And even then they will just rehash it in a different form and push it again.
The problem is also, this won't work. The pervs will simply use something else, prompting even stronger regulation to avoid having unapproved apps etc. Meanwhile we will all live in a panopticon society for no tangible benefits. In the end it could even kill FOSS and open computing because anyone who can edit the code can edit out the spyware.
[1] https://digital-strategy.ec.europa.eu/en/policies/cyber-resi...
But this is even worse than that. It would allow for dubious security resellers to define adequate protections. That would basically be their own products.
Everyone in IT knows that there are borderline dubious products that heavily border scam. Not every security solution of course, but there is a lot of bad sheep that present as much a danger to security as direct attacks.
If you want to protect user data, don't collect it. Best security you can achieve.
Perhaps I am overanalyzing and this just tries to introduce formal processes to deal with security concerns. But it doesn't look like it. It seems you need a third party to certify your products for once and I believe this is lobbying for questionable security products and lawyers in one go.
"(...) except for specified exclusions such as open-source software (...)"
- wouldn't this mean that FOSS is specifically not at risk???
edit: Even going further through the links, then searching for "open" in the actual text of the document (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...) gave me the following:
"In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable. In the context of software, a commercial activity might be characterized not only by charging a price for a product, but also by charging a price for technical support services, by providing a software platform through which the manufacturer monetises other services, or by the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software."
I asked the organizers about potential funding for the work that needed to be done since the project wasn't a commercial endeavour for us. They didn't even consider this before making demands for work that would consume several days if not weeks. The funding they had amounted to some gift cards and t-shirts. (They are very nice people, but there is not much they can do either.)
I am personally very frustrated with FOSS as it stands today. It's disingenuous: either the project is almost unusable on its own and you need to buy services from the people creating it (Kubernetes), it's missing parts you need, you get a pseudo-OSS license (BSL), sometimes funded by a foundation that has to do a whole lot of extra work to get donations and more often than not pays entry-level salaries or you run a project because you love doing it where you are expected to do the compliance work ... Why exactly?
And about 95% of the changes requested are basically paperwork to check off the boxes, ship material of bills, etc. Not the fun kind of problems. (Note: the CNCF doesn't pay its contributors anything, at least I didn't get a dime so far. The only thing I got was a truckload of paperwork, requests for more free work besides the project reviewing conference submissions for KubeCon, and more.)
I think, if you are a commercial FOSS user you should absolutely be on the hook for getting your wallet out and paying for people doing the ridiculous about of slog required for compliance. Pay a foundation for the compliance work, or hire the people working on the project to get it done. Does the EU get it right? No clue, but something has to be done. Supply chain security is important and the work needs doing, which somebody has to pay for.
[1] https://github.com/orgs/ContainerSSH/discussions/574#discuss...
I doubt the likes of Ursula, who come form extremely privilege backgrounds and have been groomed since childhood for high ranking leadership positions, see themselves as being any kind of "servants".
The term come from the days when public servants were elected from the general public, but those days are long gone and now we're bickering which members of the wealthy elite do we elect to screw us over for 4+ years without any accountability or repercussions.
And so they convince themselves that they are not in it for the money but merely for the public good, as wealthy people they are hard to bribe (somewhat true) and better this than loafing around doing nothing all day.
Whether it is the best for society is another matter, but this is a fair representation of some of the people in those circles that I know. They would rather see it as a sacrifice than as them holding power for power's sake because that's not what you're supposed to do.
It's loosely connected to Noblesse Oblige (https://www.merriam-webster.com/dictionary/noblesse%20oblige ), as in that you should strive to do good deeds and to use your station in life wisely if you are wealthy or in a position of power (but then you first have to obtain a position of power...).
Not sure that she's the perfect example for what you're trying to say
In the U.S., the main issue is that the House has had 435 members since 1929. It's become so obscene that representation was better, on paper, for colonial Americans in the British Parliament than today.
This term should be reserved for people who actually serve the public, not spy agencies and lobbyists.
Careful, you're touching on the core of Euroskepticism within the EU itself. These are not elected officials, nor are they public servants in the usual sense.
https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
So in fact the institutions are entirely democratic, and arguable more democratic (and less dysfunctional!) than their counterparts in the US and China (the other two super blocks).
That's not how it works though, they represent people in their EU member states, posters should go up in every capital because those clowns were elected by people everywhere.
Postponed != win
Postponed = () => await nextCrisis()
.then(crisis => introduceUncomfortableLegislationBecauseOf(crisis))- out-innovate the authoritarians somehow
- go on the political offensive to have non-tech people realize why they should care about things like this
- establish an entire new model for society somewhere, like how personal freedom maximalists left the then-monarchical/theocratic Europe for the new world long ago
There is something really wrong about it doesn't?
https://www.euractiv.com/section/law-enforcement/news/eu-com...
Of course, if you're pro privacy, eurosceptic or Christian, you won't be targeted.
> Netherlands and Germany want to exempt audio telephony, while Sweden wants to exempt communications over mobile networks.
I suspect this is to give the EU and other countries with legislation coming to pass their legislation, then coordinate the timing of enforcement.
Ylva Johansson, the EU Home Office Commissioner. She's openly anti-encryption and has said she doesn't care about privacy or security concerns. She won't even meet with any group that disagrees with her.
Thierry Breton, the European Commissioner for Internal Market. He is working with Ylva Johansson and Thorn to pass Chat Control.
Monique Pariat, European Commission’s Director-General for Migration and Home Affairs
Catherine de Bolle, Europol Executive Director
Julie Cordua, CEO of Thorn.
Cathal Delaney, Former Europol employee who now works for Thorn.
Ruiz Perez, Senior former Europol official Fernando, who now is on Thorn's board.
Alan M. Parker, British billionaire, and founder of the Oak Foundation that bankrolls the fake charities lobbying for Chat Control.
Chris Cohn, British billionaire hedge fund manager and Google activist investor. He provides funding for anti-encryption lobbying in the North American and the EU.
Ashton Kutcher, Demi Moore. They try to whitewash Thorn's actions while lobbying on their behalf. The EU government let them bypass civil rights groups with their lobbying due to their fame. Other actors involved with Thorn can be found [here](https://en.wikipedia.org/wiki/Thorn_(organization)).
Ernie Allen, chair of the WeProtect Global Alliance, WPGA, and former head of the National Centre for Missing & Exploited Children, NCMEC, in the US. Part of the network of fake charities and corrupt organizations lobbying to ban encryption and privacy.
Sarah Gardner, former Thorn employee and now the head of the Heat Initiative. Part of the network of fake charities and corrupt organizations lobbying to ban encryption and privacy. She's focus on US lobbying.
Lily Rhodes, former Thorn employee and now the director of strategic operations at the Heat Initiative. Part of the network of fake charities and corrupt organizations lobbying to ban encryption and privacy. She's focus on US lobbying.
Maciej Szpunar, Polish Advocate General at the European Court of Justice. Wants to use the proposal for prosecuting copyright infringement.
Other individuals involved are: Margrethe Vestager, Margaritis Schinas, Antonio Labrador Jimenez, Douglas Griffiths, Javier Zarzalejos.
A non exhaustive list of the fake charities and corrupt organizations involved:
ECPAT, Eurochild, Missing Children Europe, Internet Watch Foundation, Terre des Hommes, Brave Movement, Thorn, Oak Foundation, WeProtect Global Alliance, Justice Initiative, Purpose
Organizations operating more in North America: Hopewell Fund, Heat Initiative, Children’s Investment Fund Foundation
Finally, let's not forget that Ashton Kutcher, the darling of VCs, had to step down from his position at Thorn after submitting letters in support of their fellow actor and friend, a convicted rapist.
If he is willing to push for such privacy invasive measures in EU, he won't stop there, he will come for you in the US as well.
Now if my memory serves me right, we have seen this kind of entanglements before in the financial services(the big banks and the SEC in the US) with the disastrous consequences that we all know.
I've seen this process up close (for a Member State) and it is reliably slow with a reliable amount of ping-pong and battles between the various parties..
The draft law makes it clear that chat control is a surveillance tool: Non-public communication services are to be exempted, for example if they are "used for national security purposes." This is to protect "confidential information, including classified information." States do not want chat control for their own communications to avoid surveillance .. Poland demanded that only chats of "people under concrete suspicion" should be scanned .. Netherlands and Germany want to exempt audio telephony, while Sweden wants to exempt communications over mobile networks.
> The making and enforcement of rules – abstract, general, binding and enforceable; ‘thou shalt not steal’ – were once considered to be the essence of government. But rules are, in modern governance circles, considered to be about as outmoded and silly a tool of governing as there can possibly be ... The focus is on institutional architecture and the relationships among private and public actors, rather than on the substantive prescription of state legislation, rules, and judicial decisions ... Global governance has become deeply impatient and dissatisfied with the wearisome business of rule-making and especially rule enforcement. Rules are rigid; rules are boring; rules are annoyingly transparent in respect of their breach.
https://news.ycombinator.com/item?id=37479001
> This article explains a phenomenon I've been observing with growing uneasiness that I couldn't quite put my finger on till now ... this trend towards delegating power and decision making to an individual office or committee is an abandonment of this [rule of law] principle in favor of a return to rule by individuals who decide at their whim whether to allow or prohibit a thing, where by simply being in favor with certain bureaucrats one can be immune from accountability where politically unpopular targets can be harassed by the state without end simply because they are not politically favored.
For instance, significant web sites must have a functionning noscript/basic (x)html portal where reasonable (and you can browse maps more than ok with noscript/basic (x)html browsers). Just think semantic 2D simple HTML documents (tables are not harmful), and the table "rules" are semantic information in a 2D documents. And when I say "semantic", it is not that abomination of "semantic" web from a decade ago.
(open source software control is achieved via absurd and grotesque size and complexity, and often the control of the upstream source repository).
Small Tech with as many alternatives as possible is the only way out of this. Don't be fooled.
"In its current form, the CSAM proposal would fundamentally change the internet and digital communication as we know it, and that will be a point of no return." https://edps.europa.eu/system/files/2023-10/edsp_briefing-no...
So let me get that straight: they want to allow Chat Control only on fixed-line networks? Do they have landline phones in Sweden that can run chat apps?
That looks like a spoiler tactic to me.
Let me remind you of a quote by former EC President Juncker:
"We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back."
That is how the Commission operates. No wonder that many, including me, have serious trust issues towards them.
The whole EU commission system is a rort. It removes the power from the EU parliament and puts it into the hands of un-elected officials who are appointed in back-room deals between the ministers of the member countries.
It could not be further from democracy.
Well, the UK got rid of the EC and the UK still works exactly the same.
Our government is a proxy of lobbying agencies, working behind closed doors.
There's a bigger root cause
No, probably better to make the Council of the European Union a upper house of the EP and give them the nomination right, with the EUCO having some veto powers dictated by how unanimous they are.
But in any case, because the EU is a union of independent states with quite different outlook on things I think it is unavoidable that the system that endures holding it all together is pretty convoluted.
The EU Parliament doesn't get to draft laws, AFAIAA.