cross-posted from: lemm.ee/post/56769139
cross-posted from: sopuli.xyz/post/23170564
Submitted 5 weeks ago by floofloof@lemmy.ca to technology@lemmy.world
https://tuta.com/blog/france-surveillance-nacrotrafic-law
cross-posted from: lemm.ee/post/56769139
cross-posted from: sopuli.xyz/post/23170564
The only thing that can stop a bad guy with access to my private phone data is a good guy with access to my private phone data. /s
Fuck me, that’s good
I’m stealing that
In the same vein, with my family I’ve been using the analogy of “Imagine that all law enforcement had a key to your home, and they could enter at any time and look through your things, but you wouldn’t even know it if they did, or if they took photos or recorded videos of your place to take with them. Their argument is that the only way to keep you and your stuff safe from the bad guys is for the good guys to have access. But because the good guys now have access, it’s also easier for the bad guys to get in, because now there’s all these extra keys to your home out there, which might fall into the hands of the bad guys.”
Not a perfect analogy, but it seems to make them consider the issue from a more personal angle. And for those that argue, “Well, I don’t have anything to hide.”, I usually counter with “Then why do you close your curtains/blinds when you change your clothes or get out of the shower?” With my dad who grew up during the World War II, it also helped to mention that a law like this, once on the books, will not be easy to overturn, and while he might be fine with our current regime having access to all his data, that might not be the case with future authorities.
Yeah. Also we don’t have good guys either, but, that sounds nice.
They only thing that can stop a bad guy with surveillance fetish is the same bad bad guy with suddenly found exhibitionism fetish. OK, that’s not new, see “Enemy of the state movie”. Doesn’t work quite like that IRL, of course.
It feels like the UK and France are in a competition to see who can steamroller their peoples’ rights the fastest.
Isn’t Sweden trying something stupid too?
Yup, they are trying to put a backdoor into signal, even though their military advised against it.
Well, they gotta fight about something…
Although not in the same way, the US is leading the charge on that front.
France always tries to copy the US with a 10y delay so… Yeah 🤷
There’s been been bills at the EU level, but they’ve been defeated. I think individual countries introduced their own bills if they were supporters of the EU one.
Signal, Tuta, Proton. And that Apple bullshit.
This push to know everything about everyone is outrageous, expected, and depressing.
Almost seems like they’re afraid of us or something
Luigi wasn’t talking with anyone. None of this would’ve helped them with him.
I don’t even really want to ask, but… what happened with Tuta? I know what happened with the other 3.
Tuta would also be required to implement a backdoor in their encryption if this law passes. In this post they’ve stated they will refuse to do so, because it’s not possible.
What happened with Signal?
Sweden wants a backdoor. I hope that idiocy is shot down fast.
A reminder that the people voting for these laws do not understand technology. They don’t get it. Yes, this law sucks, but even if it passes, I’d be really surprised if it was actually enforceable.
I think it could be enforced for the majority of people just by blocking the download of non-backdoored software from well known sources. And then for the relatively few tech-literate types who still get hold of it, the government will have a ready way to prosecute you whenever you do anything inconvenient, or look like you might be thinking of doing something.
The law is enforceable. If the options you’re given is “put a backdoor in your product or stop operating in the country”, it’ll happen. And even if you reply “then I’ll go away”, laws like this, stupid, dangerous, breaking everything, will keep popping in one country after another until it’s too late.
It not making sense have no bearing on whether it can be enforced or not. And the mere existence of the law may be enough to later put you in hot water if you have some de-facto illegal software on your phone or computer, for example. It would not be automatic everywhere, but another tool to just legally have something against most people.
That’s being too generous. Some may not fully understand, but many do and simply don’t care. Not sure if better or worse, but its not entirely lack of understanding.
TSA officers steal from passengers
This may seem unrelated but it gives a real life physical example on exactly why backdoors shouldn’t exist.
First off, fuck the NY post.
Secondly, no, it IS unrelated. An issue with the TSA is not an example of a backdoor. Both are bad things, but it ends there.
A law implementing a back door would be a far more ubiquitous concern than some one off sticky fingers in Florida.
Did the tsa use a backdoor to find out what people had in order to steal it? No. How tf is this dumb take supported.
The little red locks on luggage have a backdoor for the TSA, so yes, they literally used a backdoor to find out what people had and steal it. The reason I brought it up is because people sometimes have a hard time realizing the severity of something unless it’s grounded in the real physical world.
Correction. The worst surveillance law in the EU so far
The government is not your friend, we are ruled by power tripping authoritarian rulers. They are using security and defense as a pretext to abolish your rights. You can solve the narcotraffic problem by simply legalizing drugs, they are going after encryption for something else, they want to control everything and everyone.
Backdoors for ‘good guys’ don’t exist—this is a shortcut to mass exploitation.
😾
If this is passed, would this only apply to people in France? Like Signal and WhatsApp, etc, could they make a different version of the app / backend that’s unencrypted just for them? Is that even possible? I can’t imagine Signal adding a backdoor for everyone in the world.
Or would they just outright pull their software / apps from being used in France? But then what’s stopping someone in France from sideloading the app and using a VPN?
Signal has already threatened to pull out of both Australia and the UK when they were talking about passing similar laws.
This is yet another way tying accounts to phone numbers can come back to bite you! I guess pulling out means denying registration from the country’s numbers as well? So that would mean either a constant additional expense (which might be significant for poor people), or constantly risk getting the account deleted if you tied it to one-time rental.
But then what’s stopping someone in France from sideloading the app and using a VPN?
The need for a phone number and SMS verification to create an account. Signal should do something about that.
There are ways around that, but the goal isn’t to stop everyone from using E2EE; it’s to make E2EE non-mainstream.
Nothing technically stops you. But if the government can prove you have been using Signal, all of a sudden you can be in a lot of trouble. This could be used for political oppression.
It is possible to do, to some extent. Everything’s possible. But then, when people that are on both side of this encryption barrier wants to talk, then both must use unencrypted messages. You’d also have the obvious case of someone having a phone/device/account from country A temporarily crossing through country FuckingFranceOrUK, so what do you do in that case?
You’d need to implement that, add UI features to know if you’re using encryption or not, and above all, it’s fucking stupid and against what most sane messaging solutions wants to do.
I’m sure it’s possible to find people that would gladly do all that. Hopefully those people are not in the business of making all the useful communication services we currently use.
Its funny, I’m watching this show called Prime Target and they’re basically trying to prevent people from figuring out some sort of mathematical equation that would instantly break all decryption and talking about how it would be the end of the world as we know it.
Meanwhile the EU is forcing everyone to put in an express lane IRL.
I haven’t seen that show, but it sounds like it has a basis in reality: there has been a real concern that quantum computers might be able to break much of current encryption because they are far quicker than classical computers at problems like finding the prime factors of a number, and schemes like RSA encryption depend on that being hard to do. And that could be fairly catastrophic, not only for current communications and for data encrypted at rest, but because communications data can be collected now and decrypted later when the technology becomes available. As far as we know, no one has done it yet, but quantum computers are developing rapidly so the day may well come.
They do talk about quantum computing in the show in a different context, saying it’s still a decade away. Their tech has something to do with Prime numbers (hence the title).
But also several companies already advertise “quantum resistant encryption” for whatever that’s worth.
But they’re not the good guys either
Ah yes, for the upcoming Ministry of Love.
So I’m going to get down voted to hell for this, but: this kind of legislation is a response to US tech companies absolutely refusing to compromise and meet non-US governments half-way.
The belief in an absolute, involute right to privacy at all costs is a very US ideal. In the rest of the world - and in Europe especially - this belief is tempered by a belief that law enforcement is critical to a just society, and that sometimes individual rights must be suspended for the good of society as a whole.
What Europe has been asking for is a mechanism to allow law enforcement to carry out lawful investigation of electronic communications in the same way they have been able to do with paper, bank records, and phone calls for a century. The idea that a tech company might get in the way of prosecuting someone for a serious crime is simply incompatible with law in a lot of places.
The rest of the world has been trying to find a solution to the for a while that respects the privacy of the general public but which doesn’t allow people to hide from the law. Tech has been refusing to compromise or even engage in this discussion, so now everyone is worse off.
I can invite someone over to my house and talk about anything I want with no risk of government meddling. Why should it be any different in online communication regardless of the country?
Continuing the analogy, government agencies can absolutely eavesdrop on in-person conversations unless you expend significant resources to prevent it. This is exactly what I believe will happen - organized crime will develop alternate methods the government can’t access while these backdoors are used to monitor less advanced criminals and normal people.
not at all arguing this is okay, not even a little
but
If you are the French government, and you know what the French populace has a history of doing to the French government, it would be understandable to be a bit paranoid of them, no?
again. It ain’t cool. But I’m honestly surprised they didn’t hop on the “incredibly intrusive surveillance” bandwagon sooner.
😂 a crosspost from privacy cross posted from Europa
Quik@infosec.pub 5 weeks ago
floofloof@lemmy.ca 5 weeks ago
I expect many people might read this and think “yep, fair enough, I have nothing to say” and still not understand why it is a problem.
SlopppyEngineer@lemmy.world 5 weeks ago
And the things that are perfectly okay today might be the things you want to hide tomorrow. Abortions and pregnancies, thoughts about labor rights out climate, sexual orientation, …
SoleInvictus@lemmy.blahaj.zone 5 weeks ago
As an American, I can vouch for this.
rottingleaf@lemmy.world 5 weeks ago
It is not different and both are done. If you’ve met people of that worldview (thieves, relatives of bureaucrats, bureaucrats themselves), they really have nothing to say directly, they talk in subtle (they think) hints and subtle (they think) threats.