End-to-end encrypted messaging has been a thorn in the side of lawmakers for a while now, and although many companies like Apple already offer backdoors and pre-screening of messages for illegal content as demanded by the US government, this is new for the EU. The eIDAS regulation aims to force software companies to create backdoors into such messaging services. What precedent does this set for say, hardware wallets? What are the options if this passes?
Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government. Which CAs? Specifically the CAs that were appointed by the government, which in some cases will be owned or operated by that selfsame government. That means cryptographic keys under one government’s control could be used to intercept HTTPS communication throughout the EU and beyond.
This is a misleading title.
First off - You physically cannot ban E2EE anymore than you can ban math, because that's what cryptography is - a math equation.
There's HTTPS, and there's E2EE. HTTPS is a protocol which does encrypt traffic, and it relies on a trusted third party, called a certificate authority (CA) to ensure the integrity of the encryption as well as the identity of the party you're intending to exchange data with.
If I'm understanding this correctly, Article 45 is an attempt for the government to force browsers to unconditionally accept CAs that have been approved by the government's arbitrary standards. This means HTTPS security could be weakened, and the worst case is they could implement back doors.
That's an incredibly ridiculous and horrible idea, but it doesn't have anything to do with E2EE.
With E2EE, the data you're transmitting is encrypted BEFORE it gets sent via HTTPS, or any other protocol, and it isn't decrypted until it reaches the other end. In other words, you can typically use E2EE w/ a completely insecure channel. E2EE makes eavesdropping impossible.
At the end of the day, even if the government forced you to trust it's certificates for protocols like HTTPS, and they had some kind of backdoor to monitor the data you're transmitting, you can still use an app (like signal) that encrypts your before it goes through channels controlled by third parties and be just fine.
TL;DR - this is a bad thing they're trying to do, but it doesn't even come close to being an E2EE ban.
reply
You physically cannot ban E2EE anymore than you can ban math, because that's what cryptography is - a math equation.
...and marijuana, opium, and cocaine are just plants.
Of course you can ban E2EE! Government simply declares it illegal, and throws people caught using it in jail. That doesn't mean every single usage of E2EE will be stopped. But a hell of a lot of it will.
Especially these days now that most phones are already so locked down that average users can't install their own apps. With an E2EE ban, you can guarantee that Google will be told to lock down Android too.
The phrase "it's just math" is particularly ridiculous, because E2EE is math that you can't reasonably do without the use of a computer... and governments absolutely can control computing. Fact is IC manufacturing is inherently centralized because of the truly enormous amount of infrastructure necessary to do it.
The solution is to fight these battles politically. Don't get complacent and assume "the market will fix this" or "bitcoin will fix this". Fight. Now.
reply
The solution is to fight these battles politically. Don't get complacent and assume "the market will fix this" or "bitcoin will fix this". Fight. Now.
This is a nice example of the "disengage from the system" strategy being really flawed. Interacting in the political arena is the opposite of fun or sexy; but for stuff like this, especially, it's consequential. Perhaps on generational timescales the technological force latent in the world will be too strong to resist, and politics will give way, as with the printing press.
But on the timescale of a human life, plain vanilla political pressure gives high leverage. Ceding control of the political arena means it takes an extra decade or two to unwind stupidity that affects hundreds of millions of people. Bad ROI.
reply
I'm starting to agree. This might have the be settled in the streets
reply
Again, this isn’t even relevant in the first place because it’s not happening.
I’m sorry, but this is just kind of an ignorant argument. It’s ridiculous to say “you’re not allowed to perform a math equation in your code”. All of cyber security relies on that - you wouldn’t just be giving a data to the government, you’d be giving it to everyone.
If you're talking forcing all electronic data transmission to flow through government controlled channels, surely you can see why that’s as infeasible as hacking bitcoin.
Bitcoin works because it’s internet money, and the internet is irreversible decentralized information. There’s no going back on that.
reply
exactly! Fight or silently let friends and family move off controlled messaging app and convince them to use SimpleX chat. Once people understand the power in it, they too will help spread the message. A bit like Bitcoin.
FOSS will continue to exists the same way government try to stop Bitcoin. But we need to let people know about it in an peaceful, kind and self-sovereign way, letting the government and lobby talk about banning FOSS in an empty void.
reply
The solution is to fight these battles politically.
So... I'm inside EU, and I see what people from the '68 generation - did to the quite beautiful initial EU concept. I'm not young enough to wait and see when (and if) all these dumb socialists/marxists finally lose the power in EU (or die).
See you some day in Salvador, then (or Argentina?) https://www.youtube.com/watch?v=R2asE78rs38
This afternoon the EU Parliament will hold a press conference outlining their formal position on the EU Commission's controversial CSAM (ChatControl) proposal.
In the press conference it will be announced that the EU Parliament have agreed NOT to move forward with the proposal as it has been presented by the EU Commission but have instead adopted an approach which will remove many of the concerns.
There will be no mass surveillance of digital communications. The EU Parliament instead propose that surveillance will be limited to targeted surveillance of individuals and groups reasonably suspected of dissemination of CSAM and will only be permitted with a judicial warrant. There will be no interference with e2ee and services providing e2ee will be exempt from the provisions. Providers of communications services will be required to develop their services in more secure ways to help reduce the risk of CSAM being distributed on their platforms.
reply
There will be no mass surveillance 😂
reply
Of course not.
reply
They officially want to keep track of everything we're doing... This is not looking good, I believe lightning will also play a big role in sending messages in the future where I can send 1sats and include my message as they note... Good luck tracking that.
reply
Those notes are sent as URL query params. Not e2e encrypted. Be careful
reply
I've never sent LN notes. Are they sent over http or https? If it's the latter, the URL is encrypted and only the domain is visible.
reply
True, good point. HTTPS. Thank you for the call out
reply
Was about to comment on this. This is the most nerdy community in the world. I love it.
reply
Why would you do that? Wouldn't be hard to trace whatsoever.
reply
How will they be able to trace the message to my identity?
reply
El Salvador properties look better and better every day...lol. Bye Felicia
reply
I don't give a shit about these meaningless so called laws.
reply
They get annoying every time.
reply
Generally speaking, the EU gives you only one guarantee: to always choose the worst thing.
Incompetent people vote for disastrous things without ever taking into account the warnings raised by the experts in the different fields involved.
reply
Very damaging to EU-based technology businesses and their prospective customers in those countries, and it will just accelerate the flight to open source applications.
These EU bureaucrats are delusional. Who advises them!?
reply
The EU is all about confiscating property for the few, the proud, the slaves.
reply
Let's face it. Controlling encryption is the very definition of totalitarianism.
reply
Use a FOSS browser, edit the government CAs out manually.
reply
Bring back the guillotine!
reply
I could see the French doing that
reply
Sadly not contemporary French people
reply
Law is protecting the elit and limiting the middle and poor class
reply
fuck article 45
reply
Fuck these fuckers. E2ee is impossible to stop.
reply
Leave.
reply
Good luck enforcing it. It’s like China banning bitcoin. That was a epic fail!
reply
The future of decentralized chat apps like Nostr's 0xchat.com looks brighter all the time!
reply
This is another proof that you can not vote yourself out of tyranny. Once again there is no one organization that harms it's own citizens like government. Meanwhile the actual criminals who work for the government will make their own CA as we all can and they will tell their people what the hash signature is.
Fiat currency is paying for this and it's time for people to stop buying crap that makes FIAT organizations valuable.
reply
Non-ironically, that mean its working.
reply
I really hope that that it doesn't pass. It would be the death knell for civilization in Europe.
reply
Couldn't a blockchain replace a centralized certificate authority?
reply
What is the point of this?
reply
crazy if this passes
deleted by author