Posted by MrBruh 3 hours ago
Thank you for sharing. It is unfortunately, once again, needed.
The recent events have been rather dumbfounding. On March 11, the Parliament surprisingly voted to replace blanket mass surveillance with targeted monitoring of suspects following judicial involvement [0]. As Council refused to compromise, the trilogue negotiations were set to fail, thus allowing the Commission's current indiscriminate "Chat Control 1.0" to lapse [1]. This would have been the ideal outcome.
In an unprecedented move, the EPP is attempting to force a repeat vote tomorrow, seeking to overturn the otherwise principled March 11 decision and instead favouring indiscriminate mass surveillance [1, 2]. In an attempt to avoid this, the Greens earlier today tried to remove the repeat vote from the agenda tomorrow, but this was voted down [3].
As such, tomorrow, the Parliament will once again vote on Chat Control. And unlike March 11, multiple groups are split on the vote, including S&D and Renew. The EPP remains unified in its support for Chat Control. If you are a European citizen, I urge you to contact your MEPs by e-mail and, if you have time, by calling. We really are in the final stretch here and every action counts. I have just updated the website to reflect the votes today, allowing a more targeted approach.
Happy to answer any questions.
[0] https://mepwatch.eu/10/vote.html?v=188578
[1] https://www.patrick-breyer.de/en/the-battle-over-chat-contro...
[2] https://www.europarl.europa.eu/doceo/document/OJQ-10-2026-03...
[3] https://www.europarl.europa.eu/doceo/document/PV-10-2026-03-...
It's really surprising to me that this issue keeps coming up time and time again, until I realised that it's non-voted in parties actually trying to pass this stuff!
I didn't realise that the EU parliament simply says yes or no to bills and doesn't actually propose new laws, whilst the EU Commission are appointed and decide on what bills to push through.
The story is tragically illustrative of the maxim that you can oppose terrible legislation a hundred times but they only have to pass it once.
>rejected
>let's vote on it again!
Is it still a democracy if you just keep redoing the vote until you get the outcome you want? The politicians involved in this should be ashamed of themselves.
Is it just that there's no "privacy lobby" interested in getting even one lawyer around to sit down and write it up?
Or is there at least one such bill floating around, but no EU member state has been willing to table it for discussion?
Because the people voting it down are the elected MEPs, whilst the people putting it up to parliament are the European Commission. The EC are appointed, rather than elected. Which means the powers that be just appoint people who are going to push through laws like this, that they want. The MEPs can't put up bills to be voted on.
"Article 7
Respect for private and family life
Everyone has the right to respect for his or her private and family life, home and communications.
Article 8
Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority."
Ditto the Canadian Charter of Rights and Freedoms, with its 'notwithstanding' clause. (Though they're presently litigating over that, so we'll see what happens!)
Any constitution or human rights instrument full of exemptions, 'emergency powers', 'notwithstanding' clauses, or 'states of exception' is not worth the paper it's written on.
Last but not least, a number of EU countries enshrine https://en.wikipedia.org/wiki/Secrecy_of_correspondence in their constitution.
Also it isn't respected in most types of criminal trials. If a sealed physical letter is opened and proves fraud, for example ...
But end to end encryption with forward secrecy at no cost to user makes your right to private communication absolute. It's a new thing and the balancers can't balance it against other rights of other people, so this happens.
Germany, for exmaple, has secrecy of correspondence that extends to electronic communications, but allows for "restrictions to protect the free democratic basic order" and outlines when intelligence services can bypass the right to privacy.
Italy, France, and Polan also have similar carve outs.
Having it as a right isn't enough. National security and "public safety" carve outs need to be eliminated. So long as those exist, we have no right to privacy.
In this case, I see no reason that we would want to draft constitutional rights such that we consider a government's actions taken in pursuit of their national security to be, per se, legal — i.e. warranted, unable to be sued over, etc.
Imagine instead, a much weaker right granted to the state: the right to maintain laws or regulations which require/force government or military employees to do things that violate people's rights and/or the law of the land. But with no limit on liability. No grant of warrant. Just the mildest possible form of preservation: technically constitutional; and not immediately de-fanged the first time the Supreme Court gets their hands on it.
So, for example, some state might introduce a new law saying that soldiers can come to your house and confiscate your laptop. And then the head of that state might actually use that law to invade your home and take your laptop.
Given that the law exists, it would be legal for the head-of-state to give this order. And it would also be legal for the soldiers to obey this order (or to put it another way, court-martialable for the soldiers to disobey this order, since it's not an illegal order.)
But the actual thing that happened as a result of this law being followed, would be illegal — criminal theft! — and you would therefore be entitled to sue the state for damages about it. And perhaps, if it was still reporting on Find My or whatever, you might even be entitled to send police to whatever NSA vault your laptop is held in, to go get it back for you. (Where, unlike the state, those police do have a warrant to bust in there to get it. The state can't sue them for damages incurred while they were retrieving the laptop!)
The courts wouldn't be able to strike down the law (the national-security provision allows the state to declare it 'not un-constitutional", remember?); but since obeying the law produces illegal outcomes, you would be able to punish the government each and every time they actually use it. In as many ways as the state caused you and others harm through their actions.
There is absolutely zero reason why the state shouldn't be expected to "make people whole" for damages it has caused them, each and every time it does something against the people's interest in the name of national security.
And the simplest way to calculate that penalty / make the claiming and distribution of those rewards practical, would be to just not remove liability for these actions taken on behalf of the state, by not granting the state the right to do them in the first place. Just put them in the position of any other criminal, and force them to go to court to defend themselves.
Change my mind!
It's incredible how even with the current surge of autocracy, most politicians can't see that the surveillance tools they crave for, could come under control of people much worse than them.
And can't see what they could do with them.
I think that many current governments in Europe are convinced that more surveillance will stop the autocratic surge. It's insane that they don't see how this is far from guaranteed, and how it will go if they're wrong.
This is overly absolutist, or maybe idealistic view. National security and public safety IS more important than individual right to privacy. As an extreme example, if your friend was dying, you had a password to my email, and you knew that you can use information in my inbox to save that person i really hope you would do it.
In general I think that police with a court order should be able to invade someone's privacy (with judge discretion). I mean they can already kick down someone's doors and detain them for several days - checking email doesn't sound too bad compared to it, does it? I think they should also be legally obliged to inform that person in let's say 6 months that they did it.
The problem is that modern world is drastically different than the old world when you needed to physically hunt down letters. Now you can mass scan everyone's emails, siphon terabytes of personal data that stasi could only dream of, and invigilate everyone. This is something that is worth fighting against.
Article 7 codifies "respect for [one's] private life" and "respect for [one's] private communications". Well, "respect" is a vague notion. This does not clearly imply that the government is not allowed to read your communications, or otherwise spy on you, if it believes it has good reason. It will do so "respectfully", or supposedly minimize the intrusion etc.
As for article 8: Here it is "protection of personal data" and "fair processing". It does not say "protection from government access"; and "processing" is when the government or some other party already has your data. In fact, as others point out, even this wording has an explicit legitimization of violation of privacy and 'protection' whenever there is a law which defines something as "legitimate basis" for invading your privacy.
You would have liked to see wording like:
* "Privacy in one's home, personal life, communications and digital interactions is a fundamental right."
* "The EU, its members, its bodies, its officers and whoever acts on its behalf shall not invade individuals' privacy."
and probably something about a non-absolute right to anonymity. Codified exceptions should be limited and not open-ended.
Which is... okay? Government gonna government, that's what we pay it to do.
The reality is that they'll just keep pushing it from different angles, they only have to get lucky once, we (or EU citizens, we left and have our own issues) need to be lucky every time - much like an adverserial relationship where you are on the defending side from a cyberattack...funny that really.
Article 7, EU Charter of Fundamental Rights: Respect for private and family life (and probably a couple other sections in there as well).
The problem is national security exceptions. Chat control and other similar bills are trying to carve out exceptions to privacy laws under the excuse of national security.
Also its politically cheap to introduce surveillance or to expand state power, it's comparatively extremely difficult to pass laws that specifically restrict state power.
Privacy laws are well and good, but they exist. The problem is we need to stop allowing "public safety" or "national security" to be a trump card that allows exceptions to said laws, and good luck getting any government to ever agree that privacy is more important than national security.
- The GDPR
- The ePrivacy directive, which is explicitly derogated (sabotaged) by chat control 1.0
How is that supposed to work with e2e encrypted chats?
Combined with the right to communicate across borders, you can get quite a bit of privacy: a server in both sides of a geopolitical conflict and they've got to collaborate to track you.
And yet metadata collection is both unavoidable (if you don't collect it, your geopolitical opponents will) and should be enough. We don't need chat control in a world where I get precision-targeted ads -- it's not even about freedom of speech or privacy, it's about freedom of thought.
With a server on the other side of a geopolitical conflict (actual conflict, not a mere discontinuity in legalscape) you trade a risk of the government reading your chats for a risk of the same government (which you don't trust for a good reason) locking you up for treason and espionage.
[0]: https://www.europarl.europa.eu/sedcms/documents/PRIORITY_INF...
Note that the amendment was already amended on 11th March to set expiry to Aug 2027 and to also exclude E2E communications.
Surveillance would be a more "modern" (even if more natural or seemingly correct word), without this sort of the implied baggage.
Hence, everything their government does is the opposite of what a typical European Union member would approve of.
If it were it would have happened already.
https://digitalcourage.social/@echo_pbreyer/1162053712243153...
And I’d still take this clusterfuck over the alternative current state of the US. At least this situation we can (and have been) striking down, despite all the naysayers on HN. Here’s to hoping we’re able to do so again!
Yes, but who isn't? Not the other side of the pond for sure.
We've shot it down before, and we'll shoot it down again, regardless of how relentless Palantir lobbying gets.
This is not true. No part of the Patriot Act required all people all private messages and photos to be scanned or have a backdoor to encryption. You're saying this to minimize what's about to happen to Europe, which is not helpful. The NSA made deals with private companies to tap lines, and used its influence and US intelligence's secret ownership of a Swiss encryption company to encourage us to use broken algorithms.
> We've shot it down before, and we'll shoot it down again, regardless of how relentless Palantir lobbying gets.
I wish you luck. But there's nothing keeping the EU from doing, and having always done, what the NSA has also done. What you're trying to stop is the requirement to serve your communications to your rulers on a silver platter.
The dark forces behind all this set to gain a lot of profits once it passes :(
It takes only one win to remove our rights but once they’re gone you’ll never get them back.
while not pass:
try to pass something stupid, malevolent or that hurts people and democraciesThis is not about mandatory scanning.
Makes me think about this clip.
Either way those elected to supposedly serve are the only ones winning.
“We decide something, then put it out there and wait for a while to see what happens.
If there is then no great outcry and no uprisings, because most people do not even understand what has been decided, then we continue—step by step, until there is no turning back.”
— Jean-Claude Juncker
That's the key question!
There's a small group of very powerful people that keep pushing this agenda.
Who are those people?
Find out.
Publicize their names. Make their corruption visible and linked to their identity.
In case anyone has an issue with this: Remember! This is what they want! For you! Not for them. Only the plebs.
How would this be enforced in practice? In other words, what would prevent E.U. users from using encrypted services outside of the jurisdiction of the E.U., to "illegally" encrypt their hard drives or to run their own private encrypted comms servers?
There is a long chain of actions that ends with you having e2e on your phone (or what not). At the starts of it there is your physical body living in jurisdiction and transacting with (mostly) other people being somewhat present in the same jurisdiction using government-captured money. There are multiply choke points, controlling which will not result in 100% enforcement, but will make whatever you want to do a huge pain in the ass, so most people will not bother (case in point -- jailbraking). Whoever is left self-selects themselves for selective enforcement.