cross-posted from: https://feddit.de/post/12846267

After Sunday‘s European elections, the EU is planning to reintroduce indiscriminate communications data retention without suspicion and force manufacturers to allow law enforcement access to digital devices such as smartphones and cars.

Specifically, according to the 42-point surveillance plan, manufacturers are to be legally obliged to make digital devices such as smartphones, smart homes, IoT devices, and cars monitorable at all times (“access by design”). Messenger services that were previously securely encrypted are to be forced to allow for interception.

The secure encryption of metadata and subscriber data is to be prohibited. Where requested by the police, GPS location tracking should be activated by service providers (“tracking switch”).

The EU Commission has already contributed specific proposals to the surveillance plan, according to two presentations obtained by the Pirates.

Make sure to vote in the upcoming elections!

  • Mikina@programming.dev
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    6 months ago

    I suppose it’s written in a way to sound way worse and alarming than it actually is, due to the upcoming elections. It sounds almost unreal, i mean “EU secret plan to ban any kind of encryption or privacy” can’t be reallistically happening, right?

    I know about Chatcontrol, so I wouldn’t be surprised, but this article sounds pretty overblown, to the point of sounding more like a wild conspiracy theory. Does anyone have more resources or info about this, that don’t read like an election ad?

    I’m not trying to dismiss or disrespect the author, and I trust that it was written with best intentions, but it’s a really worrying topic about which I’d like to get more information about.

    However, thanks for bringing it up, I contacted our local Pirate party about the topic, because they don’t have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

    • barsoap@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      I contacted our local Pirate party about the topic, because they don’t have anything related to crime prevention vs. privacy in their programe.

      The general attitude in the German PP back in the days when I kept track (it’s been a while) was “stop slurping data you’ll never need from people not even under investigation, hire more investigators and do actual police work instead”.

      A good example here is the arrest of the founder of silk road: No computers were hacked in the process. They put a team of investigators on it who found OPSEC failures which are kinda unavoidable when you’re up against a state-level actor. All without mass surveillance, only thing needed was good ole police work.

      Also, side note, “prevention” and “enforcement” should never be used in the same sentence. The best crime prevention is social policy, not law enforcement. Next in line, swift and fair sentences in juvenile courts, time is very crucial there to form an association in still malleable minds. Next in line, sentences that forego retribution and focus on reintegration.

      • pseud@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        Just to add – last I remember researching this, none of the terrorists attacks in Europe in the last two decades that were coordinated (and we know how), were coordinated using secure communications. Bataclan was planned over SMS, for instance.

        Based German PP.

        • rottingleaf@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          The idea of arguing whether this helps the intended goal is harmful, because it’s a distraction.

          You are arguing with people you shouldn’t even respect, thus “confirming” their right to even attempt such laws.

          These are bazaar thieves. You can only punch them in the face. See the good French tradition of actual protest, I don’t think they get written permissions to burn cars.

      • rottingleaf@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        OPSEC failures which are kinda unavoidable when you’re up against a state-level actor

        Which is all you need to confirm that surveillance plans are intended not to help investigate crimes, but to help warn criminals and even help them commit crimes which would otherwise be prevented by technology.

    • rottingleaf@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      It mentions support from politicians who, I’m certain, would approve of Mexican cartel or Pinochet style actions against their enemies if they were unchecked (UvdL). So this doesn’t seem to be more alarming that it actually is.

      Also I don’t want to invoke Godwin’s law here, but the actual coming of original Hitler to power happened very fast. So if your argument is “EU can’t undergo such a change so easily”, then I suggest you find something better.

    • PiratPartiet@feddit.nu
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      I contacted our local Pirate party about the topic, because they don’t have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

      The Swedish pirates are happy to hear that you contacted your local pirates! And feel free to send us a DM here on lemmy if you need help to get in contact with them! Together we sail into a better tomorrow for all Citizens!

    • Hugh_Jeggs@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      I look at it this way - people that think the government will use this to spy on them are fucking delusional. How self-important do you have to be to think that out of billions of citizens, any government would give a single shit about the crap you say online?

      Tinfoil hat delusions of grandeur in a nutshell

      I expect the same people would be extremely vocal if there was a terrorist attack that could’ve been stopped but wasn’t

      • lucullus@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        6 months ago

        Yeah, sure, delusional. Until you call a local polititian “so 1 dick” on some online platform, leading to you and also your ex grilfriend getting raided by the police, all electronic devices taken by them as evidence for an undetermined time and the low key threats from the prosecutor about what would happen next. Or until a journalist dares to link to a website, that the state recently criminalized the creators of, though the state itself links to that specific site, too. And depending on how easy the access for the police is: You might wanna refrain from being too popular (like a famous singer or actor) or from being active against climate change or right wing extremism. Your personal data is easily leaked through the police to anyone of their friends.

        You might think, that this is overly specific and won’t really happen? Well, it already did. In germany. Sure, most people won’t have the states crosshair on their forehead. But nontheless you might easily be one of the exceptions.

      • wanderingmagus@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        6 months ago

        It’s not necessarily just about the government. Built-in backdoors also give malicious actors more ways to access your own private information, whether to steal your identity, transfer money out of your bank account, use your credit for loans, or blackmail you. Also, other governments already use your online speech to arrest you for saying things they don’t like - see China or Russia. Many EU countries are only one election away from having a government that goes in that direction already. This is only going to make it that much easier for them.

      • rottingleaf@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        6 months ago

        I look at it this way - people that think the government will use this to spy on them are fucking delusional. How self-important do you have to be to think that out of billions of citizens, any government would give a single shit about the crap you say online?

        #1 I’m pretty important for me and a hypothetical person with some govt connections whom I’d call sheepfscker and SOAB in a heated argument, or just show that I don’t respect them. These are legal, or warrant a fine possibly, but don’t warrant that person using such connections to get at my private communications or something like that, which would become a real possibility.

        #2 If they wouldn’t give a single shit, then it’s very strange they are being so swift and stealthy about introducing legislation affecting mostly that. Not targeted attacks at suspects (which are not too hard for competent people anyway), but watching everyone.

        I expect the same people would be extremely vocal if there was a terrorist attack that could’ve been stopped but wasn’t

        #3 Terrorists and whistleblowers and people who need help against domestic abuse or mafia or whatever else are interested in the same tooling here. A healthy society can continue to exist after a successful terrorist attack. It can’t without whistleblowers and ways to have confidentiality in general.

    • wanderingmagus@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      https://cdn.netzpolitik.org/wp-upload/2024/06/2024-05-22-Recommendation-HLG-Going-Dark-c.pdf

      1. Implementing lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security. To that end, experts recommend developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure.
      2. Ensuring that possible new obligations, a new legal instrument and/or standards do not lead, directly or indirectly, to obligations for the providers to weaken the security of communications by generally undermining or weakening E2EE. Therefore, potential new rules on access to data in clear would need to undergo a cautious assessment based on stateof-the-art technological solutions (which should in turn consider the challenges of encryption). When ensuring the possibility of lawful access by design as provided by law, manufacturers or service providers should do so in a way that it has no negative impact on the security posture of their hardware or software architectures.
      3. Enhancing EU coordination and support to address situations where technical solutions exist to enable lawful interception but are not implemented by providers of Electronic Communications Services. In such cases, for example when home-routing agreements or when specific implementation of Rich Communication System (RCS) do not allow lawful interception capabilities, clear guidance and a dialogue facilitated at EU level would improve the cooperation with Electronic Communications Services.
      4. Conducting a comprehensive mapping of the current legislation in Member States to detail the legal responsibilities of digital hardware and software manufacturers to comply with data requests from law enforcement. It would also take into account specific scenarios and requirements that compel companies to access devices, in compliance also with CJEU caselaw and case law of the European Court of Human Rights. The goal should be to develop an EU-level handbook on that basis, and depending on the aforementioned mapping, to promote the approximation of legislation within this area, and to develop binding industry standards for devices brought to market in the EU, to integrate lawful access.
      5. Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users as well as without weakening or undermining the security of communications. Recommendations from the High-Level Group on Access to Data for Effective Law Enforcement, Council of the European Union, 22 May 2024, pp. 23-24.