Misleading title, the council approves their mandate for negotiations with parliament. It’s still a long way to go before it turns into law and I think it’s rather unpopular in parliament.
I think it's just the trialogue left, so still some distance but comfortably past halfway to becoming valid law.
There's been so much drama over the years about this proposal from the commission I doubt von der Leyen will want to fight to get the scanning back in.
>At the beginning of the month, the Danish Presidency decided to change its approach with a new compromise text that makes the chat scanning voluntary, instead.
Hmm, so this will probably make the life for those who don't scan quite hard and if they experience a high profile scandal getting out of it will not be easy I assume.
I'm not sure what to think of it, not being mandatory and requiring risk assessment sounds like "Fine, whatever don't do it if you don't want to do it but if something bad happens it's on you". May be fair to some extent, i.e. Reddit and Telegram can decide how much they trust their users not to run pedo business and be on the hook for it.
On the other hand, it is a backdoor and if the governments go crazy like they did in some other countries where high level politicians are implicated with actual pedophiles and have a tendency for authoritarianism Europe may end up having checking user chats for "enemies of the state" instead of CSAM materials. Being not mandatory here may mean that you get constant bullying because you must be hiding something.
"voluntary" can also be pretty meaningless depending on the context. In the UK, if the police suspects you of shenanigans, they'll politely invite you for an "voluntary interview".
Of course you can decide to not go, it's voluntary, right? Yes, you can. Your choice. And when you reject their kind offer they'll come and arrest you so you can attend the interview.
While I fully agree with your sentiment, I'd like to take the opportunity to share a favorite fun-fact of mine: the frogs in the not-jumping-out experiment had their brains removed beforehand. Which might make the analogy more apt, actually, considering how much under siege our attention is these days.
They have removed the backdoor paragraph, and inserted a new one that states that scanning is entirely voluntary and best effort, and also state that the EU cannot force them to scan.
As far as the mass surveillance scanning goes, it has completely been removed, and what remains is still the mandatory age checks, which might be problematic.
From reading the specification, it appears to be reasonably well designed, where identification is handled by authorities, and the requesting party cannot get your identification details, only send an "is the user of this session older than 18". The verifier cannot see which site the request comes from, and you identify yourself in the session, and a reply goes back to the requester with a "yes/no" answer.
So, it at least appears to be simply an age check, and not some sort of surveillance program to stalk your online browsing habits.
you people need to disabuse yourselves of the idea that only a Trumpian type regime could possibly have any interest in finding and incapacitating “enemies of the state”.
I feel like this will just incentivise the creation of privately run federated messaging systems. Powerful people will always be protected, any smart people will run fed messengers for their private stuff and normie tech for normie comms. This power will just turn into another form of control. As always, the only losers will be the average citizens.
I am ashamed to be Danish. Where are the mass protests of hundreds of thousands, the mass walkouts from our workplaces until our government at last respects our human dignity?
Our government has today turned the EU into a tool for total surveillance I don't know if there can be any return from. Our democratic processes have been abused, and our politicians shown to be nothing but craven, self-interested agents of control.
> What about going out in front of your city hall with a poster saying no-chat-control?
Unorganized, individual acts cannot change anything in the EU.
> You risk nothing, do you?
Given the legislative maze the EU has become, you can't be sure of that, but you surely gain nothing.
The conditions in Europe are quite specific, and in that environment, pan-EU legislation (except the customs union) should be optional for individual members, anything else can and will be used against the people.
Individual acts can actually have more resonance, if carried out with conviction and commitment (and if the cause is just).
See Greta Thunberg; she might not have managed to save the planet yet, but she sure got the attention of the world (of course, however big a problem chat control is, climate change is a much bigger issue)
Democracy worked well here. The executive wanted more power (once again), the parliament refused, twice, despite _a lot_ of lobbying and pressure from the executive branch. Good job to the tech industry for counterlobbying (i'm not saying that often i swear), good job us for mobilizing, and also la quadrature and other NGO privacy watchdog for mobilization that allowed the EU parliement to resist somewhat, and forced a compromise that will any overreach tentative in the hand of judges.
What europe needs to be careful of is that the EUCJ keep its power. I _know_ people on both side of the political spectrum dislike judges (because they defend the status quo for the left, and the rule of law for the right) but multiple time this past 3 years i've seen mediatic assaults on EUCJ and ECHR that expend their political power again and again and again. We have to keep executive power from limiting judiciary power. Already executive branches are powering through legislative in a lot of country (France, UK, US, and EU which isn't a country but have similar institution), we absolutely have to keep the third branch as a check against government overreach.
Honest question: let's say I get an email and encrypt it with a highly secure key, or maybe I just encrypt a file and send it through WhatsApp. That might not be as easy or secure as a double ratchet, but, is it against chat control?
Sad to see Europe morph from postal secrecy to chat control. I can’t imagine 19th century intellectuals would do anything other than laugh in the face of censors who would suggest that the governments need to read personal correspondence to protect children and/or national interests against Prussia/Russia/China.
Is there still a loophole for politicians not to be tracked? Because if so, some people will make a lot of money by creating a political party and turning citizens into politicians for yearly fee and thus bypassing this whole law.
You can read the proposal and found out, if you're interested.
> In the light of the more limited risk of their use for the purpose of child sexual abuse and the need to preserve confidential information, including classified information, information covered by professional secrecy and trade secrets, electronic communications services that are not publicly available, such as those used for national security purposes, should be excluded from the scope of this Regulation. Accordingly,
this Regulation should not apply to interpersonal communications services that are not available to the general public and the use of which is instead restricted to persons involved in the activities of a particular company, organisation, body or authority.
How is it possible this thing can just keep coming back and back? There should be a law that gives these kinds of bills a cooldown period of 2 years or so that prevents them from being reintroduced with slightly different wording.
Because the EU citizens keep voting for those politicians. It’s as simple as that. There are dozens of different parties in each EU country, but people keep voting for parties that push chat control.
Honest question. The EU was created as an economic and trade institution. How has it morphed into a wierd political institution, which NATO was already supposed to be?
The root question: how did an organization that ushered in things like the Euro become a body that decides whether Europeans are allowed to have personal privacy?
The answer is pretty simple. This decision isn't "the EU".
The European Commission has fewer employees than the Luxembourg government (and keep in mind, they're "running" a continent).
This decision was the Council, i.e. simply the national member governments. Don't let anyone blame "the EU" for this, the national governments are the ones that proposed this, pushed it through EU institutions, and might now try to override the EU parliament about it. Just because national (elected) governments are pushing it through EU institutions doesn't mean you should blame "the EU". It wasn't the "Eurocrats".
EU (and preceding organisations since European Coal and Steel Community) were created so that there will be no war in Europe. How exactly this objective is achieved is of secondary importance. It is economic institution, because someone calculated that this will be best shot, but if (or when) calculation credibly shifts (for example, that it would be better for them to be a religion, a feudal system, or a federation -- whatever), it will morph into something else.
I'd say that it has 100% fulfilled its primary goal that there is no military conflict between major European states for like 80 years and counting, which is longest period ever recorded and a historical anomaly. The means of how it was executed is obviously a matter of debate, mistakes were made etc., but we over here generally make love, not war.
the entire point is to build a country called Europe
and the EU is built on the "Monnet method", where it slowly ratchets forward taking more power from national parliaments and giving it to the EU council/commission
(with a useless parliament there to make it appear democratic)
the UK leaving is the only example of the ratchet being reversed
>How has it morphed into a wierd political institution
Von der Leyen, an autocratic fascist that is ruining this continent. She failed to push her agenda in Germany so she "failed upwards". Even how she got this position was highly controversial and went against the top candidate principle. The EU commission is exceeding their competencies. The EU is not democratic, there is no parliamentary oversight, the parliament can't even introduce legislative proposals. No one can vote for the EU commission, only the parliament can vote for or against all the proposed candidates (not one by one). Parliament is essentially a rubber stamp for the commission.
> The EU was created as an economic and trade institution. How has it morphed into a wierd political institution, which NATO was already supposed to be?
That is not the case.
The 1957 Treaty Establishing the European Community contained the objective of “ever closer union” in the following words in the Preamble. In English this is: “Determined to lay the foundations of an ever closer union among the peoples of Europe …..”.
> The root question: how did an organization that ushered in things like the Euro become a body that decides whether Europeans are allowed to have personal privacy?
Sensationalist framing aside, how does any government become a body that decides anything?
That treaty was established just over a decade after Hitler surrendered, when there were two Germanys, an Iron curtain across Europe, and a lot of other things which changed significantly after the Wall fell. Surely you would agree that those words meant something quite different then than they do now?
I don't think my framing was sensationalist at all. Chat Control is using the threat of child porn to make people forget the reasons why the ECHR cares so deeply about privacy. I'm not sure why Denmark is pushing it so hard, but governments have long feared and hated encryption.
Not only are you moving your goalposts from "this wasn't the original purpose" (it was - it's part of the founding document!), but it has been reaffirmed and strengthened over and over again since: https://commonslibrary.parliament.uk/research-briefings/cbp-...
Don't get me wrong - I, too, care about privacy and think Chat Control is a horrible idea, that thankfully seems to be getting shut down. That doesn't mean the EU is somehow not legitimate as a governing body.
I was not moving goalposts. I was saying that the way we interpret the words has changed over time, and therefore we are taking words that meant one thing in 1957 and reinterpreting them to fit assumptions for today. Thus the semantic drift creates a shift.
To address the other point, I think we're missing a question of scope. Is the EU a legitimate governing body for negotiating trade deals and employment regulations between countries? Absolutely. I question however whether in recent years EU has begun to either scope-drift or expand their scope beyond what might be considered reasonable.
I think this is a natural tendency within human nature, especially when a governing body is given some power. Over time new opportunities arise which allow the body to gain more power, and then they reinterpret founding documents to include some of the new powers they want. I think it is pretty clear this is happening with the EU. Look at the rise of nationalist parties in Germany and France, etc.
Such words in any Preamble are usually meant as a lofty declaration of some ideal, not a concrete political goal.
After all, "ever closer" does not even mean federation, it means a unitary state, which is "closer" than a federation or a confederation.
If you believe that a single sentence in a 1957 treaty can be used as a ramrod to push European federalization from above, you will be surprised by the backlash. European nations aren't mostly interested in becoming provinces of a future superstate, potential referenda in this direction will almost certainly fail, and given the growth of the far right all over the continent, I don't expect the governments to agree to any further voluntary transfer of powers to Brussels.
Also, the European Commission is not a government and is not meant to act as a government that can decide "everything".
The countries that formed the EU have only agreed to transfer some powers to Brussels. Not give it an unlimited hand over everything. And Chat Control is a major infringement of constitutional rights in many countries, where inviolability of communication except for concrete warrants has been written into law for decades.
Imagine a situation if the German Constitutional Court says "this is illegal by the German Grundgesetz, and German law enforcement may not execute such laws". Do you believe that German authorities will defer to Brussels instead of its own Constitutional Court? Nope. Same with Poland etc. Local constitutional institutions have more legitimacy among the people than the bunch of bureaucrats in Brussels.
I don't think a mere Federalization should happen. I think a unitary state is - as you said! - what we all signed up for and what we should get.
There's a reason the "ever closer" phrasing has been repeated over and over again - in the 1983 Solemn Declaration, the 1997 Maastricht Treaty, the 2009 Lisbon treaty etc etc.
Look at China's rise and our fall - a direct consequence of centralization and the lack thereof.
I assume this is sarcasm, but, for those reading, a unitary state is definitely not what those words meant. If they did, that would mean that 27 countries willingly and fully signed away their sovereignty, without knowledge of the public. The only times where this has happened before in world histoey was either surrender in the face if insurmountable odds, or a decision by the elites in exchange for unimaginable riches. As far as I know, the politicians and bureaucrats who made/signed those treaties didn't become billionaires since.
There is a reason indeed - unbridled utopianism that will eventually sink us.
In practice, the only political party that openly advocates for a European Federation, Volt, is polling around statistical error from zero in most EU countries. The will of the people isn't there.
Becoming a federation or even a unitary state isn't a self-executing protocol. Actual heads of governments have to meet, agree to dissolve their individual countries into a superstate with one central government, and actual parliaments have to ratify this.
You don't have the vote to do this democratically. European nationalisms were at their lowest ebb in cca 2000; since then, they have returned with vengeance.
You don't have the force to do this forcibly. No Genghis Khan or Napoleon on the scene.
And in the current connected world, you can't even do this by stealth. The only result of the people actually learning of such a plan would be far-right governments in France and Germany at the same time, ffs.
Please stop. Just stop. When I was a youngster, I witnessed violent collapse of Yugoslavia, somewhat less violent collapse of the Soviet Union and fortunately non-violent collapse of Czechoslovakia, three entities whose constituent nations didn't want to be tied together. I don't want to see 2.0 of those, continent-wide, when I am old.
"Look at China's rise and our fall - a direct consequence of centralization and the lack thereof."
Becoming more like China is not particularly attractive for former Eastern Bloc countries. Chat Control is enough of a window into such future that I don't want to go there. Also, your history is massively incomplete. Cherry-picking of some events while ignoring others.
The pinnacle of European power, with the European countries controlling half of mankind, happened around 1900, with no centralization of the continent in place. And we have been losing our relative strength since 2000, which is precisely the time when the continent is most integrated ever.
Chinese central government unleashed at least two total disasters on its own population in the 20th century - the Great Leap Forward and the Cultural Revolution. It can unleash some more if a sufficiently unhinged person gets into power again. With centralized power, you are free to make some Huge Mistakes.
I certainly don't want future Brussels to start some European versions of the Iraq and Afghanistan wars, just because they can. Austria-Hungary collapsed on such stupidity after 400 years of continuing integration.
The will of the people never mattered. All that matters is ideology and force to execute on it.
> Becoming more like China is not particularly attractive for former Eastern Bloc countries
Yeah, what's attractive for former Eastern Block countries is mooching off Western Europe, taking our money and then blocking any progress and electing regressive autocrats. In some ways, it was better when you were one of our (Austrian) colonies. At least we managed to drag you into modernity against your will.
> Chinese central government unleashed at least two total disasters on its own population in the 20th century - the Great Leap Forward and the Cultural Revolution. It can unleash some more if a sufficiently unhinged person gets into power again
That's the beauty of it! They did all of that and yet they are thriving now. None of this shit matters in the long term. To quote Mao - "A revolution is not a dinner party".
"things written on paper" is the basis of any serious, respectable country. "Things written on paper" should be respected, because when you are serious about your commitments, words matter.
I don't want to see the country I live in become a shithole because local armed forces or police think themselves above the law.
The ultimate legitimacy test is whether you are serious about the things you sign. Not if some proto-fascist wants to tear down institutions.
One thing with chat control I don't get is why can't it be vetoed by a single member? That doesn't seem like part of regular trade policy competency of the EU
The trick is that because they could not pass the proposal that enforces message scanning, now this proposal defines "high risk activities" and in the case of high risk activity, the national authorities can force someone to comply (i.e. start to scan messages, block, stop activity).
High risk classification is at the end of the text.
Some highlights of what is defined as high risk, and thus can be forced to go through mandatory scanning or forbidden:
- Encrypted messaging follows closely due to privacy concerns and the potential for misuse. Posting and sharing of multimedia content are also high-risk activities, as they can easily disseminate harmful material.
- The platform lacks functionalities to prevent users from saving harmful content (by making recordings, screenshots etc.) for the purpose of the dissemination thereof (such as for example not allowing recording and screenshotting content shared by minors)
- Possibility to use peer-to-peer downloading (allows direct sharing of content without using centralised servers)
- The platforms’ storage functionalities and/or the legal framework of the
country of storage do not allow sharing information with law enforcement
authorities.
- The platform lacks functionalities to limit the number of downloads per user
to reduce the dissemination of harmful content.
- Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
Also, a lot of these points do not sound like they are about the safety of children
- Platforms lack a premoderation system, allowing potentially harmful content
to be posted without oversight or moderation
- Frequent use of anonymous accounts
- Frequent Pseudonymous behavior
- Frequent creation of temporary accounts:
- Lack of identity verification tools
Based on the light of the proposal, Hacker News is very dangerous place and need to have its identity verification and CSAM policies fixed, or face the upcoming fines in the EU.
> - Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
So you make it so that when the user starts the application you ask them "Your current configuration allows government, and probably some hackers as well, to see your messages. Do you want to enable encryption? Your government's suggestion is that you should say 'No' here. That's also what the foreign intelligence agencies suggest" "Yes, enable encryption" "No". That's clearly opt-in, you even provide the government's recommendation. And of course you then ask that whenever they open the application if they selected "No", we have learned that it's completely fine to keep asking same question from the user.
Oh, and make sure that the other party is clearly aware that the other side has not enabled encryption.
The crux is in those „risk assessments”, to be approved by authorities. IIUC those authorities will be able to designate e.g. Signal „high risk” and slap penalties unless they „mitigate” the risk. Hard to tell what will happen without seeing final regulation.
I know it's the recognized term for 'officially designated authority', but 'competent authority' seems to conflate two traits that do not necessarily co-habit.
Just read it as ”we have the competence to make decisions with authority on this issue”, though we all wish it always meant ”we have authority to make competent decisions on this issue” xD
Taking the reasons at face value (for the sake of argument) I guess what I'm confused about is why this would be necessary. I would think there were already laws/regulations/liability reasons/etc requiring companies to make efforts to ensure they're not hosting CP and other such things? Am I wrong?
Why follow the EU's press release instead of stating what's happening? The EU parliament voted - many times. They voted AGAINST having this law at all. The EU council is now threatening to fully override parliament, but "gives parliament another chance" to agree, in hopes this makes the member states more likely to cooperate.
More correct would be to state the in power EU governments have decided to use the EU council power to override the will of both the EU parliament and the member states' own parliaments - for now, by threatening parliament with the override.
This is completely incorrect, the Parliament, the Council, and the Commission always come up with their own version of a proposed regulation (the Commission because they get to create new proposals, the other two because they have to react to comission proposal). Then all three parties sit down and negotiate a final text that becomes law.
The EU parliament and the head of states that comprise the EU council are elected by the EU citizens. Why is there such discordance between the two? Isn’t it mostly the same people from the same parties?
This is a major win! Basically: It's now (still) voluntary for services to implement scanning for CSAM material. Not mandatory. End-to-end encryption will continue to be legal.
Source: Swedish national public service radio (Sveriges Radio) interviewing Jon Karlung, CEO of Bahnhof AB - a major privacy-centric and politically outspoken ISP in Sweden. Think XS4ALL (RIP) but in Sweden. Here's the interview: https://www.sverigesradio.se/artikel/efter-flera-ar-eu-overe... (Swedish speech).
Here's their blog post (in Swedish, use browser translation tools):
They could have subpoenaed the unencrypted Gmail accounts of Maxwell, Epstein and Barak like two decades ago. They can still subpoena Barak's Gmail and other accounts, especially after Giuffre's allegations about "a well known prime minister".
In a nutshell, there will be no more intrusions into chats, but only obligations for the companies to provide preferential channels for victims of these crimes.
And companies considered high-risk will have to "contribute to the development of technologies to mitigate the risks relating to their services." Which sooner or later will involve another attempt at client-side scanning.
The path from position to actual implementation (details) is long
And you can bet there's still a lot of opposition of people (with actual involvement in the legislative process)
And legal hurdles for implementation as well
(this all reminds me of the discussion around the copyright directive where people here were decrying it was going to be the end of memes. So, how did that go again?)
I just want to reiterate that in Germany getting convicted of gang raping a 15 year old (and stealing her phone and purse and filming the rape) is something which gets you probation. Yes, the crime was proven, there was no doubt about the guilt.
In this context putting the entirety of the population under the suspicion of facilitating child rape is completely and utterly deranged.
Given how badly the EU just folded on GDPR, data protection and AI laws (which were good laws generally imo, and tragic to see useful exercise of sovereignty erased), I want to have hope that this might not stand.
But unfortunately I feel like the big tech interests probably somewhat want this happen, are happy to hand the citizenry over to the state. That we won't hear much from them over this all. With some notable Signal sized / Medium Tech exceptions.
It sure does seem like there's a huge legitimacy crisis the EU council is creating around itself by going so far against the will of the people, by intruding so forcibly into literally everyone's life.
"High risk" providers will be obligated to "contribute" technologies "to mitigate." Seems like a doublespeak way of saying enforced decryption or enforced backdoors.
It's one of those things that will obviously be used to boil the frog over time via beurocratic rules.
Year 1 a minimum viable effort manual process will be fine. But they'll say "not good enough" to someone every now and then and the minimum can do in order to get a) permission b) enforcers not crawling up your ass (IDK if it will be permission based or enforcement after the fact based) will ratchet up.
By year 10 or 20 "everyone" will have an API or a portal or whatever.
And worse, by creating a compliance industry they create a whole suite of business and people who will ask for more, more, more more.
Sadly, another attempt will likely be made at some point. At least the regulation is quite explicit:
> This Regulation shall not prohibit, make impossible, weaken, circumvent or otherwise undermine cybersecurity measures, in particular encryption, including end-to-end encryption, implemented by the relevant information society services or by the users. This Regulation shall not create any obligation that would require a provider of hosting services or a provider of interpersonal communications services to decrypt data or create access to end-to-end encrypted data, or that would prevent providers from offering end-to-end encrypted services.
Yes, I see this as the people pushing for surveillance and control taking what they can get for now, with the view to bring it back to mandatory scanning before all is said and done.
No, because EUCJ still have power to interpret the laws, or to declare the laws illegal. And the EUCJ, while incredibly pro-consummer, seems to really, really dislike the police state.
It will happen only if the council manage to defang the EUCJ (it does try, regularly, to reduce the judiciary power by forcing it to make unpopular statements on obviously illegal laws, so it might be a long term goal).
Misleading title, the council approves their mandate for negotiations with parliament. It’s still a long way to go before it turns into law and I think it’s rather unpopular in parliament.
I think it's just the trialogue left, so still some distance but comfortably past halfway to becoming valid law.
There's been so much drama over the years about this proposal from the commission I doubt von der Leyen will want to fight to get the scanning back in.
Ok, we've put that in the title above. Thanks!
>At the beginning of the month, the Danish Presidency decided to change its approach with a new compromise text that makes the chat scanning voluntary, instead.
Hmm, so this will probably make the life for those who don't scan quite hard and if they experience a high profile scandal getting out of it will not be easy I assume.
I'm not sure what to think of it, not being mandatory and requiring risk assessment sounds like "Fine, whatever don't do it if you don't want to do it but if something bad happens it's on you". May be fair to some extent, i.e. Reddit and Telegram can decide how much they trust their users not to run pedo business and be on the hook for it.
On the other hand, it is a backdoor and if the governments go crazy like they did in some other countries where high level politicians are implicated with actual pedophiles and have a tendency for authoritarianism Europe may end up having checking user chats for "enemies of the state" instead of CSAM materials. Being not mandatory here may mean that you get constant bullying because you must be hiding something.
I assume this is a delay to get a foot in the door. After some time, the scanning will be made no longer voluntary.
One has to take rights away slowly, otherwise the frog jumps before you can boil it.
"voluntary" can also be pretty meaningless depending on the context. In the UK, if the police suspects you of shenanigans, they'll politely invite you for an "voluntary interview".
Of course you can decide to not go, it's voluntary, right? Yes, you can. Your choice. And when you reject their kind offer they'll come and arrest you so you can attend the interview.
While I fully agree with your sentiment, I'd like to take the opportunity to share a favorite fun-fact of mine: the frogs in the not-jumping-out experiment had their brains removed beforehand. Which might make the analogy more apt, actually, considering how much under siege our attention is these days.
They have removed the backdoor paragraph, and inserted a new one that states that scanning is entirely voluntary and best effort, and also state that the EU cannot force them to scan.
As far as the mass surveillance scanning goes, it has completely been removed, and what remains is still the mandatory age checks, which might be problematic.
From reading the specification, it appears to be reasonably well designed, where identification is handled by authorities, and the requesting party cannot get your identification details, only send an "is the user of this session older than 18". The verifier cannot see which site the request comes from, and you identify yourself in the session, and a reply goes back to the requester with a "yes/no" answer.
So, it at least appears to be simply an age check, and not some sort of surveillance program to stalk your online browsing habits.
you people need to disabuse yourselves of the idea that only a Trumpian type regime could possibly have any interest in finding and incapacitating “enemies of the state”.
I feel like this will just incentivise the creation of privately run federated messaging systems. Powerful people will always be protected, any smart people will run fed messengers for their private stuff and normie tech for normie comms. This power will just turn into another form of control. As always, the only losers will be the average citizens.
I am ashamed to be Danish. Where are the mass protests of hundreds of thousands, the mass walkouts from our workplaces until our government at last respects our human dignity?
Our government has today turned the EU into a tool for total surveillance I don't know if there can be any return from. Our democratic processes have been abused, and our politicians shown to be nothing but craven, self-interested agents of control.
What about going out in front of your city hall with a poster saying no-chat-control?
You risk nothing, do you?
> What about going out in front of your city hall with a poster saying no-chat-control?
Unorganized, individual acts cannot change anything in the EU.
> You risk nothing, do you?
Given the legislative maze the EU has become, you can't be sure of that, but you surely gain nothing.
The conditions in Europe are quite specific, and in that environment, pan-EU legislation (except the customs union) should be optional for individual members, anything else can and will be used against the people.
Individual acts can actually have more resonance, if carried out with conviction and commitment (and if the cause is just).
See Greta Thunberg; she might not have managed to save the planet yet, but she sure got the attention of the world (of course, however big a problem chat control is, climate change is a much bigger issue)
Good old salami tactics still work. Same goes for going way over target to then settle for your actual goal.
Good old democracy at work.
Democracy worked well here. The executive wanted more power (once again), the parliament refused, twice, despite _a lot_ of lobbying and pressure from the executive branch. Good job to the tech industry for counterlobbying (i'm not saying that often i swear), good job us for mobilizing, and also la quadrature and other NGO privacy watchdog for mobilization that allowed the EU parliement to resist somewhat, and forced a compromise that will any overreach tentative in the hand of judges.
What europe needs to be careful of is that the EUCJ keep its power. I _know_ people on both side of the political spectrum dislike judges (because they defend the status quo for the left, and the rule of law for the right) but multiple time this past 3 years i've seen mediatic assaults on EUCJ and ECHR that expend their political power again and again and again. We have to keep executive power from limiting judiciary power. Already executive branches are powering through legislative in a lot of country (France, UK, US, and EU which isn't a country but have similar institution), we absolutely have to keep the third branch as a check against government overreach.
Democracy is actually at work here: it's restraining somewhat the reptile-brained politicians behind chat control.
Honest question: let's say I get an email and encrypt it with a highly secure key, or maybe I just encrypt a file and send it through WhatsApp. That might not be as easy or secure as a double ratchet, but, is it against chat control?
Sad to see Europe morph from postal secrecy to chat control. I can’t imagine 19th century intellectuals would do anything other than laugh in the face of censors who would suggest that the governments need to read personal correspondence to protect children and/or national interests against Prussia/Russia/China.
Is there still a loophole for politicians not to be tracked? Because if so, some people will make a lot of money by creating a political party and turning citizens into politicians for yearly fee and thus bypassing this whole law.
You can read the proposal and found out, if you're interested.
> In the light of the more limited risk of their use for the purpose of child sexual abuse and the need to preserve confidential information, including classified information, information covered by professional secrecy and trade secrets, electronic communications services that are not publicly available, such as those used for national security purposes, should be excluded from the scope of this Regulation. Accordingly, this Regulation should not apply to interpersonal communications services that are not available to the general public and the use of which is instead restricted to persons involved in the activities of a particular company, organisation, body or authority.
Oh, so sharing all those restricted materials is fine, as long as you limit it to your company.
Elected officials of if I recall correctly. Not just people belonging to a political party.
In big governments or also in councils?
How is it possible this thing can just keep coming back and back? There should be a law that gives these kinds of bills a cooldown period of 2 years or so that prevents them from being reintroduced with slightly different wording.
Because the EU citizens keep voting for those politicians. It’s as simple as that. There are dozens of different parties in each EU country, but people keep voting for parties that push chat control.
Honest question. The EU was created as an economic and trade institution. How has it morphed into a wierd political institution, which NATO was already supposed to be?
The root question: how did an organization that ushered in things like the Euro become a body that decides whether Europeans are allowed to have personal privacy?
The answer is pretty simple. This decision isn't "the EU".
The European Commission has fewer employees than the Luxembourg government (and keep in mind, they're "running" a continent).
This decision was the Council, i.e. simply the national member governments. Don't let anyone blame "the EU" for this, the national governments are the ones that proposed this, pushed it through EU institutions, and might now try to override the EU parliament about it. Just because national (elected) governments are pushing it through EU institutions doesn't mean you should blame "the EU". It wasn't the "Eurocrats".
The EU almost certainly has protected privacy for most European nations than it has hurt it.
You simply need to look at the precipitous decline in privacy in the UK after it left the EU to see some of the most stark examples of this.
EU (and preceding organisations since European Coal and Steel Community) were created so that there will be no war in Europe. How exactly this objective is achieved is of secondary importance. It is economic institution, because someone calculated that this will be best shot, but if (or when) calculation credibly shifts (for example, that it would be better for them to be a religion, a feudal system, or a federation -- whatever), it will morph into something else.
I'd say that it has 100% fulfilled its primary goal that there is no military conflict between major European states for like 80 years and counting, which is longest period ever recorded and a historical anomaly. The means of how it was executed is obviously a matter of debate, mistakes were made etc., but we over here generally make love, not war.
ever closer union in the Treaty of Rome
the entire point is to build a country called Europe
and the EU is built on the "Monnet method", where it slowly ratchets forward taking more power from national parliaments and giving it to the EU council/commission
(with a useless parliament there to make it appear democratic)
the UK leaving is the only example of the ratchet being reversed
>How has it morphed into a wierd political institution
Von der Leyen, an autocratic fascist that is ruining this continent. She failed to push her agenda in Germany so she "failed upwards". Even how she got this position was highly controversial and went against the top candidate principle. The EU commission is exceeding their competencies. The EU is not democratic, there is no parliamentary oversight, the parliament can't even introduce legislative proposals. No one can vote for the EU commission, only the parliament can vote for or against all the proposed candidates (not one by one). Parliament is essentially a rubber stamp for the commission.
I could be jailed for this comment btw.
> a weird political institution, which NATO was already supposed to be?
NATO is a military alliance, not a government.
You speak as if the EU is somehow divorced from the national governments, and is imposing its will to the helpless states that compose it.
The commissioners that propose laws are appointed by each national government. The national governments of each member state is all in on this.
NATO is not a political institution. It is a defense treaty (this one completely outside the realm of democracy).
A defence treaty is obviously a very political institution.
Obviously not in the sense the person I was replying to meant, considering their claim is that the EU should not be considered one.
> The EU was created as an economic and trade institution. How has it morphed into a wierd political institution, which NATO was already supposed to be?
That is not the case.
The 1957 Treaty Establishing the European Community contained the objective of “ever closer union” in the following words in the Preamble. In English this is: “Determined to lay the foundations of an ever closer union among the peoples of Europe …..”.
> The root question: how did an organization that ushered in things like the Euro become a body that decides whether Europeans are allowed to have personal privacy?
Sensationalist framing aside, how does any government become a body that decides anything?
That treaty was established just over a decade after Hitler surrendered, when there were two Germanys, an Iron curtain across Europe, and a lot of other things which changed significantly after the Wall fell. Surely you would agree that those words meant something quite different then than they do now?
I don't think my framing was sensationalist at all. Chat Control is using the threat of child porn to make people forget the reasons why the ECHR cares so deeply about privacy. I'm not sure why Denmark is pushing it so hard, but governments have long feared and hated encryption.
Not only are you moving your goalposts from "this wasn't the original purpose" (it was - it's part of the founding document!), but it has been reaffirmed and strengthened over and over again since: https://commonslibrary.parliament.uk/research-briefings/cbp-...
Don't get me wrong - I, too, care about privacy and think Chat Control is a horrible idea, that thankfully seems to be getting shut down. That doesn't mean the EU is somehow not legitimate as a governing body.
I was not moving goalposts. I was saying that the way we interpret the words has changed over time, and therefore we are taking words that meant one thing in 1957 and reinterpreting them to fit assumptions for today. Thus the semantic drift creates a shift.
To address the other point, I think we're missing a question of scope. Is the EU a legitimate governing body for negotiating trade deals and employment regulations between countries? Absolutely. I question however whether in recent years EU has begun to either scope-drift or expand their scope beyond what might be considered reasonable.
I think this is a natural tendency within human nature, especially when a governing body is given some power. Over time new opportunities arise which allow the body to gain more power, and then they reinterpret founding documents to include some of the new powers they want. I think it is pretty clear this is happening with the EU. Look at the rise of nationalist parties in Germany and France, etc.
"contained the objective of “ever closer union” "
Such words in any Preamble are usually meant as a lofty declaration of some ideal, not a concrete political goal.
After all, "ever closer" does not even mean federation, it means a unitary state, which is "closer" than a federation or a confederation.
If you believe that a single sentence in a 1957 treaty can be used as a ramrod to push European federalization from above, you will be surprised by the backlash. European nations aren't mostly interested in becoming provinces of a future superstate, potential referenda in this direction will almost certainly fail, and given the growth of the far right all over the continent, I don't expect the governments to agree to any further voluntary transfer of powers to Brussels.
Also, the European Commission is not a government and is not meant to act as a government that can decide "everything".
The countries that formed the EU have only agreed to transfer some powers to Brussels. Not give it an unlimited hand over everything. And Chat Control is a major infringement of constitutional rights in many countries, where inviolability of communication except for concrete warrants has been written into law for decades.
Imagine a situation if the German Constitutional Court says "this is illegal by the German Grundgesetz, and German law enforcement may not execute such laws". Do you believe that German authorities will defer to Brussels instead of its own Constitutional Court? Nope. Same with Poland etc. Local constitutional institutions have more legitimacy among the people than the bunch of bureaucrats in Brussels.
I don't think a mere Federalization should happen. I think a unitary state is - as you said! - what we all signed up for and what we should get.
There's a reason the "ever closer" phrasing has been repeated over and over again - in the 1983 Solemn Declaration, the 1997 Maastricht Treaty, the 2009 Lisbon treaty etc etc.
Look at China's rise and our fall - a direct consequence of centralization and the lack thereof.
> what we all signed up for
No, we didn't. The EU ignored the French and Dutch people's votes.
I assume this is sarcasm, but, for those reading, a unitary state is definitely not what those words meant. If they did, that would mean that 27 countries willingly and fully signed away their sovereignty, without knowledge of the public. The only times where this has happened before in world histoey was either surrender in the face if insurmountable odds, or a decision by the elites in exchange for unimaginable riches. As far as I know, the politicians and bureaucrats who made/signed those treaties didn't become billionaires since.
This has happened many a time. The US constitution is one such example.
There is a reason indeed - unbridled utopianism that will eventually sink us.
In practice, the only political party that openly advocates for a European Federation, Volt, is polling around statistical error from zero in most EU countries. The will of the people isn't there.
Becoming a federation or even a unitary state isn't a self-executing protocol. Actual heads of governments have to meet, agree to dissolve their individual countries into a superstate with one central government, and actual parliaments have to ratify this.
You don't have the vote to do this democratically. European nationalisms were at their lowest ebb in cca 2000; since then, they have returned with vengeance.
You don't have the force to do this forcibly. No Genghis Khan or Napoleon on the scene.
And in the current connected world, you can't even do this by stealth. The only result of the people actually learning of such a plan would be far-right governments in France and Germany at the same time, ffs.
Please stop. Just stop. When I was a youngster, I witnessed violent collapse of Yugoslavia, somewhat less violent collapse of the Soviet Union and fortunately non-violent collapse of Czechoslovakia, three entities whose constituent nations didn't want to be tied together. I don't want to see 2.0 of those, continent-wide, when I am old.
"Look at China's rise and our fall - a direct consequence of centralization and the lack thereof."
Becoming more like China is not particularly attractive for former Eastern Bloc countries. Chat Control is enough of a window into such future that I don't want to go there. Also, your history is massively incomplete. Cherry-picking of some events while ignoring others.
The pinnacle of European power, with the European countries controlling half of mankind, happened around 1900, with no centralization of the continent in place. And we have been losing our relative strength since 2000, which is precisely the time when the continent is most integrated ever.
Chinese central government unleashed at least two total disasters on its own population in the 20th century - the Great Leap Forward and the Cultural Revolution. It can unleash some more if a sufficiently unhinged person gets into power again. With centralized power, you are free to make some Huge Mistakes.
I certainly don't want future Brussels to start some European versions of the Iraq and Afghanistan wars, just because they can. Austria-Hungary collapsed on such stupidity after 400 years of continuing integration.
> The will of the people isn't there
The will of the people never mattered. All that matters is ideology and force to execute on it.
> Becoming more like China is not particularly attractive for former Eastern Bloc countries
Yeah, what's attractive for former Eastern Block countries is mooching off Western Europe, taking our money and then blocking any progress and electing regressive autocrats. In some ways, it was better when you were one of our (Austrian) colonies. At least we managed to drag you into modernity against your will.
> Chinese central government unleashed at least two total disasters on its own population in the 20th century - the Great Leap Forward and the Cultural Revolution. It can unleash some more if a sufficiently unhinged person gets into power again
That's the beauty of it! They did all of that and yet they are thriving now. None of this shit matters in the long term. To quote Mao - "A revolution is not a dinner party".
> Local constitutional institutions have more legitimacy among the people than the bunch of bureaucrats in Brussels.
Repeating this bullshit over and over does not make it true.
The EU has a parliament that approves laws. The commissioners are appointed by the democratic elected governments. It has a legitimate mandate.
Ask local armed forces, judges or police whether they would back Brussels or their local government if it came to an actual forceful showdown.
This is the ultimate legitimacy test, not things written on paper.
> things written on paper.
"things written on paper" is the basis of any serious, respectable country. "Things written on paper" should be respected, because when you are serious about your commitments, words matter.
I don't want to see the country I live in become a shithole because local armed forces or police think themselves above the law.
The ultimate legitimacy test is whether you are serious about the things you sign. Not if some proto-fascist wants to tear down institutions.
One thing with chat control I don't get is why can't it be vetoed by a single member? That doesn't seem like part of regular trade policy competency of the EU
Even the Maastricht Treaty went beyond trade, though that does seem to have been the origin of the EU. https://en.wikipedia.org/wiki/Maastricht_Treaty
The trick is that because they could not pass the proposal that enforces message scanning, now this proposal defines "high risk activities" and in the case of high risk activity, the national authorities can force someone to comply (i.e. start to scan messages, block, stop activity).
Here is the actual text: https://data.consilium.europa.eu/doc/document/ST-15318-2025-...
High risk classification is at the end of the text.
Some highlights of what is defined as high risk, and thus can be forced to go through mandatory scanning or forbidden:
- Encrypted messaging follows closely due to privacy concerns and the potential for misuse. Posting and sharing of multimedia content are also high-risk activities, as they can easily disseminate harmful material.
- The platform lacks functionalities to prevent users from saving harmful content (by making recordings, screenshots etc.) for the purpose of the dissemination thereof (such as for example not allowing recording and screenshotting content shared by minors)
- Possibility to use peer-to-peer downloading (allows direct sharing of content without using centralised servers)
- The platforms’ storage functionalities and/or the legal framework of the country of storage do not allow sharing information with law enforcement authorities.
- The platform lacks functionalities to limit the number of downloads per user to reduce the dissemination of harmful content.
- Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
Also, a lot of these points do not sound like they are about the safety of children
- Platforms lack a premoderation system, allowing potentially harmful content to be posted without oversight or moderation
- Frequent use of anonymous accounts
- Frequent Pseudonymous behavior
- Frequent creation of temporary accounts:
- Lack of identity verification tools
Based on the light of the proposal, Hacker News is very dangerous place and need to have its identity verification and CSAM policies fixed, or face the upcoming fines in the EU.
> - Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
So you make it so that when the user starts the application you ask them "Your current configuration allows government, and probably some hackers as well, to see your messages. Do you want to enable encryption? Your government's suggestion is that you should say 'No' here. That's also what the foreign intelligence agencies suggest" "Yes, enable encryption" "No". That's clearly opt-in, you even provide the government's recommendation. And of course you then ask that whenever they open the application if they selected "No", we have learned that it's completely fine to keep asking same question from the user.
Oh, and make sure that the other party is clearly aware that the other side has not enabled encryption.
They're are merely extending the current policy, it was set to expired early next year.
Does this already include the parliament's position based on a trilogue or will there be amendments before it's voted in parliament?
IIUC no, this is Council position before trilogue.
The crux is in those „risk assessments”, to be approved by authorities. IIUC those authorities will be able to designate e.g. Signal „high risk” and slap penalties unless they „mitigate” the risk. Hard to tell what will happen without seeing final regulation.
Oh, but we are terrified of child sexual abusers online :D
I know it's the recognized term for 'officially designated authority', but 'competent authority' seems to conflate two traits that do not necessarily co-habit.
Legal competence is like a legal person — it's a subset of what we normally associate with the term.
Just read it as ”we have the competence to make decisions with authority on this issue”, though we all wish it always meant ”we have authority to make competent decisions on this issue” xD
Orwell would be proud.
The wording on all this is incredibly vague. The intentions are pretty clear, but as the saying goes… the road to hell…
Taking the reasons at face value (for the sake of argument) I guess what I'm confused about is why this would be necessary. I would think there were already laws/regulations/liability reasons/etc requiring companies to make efforts to ensure they're not hosting CP and other such things? Am I wrong?
No, you're not wrong. But this framing allows them to paint the parties opposing these measures as being 'pro CP'.
Why follow the EU's press release instead of stating what's happening? The EU parliament voted - many times. They voted AGAINST having this law at all. The EU council is now threatening to fully override parliament, but "gives parliament another chance" to agree, in hopes this makes the member states more likely to cooperate.
More correct would be to state the in power EU governments have decided to use the EU council power to override the will of both the EU parliament and the member states' own parliaments - for now, by threatening parliament with the override.
This is completely incorrect, the Parliament, the Council, and the Commission always come up with their own version of a proposed regulation (the Commission because they get to create new proposals, the other two because they have to react to comission proposal). Then all three parties sit down and negotiate a final text that becomes law.
The EU parliament and the head of states that comprise the EU council are elected by the EU citizens. Why is there such discordance between the two? Isn’t it mostly the same people from the same parties?
Is this the end of secure communication within EU?
This is a major win! Basically: It's now (still) voluntary for services to implement scanning for CSAM material. Not mandatory. End-to-end encryption will continue to be legal.
Source: Swedish national public service radio (Sveriges Radio) interviewing Jon Karlung, CEO of Bahnhof AB - a major privacy-centric and politically outspoken ISP in Sweden. Think XS4ALL (RIP) but in Sweden. Here's the interview: https://www.sverigesradio.se/artikel/efter-flera-ar-eu-overe... (Swedish speech).
Here's their blog post (in Swedish, use browser translation tools):
https://bahnhof.se/2025/11/26/eu-bromsar-chat-control/
[dupe] https://news.ycombinator.com/item?id=46056358
Thanks for the link. I had missed the other two submissions.
If any admin is around, they should probably be merged. This is the other one: https://news.ycombinator.com/item?id=46055863
They could have subpoenaed the unencrypted Gmail accounts of Maxwell, Epstein and Barak like two decades ago. They can still subpoena Barak's Gmail and other accounts, especially after Giuffre's allegations about "a well known prime minister".
I have the feeling this will not happen.
Oh but those people would be exempt from scanning anyways.
"Don't worry, the scans won't invade your privacy or expose your information."
"Oh, so the politicians' communications are being scanned too, then?"
"Oh, heavens no. That might risk the privacy of our communications."
In a nutshell, there will be no more intrusions into chats, but only obligations for the companies to provide preferential channels for victims of these crimes.
And companies considered high-risk will have to "contribute to the development of technologies to mitigate the risks relating to their services." Which sooner or later will involve another attempt at client-side scanning.
Note this is the council position
The path from position to actual implementation (details) is long
And you can bet there's still a lot of opposition of people (with actual involvement in the legislative process)
And legal hurdles for implementation as well
(this all reminds me of the discussion around the copyright directive where people here were decrying it was going to be the end of memes. So, how did that go again?)
I just want to reiterate that in Germany getting convicted of gang raping a 15 year old (and stealing her phone and purse and filming the rape) is something which gets you probation. Yes, the crime was proven, there was no doubt about the guilt.
In this context putting the entirety of the population under the suspicion of facilitating child rape is completely and utterly deranged.
Given how badly the EU just folded on GDPR, data protection and AI laws (which were good laws generally imo, and tragic to see useful exercise of sovereignty erased), I want to have hope that this might not stand.
But unfortunately I feel like the big tech interests probably somewhat want this happen, are happy to hand the citizenry over to the state. That we won't hear much from them over this all. With some notable Signal sized / Medium Tech exceptions.
It sure does seem like there's a huge legitimacy crisis the EU council is creating around itself by going so far against the will of the people, by intruding so forcibly into literally everyone's life.
Seems… fine? At least i dont see any invasion of privacy or encryption related obligations in this proposal.
The EU ostensibly wants to improve innovation, i wonder how these new assessment regulations help with that, especially for SME and startups.
"High risk" providers will be obligated to "contribute" technologies "to mitigate." Seems like a doublespeak way of saying enforced decryption or enforced backdoors.
It's one of those things that will obviously be used to boil the frog over time via beurocratic rules.
Year 1 a minimum viable effort manual process will be fine. But they'll say "not good enough" to someone every now and then and the minimum can do in order to get a) permission b) enforcers not crawling up your ass (IDK if it will be permission based or enforcement after the fact based) will ratchet up.
By year 10 or 20 "everyone" will have an API or a portal or whatever.
And worse, by creating a compliance industry they create a whole suite of business and people who will ask for more, more, more more.
Sadly, another attempt will likely be made at some point. At least the regulation is quite explicit:
> This Regulation shall not prohibit, make impossible, weaken, circumvent or otherwise undermine cybersecurity measures, in particular encryption, including end-to-end encryption, implemented by the relevant information society services or by the users. This Regulation shall not create any obligation that would require a provider of hosting services or a provider of interpersonal communications services to decrypt data or create access to end-to-end encrypted data, or that would prevent providers from offering end-to-end encrypted services.
Yes, I see this as the people pushing for surveillance and control taking what they can get for now, with the view to bring it back to mandatory scanning before all is said and done.
No, because EUCJ still have power to interpret the laws, or to declare the laws illegal. And the EUCJ, while incredibly pro-consummer, seems to really, really dislike the police state.
It will happen only if the council manage to defang the EUCJ (it does try, regularly, to reduce the judiciary power by forcing it to make unpopular statements on obviously illegal laws, so it might be a long term goal).