France is about to pass the worst surveillance law in the EU.
-
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say"
Snowden
And the things that are perfectly okay today might be the things you want to hide tomorrow. Abortions and pregnancies, thoughts about labor rights out climate, sexual orientation, ...
-
It feels like the UK and France are in a competition to see who can steamroller their peoples' rights the fastest.
France always tries to copy the US with a 10y delay so.. Yeah
-
Signal, Tuta, Proton. And that Apple bullshit.
This push to know everything about everyone is outrageous, expected, and depressing.
Almost seems like they're afraid of us or something
-
It feels like the UK and France are in a competition to see who can steamroller their peoples' rights the fastest.
Isn’t Sweden trying something stupid too?
-
The only thing that can stop a bad guy with access to my private phone data is a good guy with access to my private phone data. /s
Yeah. Also we don't have good guys either, but, that sounds nice.
-
A reminder that the people voting for these laws do not understand technology. They don't get it. Yes, this law sucks, but even if it passes, I'd be really surprised if it was actually enforceable.
The law is enforceable. If the options you're given is "put a backdoor in your product or stop operating in the country", it'll happen. And even if you reply "then I'll go away", laws like this, stupid, dangerous, breaking everything, will keep popping in one country after another until it's too late.
It not making sense have no bearing on whether it can be enforced or not. And the mere existence of the law may be enough to later put you in hot water if you have some de-facto illegal software on your phone or computer, for example. It would not be automatic everywhere, but another tool to just legally have something against most people.
-
If this is passed, would this only apply to people in France? Like Signal and WhatsApp, etc, could they make a different version of the app / backend that's unencrypted just for them? Is that even possible? I can't imagine Signal adding a backdoor for everyone in the world.
Or would they just outright pull their software / apps from being used in France? But then what's stopping someone in France from sideloading the app and using a VPN?
It is possible to do, to some extent. Everything's possible. But then, when people that are on both side of this encryption barrier wants to talk, then both must use unencrypted messages. You'd also have the obvious case of someone having a phone/device/account from country A temporarily crossing through country FuckingFranceOrUK, so what do you do in that case?
You'd need to implement that, add UI features to know if you're using encryption or not, and above all, it's fucking stupid and against what most sane messaging solutions wants to do.
I'm sure it's possible to find people that would gladly do all that. Hopefully those people are not in the business of making all the useful communication services we currently use.
-
cross-posted from: https://lemm.ee/post/56769139
cross-posted from: https://sopuli.xyz/post/23170564
not at all arguing this is okay, not even a little
but
If you are the French government, and you know what the French populace has a history of doing to the French government, it would be understandable to be a bit paranoid of them, no?
again. It ain't cool. But I'm honestly surprised they didn't hop on the "intrusive surveillance" bandwagon sooner.
-
cross-posted from: https://lemm.ee/post/56769139
cross-posted from: https://sopuli.xyz/post/23170564
The government is not your friend, we are ruled by power tripping authoritarian rulers. They are using security and defense as a pretext to abolish your rights. You can solve the narcotraffic problem by simply legalizing drugs, they are going after encryption for something else, they want to control everything and everyone.
-
cross-posted from: https://lemm.ee/post/56769139
cross-posted from: https://sopuli.xyz/post/23170564
So I'm going to get down voted to hell for this, but: this kind of legislation is a response to US tech companies absolutely refusing to compromise and meet non-US governments half-way.
The belief in an absolute, involute right to privacy at all costs is a very US ideal. In the rest of the world - and in Europe especially - this belief is tempered by a belief that law enforcement is critical to a just society, and that sometimes individual rights must be suspended for the good of society as a whole.
What Europe has been asking for is a mechanism to allow law enforcement to carry out lawful investigation of electronic communications in the same way they have been able to do with paper, bank records, and phone calls for a century. The idea that a tech company might get in the way of prosecuting someone for a serious crime is simply incompatible with law in a lot of places.
The rest of the world has been trying to find a solution to the for a while that respects the privacy of the general public but which doesn't allow people to hide from the law. Tech has been refusing to compromise or even engage in this discussion, so now everyone is worse off.
-
cross-posted from: https://lemm.ee/post/56769139
cross-posted from: https://sopuli.xyz/post/23170564
TSA officers steal from passengers
This may seem unrelated but it gives a real life physical example on exactly why backdoors shouldn't exist.
-
It feels like the UK and France are in a competition to see who can steamroller their peoples' rights the fastest.
There's been been bills at the EU level, but they've been defeated. I think individual countries introduced their own bills if they were supporters of the EU one.
-
So I'm going to get down voted to hell for this, but: this kind of legislation is a response to US tech companies absolutely refusing to compromise and meet non-US governments half-way.
The belief in an absolute, involute right to privacy at all costs is a very US ideal. In the rest of the world - and in Europe especially - this belief is tempered by a belief that law enforcement is critical to a just society, and that sometimes individual rights must be suspended for the good of society as a whole.
What Europe has been asking for is a mechanism to allow law enforcement to carry out lawful investigation of electronic communications in the same way they have been able to do with paper, bank records, and phone calls for a century. The idea that a tech company might get in the way of prosecuting someone for a serious crime is simply incompatible with law in a lot of places.
The rest of the world has been trying to find a solution to the for a while that respects the privacy of the general public but which doesn't allow people to hide from the law. Tech has been refusing to compromise or even engage in this discussion, so now everyone is worse off.
I can invite someone over to my house and talk about anything I want with no risk of government meddling. Why should it be any different in online communication regardless of the country?
-
Almost seems like they're afraid of us or something
Luigi wasn’t talking with anyone. None of this would’ve helped them with him.
-
I can invite someone over to my house and talk about anything I want with no risk of government meddling. Why should it be any different in online communication regardless of the country?
Continuing the analogy, government agencies can absolutely eavesdrop on in-person conversations unless you expend significant resources to prevent it. This is exactly what I believe will happen - organized crime will develop alternate methods the government can't access while these backdoors are used to monitor less advanced criminals and normal people.
-
And the things that are perfectly okay today might be the things you want to hide tomorrow. Abortions and pregnancies, thoughts about labor rights out climate, sexual orientation, ...
As an American, I can vouch for this.
-
Luigi wasn’t talking with anyone. None of this would’ve helped them with him.
I think you’re falling into the trap of making a good faith argument when the people pushing to destroy encryption are not.
-
Isn’t Sweden trying something stupid too?
Yup, they are trying to put a backdoor into signal, even though their military advised against it.
-
It feels like the UK and France are in a competition to see who can steamroller their peoples' rights the fastest.
Although not in the same way, the US is leading the charge on that front.
-
I'm no cryptographer, so take this with a good heap of salt.
Basically, all encryption multiplies some big prime numbers to get the key. Computers are pretty slow at division and finding the right components used to create the key takes a long time, it's basically trial and error at the moment.
If you had an algorithm to solve for prime numbers, you could break any current encryption scheme and obviously cause a lot of damage in the wrong hands.Basically, all encryption multiplies some big prime numbers to get the key
No, not all encryption. First of all there's two main categories of encryption:
- asymmetrical
- symmetrical
The most widely used algorithms of asymmetrical encryption rely on the prime factorization problem or similar problems that are weak to quantum computers. So these ones will break. Symmetrical encryption will not break. I'm not saying all this to be a pedant; it's actually significant for the safety of our current communications. Well-designed schemes like TLS and the Signal protocol use a combination of both types because they have complementary strengths and weaknesses. In very broad strokes:
- asymmetrical encryption is used to initiate the communication because it can verify the identity of the other party
- an algorithm that is safe against eavesdropping is used to generate a key for symmetric encryption
- the symmetric key is used to encrypt the payload and it is thrown away after communication is over
This is crucial because it means that even if someone is storing your messages today to decrypt them in the future with a quantum computer they are unlikely to succeed if a sufficiently strong symmetric key is used. They will decrypt the initial messages of the handshake, see the messages used to negotiate the symmetric key, but they won't be able to derive the key because as we said, it's safe against eavesdropping.
So a lot of today's encrypted messages are safe. But in the future a quantum computer will be able to get the private key for the asymmetric encryption and perform a MitM attack or straight-up impersonate another entity. So we have to migrate to post-quantum algorithms before we get to that point.
For storage, only symmetric algorithms are used generally I believe, so that's already safe as is, assuming as always the choice of a strong algorithm and sufficiently long key.
