the point where murder is acceptable. In that society, the murderers are probably running the government.

On your tangent about China, the people there are feeling so absolutely safe that they have the urge to install metal bars on every window of almost every home.

> They feel incredibly safe and don't have to worry about being victims of crimes, having their packages stolen, walking around late at night alone, etc.

Em. I think feeling incredibly safe has more to do with the media telling people that no crime exists and all criminals are caught, rather than a reality of zero crime.

There is evidence that crime started being systematically under-recorded in China since they started assessing police on proportion of recorded crimes they solve.

https://archive.is/20250624235740/https://www.economist.com/...

It's not about the usefulness... it's that omnipotent surveillance creates a jarring imbalance of power between the surveillance state and the people.

If the employees of the state were subject to the same exact surveillance, then maybe it might be palatable.

Curiously, the Star Trek Universe exists in such a scenario. A common trope is asking the computer for evidence of a crime, where someone is at any time, etc. I've never heard complaints about this supposed contradiction between the utopia vision of Star Trek and the omnipotent, all-seeing computer.

But we all know the reality... a tale as old as time. The state will exclude themselves from the surveillance, and it will eventually be used as a tool for authoritarianism. It's only a matter of time with something as powerful as this.

this also assumes that criminals or terrorists will just follow the law.

you can always establish encrypted channel via DH over stenography in plaintext messaging, and just use any encrypted protocol.

if hardware is compromised a black market for such devices will surface.

Worst case scenario you create gigantic one time pads and just use them.

the whole idea is flawed as you get neither security nor privacy. in fact - it actually opens you to abuse if encryption is backdoored. Not to mention it being a gigantic slippery slope argument.

and most importantly - how to you ensure that you can ALWAYS trust your government with such powers?

But China wasn't a honeypot for crime and fraud before they had the firewall, facial rec, and so on.

It is true that many Chinese citizens don't give it a thought.

But there's no demonstrable cause and effect going on there.

Better imagine a future where this old manufactured problem / manufactured solution brainwashing trick no longer works and devil's advocates get what they deserve

did you write this message with ChatGPT?

> .. like smaller, less traceable bombs, or chemical weapons that are easily accessible and lead to higher casualties ..

it's very easy to build a bomb, you just need to "google" and make your shopping... Killing random people in the street is easy too, you have, among others, knifes - very easy to buy and commit a crime in side streets, etc.

> it would be interesting to see if individuals are more willing to adopt a level of increased surveillance as it seems as the only reasonable protection against terror.

One presumes it would make terrorism easier if you could hack in and find out where your target is at any given time. What they're doing. What their plans are for this evening.

Also I think one could probably point to the current US president as proof for why this is an insane idea. Imagine if he really did have access to everything we say.

I get your point, but this is baked into the social contract in China. You obey the party, give up some personal freedoms, and in exchange the party will make sure you live a prosperous safe life.

The current EU political class has completely lost their Mandate of Heaven, they command 0 respect because they’re spineless empty bureaucrats looking for a cushy consulting job after they’re done being lobbied by their future employers.

Even if your utopian idea makes sense, I don’t trust the EU politicians to bring it to life, just virtue signal

RCS is not called “end to end” by anyone - even Apple and Google explicitly state it’s not currently E2E encrypted. Apple has pledged to add e2ee to RCS on iPhones but they’re never claimed it’s that way today.

They go out of their way to warn you it’s not the same level of security as iMessage.

It’s not about CSA, it’s about illegal content. And laws change all the time.

For example, an individual can generate AI images of Hollywood actors using Stable Diffusion and a decently powerful computer. Said individual had the right to share those images online with a community.

Now however the sharing and distribution of said images is considered illegal in my USA state.

So, are the images said individual created and shared three years ago subject to prosecution? Even if the law went into effect 3 months ago?

Of course not, it's just a pretense for passing this law because its political suicide to instead say "We don't want to do any actual police work and instead want to create a massive surveillance state and monitor everything you say and do so we can better control our populations."

CSAM is just the excuse, as it is with any other laws of this nature in the past.

Agree completely. These laws are either a wedge for broader surveillance or a massive compromise on everyone else’s rights to catch a subset of a subset of users.

Everyone in this debate understands that CSA is a pretext. Nothing is going to make any sense to you if you think ChatControl is an earnest and sincere to fight CSA in particular.

The ultimate goal is for computers to run only authorized programs and to license and monitor development tools like the Soviets monitored typewriters.

With the access to phones, underage teenager may be taking nude pictures of themselves. They should be put in jail where they belong. /s

Slack is not end-to-end encrypted and belongs to a US company. So there is no need for ChatControl there: the US government already has access to everything that is written on Slack.

This legislation makes every digital communication open to being policed at the source. It is far too overreaching and too rife for abuse.

You are already looking for workarounds like people struggling under authoritarian regimes.

This is completely unacceptable.

Indeed, the world was a chaotic place before the soviets invented CCTV and allowed therefore the creation of civilization.

and keep them forever to use them against you in the future, if you become a "problem"

They can just mandate it at the OS level. I don't know if the proposal envisions that already, but if it becomes popular surely that would come next.

App stores that operate in the EU are subject to EU law, and can be forced to remove noncompliant apps.

> Are the Europeans insane?

I don't think so. If they were, it would actually be better: one can have sympathy for insanity, and at least isolate it, if not treat it.

Instead, it's extreme insecurity combined with limitless regard for infallible authority. The thought that the hoi polloi might write or say things that are beyond scrutiny is intolerable. That's the insecurity part. And all intolerable things must be criminalized, because in Europe, laws infallibly fix everything. That's the authority part.

That's not insanity. That's just how you behave when you imagine it is your mandate to perfect the world and indulge hubris sufficient to believe you have the wisdom to do so.

> The is the n-th attempt to install some regulation

The sad part is that it would only take one attempt to codify the opposite into privacy laws as a basic right, should anyone ever bother to take up that gauntlet.

Presumably the distribution of an app that facilitates that would become illegal as well.

Probably friction. Will you be able to convince your friends to do that?

Take it like this: your phone already "reads" absolutely everything you put on that phone. Apple or Google could do anything they want with that, but you trust them. You trust that they don't send everything that goes into your phone to their servers.

ChatControl would run locally on your phone. It would compare the images that you receive/send to a list of illegal images, and if you happen to deal with one of them, it would report you.

How is that destroying your democracy?

Disclaimer: I am against ChatControl, but too many people seem to not understand what the problem with ChatControl is.

and if people point out EU is completely corrupt and we have complete breakdown of any agencies that should keep it under control, they get downvoted.

EU turns into fascist (policies controlled by corporations) quasi state before our eyes.

If you are working for any crime agency, put away biscuits and move your lazy arse to work!

When Apple attempted to anticipate these laws and propose a system which tried to navigate a compromise, the “pro-privacy” faction was so politically dumb they spread FUD about it and actively made sure no reasonable compromise could ever be reached. Now the public with reap what these advocates have sowed, good and hard.

With regards to the FBI incident, Apple said at the beginning of their statement, “This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.”

The EU is proposing a law. People assure me their laws are democratic and reflect the will of the people. Who is Apple to reject the outcome of public discussion?

The FBI letter was written in a context where an agency was acting without the support of the public. That’s why the framing was all about misuse of the All Writs Act and lack of Congressional blessing for the requested power.

Just need to pass it once, unfortunately. And despite all the talk against it, they get a partial fresh start to the general public every time one of these is proposed.

The people that want this to happen, really really really want it to happen. They are never going to give up, so people need to remain vigilent.

Honestly, I fully expect that the scanning method is already implemented and used. The US has intervened with some pretty deep surveillance in the past (ie. Canada Sihk killing) and doesn't seem to need permission to get it.

Sounds to me like the EU is looking to get a more formal approval to act on data they already have.

They'll push the scanning to the OS level, mandate that the OS does it. Hence the seemingly coordinated effort with Google on the sideloading changes, and enforcing play protect, etc.

Like the TPM & Microsoft scare when TPM first started arriving in hardware, and we all thought it would be used to lock out other OSes. Only it's for real this time.

The proposed regulation only applies to publicly available services, and only binds service providers, not end users. There is nothing preventing you from sending encrypted emails, just as there is nothing preventing you from pasting encrypted messages into WhatsApp or storing and sharing encrypted files in Dropbox.

What would prevent me from writing my own program to do something simple like sending encrypted messages?

Nothing. That is, nothing until your application becomes popular. I will keep encrypting my emails and they can pound sand once legislation for this makes it to my country. It should be a while before these shenanigans are in every distribution or kernel for Linux.

Good luck being a DOD contractor overseas, wtf?

Same thing that prevents you form buying a knife and walking around stabbing people.

The way I understand if your solution would become popular, the law can come after you to provide a log of messages in plain text.

Also they will have the legal power to force the popular operating systems to enforce generic keylogging/packet capturing and whatnot.

EU CRA disallows shipment of non-accredited binaries in "critical" software categories.

> You kind of quickly end up in some weird dystopian cyberpunk setting thinking all of this through.

The most dystopian concept out of everything you mentioned is still "you can't install unsigned software" to me.

Chat Control imagines your device being required to scan and report on all your plaintext.

> Don't get me wrong: I am against ChatControl. Because of one argument I believe to be valid: we fundamentally cannot know what the algorithm doing the scanning is doing, so those who control it could abuse it. Of all the discussions I have seen against ChatControl, I haven't seen another valid argument. But this one is enough.

It is not enough to know what the algorithm is doing. It also needs to be possible (for the average user as well) to stop it from doing reprehensible things. If a client-side scanning algorithm is actually searching for e. g. political content, it is possible to detect it via reverse engineering, but merely knowing it won't solve the problem, but instead lead into self-censorship.

Thanks for your feedback. You’ve raised some interesting points, I’ll take them into account and try to update some of my arguments.

ThoughtControl 2030: EU wants to scan all private thoughts and communications. Encryption as a concept prohibited except for corporations with security clearance and political connections.

Thought crime has been illegal in the EU/UK for quite some time. But only a certain kind of thoughts

but then they'll make this a crime

Why downvote? Because the terrorists wear suits, speak in committees, are mostly white, and there’s no blood on the floor (yet)? The method is different, but the aim is the same: intimidation and control of a population for political ends.

If terrorism is defined as using violence or threats to intimidate a population for political or ideological ends, then “Chat Control” qualifies in substance.

Violence doesn’t have to leave blood. Psychological and coercive violence is recognised in domestic law (see coercive control offences) and by the WHO. It causes measurable harm to bodies and minds.

The aim is intimidation. The whole purpose is to make people too scared to speak freely. That is intimidation of a population, by design.

It is ideological. The ideology is mass control - keeping people compliant by stripping them of private spaces to think, talk, and dissent.

The only reason it’s not “terrorism” on paper is because states write definitions that exempt themselves. But in plain terms, the act is indistinguishable in effect from terrorism: deliberate fear, coercion, and the destruction of free will.

You can argue legality if you like, but the substance matches the textbook definition.