back to article EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians

On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication. The vote had been set for Wednesday but got pushed back [PDF]. Known to detractors as Chat Control, the proposal seeks to prevent the online dissemination of child …

  1. Sora2566 Bronze badge

    But but but

    think of the children

    1. UnknownUnknown

      It’s fundamentally misguided and misaligned to GDPR, ECHR and UN UDHR.

      Simple as.

      It will be struck down by the European Court as bad legislation and be a waste of time and effort for all involved.

      1. ThatOne Silver badge

        Yes, but "Dripping water hollows out stone, not through force but through persistence", as they say.

        And then it's a waste of time and money for all except for the people pushing it forward. If they didn't do that, they would have to do some actual work...

      2. Missing Semicolon Silver badge

        Unless the justices are minded to legislate for GOOD!

    2. Arthur the cat Silver badge

      But but but

      think of the children

      Anyone saying that in the context of laws to violate privacy(*) should be mandatorily drowned in a slurry pit.

      (*) Other contexts may also be applicable.

  2. Anonymous Coward
    Anonymous Coward

    Well, well, well!

    Everyone's favourite, wholesome and ever-benevolent multinational organisation caught acting in an underhand way?

    But of course, as we're constantly reminded, it makes perfect sense to hand over ever increasing amounts of state sovereignty to this shady cabal!

    1. TheMaskedMan Silver badge

      Re: Well, well, well!

      "But of course, as we're constantly reminded, it makes perfect sense to hand over ever increasing amounts of state sovereignty to this shady cabal!"

      Shady cabal it certainly is. Unfortunately, this otherwise excellent reason to have as little as possible to do with the buggers is massively undermined by the fact the British government is at least as shady, and quite possibly more so.

      It doesn't matter which batch of shady, self serving incompetents are in power, they just can't resist the urge to read private messages, and can't understand why it's not possible. Make no mistake, Starmers mob will be just as eager as Sunak's - remember that the term Database State first arose on Blair's watch, with Cameron's shower promising an end to same if only we could see our way clear to electing them. Funny how that didn't happen, and his former home secretary, once - and even before - she found herself inexplicably promoted to PM, couldn't wait to increase surveillance. They're all the bloody same:(

      1. Neil Barnes Silver badge
        Holmes

        Re: Well, well, well!

        Since gentlemen don't read others' mail, they are obviously politicians, and not gentlemen.

      2. UnknownUnknown

        Re: Well, well, well!

        If the UK Conservative Government remotely gave a shit about the welfare and life outcomes of Children, it would not be housing the unwanted ones in carrion feeding Unlawful Private Equity Funded Children’s Homes, would be keeping children out of (relative) poverty and would not have axed the evidentially societally and cost effective Sure Start Programme.

        https://amp.theguardian.com/society/2019/dec/25/revealed-thousands-children-care-unregulated-homes

        https://amp.theguardian.com/society/article/2024/jun/17/teachers-gps-staggering-extra-demands-poverty-great-britain

        https://amp.theguardian.com/business/article/2024/may/14/children-austerity-generation-need-rescue-plan-gordon-brown-sure-start

    2. heyrick Silver badge

      Re: Well, well, well!

      "it makes perfect sense to hand over ever increasing amounts of state sovereignty to this shady cabal!"

      Um, hasn't your sovereign government already enacted this?

      1. Anonymous Coward
        Anonymous Coward

        Re: Well, well, well!

        Um, hasn't your sovereign government already enacted this?

        A key and fundamental difference is that the electorate in a democratic sovereign state get a chance to boot out the lawmakers every few years, should they act in an untoward manner.

        Ejecting unelected Brussels bureaucrats, however? Not so easy!

        1. Anna Nymous

          Re: Well, well, well!

          Surely, you understand that just 2-ish weeks ago, there was this little thing happening: https://en.wikipedia.org/wiki/2024_European_Parliament_election?

          1. Anonymous Coward
            Anonymous Coward

            Re: Well, well, well!

            MEPs do not craft laws in the EU. Surely, as a rabid EU advocate you would understand this?

            The real action happens behind closed doors with the EU Parliament simply there for show to apply the rubber stamp. It's an atrocious veneer of democracy on a neo-liberal nightmare that is only there to serve the interests of the globalist elite.

            1. Mike007 Silver badge

              Re: Well, well, well!

              Like a sort of "civil service" type organisation who do the actual work of drafting the laws the politicians say they want so the government can take it to parliament for rubber stamping?

    3. zimzam

      Re: Well, well, well!

      Someone didn't read past the headline. The UK and US are both doing (or planning) the same thing, and in case you hadn't noticed, neither are in the EU.

      1. Casca Silver badge

        Re: Well, well, well!

        He only needs the headline to start frothing

      2. Justthefacts Silver badge

        Re: Well, well, well!

        Except, he *didn’t* get it wrong. *ElReg* got it wrong as far as I can tell. The client-side scanning clause in UK Online Safety Bill was deleted in Parliament, and never passed into law.

        There was lots of reporting about Section 122, but if you actually read the bill that has entered into law, end to end, as I have just done, it’s gone. Anyone who thinks different, read the bill online, let us know which clause you think it is:

        https://www.legislation.gov.uk/ukpga/2023/50/enacted

        https://www.techradar.com/computing/cyber-security/online-safety-bill-encrypted-messages-to-be-saved-for-now

        1. UnknownUnknown

          Re: Well, well, well!

          Almost was . In effect the Conservative Government wanted do so the same evil thing the EU, US and most other controlling governments around the world want to do - in opposition to legislated human rights, privacy and data protection legislation already on the statute books.

          Just another rod for the Brexit Rabies infected to wave at the EU, in absence of any benefits (and a fuck load of detriments) post-Brexit.

          Most pretty self-evident and pushed away labelled as project fear by the true believers.

          1. Justthefacts Silver badge

            Re: Well, well, well!

            “Brexit rabies”.

            So, if the EU passes this, this will be one of the Brexit dividends as we won’t have to comply.

            There have been dozens of other Brexit benefits, life-changing for many: eg Remain would have had us comply with the 2021 VAT harmonisation. We’d have been forced to set our VAT threshold at €20k rather than £85k. That’s equivalent to making over half a million teeny tiny one-man band businesses totally unviable, and replacing them all with soulless megacorps.

            Or this:

            https://fundraising.co.uk/2024/04/26/meta-announces-withdrawal-of-fundraising-products-in-eea/

            Are you very proud indeed that the EU has forced Facebook to stop allowing Donate to Charity of €1.6bn per year on its platform? Where are EU charities going to replace that funding source from? UK charities fortunately unaffected.

            #EUBurstingWithPrideAsItGrindsMoreSmallPeopleItDoesnyCareAbout

            Not even the fact the EU did it. The fact *why didn’t you know this happened*? So embedded in your echo chamber, this is undoubtedly first you heard about it.

            1. Anonymous Coward
              Anonymous Coward

              Re: Well, well, well!

              Or more to the point it wouldn't have happened without the consent of the individual governments.

              I have only found a single real life Brexit benefit, the joke of power management rules for TVs. (Pretty much they have a loophole and don't have to obey DPMS for video).

              Has the UK fixed this yet for itself?

  3. The Central Scrutinizer

    And the clown car of encryption busting ideas just keeps on driving full tilt towards the edge of the cliff.

    1. WonkoTheSane

      Sadly, that cliff keeps receding into the distance.

  4. This post has been deleted by its author

  5. David 132 Silver badge
    Facepalm

    I was totally against this.

    And then I read that it’s to protect children, and of course immediately suspended my outrage and indeed critical faculties. Because for such a noble goal, how can any of us be against this? It’s not as if the EU would ever extend the law to encompass other forms of evil, such as terrorism, voting for the wrong political party, saying uncomplimentary things about political leaders, or putting bins out early.

    So let’s give this our unqualified and unquestioning support. It’s for the children.

    (Please note icon.)

    1. UnknownUnknown

      Re: I was totally against this.

      Even though it’s incompatible with GDPR and enhanced rights when dealing with Children’s Personal Info.

      It will be thrown out/struck down by EU Court as unlawful if ever passed.

    2. ThatOne Silver badge
      Big Brother

      Re: I was totally against this.

      > as if the EU

      Unfortunately this is not just an EU issue, it's a recurring theme around the world. Every government out there is trying to implement something similar, usually under the tired "won't somebody think of the children, the poor, innocent children! Look at their sad little faces! (sniffle)", given terrorism and other political scarecrows have temporarily lost their potency.

      I would be more concerned about governments who don't try to push that agenda, because it would mean they have already implemented this somehow... A government saying "we don't feel like keeping tabs on the Great Unwashed just in case they decide to throw us out of our cozy little positions"? Pull the other one!...

  6. Anonymous Coward
    Anonymous Coward

    As long as there are ZERO exceptions, and all government employees get the first models. Imagine being able to scan military, parlimentary, and judicial comms on a real-time basis. Just a slight modification of the code, for example if its transmitted from the device to Der Spiegel/Le Monde/EL Mundo/etc before its scanned...

    1. Charlie Clark Silver badge

      At best legislation will limit the availability in app stores. There will still be no way to prevent people sideloading other solutions as many already does: Telegram provides builds that do not contain the restrictions imposed on (or by) Google.

      1. Handlebars

        The reeducation camp awaits you, citizen.

  7. xyz Silver badge

    Recall, recall, recall...

    AKA client side scanning.

  8. Mike 137 Silver badge

    U-turn par excellence

    So much for the GDPR, which set the model for robust privacy legislation world-wide.

    1. Dan 55 Silver badge

      Re: U-turn par excellence

      GDPR was undermined a couple of years back with national regulators allowing "Pay or Okay".

      1. Fred Flintstone Gold badge

        Re: U-turn par excellence

        .. and " 'legitimate' interest".

        1. Charlie Clark Silver badge

          Re: U-turn par excellence

          "Legitimate interest" as defined by the EU is a far cry from what you see on many cookie banners.

          Overall, I'd say that GDPR has, indeed, reduced the number of third-party cookies on websites and made it easier to avoid the rest. If anything, it may have made publishers more aware of quite how much information they've been handing over to advertisers.

      2. heyrick Silver badge

        Re: U-turn par excellence

        But the Pay or Okay model has recently been shot down.

        Just expect it to take a LOT longer to undo that than it did to put it in place.

        1. Dan 55 Silver badge

          Re: U-turn par excellence

          That was a ruling by the EDPB on Meta using Pay or Okay but it's unsustainable as now there are national regulators which allow everyone apart from Meta to use Pay or Okay. I am sure Meta would have a good case if they took this to the CJEU.

          1. heyrick Silver badge

            Re: U-turn par excellence

            True, but we already know the EUs opinion on this, should somebody decide to take the national regulatory body to task. After all, the massive elephant in the room is that it is perfectly possible to serve to adverts without all the invasive tracking. It's not an either/or situation, only unbridled greed says it is.

          2. Charlie Clark Silver badge

            Re: U-turn par excellence

            In the EU it's no longer possible to shop for the laxest jurisdiction: see Schrems multiple successful suits against the Irish Data Regulator.

        2. Chet Mannly

          Re: U-turn par excellence

          Hate to break it to you but it hasn't - it's still all over websites everywhere.

          Just this morning I had a website demand I either subscribe or allow tracking from 838 different advertisers (I didn't even know there were that many of the parasites...)

          1. heyrick Silver badge

            Re: U-turn par excellence

            Like I said, it'll take a LOT longer to go away (if it ever does) than it took to implement.

            And, yes, I've seen prompts regarding the upper hundreds of the bloody parasites. That's why we can't have nice things, all those additional mouths to feed.

      3. NLCSGRV

        Re: U-turn par excellence

        GDPR is primarily undermined by lacklustre regulatory enforcement.

    2. UnknownUnknown

      Re: U-turn par excellence

      It’s incompatible with GDPR and if passed the EU Court will strike it down/throw it out.

      1. Mike 137 Silver badge

        Re: U-turn par excellence

        "the EU Court will strike it down/throw it out"

        or possibly not. The 'adequacy decision' in respect of the UK (C(2021) 4800 final, dated 28.6.2021) states (under 'transparency') that "Data subjects should be informed of the main features of the processing of their personal data" (para 49), despite the GDPR requiring that all processing is declared. So there's evidence that even within the EU the GDPR is being watered down. This example is not a minor problem -- it effectively prevents data subjects challenging abusive processing as nobody can object to something they haven't bee told about. it thus significantly undermines the fundamental purpose of the GDPR.

        It's effectively been forgotten that the GDPR is not data law -- it's human rights law in respect of data processing. I have however been informed officially that the UK derived legislation is considered to be data law only (response by the House of Commons Library, May 2024), and that 'data rights' are considered to be limited to the Chapter III rights, despite Chapter VIII 'Remedies, liability and penalties' allowing for remedies for material or non-material damage (which clearly goes beyond the mere Chapter III rights in respect of the data and processing themselves)..

  9. Anonymous Coward
    Anonymous Coward

    Proof that EU privacy only ever had a political background.

    They have already turned cars into mobile spy stations, and now this? It shows that the EU's stance on privacy only ever was to gain leverage against the US, not to protect its citizens.

    It demonstrates that (a) nobody there has the faintest clue about the real world implications and (b) they must have been invaded by parties that are very keen to establish mass surveillance on the population.

    The latter is what worries me. Most totalitarian regimes (and those heading that way) do away with that fundamental Human Right because they're up to no good and need to keep an eye on the population so they can identify who is on to them, so I wonder what the EU is up to collectively.

    It appears not to be for your benefit.

    1. heyrick Silver badge

      Re: Proof that EU privacy only ever had a political background.

      Don't attribute to malice what can be attributed to incompetence.

      Most of the spy/policing agencies are, by definition, paranoid. So they will never be happy with the amount of information that they have access to even though the number of bad guys already "known to the authorities" is overwhelming. They will always ask for more, and come up with bullshit reasons to justify it, usually involving children.

      All they need to do is find enough carrier politicians who can't tell a network plug from a USB plug to try to enact the proposal. Making children's lives safer is great karma points. All the downsides? They probably couldn't understand the argument.

      Unfortunately there are plenty around the world who think the internet is some sort of magical rope, or maybe a little black box with a blinking light, and so this nonsense will keep cropping up.

  10. Thought About IT

    Signal

    I'll be very annoyed if I can't use Signal any more. It's functionally equivalent to WhatsApp and keeps my phone and PC free of Zuckerberg's tentacles.

    1. Charlie Clark Silver badge

      Re: Signal

      They won't be able to ban it. If Google withdraws it from the app store, then you'll just be able to sideload it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Signal

        Except having it on your phone will mark you as a pervert. One police control, and you're sent up the river as convicted child molester/terrorist/criminal.

        1. Chet Mannly

          Re: Signal

          Not really - if there's a legal requirement I'll happily let the cops read through me and my mates talking cr@p, I have nothing to worry about in my signal feed (but that doesn't mean I'm remotely interested in giving them permission to scan ahead of time like proposed)

          1. Anonymous Coward
            Anonymous Coward

            Re: Signal

            Too logical. In the real world it is "He has a forbidden criminal app on his phone, he's obviously a criminal: Let the judge sort him out.".

      2. Thought About IT

        Re: Signal

        I don't want Google on my phone either!

    2. simonb_london

      Re: Signal

      There's always the TOX network. Unfortunately there is no longer an IOS client for it but desktop OSes and Android are fine.

  11. SundogUK Silver badge

    Stupid, totalitarian, socialist (but I repeat myself) bastards.

    1. Dan 55 Silver badge

      You couldn't be more wrong for a change. The socialists were key in knocking it back last time, this time the make-up of the parliament is different. Seems like Belgium (outgoing right-wing government) wants this done before the presidency is passed over to Hungary (incumbent further right-wing government). Perhaps Belgium fears that the opposition would be more organised if Hungary has the presidency.

      See:

      CSA Regulation: EU Council about to vote on "voluntary" chat control (it's English language but the GDPR options are in German, click on "Zustimmen" to continue but this is tracking option, this is the "Okay" in "Pay or Okay").

      Also see:

      Missing Link: Why UK chat control is so much like EU plans

      A comparison with the EU regulation shows striking structural and methodological parallels as well as temporal and substantive ones. This is no coincidence.

      1. Charlie Clark Silver badge

        Thanks for the links. The legislation, as with so much similar stuff, won't get past any challenges in Germany's (and presumably other countries') constitutional court. However, I think the politicians are aware of this and are probably pushing ahead for other reasons.

        1. Charlie Clark Silver badge

          Germany has already come out against this which effectively means it's going nowhere.

    2. David Hicklin Bronze badge

      And what about protection from false positives ? CSAM accusations is mud that sticks fast even if you are totally innocent

      1. Charlie Clark Silver badge

        I don't agree with the whole idea but I think, if it were properly implemented, it would simply fail to send the image and inform the user why. I don't think we have the legal processes for anything for a charge that would be based on such automation. And, any kind of online processing, is likely to be the target of attacks.

    3. Adair Silver badge

      Leftwing zombie <===> Rightwing zombie

      Where do you fit on the continuum of nonsensical prejudice and paranoia?

  12. Captain Hogwash Silver badge

    If...

    this comes to pass then presumably private servers for "family and friends" will be needed. XMPP with OMEMO looks like a reasonably solution, or Matrix.

    Can anyone see any particular problems with this besides the usual problem of adoption by the unitiated?

  13. Anonymous Coward
    Anonymous Coward

    Who *isn't* encrypting it *before* the application loads it ?

    If I was going to use any (note *any*) communication platform and wanted security, then I would encrypt my plaintext off device before I loaded it onto the device to send.

    That's why I have a server and a monitored folder where I put in my plaintext. I then move the encrypted file to OneDrive or GoogleDrive and select it to send from there using the app.

    Currently using 128 bit PGP, but I have a vague goal of setting up a series of OTP to make it bulletproof if needs be.

    And apart from the odd comment in august forums such as this, I keep quiet about it.

    I'm too old and ugly to froth about nonsense like this. Just step around it an move on.

    Also it's an interesting canary. If I ever get approached by "the authorities" about it, then I will know they are definitely and deliberately snooping. Which is what I expect them to do anyway.

    1. Anonymous Coward
      Anonymous Coward

      Needs To Be Pervasive!!!!

      @AC

      It's not (yet) illegal for Alice and Bob and their huge circle of friends to develop a private encryption scheme:

      - Diffie/Hellman tokens all round (either huge primes or elliptical curves)

      - A random secret used for encryption

      - A different random secret for every message

      - Every random secret destroyed after use (so no public encryption keys anywhere)

      That's the PRIVACY bit. Then there's the ANONYMITY bit:

      - Burners all round

      - Messaging from public places

      And just think ... Alice and Bob can use Signal if they like....the snoops will just love breaking into Signal......

      ......and finding MORE ENCRYPTION.

      Yup......citizens can (and should) take responsibility for their own privacy, their own anonymity.

      1. heyrick Silver badge
        Happy

        Re: Needs To Be Pervasive!!!!

        Whoa. My little introvert life is nowhere near that interesting. I have a social circle of...um...does a cat count?

        1. ThatOne Silver badge
          Happy

          Re: Needs To Be Pervasive!!!!

          > I have a social circle of...um...does a cat count?

          Only if it's round.

  14. Lars Silver badge
    Coat

    The Council

    The Council of the European Union and the European Council are the only EU institutions that are explicitly intergovernmental, that is, forums whose attendees express and represent the position of their Member State's executive, be they ambassadors, ministers or heads of state/government.

    https://en.wikipedia.org/wiki/Council_of_the_European_Union

    So it will depend on how the 27 member states agree or disagree before it will become the "opinion of the EU".

    I think it will be rejected.

    1. UnknownUnknown

      Re: The Council

      Or struck down by the EU Court as unconstitutional/incompatible with GDPR.

      1. Charlie Clark Silver badge

        Re: The Council

        National courts first.

  15. prh99

    The road to hell is paved with good intentions (though I doubt theirs are all good).

  16. NLCSGRV

    "The welfare of the people in particular has always been the alibi of tyrants, and it provides the further advantage of giving the servants of tyranny a good conscience."

    ― Albert Camus

  17. Long John Silver
    Pirate

    Let the legislation be implemented.

    History is littered with examples of stupid legislation. A marked proportion of this must have been unenforceable, particularly when ordinary people refused to abide by it.

    Naïve EU legislators may go along with the idea. It would get nowhere without active support by the EU Commission. One wonders where the true motivation of the Commissioners and of their sponsor countries lies: most likely in surveillance of dissident opinion and actions ensuing from it.

    Let the legislation stand. Even should it be capable of implementation, the workarounds are numerous. Legislators and Commissioners are too ignorant or arrogant to notice the egg on their faces.

  18. Anonymous Coward
    Anonymous Coward

    We don't want this.

    As a parent of teenage children, I don't want this.

    What we do want is the ability to set effective parental controls on our kids' phones. So we can block shitty apps like TikTok and Instagram in the first place.

    I've got it blocked on my Wi-Fi but my kids just switch to mobile data, and then they remove the paretnal control apps on their phones, or factory reset them...

    Or how about just make the minimum age for using these apps to be 18, and then seriously fine or sanction (or block the apps of) the companies who break the law?

    1. Mobile operators should give parents the choice of blocking shitty apps/services/categories/etc on the data plans we pay for.

    2. Android should make effective parental controls (have you not seen how hard it is to get Google's shit working?)

    3. Social networks etc should have minimum age limits

    4. Fine, imprison, sanctions or blocks for the apps that don't comply with the age limits

    Having recently had a child who (a) evaded my wi-fi no social network ban, and (b) used a friend's mobile data, and (c) factory reset his device and made a new google account, and then (d) joined facebook and (e) got sextorted and (f) got a police caution for sending pictures OF HIMSELF to the blackmailer, I'd be all for anything like this that would help sort this absolute shitshow out.

    1. Anonymous Coward
      Anonymous Coward

      Re: We don't want this.

      @AC

      Sympathising doesn't help. And it is a "shitshow". But there are a few problems:

      - Interweb service providers have no way of authenticating the identity of the ACTUAL HUMAN BEING using the service....so....

      - ...."age identification" by interweb service providers is impossible

      - .... and that's before interweb service providers get to the notion of accurately identifying any parent/child pair reliably

      Your story accurately encapsulates these problems. For example, a credit card and a password may identfy Joe Smith's credit card and password correctly.....

      .......but if Joe leaves his laptop signed on, who knows who is hitting the keys.

      The lawmakers in London SW1 and Brussels do not have a clue. But the real problem is the technology....no one knows if your suggestions will EVER be possible!!!

    2. johnrobyclayton

      Re: We don't want this.

      Parents have greater control over their children's environment than any government has over any of their citizens.

      Any technological solution that gives parents more control over what their children do online that does not require the parents to use their privileged access to or control over their own children is a technological solutions that any government can use on their own citizens.

      You might find it frustrating to be in a position of not being able to protect you child without sitting on them 24/7 and using your privileged access and control.

      You might want a solution that more closely achieves the effectiveness of sitting on them 24/7 without having to do so and without having to force them to experience such intrusiveness.

      The simple fact is, is that you are never going to be allowed to have access to such technological solutions to achieve this if it means that any government will be capable of using the same technological solutions on their own citizens.

      We, the people that care about how much control any government might have access to to control their own citizens, and have any influence to affect the possibility, will not allow it.

  19. cybergrcgb
    Pirate

    Reg on the side of the criminals again

    And the very suggestion that very rich companies who make a fortune out of enabling CSA should actually do something about it, predictably has El Reg and it's army of fanboy freedum fighters frothing at the mouth. Stopping people abusing children? Oh my gosh, what a terrible invasion of privacy!

    You muppets seriously need to get your priorities sorted.

  20. Adair Silver badge

    And you muppets ...

    who think there are always simple solutions to complicated problems... need to learn to think.

  21. djus89

    Whoever proposed this law and allowed such nonsense to even get to court should be arrested immediately

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like