Contrast this to the 'soon to be former member of the EU' UK where Theresa May is trying to force companies to add backdoors and ban end to end encryption.
Somehow the actual EU states aren't really behind this. Germany's interior minister just recently proposed a new attempt at legalizing spying citizens devices.
That particular article might not, but the joint press conference after those talks made it about as clear as politicians ever are that they agree on this point.
Oups sorry. I started with articles in French I read and searched Google for an equivalent in English. I found a wikileak tweet [0] and put the article they linked.
Any tldr? I have a very hard time getting through this, but as the founder of a Europe-based messaging company (https://talkjs.com), I wonder whether this is trouble.
En-to-end encryption is great but it also kills quite a number of use cases. For example, our group conversations couldn't be e2e encrypted because then users can't see the message history from before they joined it. In whatsapp this is indeed the case, but for our platform it is a core feature. Same for Slack, I suppose. Similarly, Slack search would be totally out of the door. (unless, again, you make it only search the stuff sent to you)
"The providers of electronic
communications services shall ensure that
there is sufficient protection in place
against unauthorised access or alterations
to the electronic communications data,
and that the confidentiality and safety of
the transmission are also guaranteed by
the nature of the means of transmission
used or by state-of-the-art end-to-end
encryption of the electronic
communications data. Furthermore, when
encryption of electronic communications
data is used, decryption, reverse
engineering or monitoring of such
communications shall be prohibited.
Member States shall not impose any
obligations on electronic communications
service providers that would result in the
weakening of the security and encryption
of their networks and services"
I interpret this as the following clauses:
* "sufficient protection in place against unauthorised access or alterations" [through]
* "guaranteed by the nature of the means of transmission used "
* "OR"
* "state-of-the-art end-to-end encryption of the electronic communications data"
I think ubiquitous end-to-end encryption is the inevitable future of 1:1 and group communication. The momentum is in that direction. In your case, supporting the browser as a platform rules it out right now, but hopefully that will change when browsers provide an environment for doing serious crypto, where the server can't just quietly push down some new JS that leaks messages back to itself.
I'm in the alpha stage of building an end-to-end encrypted social network (https://sharewithsup.com, invite code: eff, currently iPhone only). Under the hood, it establishes E2E group channels between friends and uses those for everything (posts, comments, photos, events, etc). History is relayed between friends and search uses a local index, but the UX is still similar to Facebook. My point is - in addition to namedropping my app - that it's possible to find ways to implement features that at first seem hard with E2E. Just not on the web, yet.
Couldn't group chats be encrypted with a shared key that is provided to the new user by whoever invites them to the chat? The messages would still be encrypted and decrypted only at the ends.
What about removing a user from chat? What if the shared key is leaked? How do you deliver the key to the new user? Who provisions new keys if a shared key is leaked? There are a variety of problems (all solvable/already solved, yes) with the shared secret strategy, and addressing them costs money and time.
So? There does not need to be a way to get rich quick. I don't see a problem with forcing chat providers to include proper end to end encryption as a matter of consumer protection. Because we all know that otherwise, security will not be part of the minimum viable product, and the consumer can't tell the difference.
(Obviously, the state of the art answer to your technical questions is the double ratchet algorithm.)
Not just EP, but the Council and Commission as well, since they initiated the legislative process. That means the 27 governments are also behind it, at the moment. This is very surprising to me - no government is free of authoritarian elements, especially in centralistic States like France, Hungary, Italy or Spain. Their unilateral disarmament would be peculiar.
I don't see this proposal going all the way, to be honest, it seems too idealistic. I expect it will be perverted into its opposite, e.g. justification for "review methods" that states could apply to "check if your encryption is secure", which would result in compromising that very security. Remember that EU law is adapted at individual state level; for generic stuff like this, there is plenty of space for interpretation by national legislators.
As a supporter of the EU concept, I think this is dangerous territory for the Union, at a time when its popularity is pretty low. I hope I'll be proven wrong.
"27 governments" aren't behind this. Members of the EP from 27 states are behind this, but in many cases, they have nothing in common with the actual government of the country. So little voters care about and participate in the election (often less than 25%) it's easy to win - and the parties that participate in the government don't care at all, thus making EP election the ideal target for otherwise irrelevant parties.
The turnout in the most recent European elections was 43%. The makeup of the EP doesn't support your claim either. It is dominated by essentially the same parties that rule on a national level.
That's true for the western part of the union, but it's very different in the eastern part. In the Czech Republic, it's been 31%, 28% and 28% (since 2004), and our voters are participating the most compared to other eastern states.
I suggest you read up on your EU constitutional law. The Commission is nominated by governments (and confirmed by MEPs); the Council is directly composed by national heads of state.
Commission and Council (i.e. national governments, all together) introduce legislation, which is then amended or rejected by the European Parliament (the body built with that election you mention). The first move is always from governments. In 99% of cases, when there is bad EU law, it's because governments wanted it.
I'm all for a secure E2E for all private communications, but not through prohibitions encoded into laws. Unless it's wartime or similar kind of emergency, it's best to never let the government of any kind to be in control of what[1] you can create (and share with others) and what you can't. No matter how benevolent current one looks like, such capability will be abused by the next one. Better have a constitution-level protection that no government can dictate what technology you must or must not use.
Not to say that it's not uncommon for legislatures to be quite awkward when trying to describe technology. And stay up-to-date with possible future breakthroughs.
In my opinion, if someone has an idea (and implementation) of something amazing that won't be E2E, it doesn't make any sense to ban that. Label as "doesn't provide end-to-end security"? Okay, I'm not fan of this stuff, but knowledge gap is significant, so that may be well-justified. Prohibit advertising as "100% secure"? Sure, as long as that's not one-time pads stuff, that's most likely misleading advertising claims worth investigation. But banning the software or the service? That's nuts. And it impedes on freedom to create things.
___
[1] Okay, as long as that's not a nuke. Obvious exceptions apply. (Cryptography is not munitions or a hazardous material, right?)
Can a 'land of the free' encompass the concept of a territory where laws are made by unelected officials working behind closed doors? Some folk across the EU especially in the eastern European countries are now seriously wondering what they've signed up to.
Well, apart from the protection racket aspects of it that are going on at the moment.
Ah, this is a nice country. It would be a shame if something were to happen to it. I'm so sorry you were thinking of leaving, and stopping paying us billions per year. We really must ask you to hand over a hundred billion before we'll talk about any kind of trading relationship with you -- it would be such a shame if we happened to design the barriers in such a way that would accidentally maximise harm to your economy. But you know you're always welcome to stay and keep paying us just a few billion each year.
Racket? Sorry, but this is nonsense that Daily Mail spreads. The £100bn is not a Brexit divorce bill, it's UK's financial commitments as a member state.
Just because you leave to live in another country, doesn't mean you can stop your mortgage payments and still expect to have a relationship with the lender.
Leave if you wish, but honour your financial commitments you agreed and signed by either paying the whole mortgage upfront or agree to pay over the X period (which is what will most likely happen during negotiations).
I don't want to get bogged down in Brexit politics, but someone should point out that the £100B figure is not something to take seriously.
Firstly, it's not an official figure but rather an estimate by outside observers of the maximum bill the UK could be landed with given the worst (for the UK) interpretation of a wide range of plausible criteria about what might or might not be included in any settlement. You have to make some quite one-sided assumptions to get to a figure this high, and typically the reports where these kinds of figures come from do show this, though of course headline writers don't tend to incorporate such nuance.
Secondly, even if it were some sort of official figure, it would be politically untenable for the UK to accept it. The UK's net contribution to the EU as a member enjoying full membership benefits is about an order of magnitude smaller. The EU plans budgets on a 7-year cycle (the current one is 2013-2020) but the actual budgets are made annually. Those budgets normally do commit to future spending with quite a long tail, but the curve is very front-loaded and most money committed in any given year's budget is usually to be spent within 2-3 years.
So a figure in the region of £100B would be like asking the UK to pay for around another decade of full membership after it's left, a period far beyond most current spending commitments the EU is making. Moreover, the current EU position is that this needs to be negotiated independently, before any deal on any benefits the UK might retain in some form as a result of any future agreement or payments, so there would be little if any guarantee about the UK getting anything in return for that extra financial support to the EU.
Personally I'm still hoping for the professionals to take over from the politicians and come to a reasonable agreement. I don't think they have much chance of doing that in less than 2 years, but with an extra 2-3 years of some sort of transitional arrangement, it doesn't seem impossible. They could deal with the budgeting issues and current financial commitments at that notice, allowing a more graceful withdrawal by the UK without either anyone feeling they'd had funding cut off abruptly on the EU side or the UK putting up either a huge lump sum or any sort of ongoing financial support to the EU without getting something worthwhile in return.
With a mortgage the bank gives you the money and you're paying them back.
With the EU, you give them money (£200bn net subsidy over the last few decades) and then they demand you give them more money, somehow to balance the money you've already given them...
Though there are aspects of the EU I strongly support, in this regard, it's the layabout of the political world, demanding that because you gave it a subsidy, you have to do it's washing and pay its rent forevermore.
You're probably being downvoted for hyperbole, but IMO there's undeniably a palpable undercurrent of petty vengefulness in EU leadership - as evidenced for example with Gibraltar. It doesn't inspire confidence, and is probably counterproductive : honey is generally more effective than vinegar.
I think you're misreading the interests and positions of the parties.
Giving the UK the shaft absolutely serves the EU's interest in deterring other members from trying to leave.
Further, the EU hardly needs an advantaged trading relationship with the UK, so they have little interest in sweetening any deal. In fact, major elements in both France and Germany wish for there to be no advantaged trade, at least in financial services, explicitly to steal that tax base for themselves.
The UK, on the other hand, desperately needs such an advantaged relationship and will likely face a choice between reverting the Brexit decision or taking a very bitter swill of vinegar, indeed.
don't let yourselves be fooled, fools.
if this takes any real form, it'll be gutted and ripped apart until there's nothing of essence left because it would mean the following ingenius legislation be repealed.
I often take a pessimistic view to such good-looking things too.
But taking a look at your first link, it appears to already not be in force anymore? For the same reasons that the new recommendation is being drafted- government surveillance violates fundamental rights to privacy.
"On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights. The Council's Legal Services have been reported to have stated in closed session that paragraph 59 of the European Court of Justice's ruling "suggests that general and blanket data retention is no longer possible".[15] A legal opinion funded by the Greens/EFA Group in the European Parliament finds that the blanket retention data of unsuspicious persons generally violates the EU Charter of Fundamental Rights, both in regard to national telecommunications data retention laws and to similar EU data retention schemes (PNR, TFTP, TFTS, LEA access to EES, Eurodac, VIS)."
> When the processing of electronic
communications data by providers of
electronic communications services falls
within its scope, this Regulation
is without
prejudice to
the possibility for the Union or
Member States under specific conditions to
restrict by law certain obligations and
rights
set
out in
this Regulation
when such
a restriction
is targeted
at
persons
suspected of having committed a criminal
offence
and
constitutes a necessary and
proportionate measure in a democratic
society to safeguard specific public
interests, including national security,
defence, public security and the prevention,
investigation, detection or prosecution of
criminal offences or the execution of
criminal penalties, including
the
safeguarding against and the prevention of
threats to public security. Therefore, this
Regulation should not affect the ability of
Member States to carry out lawful
interception of electronic communications
or take other measures, if necessary and
proportionate to safeguard the public
interests mentioned above, in accordance
with the Charter of Fundamental Rights of the European Union and the European
Convention for the Protection of Human
Rights and Fundamental Freedoms, as
interpreted by the Court of
Justice of the
European Union and of the European Court
of Human Rights.
This is not about preventing state surveillance, this is about regulating non-state actors' ability e.g. to track users without their consent.
Edit: However, on page 74
> The providers of electronic
communications services shall ensure that
there is sufficient protection in place
against unauthorised access or
alterations
to the electronic communications data,
and that the confidentiality and safety of
the transmission are
also guaranteed by
the nature of the means of transmission
used or by state-of-the-art end-to-end
encryption of the electronic
communications data. Furthermore, when
encryption of electronic communications
data is used, decryption, reverse
engineering or monitoring of such
communications shall be prohibited.
Member States shall not impose any
obligations on electronic communications
service providers that would result in the
weakening of the security and encryption
of their networks and services.
It seems to me that this requires end-to-end encryption, but the regulation is scoped in such a way that the requirement may be lifted when it inconveniences law enforcement.
Trying to make sense of these drafts still being written in English, given that with Brexit, none of the countries in EU zone have English as their first language (with exception of Ireland). Convention?
However, this particular document (which you can find by clicking on the “European Parliament - Legislative observatory” at the bottom) is a draft document, and I don't believe they translate those. Once it becomes official they should be translated.
For such a "lingua franca" the pure number of speakers is not quite as relevant as the distribution of those speakers. According to the numbers (https://en.wikipedia.org/wiki/List_of_languages_by_total_num...), approximately 14% of the world speaks English as a first or second language as well. More importantly, English has 400 million more speakers who speak it as a second language when compared to Mandarin, which suggests that its speakers are more widely distributed on Earth.
While I agree with your viewpoint and it stands up on it's own, I also think it's important to remember the number of people that know at least 20 or 100 words of English. Simple statements can help at a lot of places, whereas I only know a single Chinese word. The number of people that can say basic numbers in English or very simple statements is much higher.
No. The proportion of the world's population that speaks English is greater than the proportion that speaks Mandarin. Mandarin is the language most spoken as the first language (and that's actually very debatable). This is irrelevant for choosing a language for people to speak with each other.
Beyond ideological posturing, it's a fact of life that English is the language that most educated people across Europe know today (in addition to their national one). Blame Hollywood and Abbey Road. Dropping it just because the UK is currently in stupid-mode wouldn't achieve anything.
Actually, this is a huge opportunity. The EU really needs an official language. So far, politics have prevented selecting the language of one large member state to the point where there were proposals to select latin. This document shows that English is the de-facto most common language in the EU. After Brexit, there would be less political opposition to make English official, after all only Ireland uses it as its official language so far.
As a German, I would be equally happy if it were French, as long as we finally get an "official" language throughout the EU, but English is much more a likely candidate now, so we should seize the opportunity.
English also is a recognized regional language in two of the three Caribbean parts of the Netherlands (Saba and Sint Eustatius), which means it can be used in communication with the government (https://en.wikipedia.org/wiki/List_of_territorial_entities_w...)
(As another indication of the weird status of these regions, they also have the US dollar as the official currency.)
I have the same opinion. It's a good chance indeed. Establishment of a common second language would greatly enhance the online market in the future, too.
I wonder, why the negative stance? Except for any beef you might have against the UK as a country, is the language itself really so bad that using is a problem? I consider it good enough for the job it is doing.
Or are you, and some others in this subthread, just bikeshedding because it's fun?
The US, Hollywood, Nazi Germany and The Soviet Union has made English the lingua franca of the world. It makes sense to use it. That said, French is the working language of much of the EU bureaucracy so there's probably a French version out there somewhere.
Well, depends on the politicians who drafted it. Brussels is necessarily a very diverse place. The three official working languages of the commission are English, French and German. I hear German is not that popular, though, so it's mostly French and English. I would guess the politicians lean towards English and the bureaucracy towards French, if nothing else then simply because Brussels is mostly a French-speaking city.
They will. And when they're out maybe they'll realize what they left behind for a few more votes in their parliament by riling up the populus against the EU.
A minority of the population voted to leave (about 1 in 4). 1 in 4 wanted to stay, 1 in 4 couldn't be arsed voting, and 1 in 4 were denied a voice in the opinion poll.
:-(