Email or username:

Password:

Forgot your password?
All posts ansuz / ऐरन's posts Post Back to profile
ansuz / ऐरन

It was nearly two years ago that I wrote this article[1] about the EU #ChatControl surveillance directive on behalf of the @cryptpad team.

Very little has changed since then. Experts in technology, law, and policy all agree that the proposal undermines basic European rights, that it will be abused by authoritarian member states, and that the proposed tech solutions cannot possibly do the job the supporting legislators have claimed.

Nevertheless, they have persisted, claiming the support of "expert testimony" that overwhelmingly consists of unsupported claims by lobbyists associated with law enforcement and defense contractors who stand to benefit financially from its implementation.

A vote is expected to take place on June 19th. These have been scheduled and delayed multiple times already, but this it feels like they might get away with it. There is a lot going on in the EU at the moment, and people are both distracted and tired from fighting this for so long.

I'll try to make resistance easier by collecting some suggested actions below, with links.

[1]: blog.cryptpad.org/2022/05/19/a

17 June at 6:07 | Open on social.cryptography.dog
32 comments
ansuz / ऐरन

First, review posts with the #ChatControl hashtag, as there are lots of well-informed people sharing reliable information.

@quincy linked to a directory of the relevant contact points for each EU member state and requested that people write a (polite) letter, so if you have voting rights in the EU that's a good place to start.

chaos.social/@quincy/112630111

17 June at 6:14 | Open on social.cryptography.dog
ansuz / ऐरन

As a leading voice of the German Pirate party and a member of EU parliament, Patrick Breyer (@echo_pbreyer) has actively opposed the proposed legislation throughout its lifetime.

He (and perhaps also his team?) have maintained a comprehensive, fact-checked summary of the proposal's status, with a practical "What can you do" section:

patrick-breyer.de/en/posts/cha

17 June at 6:27 | Open on social.cryptography.dog
ansuz / ऐरन

@uburprutser@vivaldi.net brought it to my attention that @edri are collecting signatures for a petition against the proposed #ChatControl legislation:

crm.edri.org/stop-scanning-me

17 June at 11:48 | Open on social.cryptography.dog
ansuz / ऐरन

I noticed some errors in the top post of this thread:

1. it's been more than two years, not nearly two

2. "but this it feels like they might get away with it" -> "this time* it feels like..."

too many people have boosted for me to want to edit it, but it was bugging me

17 June at 20:11 | Open on social.cryptography.dog
ansuz / ऐरन

anyway, I hope all my new followers who are interested in European privacy legislation and whatever have taken the time to write to their legislative representatives.

I don't even have voting rights but I wrote to reps in the country where my business is registered. I really hope it has some impact because I don't want the hassle of changing jurisdictions over this.

17 June at 20:15 | Open on social.cryptography.dog
CubeRootOfTrue

@ansuz @echo_pbreyer There are not enough people in the world to review all the videos of men masturbating. What are you saying? Maybe don't upload a video of yourself masturbating?

18 June at 13:09 | Open on mathstodon.xyz
ansuz / ऐरन

@CubeRootOfTrue I take it you've only read the text in the thumbnail, and not that of the linked web page?

That's hardly a basis for a productive discussion.

18 June at 13:12 | Open on social.cryptography.dog
Kevin Karhan

@ansuz @cryptpad I'd consider blatant #Cyberfacism like "#ChatControl" a direct, personal and indefensible assault on not just my personal and inalienable #HumanRights but also the German #Constotution which bans #MassSurveillance or any #WarrantlessWiretapping to the point of the tools to do so being criminalized in the Penal Code!

OFC using #UEFA2024 as a convenient #distraction doesn't make it less evil...

At this point it's just even more insulting cuz in 2006 I had neither the resources nor rights to actively protest against that on my own!

@ansuz @cryptpad I'd consider blatant #Cyberfacism like "#ChatControl" a direct, personal and indefensible assault on not just my personal and inalienable #HumanRights but also the German #Constotution which bans #MassSurveillance or any #WarrantlessWiretapping to the point of the tools to do so being criminalized in the Penal Code!

17 June at 6:33 | Open on infosec.space
ansuz / ऐरन

@kkarhan I own a business registered in the EU, but have no voting rights, so it's been particularly frustrating for me.

I've read the complete texts of the proposals and I understand the technical aspects in great depth, and absolutely agree that it's a transparent power-grab by aspirational authoritarians.

The arguments they present are frankly incoherent, but the documents are so long and full of jargon of their own invention that hardly anyone has the capacity to keep up with it.

Of course, all of that seems to be by design. They just want to wear their opponents down, and I must admit they've done a pretty good job of it 😓

@kkarhan I own a business registered in the EU, but have no voting rights, so it's been particularly frustrating for me.

I've read the complete texts of the proposals and I understand the technical aspects in great depth, and absolutely agree that it's a transparent power-grab by aspirational authoritarians.

17 June at 6:42 | Open on social.cryptography.dog
Kevin Karhan

@ansuz Personally, I'll not just advocate but intent to inspire maximum non-compliance:

- They'll not get my private keys no matter the circumstances as that would violate my rights to remain silent and to refuse to self-incriminate, and I do expect every individual to do the same.

OFC I don't expect businesses to do so unless they have privilegue like a lawyer or medical professional...

- Just follow through on "Come back with a warrant!" not just on a floormat...

17 June at 6:46 | Open on infosec.space
ansuz / ऐरन

@kkarhan the unfortunate thing is that **they will** come back with a warrant.

I'm confident in my own ability to run software that doesn't work against me, as it's within my ability to write my own if necessary. This legislation will make it unsustainable for small businesses to develop such software, though.

17 June at 6:50 | Open on social.cryptography.dog
Kevin Karhan

@ansuz Which makes it even more important to emphasize truly #decentralized, #OpenStandards and #SelfCustody of all the keys.

I.e. @monocles with #monoclesMail and #monoclesChat can't provide said access and capabilities nor implement them and if customers/users do follow through on self-custody of all the #Keys the only thing a warrant will get is fully end-to-end encrypted files that they can't decrypt even when held at gunpoint.

- THIS is why @torproject & #TorBrowser are still up and running: The only thing a "Decapitation Strike" would do is start more forks and rally support for the remaining devs...

IMHO the more #cyberfacism they demand the harder I'll demand and enforce my human rights and teach others to do the same!

- And that's how to sabotage said attacks: By making oneself incapable to comply by vortue of beibg truly decentralized!

@ansuz Which makes it even more important to emphasize truly #decentralized, #OpenStandards and #SelfCustody of all the keys.

I.e. @monocles with #monoclesMail and #monoclesChat can't provide said access and capabilities nor implement them and if customers/users do follow through on self-custody of all the #Keys the only thing a warrant will get is fully end-to-end encrypted files that they can't decrypt even when held at gunpoint.

17 June at 6:59 | Open on infosec.space
cube
saturata

@ansuz @cryptpad
It's a shame what happens to #privacy in the EU and worldwide. Why are people scared about it? Do they fear to loose control?

17 June at 8:09 | Open on mastodon.social
RolingMetal
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz @cryptpad I agree with the fact that encryption is a fundamental part of democracy.

But the problem is that I have not seen proposals on how to handle a situation where encryption is used by actors who want to undermine democracy, hiding their actions via encryption.

E.g. A foreign state actor using telegram in a combined randsomware-against-hosptitals and disinformation campaign, this to cause social unrest and inlluence people to vote tor more-extremist parties.

17 June at 20:47 | Open on m.krbonne.net
ansuz / ऐरन

@kristoff how would you address this problem if a criminal used some other technology like - for instance - cash? cars? bicycles? chemical fertilizers?

17 June at 20:57 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz Hum. Interesting question.
For some (like fertilizers), you control the sale. For others, it is not possible.
So do you then just say "ok, in that case, we accept the risk and do nothing against it?"

The problem is this, we are 2024, and are facing actors that are very good at turning the tables and using our own tools against ourself.

Perhaps the question is, who do you want to protect yourself from? Who do trust the least? Your own gouvernement or a foreign authoritarian one?

@ansuz Hum. Interesting question.
For some (like fertilizers), you control the sale. For others, it is not possible.
So do you then just say "ok, in that case, we accept the risk and do nothing against it?"

The problem is this, we are 2024, and are facing actors that are very good at turning the tables and using our own tools against ourself.

17 June at 21:07 | Open on m.krbonne.net
ansuz / ऐरन

@kristoff historically, yes, we have just accepted that you can't control some things.

if the only possible restrictions disproportionately affect the general public who are using those technologies for non-criminal reasons, then you consider that enforcement a net loss.

17 June at 21:12 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz I agree if we consider this to be just "law-enforcement vs criminals".

The problem -as I see it- is that we are now seeing a state-against-state battle, and a war between different models of society.

The question for me is, how do we deal with scenarios where encryption is being used to attack democracy itself, the thing we wanted to protect in the first place. (and probably the prime requirement to see encyption-technology in the hands of normal citizens)

17 June at 21:21 | Open on m.krbonne.net
ansuz / ऐरन

@kristoff that's significantly outside the scope of the chatcontrol legislation I was talking about, but I'll weigh in anyway.

In the US (and a few other places) there was a big deal made about tiktok as a source of foreign spying and manipulation. The US could, in theory, deal with surveillance with a federal privacy law, but that would also affect their domestic avenues for spying (alphabet, meta, etc.).

Australia's privacy commissioner found that tiktok was not in violation of any privacy laws[1], for instance, and that they might want to consider stronger privacy laws.

Instances of banning foreign actors tend to relate more to xenophobia than interest in domestic citizens' well-being.

[1]: oaic.gov.au/newsroom/statement

@kristoff that's significantly outside the scope of the chatcontrol legislation I was talking about, but I'll weigh in anyway.

In the US (and a few other places) there was a big deal made about tiktok as a source of foreign spying and manipulation. The US could, in theory, deal with surveillance with a federal privacy law, but that would also affect their domestic avenues for spying (alphabet, meta, etc.).

17 June at 21:28 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz I have a different opinion on that. Why are a lot of randsom-gangs from Russia, a country where things only happen because the gouvernement allows it to happen.

How do you deal with mallware that use Telegram to connect to the command-and-control server as it is encrypted, it hides nicely in the noise of the legimate traffic and -as part of the telegram master-key is in Russia- ?

There is now a saying:
"telegram is the new dark web".

Why is that?
How do you deal with that?

@ansuz I have a different opinion on that. Why are a lot of randsom-gangs from Russia, a country where things only happen because the gouvernement allows it to happen.

How do you deal with mallware that use Telegram to connect to the command-and-control server as it is encrypted, it hides nicely in the noise of the legimate traffic and -as part of the telegram master-key is in Russia- ?

17 June at 21:38 | Open on m.krbonne.net
ansuz / ऐरन

@kristoff this is the last thing I'll say on the matter because it's way outside the scope of the post you replied to:

starting by funding better software that isn't vulnerable to these things.

implement protections for security researchers who report flaws in hardware and software so that critical infrastructure (hospitals, power grid, etc.) can fix those vulnerabilities.

Canada's governement freaked out and banned devices like the flipper zero because it could (allegedly) be used to interfere witth other devices. In cases where those allegations are actually true, the root problem is that those devices were designed to operate in an insecure way.

Security researchers and well informed legislators have been saying all of these things for years, but it resonates more with many voters (and lobbyists) to blame foreigners.

@kristoff this is the last thing I'll say on the matter because it's way outside the scope of the post you replied to:

starting by funding better software that isn't vulnerable to these things.

implement protections for security researchers who report flaws in hardware and software so that critical infrastructure (hospitals, power grid, etc.) can fix those vulnerabilities.

17 June at 21:43 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz One thing for you to think about: if a Russian randsomware gang scoops up all the data of a sellers of schoolbooks (as happened here in Belgium) which includes names, addresses, phonenumbers, names of parents, .. count on the FSB to get a copy of that data. I'll leave it up to you to image what the concequence of that could be if you have a job in encryption

Cybersecurity is the responsability of everybody, not just the coders.

I completely agree with your remark on the Flipper zero. 🙄

17 June at 22:07 | Open on m.krbonne.net
ansuz / ऐरन

good morning, #EU residents. have you written to your elected representatives about #ChatControl yet?

EDIT: comments should be addressed to the offices of "permanent representatives" listed on this page: op.europa.eu/en/web/who-is-who

I don't know for sure that these offices are elected. start with these contact points, after that you can still feel free to contact your MEPs, but start here

18 June at 4:27 | Open on social.cryptography.dog
Alex

@ansuz I'd love to write to my MEPs but I am not fluent in #Italian to do so. would appreciate some help in this regard

18 June at 8:52 | Open on fosstodon.org
ansuz / ऐरन

@xinayder in the absence of any human assistance I think a machine-translation would be better than nothing.

Given that the vote is expected tomorrow the MEPs may not even have time to read every mail, so a subject line like "no a chatcontrol" might be sufficient to convey the message.

hopefully someone who is fluent in Italian will see this via the #chatcontrol hashtag and offer to help, though!

#IT #italy

18 June at 9:10 | Open on social.cryptography.dog
remmy

@ansuz @xinayder

Important thing, the vote tomorrow is by the Council of the European Union (not to be confused with the European Council) not the European Parliament, so this time around it's not the MEPs you want to contact.

See patrick-breyer.de/en/council-t

18 June at 13:13 | Open on social.treehouse.systems
remmy

@ansuz @xinayder

Err, it's not the actual Council vote, it's a vote in the Committee of Permanent Representatives, which prepares the agenda for the Council. I shouldn't multitask...

18 June at 13:16 | Open on social.treehouse.systems
ansuz / ऐरन

@remmy @xinayder oops, good catch!

I wrote to one of the addresses from the page you linked, so it should have reached the right office, but I'll see about correcting some other toots.

Thanks!

18 June at 13:18 | Open on social.cryptography.dog
𝙊𝙩𝙩𝙤 𝙅. 𝙈𝙖̈𝙠𝙚𝙡𝙖̈

@ansuz @cryptpad It should be noted that Finland seems to be on the fence after these cosmetic changes. "Won't anyone think of the Children?"

19 June at 6:45 | Open on infosec.exchange
Go Up