Chat Control May Finally Be Dead: European Court Rules That Weakening Encryption Is Illegal

The EU Court ruled that “Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field.” Any requirement to build in backdoors to encryption protocols for law enforcement agencies could also be taken advantage of by malicious actors.

The EU Court of Human Rights’ also builds on their acknowledgment that “mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials.”

As the EU Commision’s Chat Control Bill directly targets undermining secure end-to-end encryption, it now looks to be in trouble. In its current version, the Chat Control bill would require the scanning of content on your personal devices, including that which is sent via end-to-end encrypted messenger apps or encrypted email. At some point, providers would be required to either break this encryption to allow the scanning of content or scan content once it has been decrypted and is readable.

On February 13th, Europe received an early Valentine’s gift from the European Court of Human rights when they banned any laws that aims to weaken end-to-end encryption. This ruling is a major stumbling block for the EU Chat Control Bill, but does it really mean that Chat Control is dead? There are many reasons why Chat Control should never become law, we’ve collected the turn of events and steps you can take to help prevent this dangerous bill from ever being passed!

kilgore_trout,

The European Court of Human Rights is independent from the European Union, and viceversa. They are not related.

uis,

EU Court or ECHR? ECDH is not EU.

maynarkh,

To be fair to the rest of the world, European institutional organizations do not make any sense at all.

delirious_owl,
@delirious_owl@discuss.online avatar

Ok…but next month chat apps need to be interoperable. How can that be done without harming the encryption?

Natanael,

E2EE doesn’t require servers to have access. See Matrix for federated messaging with encryption support

delirious_owl,
@delirious_owl@discuss.online avatar

And when matrix legally must be interoperable with Skype, which doesn’t have e2ee? Goodbye e2ee.

uis,

Or welcome e2ee in skype.

delirious_owl,
@delirious_owl@discuss.online avatar

We have less than 1 month left on the deadline. Which direction do you think this is going to go?

Matrix bridges already do this. They take what would be e2ee and then decrypt the message and dump it into another app unencrypted. This is how legislators break encryption.

uis,

Obviously. For e2ee to function both clients should use same e2ee scheme. In theory you can e2ee matrix with xmpp, but in practice either matrix client should support xmpp message format or xmpp client should support matrix message format.

Still better than nothing and you still get e2ee between matrix users anyway.

Ferk, (edited )
Ferk avatar

There's a third way: a gateway node that receives the message in one network/protocol and forwards it back in the other network/protocol.

So, in that case the communication might only be encrypted from the user of the e2ee protocol (matrix) to the gateway node, but unencrypted from the gateway to the user of the unencrypted protocol (skype).

It wouldn't be surprising if skype just decides to maintain such a gateway on their end to comply with the DMA, since that's likely to be faster/easier than reimplementing their architecture with such short notice. I think there are already matrix bridges out there that are open source, they could also just officially endorse one and perhaps improve on it.

Flumpkin,

I think the idea is that only the big platforms have to offer a protocol for interoperability You could always disable that in matrix or chat with someone on another chat protocol unencrypted.

But the real advantage is that someone on those big chat apps can just switch to a different (more secure) app without loosing his contacts. Basically this should be a huge boost for open source and trustworthy messaging apps. At least from what I’ve read here:

eff.org/…/eu-digital-markets-acts-interoperabilit…

moon,

By them having a common e2ee protocol?

possiblylinux127,

Free software apps don’t have a common protocol let alone proprietary ones.

Hubi,

Finally some good news among all the recent doomerism.

wdx,

Well… see y’all again in 2 yrs when they try to push it through under a new name

rinze,
@rinze@infosec.pub avatar

Yes, these things are never dead. They just come back under a different name / pretensions until they pass.

Quacksalber,

I have said it before and I’ll say it again: Politicians that push for legislation that has previously been ruled as unconstitutional should be charged for willfully trying to literally break the law.

haui_lemmy,

And anyone in position of power/trust should be punished twice, once for the crime and again for doing so in a position of power.

DdCno1,

Sounds nice in theory, but it works both ways: It would make political progress very difficult. Imagine a scenario in which e.g. trans rights are being rejected as unconstitutional in the past. The same politicians are then trying again in a different political climate year or decades later. This would be illegal according to your proposal.

Not to mention, it would be fairly trivial to circumvent this by using different politicians from the same party or an aligned interest group.

Quacksalber,

Then the constitution that would prohibit trans rights would need to be changed first. If politicians want to remove the constitutional right to privacy in order to allow spying on your own constituents, then go ahead and own the fact that you want to undermine the right to privacy. Don’t hide behind “oh, this will totally not affect law-abiding citizens”.

oce,
@oce@jlai.lu avatar

Some social progress such as death penalty abolition or gay marriage often pass with short majorities, and constitutional changes usually require exceptionally large majorities.

Quacksalber,

Then that’l require more fighting. I however doubt that the constitution of most countries place huge blocks on giving people more freedom.

oce,
@oce@jlai.lu avatar

I don’t understand your point. The problem is not the constitution blocking the change, the problem is that to change the constitution you generally need a much larger majority that is often not achieved when a freedom is not yet widely accepted by the population. So this would block some socially progressive laws too.

PowerCrazy,

Sounds like the constitution would need to be updated in that case. But there has been no successful constitutional challenges for trans-rights, so it wouldn’t apply in this case.

delirious_owl,
@delirious_owl@discuss.online avatar

You mean 1 month when the interoperability deadline goes into effect

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • ngwrru68w68
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • InstantRegret
  • GTA5RPClips
  • Youngstown
  • everett
  • slotface
  • rosin
  • osvaldo12
  • mdbf
  • kavyap
  • cubers
  • JUstTest
  • modclub
  • normalnudes
  • tester
  • khanakhh
  • Durango
  • ethstaker
  • tacticalgear
  • Leos
  • provamag3
  • anitta
  • cisconetworking
  • megavids
  • lostlight
  • All magazines
    •