• Martin@feddit.nu
    link
    fedilink
    English
    arrow-up
    195
    ·
    10 months ago

    “While indiscriminate backdoors might be cheaper for the State than alternative investigative measures, they were expensive for society at large on account of the security risks they produced,” EISI told the ECHR.

    It’s great when someone with some sway actually gets it.

    • hydroptic@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      49
      arrow-down
      9
      ·
      10 months ago

      EU institutions are pretty great, but sooner or later they’re going to lose the fight against the technofascist nightmare that’s constantly getting pushed on us

  • GiddyGap@lemm.ee
    link
    fedilink
    English
    arrow-up
    84
    ·
    10 months ago

    I feel like Europe is the only place actually making an effort to protect personal privacy these days.

    • abhibeckert@lemmy.world
      link
      fedilink
      English
      arrow-up
      78
      arrow-down
      1
      ·
      edit-2
      10 months ago

      That’s because Europe has actual experience with having their privacy invaded and it wasn’t just to show you relevant ads. During the war my grandparents burned letters and books after reading them. And they had nothing to hide either - and all of the ones they burned were perfectly innocent and legal… but even those can be taken out of context and used against you during a police investigation.

      The UN formally declared privacy as a human right a few years after the war ended. Specifically in response to what happened during the war.

      A lot of the data used by police to commit horrific crimes was collected before the war, for example they’d go into a cemetery home and find a list of people who attended a funeral six years ago, then arrest everyone who was there. You can’t wait for a government to start doing things like that - you have to stop the data from being collected in the first place.

      Imagine how much worse it could be today, with so much more data collected and automated tools to analyse the data. Imagine if you lived in Russian occupied Ukraine right now - what data can Russia find about you? Do you have a brother serving in Ukraine’s army? Maybe your brother would defect if you were taken hostage…

      • GiddyGap@lemm.ee
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        2
        ·
        10 months ago

        Well, it defers a lot from country to country.

        For example, populations in the Scandinavian countries have high trust in their governments and let them collect a lot of private data. They have personal identification numbers that contain lots of personal information that many institutions (e.g. banks) have access to unless you ask for privacy protection. All of this also makes interaction with institutions very streamlined and easy, but it comes at the cost of less privacy.

        In Norway and Sweden, for example, anyone can access personal income data about anyone living in the country. Full transparency, more or less.

        On the other hand, a country like Germany does not issue personal identification numbers because the population is highly skeptical of data collection and registration, a remnant from the wars. Germany is much more bureaucratic and its government less efficient, but Germans prefer the arm’s length approach to government data collection and almost no data is publicly accessible.

        • Aceticon@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          edit-2
          10 months ago

          In Germany you have to show some kind of ID - which gets registered in a system - to buy a SIM card, something I never had to do in other countries I lived in, in Europe.

          There is no other point in having such a requirement for stores to record people’s ID when they buy SIM cards than to associate phone numbers with people for surveillance.

          The UK too doesn’t have ID cards or ID numbers for people and yet has the biggest densitity of surveillance cameras in Europe, automated license plate reading cameras in major roads and highways and, as shown by the Snowden revelations, has an even more broad civil society surveillance system in place than the US and, by the way, when that came out the political response was simply to retroactivelly make legal any part of it which weren’t.

          ID numbers are just one big “look over here” distraction from what’s really going on.

          • GiddyGap@lemm.ee
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            10 months ago

            I didn’t say that Germany doesn’t collect data for basic protection of its citizens and for terrorism prevention (or, some may see that as surveillance). It does. It’s just not shared in a big central system that other institutions and private companies can pull from like it is in the Scandinavian countries or the Netherlands.

            E.g. if you move from one place to another in Germany, the government institutions in the two locales don’t talk to each other about that. So, for tax and social benefits purposes, you have to tell each one that you moved. The federal government is also not involved.

            Edit: spelling

            • Aceticon@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              10 months ago

              Somehow the rest of Europe doesn’t need to get people’s IDs when SIM cards are sold “for basic protection of its citizens and for terrorism prevention”. Further, the idea that “terrorists” won’t just buy their SIMs in a different country and bring them over and using them in Germany is laughable (the only reason I did so for the couple of months I lived in Germany is because I was a heavy data user).

              Also from what I’ve seen in Britain, having government entities unable to properly share data AND having a disproportionately high level of civil society surveillance are not at all incompatible.

              I would’ve tended see the same association between no-IDs and no-crossing of data with low-surveillance that you seem to be making here if I hadn’t seen first hand how that is not at all linked (or maybe it’s actually inverselly correlated) during the time I lived in Britain.

              • GiddyGap@lemm.ee
                link
                fedilink
                English
                arrow-up
                3
                ·
                10 months ago

                You’re not right about the rest of Europe not needing ID for a SIM. In Denmark, you need ID. In Sweden, you need ID. In Norway, you need ID. I’m sure you need in many other countries as well.

                In the US, you also need an ID to open an account.

                • Aceticon@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  edit-2
                  10 months ago

                  Right, I’ll grant you that - can only really speak for countries were I actually bought SIMs.

                  I know for sure you don’t need an ID in Portugal, Spain, The Netherlands, the UK and Canada, or at least you didn’t back when I did bought a SIM card over there (either because I lived there or stayed there long enough that it was worth it to get one for cheaper mobile data).

                  Funny enough, the countries you listed (except Germany) are ones were somebody else was pointing out that people trust the authorities and are more ameanable to the authorities having lots of information about them. (I just checked back and it was actually you who said that ;))

                  Personally I was quite shocked that Germany, the country which had both Nazism and in some parts Communism, and were one would expect people to shy-away from anything with even the slightest wiff of Gestapo/Stasi to it, to have very explicit and obvious laws in place to make sure the authorities knew who had what mobile phone line were in place and accepted by the population.

          • RedFox@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            10 months ago

            @GiddyGap@lemm.ee

            Since I also appreciate EUs privacy mindset, and you guys actually mentioned interesting things about the various populations, I’m going to post devil’s advocate question:

            Is there anything to allow privacy invasion we should do for law enforcement and CSAM? Since that’s all political excuses for it?

            Here’s a story I heard recently that talks about it from a technician cyber crime podcast: https://darknetdiaries.com/episode/131/

            Disclaimer: I cried while on a run in the middle of a populated area.

            My emotions on the topic go from shock and sadness to the punisher style rage, and what vigilante justice.

            There’s also apps like kik, where apparently this shit is unchecked.

            So my question is, can we all have our no data collection privacy, but still give law enforcement a way to hunt these pieces of shit into extinction without them overreaching?

            • Aceticon@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              10 months ago

              As with everything, there has to be Proportionality (are the gains from mandate backdoors on everybody’s software or mandatory taps on every phone out there so great they justify the high risk of massive loss of privacy and security of the general population) and ther has to be Independent Oversight, as in, it has to happen with a Court Order which is the result of a Judge having examined the case of the police and determined that there is sufficient reason to break somebody’s privacy, same as is necessary for the Police to break into somebody’s house to conduct a search, and we’re not talking about “special” surveillance courts with secret proceedings that even the defense attorneys can’t attend such as the US’ FISA courts and the UK’s equivalent (whose name now evades me) - though in the UK there are even surveillance systems which, by Law, the Police does not need a Court Order access as they see fit.

              Given that the smart criminals - read big, dangerous ones - don’t use phones they bought when showing their ID and where they have a contract that they pay from their bank account, and in some cases even use proprietary comms apps rather than the ones common people use (it’s not as if it’s hard to make an encrypted comms app for anybody with even just a bit of mobile development experience: I can make you one with unbreakable cryptography in a week, but it does require periodic transport of harddisks filled with random bytes because the key is as long as the message) things like mandated backdoors on widelly available comms apps only provide a mild improvement in Police effetiveness whilst openning a massive attack vector on millions, tens of millions, or even hundreds of millions (for the whole of the EU) of law-abiding citizens, hence are a massivelly dispropotionate solution versus other options, such as bugging the devices, direct surveillance of the suspects and so on.

              Also for me personally, having lived in the UK, you cannot at all in any way or form trust the Authorities with such power as they will with absolute certainty abuse it. Also even if a country’s authorities are squeaky clean, prim and propper today (most definitelly not so in the UK, were they even had surveillance on the Green Party, but most of Europe is better), there is no guarantee the next ones will still be so (remember, most of Europe was at some point under Fascist or Communist dictatorships), and in this day an age stuff once recorder exists forever and can be later fished out and used against you even when back in the day when you said it or wrote it, it’s was totally legit.

              So it’s the balance of pros and cons (i.e. the fail in Proportionality) that makes mandated backdoors on everybody’s comms apps for the purpose of surveillance, even under proper oversight by a Court of Law in a country with trustworthy Authorities and proper Laws rather than “funny” surveillance Courts, still be an unacceptable option.

              Yeah, you’ll always find cases were you’re told “if only we had backdoors in every comms app we could have stopped it”, same as you would for “mandatory taps in every phone” or “mandatory cameras in every person’s home” (though, “curiously”, they never mention the problem that with so much data it’s way harder to spot those single instances of lawbreaking), but having such things for every single person in a country is still an incredibly disproportinate solution for what it solves.

              • RedFox@infosec.pub
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 months ago

                These are good points, well said.

                I agree. Insert great power/responsibility saying.

                They always seem to go off the rails.

                I would be in favor of mandatory disclosure (though, this would be extremely difficult and costly). I imagine anytime a government privilege was used, especially when behind closed doors, and reviewed by “…the proper oversight officials…”, whoever that means, I would rather like the governments to prove it.

                I would support an idea that by law, it all has to be documented, and after a reasonable amount of time after the prosecution is complete, they have to disclose everything they did, all the snooping, etc. With redacted private information of course for unrelated people.

                This is fairly unreasonable/unrealistic. But for me, if you could see all the cases where a government invaded privacy and link it to all to nothing but legitimate uses, it might help restore some faith/trust in officials.

        • rottingleaf@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          4
          ·
          10 months ago

          For example, populations in the Scandinavian countries have high trust in their governments and let them collect a lot of private data.

          And that’s very stupid.

          But psychologically this may be a good thing - people learn to not be ashamed of saying “yeah, you can get all this information about me, but it’s simply not your concern, so fsck off” from the very beginning.

          • GiddyGap@lemm.ee
            link
            fedilink
            English
            arrow-up
            7
            ·
            10 months ago

            And that’s very stupid.

            It may feel stupid to you, but Scandinavia is a very different world than, for example, the US. They’ve never had a reason to not trust their governments. They are among the happiest countries in the world and their economies are outstanding and have been for a long time, and the standard of living is second to none. They feel like their governments work for them.

            Same can be said of Germany, but they’ve obviously gone through different historic events and their approach to government is different.

            • rottingleaf@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              10 months ago

              They’ve never had a reason to not trust their governments.

              From how people actually from those countries (and not approving Americans) seem to me, the main reason their governments function well is exactly that they don’t have too much power or bureaucratic depth to brew something bad, and because people don’t trust them or respect them too much.

              I’d say that’s the reason these are “among the happiest countries in the world”.

              That they don’t “trust” the government (the way approving Americans would want to), they just don’t fear it or treat it as magic. And I think most people elsewhere willing to live “like in Scandinavia” would push things into the opposite direction, if given their way.

              • GiddyGap@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 months ago

                I’ve lived in several Scandinavian countries for many years. You’re wrong.

                • rottingleaf@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  3
                  ·
                  10 months ago

                  Oh. Well, then we’ll see that trust erode, because that’s what happens to trust always. Nature has feedbacks to compensate for disturbances. And Scandinavian countries’ good government is a relatively new thing historically.

      • Schadrach@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        And they had nothing to hide either - and all of the ones they burned were perfectly innocent and legal… but even those can be taken out of context and used against you during a police investigation.

        If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

        Cardinal Richelieu

    • platypus_plumba@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      10 months ago

      Finally, good news. I can’t believe we need to go to court just to be allowed to have encrypted conversations. It’s MY conversation and MY data.

  • squirrel@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    58
    ·
    10 months ago

    This is incredibly funny for people who followed this. Everybody and their grandma told the European Commission that there was no way that breaking end-to-end encryption was compatible with the law. Yet they constantly pushed for it anyway and now look at this mess.

    I am almost certain that the European Commission will claim that there are still ways to break end-to-end encryption, only to defeated in court yet again. Like they tried with data preservation for law enforcement purposes. They just can’t stop themselves.

  • Clent@lemmy.world
    link
    fedilink
    English
    arrow-up
    44
    ·
    10 months ago

    Pity we don’t have any of those human rights in America. Maybe we should join the EU.

    • rottingleaf@lemmy.zip
      link
      fedilink
      English
      arrow-up
      16
      ·
      10 months ago

      People from Russia and other ex-USSR states sue their governments in ECHR all the time. Sometimes those governments even pay the fines.

      I mean, glad that you’re glad.

      • febra@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        edit-2
        10 months ago

        Yeah, we in Romania sue our own government quite often in the ECHR, and we win, and then the government goes like “well what is another fine to us, we’ll just make the taxpayers pay it” or “look the EU is bad for telling us it’s not okay to discriminate < insert minority > !”.

  • Minotaur@lemm.ee
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    10 months ago

    Maybe one day, the land of personal freedom and Liberty can have a small amount of the personal freedom and Liberty often declared by the “globalist big government” EU.

    • littletranspunk@lemmus.org
      link
      fedilink
      English
      arrow-up
      16
      ·
      10 months ago

      EU: “This violates human rights”

      US: “Human rights? What are those? Are they in the constitution?”

      Yeah, I wish the US could get some of those mysterious rights

      • abhibeckert@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        edit-2
        10 months ago

        US: “Human rights? What are those? Are they in the constitution?”

        There actually are strong privacy rights written into the constitution. Unfortunately they don’t fit well with modern data collection creating loopholes big enough to drive a truck through.

        And nothing is being done to close those loopholes. In fact the opposite… end to end encryption, for example, would close most of the loopholes. Legislators are using “think of the children!” arguments to try to stop companies from upgrading services to use E2EE.

  • zaphod@feddit.de
    link
    fedilink
    English
    arrow-up
    23
    ·
    edit-2
    10 months ago

    The ECHR is not an EU court, it’s a Council of Europe court, different organisation.

    Edit: To make things more confusing, the EU is in negotiations about joining the Council of Europe.

    • CashewNut 🏴󠁢󠁥󠁧󠁿@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      10 months ago

      I tok great pleasure in making my Brexiter dad look a tit by asking what he disliked about the EU. “Well I’m sick of their human rights court telling us what to do! So I’m voting we leave the EU!”

      Me: “But we’d still be covered by the ECHR. Are you thinking of the ECJ?”

      I don’t speak to him anymore cos he’s a cunt*.

      *Not politics - he’s just a cunt who doesn’t approve of my ‘lifestyle choices’ (childless, gay and mentally ill).

      • RedFox@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        lifestyle choices

        lol, you should have made better choices with the ? thing you can control of those.

        /s