It is a plan to force all providers of communication (email, chat apps etc) to be forced to automatically scan all communications and inform authorities should something that could be related to child sexual abuse be found. See https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0568&from=EN
So. Contact your MEP. Inform yourself. Here's a collection of arguments and information about the progress of this legislation:
@jwildeboer reading the text, it would allow the providers to spy on the communications of their users for this purpose, but not force them to, right? So i.e. Signal could just choose to ignore it? Or did I miss something?
The EC has made an assessment of possible technologies for this purposes in the face of e2e encryption; the report was leaked, the GEC has a response: https://www.globalencryption.org/2020/11/breaking-encryption-myths/
But the TL;DR of the report is also, even if it doesn't highlight it sufficiently, that there is no technology that protects security and privacy and allows for this.
Lastly, the EC is moving forward with the NIS2 directive, which generally strengthens the position of e2ee.
It just appears that there is some conflict brewing here between the parliament and the commission, where the commission wants to take a generally fact-based, pro-e2ee path forward. At the same time, the parliament appears to want some kind of access that doesn't really work without violating privacy and security principles.
@raboof @jwildeboer Ironically, I can imagine that the end result is going to be that providers *may* surveil our communications, but they *may not* break e2ee whilst doing so. Such a scenario may well provide a push for more use of e2ee.
I'm strangely hopeful, actually.
However, it's still best to fight back against proposed chatcontrol plans.
@methyltheobromine as long as these plans do not make it into implementation: I will not care ;-)
There's been a lot of plans to break privacy in the past. Therefore I try to stay calm and let the courts do their work.
Currently I have no plans about this.
But OMEMO should keep you safe, anyway. Even if an attacker breaks into the server and sniffs communications.
@methyltheobromine Apart from the obvious issues of principle, one of the big problems with all this is the built-in assumption that the service provider also provides the client software. See https://www.politico.eu/wp-content/uploads/2020/09/SKM_C45820090717470-1_new.pdf (h/t @echo_pbreyer ) which doesn't seem to understand that different software can be used (despite the obvious counter example of email), let alone that there might not be a service provider distinct from the sender or receiver.
Mastodon instance for people with Wildeboer as their last name