France is about to pass the worst surveillance law in the EU.
-
Fuck me, that’s good
I’m stealing that
-
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say"
Snowden
-
If this is passed, would this only apply to people in France? Like Signal and WhatsApp, etc, could they make a different version of the app / backend that's unencrypted just for them? Is that even possible? I can't imagine Signal adding a backdoor for everyone in the world.
Or would they just outright pull their software / apps from being used in France? But then what's stopping someone in France from sideloading the app and using a VPN?
-
A reminder that the people voting for these laws do not understand technology. They don't get it. Yes, this law sucks, but even if it passes, I'd be really surprised if it was actually enforceable.
-
Signal has already threatened to pull out of both Australia and the UK when they were talking about passing similar laws.
-
Signal, Tuta, Proton. And that Apple bullshit.
This push to know everything about everyone is outrageous, expected, and depressing.
-
And Sweden, just this week.
-
It feels like the UK and France are in a competition to see who can steamroller their peoples' rights the fastest.
-
Well, they gotta fight about something...
-
Yeah, if Signal is pulling out of your country, you dun goofed.
-
I think it could be enforced for the majority of people just by blocking the download of non-backdoored software from well known sources. And then for the relatively few tech-literate types who still obtain and use E2EE messaging software, the government will have a ready way to prosecute you whenever you do anything inconvenient, or look like you might be thinking of doing something.
-
But then what’s stopping someone in France from sideloading the app and using a VPN?
The need for a phone number and SMS verification to create an account. Signal should do something about that.
There are ways around that, but the goal isn't to stop everyone from using E2EE; it's to make E2EE non-mainstream.
-
Its funny, I'm watching this show called Prime Target and they're basically trying to prevent people from figuring out some sort of mathematical equation that would instantly break all encryption and talking about how it would be the end of the world as we know it.
Meanwhile the EU is forcing everyone to put in an express lane IRL.
-
I haven't seen that show, but it sounds like it has a basis in reality: there has been a real concern that quantum computers might be able to break much of current encryption because they are far quicker than classical computers at problems like finding the prime factors of a number, and schemes like RSA encryption depend on that being hard to do. And that could be fairly catastrophic, not only for current communications and for data encrypted at rest, but because communications data can be collected now and decrypted later when the technology becomes available. As far as we know, no one has done it yet, but quantum computers are developing rapidly so the day may well come.
-
Nothing technically stops you. But if the government can prove you have been using Signal, all of a sudden you can be in a lot of trouble. This could be used for political oppression.
-
They do talk about quantum computing in the show in a different context, saying it's still a decade away. Their tech has something to do with Prime numbers (hence the title).
But also several companies already advertise "quantum resistant encryption" for whatever that's worth.
-
I expect many people might read this and think "yep, fair enough, I have nothing to say" and still not understand why either privacy or free speech are valuable.
-
In the same vein, with my family I've been using the analogy of "Imagine that all law enforcement had a key to your home, and they could enter at any time and look through your things, but you wouldn't even know it if they did, or if they took photos or recorded videos of your place to take with them. Their argument is that the only way to keep you and your stuff safe from the bad guys is for the good guys to have access. But because the good guys now have access, it's also easier for the bad guys to get in, because now there's all these extra keys to your home out there, which might fall into the hands of the bad guys."
Not a perfect analogy, but it seems to make them consider the issue from a more personal angle. And for those that argue, "Well, I don't have anything to hide.", I usually counter with "Then why do you close your curtains/blinds when you change your clothes or get out of the shower?" With my dad who grew up during the World War II, it also helped to mention that a law like this, once on the books, will not be easy to overturn, and while he might be fine with our current regime having access to all his data, that might not be the case with future authorities.
-
I don't think the current proposal in France sanctions individuals for using E2EE; it sanctions service providers for providing it.
-
Instead of extra keys, perhaps describe it as weaker locks. Would you consider the lock to which every cop had a key to be as strong and secure as a regular lock? And look at the USA for an instance of a new regime that can potentially use vast amounts of personal data to persecute and oppress anyone the fascists don't like. Many people might have (naively) trusted the government with the surveillance Edward Snowden and others revealed, back when they did not perceive the US Government as an immediate threat to ordinary Americans. But the new regime quite clearly is ready to persecute and punish people for their political views, and it now has all that data.
