this post was submitted on 05 Jun 2024
253 points (97.4% liked)

Technology

59298 readers
6261 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

cross-posted from: https://feddit.de/post/12846267

After Sunday‘s European elections, the EU is planning to reintroduce indiscriminate communications data retention without suspicion and force manufacturers to allow law enforcement access to digital devices such as smartphones and cars.

Specifically, according to the 42-point surveillance plan, manufacturers are to be legally obliged to make digital devices such as smartphones, smart homes, IoT devices, and cars monitorable at all times (“access by design”). Messenger services that were previously securely encrypted are to be forced to allow for interception.

The secure encryption of metadata and subscriber data is to be prohibited. Where requested by the police, GPS location tracking should be activated by service providers (“tracking switch”).

The EU Commission has already contributed specific proposals to the surveillance plan, according to two presentations obtained by the Pirates.

Make sure to vote in the upcoming elections!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (4 children)

I suppose it's written in a way to sound way worse and alarming than it actually is, due to the upcoming elections. It sounds almost unreal, i mean "EU secret plan to ban any kind of encryption or privacy" can't be reallistically happening, right?

I know about Chatcontrol, so I wouldn't be surprised, but this article sounds pretty overblown, to the point of sounding more like a wild conspiracy theory. Does anyone have more resources or info about this, that don't read like an election ad?

I'm not trying to dismiss or disrespect the author, and I trust that it was written with best intentions, but it's a really worrying topic about which I'd like to get more information about.

However, thanks for bringing it up, I contacted our local Pirate party about the topic, because they don't have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

[–] [email protected] 7 points 5 months ago (2 children)

I contacted our local Pirate party about the topic, because they don’t have anything related to crime prevention vs. privacy in their programe.

The general attitude in the German PP back in the days when I kept track (it's been a while) was "stop slurping data you'll never need from people not even under investigation, hire more investigators and do actual police work instead".

A good example here is the arrest of the founder of silk road: No computers were hacked in the process. They put a team of investigators on it who found OPSEC failures which are kinda unavoidable when you're up against a state-level actor. All without mass surveillance, only thing needed was good ole police work.

Also, side note, "prevention" and "enforcement" should never be used in the same sentence. The best crime prevention is social policy, not law enforcement. Next in line, swift and fair sentences in juvenile courts, time is very crucial there to form an association in still malleable minds. Next in line, sentences that forego retribution and focus on reintegration.

[–] [email protected] 1 points 5 months ago

OPSEC failures which are kinda unavoidable when you’re up against a state-level actor

Which is all you need to confirm that surveillance plans are intended not to help investigate crimes, but to help warn criminals and even help them commit crimes which would otherwise be prevented by technology.

[–] [email protected] 0 points 5 months ago (1 children)

Just to add -- last I remember researching this, none of the terrorists attacks in Europe in the last two decades that were coordinated (and we know how), were coordinated using secure communications. Bataclan was planned over SMS, for instance.

Based German PP.

[–] [email protected] 1 points 5 months ago

The idea of arguing whether this helps the intended goal is harmful, because it's a distraction.

You are arguing with people you shouldn't even respect, thus "confirming" their right to even attempt such laws.

These are bazaar thieves. You can only punch them in the face. See the good French tradition of actual protest, I don't think they get written permissions to burn cars.

[–] [email protected] 1 points 5 months ago

I contacted our local Pirate party about the topic, because they don't have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

The Swedish pirates are happy to hear that you contacted your local pirates! And feel free to send us a DM here on lemmy if you need help to get in contact with them! Together we sail into a better tomorrow for all Citizens!

[–] [email protected] 1 points 5 months ago

https://cdn.netzpolitik.org/wp-upload/2024/06/2024-05-22-Recommendation-HLG-Going-Dark-c.pdf

  1. Implementing lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security. To that end, experts recommend developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure.
  2. Ensuring that possible new obligations, a new legal instrument and/or standards do not lead, directly or indirectly, to obligations for the providers to weaken the security of communications by generally undermining or weakening E2EE. Therefore, potential new rules on access to data in clear would need to undergo a cautious assessment based on stateof-the-art technological solutions (which should in turn consider the challenges of encryption). When ensuring the possibility of lawful access by design as provided by law, manufacturers or service providers should do so in a way that it has no negative impact on the security posture of their hardware or software architectures.
  3. Enhancing EU coordination and support to address situations where technical solutions exist to enable lawful interception but are not implemented by providers of Electronic Communications Services. In such cases, for example when home-routing agreements or when specific implementation of Rich Communication System (RCS) do not allow lawful interception capabilities, clear guidance and a dialogue facilitated at EU level would improve the cooperation with Electronic Communications Services.
  4. Conducting a comprehensive mapping of the current legislation in Member States to detail the legal responsibilities of digital hardware and software manufacturers to comply with data requests from law enforcement. It would also take into account specific scenarios and requirements that compel companies to access devices, in compliance also with CJEU caselaw and case law of the European Court of Human Rights. The goal should be to develop an EU-level handbook on that basis, and depending on the aforementioned mapping, to promote the approximation of legislation within this area, and to develop binding industry standards for devices brought to market in the EU, to integrate lawful access.
  5. Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users as well as without weakening or undermining the security of communications. Recommendations from the High-Level Group on Access to Data for Effective Law Enforcement, Council of the European Union, 22 May 2024, pp. 23-24.