EU Proposal for Chat Control for fighting CSAM

In the EU, there are discussions for a new law to fight CSAM, namely:
“Proposal for a Regulation laying down rules to prevent and combat child sexual abuse”
But I think, that it would be very harmful for the privacy of people in the EU and open source software with the arguments stated here:

https://chat-kontrolle.eu/
(only in German👆)

What are your thoughts on this topic?

3 Likes

TLDR comes up every so often, yes it is an invasion of privacy because how do they hope to achieve that for conversations which are E2EE. You can’t without a backdoor, sidedoor, ghost door, whatever they want to call it.

6 Likes

I don’t think it matters that much, a lot of things are banned in China, but you can find a way how to keep using it relatively safely.

So there will be “natural selection” of people that give up on privacy element, with slightest obstacle/friction, and won’t care, the rest that care more, will put more effort into it, and keep using it.

As for businesses, that’s a different story.

The issue of privacy is complex and nuanced, and it’s not accurate to reduce it to a binary choice between those who care about it and those who don’t. People have different motivations, values, and circumstances that influence their stance on privacy, and it’s unlikely to be a straightforward decision for many individuals. Additionally, the level of effort required to maintain privacy can also vary greatly, and the “obstacles/friction” you mention may present different challenges for different people.

4 Likes

There are so many things wrong with that “natural selection” comment, but the one that makes more noice to me is that OP appears to underestimate the among it actually take to keep privacy now of days when you literally can’t search for a job without the internet. Or communicate without some messages/social media apps.

I agree, great insight.

You can search for jobs using Tor, not sure if it will rise an eyebrows, of the employer, if you will submit your application, from Tor node, most people wouldn’t care, unless the government, would make them to report, if someone does this, or if it’s in a field where your identity, and information about you should be as transparent, as possible, like if you would apply for a police man, for example. If that person protects their data, as much as possible, but it’s viewed by the employer, as a criminal who wants to hide something, then it becomes a problem, but if it’s not commanded by the government, to report this stuff, for most people it should be fine.

I wasn’t even thinking about that, there is nothing anonymous about job searching. Why bother using Tor to job search given that:

  • You are submitting a resume that as a minimum will have the city you live, your full name, where you studied, the last places/when you currently work

  • You are going to be asked about salary

  • Many places ask for your phone number, even full remote positions where 99% of the time they will contact you by email.

  • If remote, many places will use things like Teams, Google Meet, Zoom, etc for interview.

  • I had seen places asking to scan your ID for screenings

  • Even after you get rejected, they store that data, often by an undisclosed amount of time, and some places share that data with other companies.

2 Likes

Your points are valid for the most amount of privacy, but for someone who just wants to reduce the data shared, like IP address, and your Internet provider spying on your traffic, and what you are doing.

Yeah, it’s not that much of a reduction, but I guess it’s better then to use Chrome, without VPN, or anything else.

Also if you are in Europe, everyone has to comply with GDPR laws, and I request each time, I give away information to follow these laws, or to delete it within 30 days.

If you are not in Europe, you can find some lawyer, get on a 10 min call for 20 $ ~ and send you some paper (PDF), that takes advantage of the laws that are in favor of your privacy, then you can just copy it in each email you send.

yeah, at least here in Portugal no one gives a crap about GDPR. I mean, everyone will have cookie banners and great privacy and data retention policies but its just for show unless youre a huge company and thus a valuable target for prosecutors and regulatory agencies

While I agree there is still a lot of battles to go through, I do not agree with the negativity of this comment. The GDPR has moved things massively. Europe has drawn a new line in the sand of what can and what can’t be done. The regulation has moved many companies to overthink their policies and made several provacy preserving changes for all citizens. We gotten more better defendable rights and this has put a stop to the increasing lack of privacy offered by big tech. The GDPR is also not a finished product and new regulations are in the pipeline as well as better policing.

It is unreasonable and unfair think that something like this will be acted on immediately and always be implemented right.

1 Like

A new line on the sand, sure, by eroding the constitutional rights over our data that we had here in Portugal. How so? By introducing the concept of “legitimate interest”. Before GDPR anyone could request that their data be deleted and the recipient of the request would have to comply except for specific types of data under specific circumstances for which there was a law mandating a minimum retention period. The only “legitimate interest” that existed was the one codified in law. Now its open for interpretation, its open season on making up creative justifications as to why certain types of data are of “legitimate interest”.

Having said that, it did greatly shorten the periods after which data is automatically deleted, a shame that it did so while curtailing the power of explicit data erasure requests. I can no longer, for example, change internet providers and tell the one I just changed from to erase all info they have on me. Why? Because they have a “legitimate interest” in keeping this for x amount of time and that for y amount of time

1 Like

There’s a new petition against chat control:

4 Likes

Meredith Whittaker (from Signal) said they’ll stop their service in EU if this legislation is passed.

3 Likes

We’ve teamed up with the Global Encryption Coalition to fight back against the latest version of Chat Control. You can find our joint open letter here.

11 Likes

If the law is passed, I hope Signal will find a solution so that quond can still access their services.

This should be interesting, as well:

There’s absolutely no doubt anymore that there are EU folks who are pushed over the edge!

1 Like

New statement:

1 Like

People (especially from France) should write to their Permanent Representatives Committee: https://op.europa.eu/en/web/who-is-who/organization/-/organization/COREPER/

1 Like

I phoned my country representative today, and I was basically told that I should call the Foreign Ministry instead. I will try again tomorrow.