- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
!!! IF YOU ARE AN EU CITIZEN, PLEASE DO THE FOLLOWING FORM !!!
https://fightchatcontrol.eu/#contact-tool
Be especially sure to select your home country’s permanent representation in the Committee, but selecting everyone the website proposes is a very good idea (and done by default).
Raise your voices and flood their inbox, this might be the last chance we ever get
This would basically shory-circuit the EU’s open source strategy which is a cornerstone for efforts to reach some amount of digital sovereignty. It is especially incompatible with using Linux as a end-user or developer - taken at the letter, it would make Linux devices illegal because they are controlled by the user. It would also undermine security and confidentiadility of any digital communication, and would have bad effects for digital economic communications in any business settings:
Giving more control and legal means to surveillance agencies is just the wrong move in a time where extreme right parties are rising and right-wing movements are increasingly controlling governments. Abuse if this surveillance tech is not any more a hypothetical possibility, we can observe it in the US in real-time.
controlling end-to-end encrypted messages is only possible if either the keys/certificates are not secret (which is possible with TLS), or the software on the end-users device is not controlled any more by the user (but perhaps by law enforcement, or companies). This overturns the basis of any FLOSS software system where trust is based on transparency and user control.
age verification will typically done by a form of attestation, a highly problematic concept. Again, this would require to run software on the users device which can’t be controlled by him or her, which is deceptively called “trusted computing”. (Technically, age verification could be done by other means, but this is not what these proposals aim for).
in the world of public-key cryptography, which is what TLS , GnuPG, and most other modern systems are based in, encryption and digital signatures are nothing but two sides of the same coin: Who breaks encryption keys necessarily also breaks signature keys. This means it is not possible any more to sign software such as the Linux kernel, or Email clients, or browser packages. Or even banking apps or bootloaders for smart phones. Which means to give control away to the entities, groups or induviduals controlling these keys.
Ironically, this will make computing lot less safe, and also undermine trust in communication networks, because communication where we can’t be sure that the communicated symbols are genuine is for humans as worthless as the numbers on fake money. As a corollary, it is also bad for business: All business is based on some amount of trust. Would you do important business with somebody if the only communication channel you have available happens to be a messenger which is a compulsory liar?
To sum up, apart from being destructive to civil rights, this would have massive negative consequences.