France is about to pass the worst surveillance law in the EU. We must stop them now! | Tuta
tuta.com
An amendment to the “Narcotrafic” law is moving to the French National Assembly. Remind your legislators that a backdoor for the good guys only is not possible.
  • Uriel238 [all pronouns]@lemmy.blahaj.zoneEnglish
    6·
    7 hours ago

    The eventual outcome of this sort of thing is more widespread use of steganographic data storage schemes. We already have plenty, such as ones that make your data look like unused LTS blocks of garbage and code blocks with multiple hidden partitions, so that you can open one block showing pedestrian data and the court unable to prove there are other hidden blocks.

    These are technologies that already exist for those people who are really interested preserving their renegade data.

    But if I own a business and I don’t want my rivals reading my accounting, and open crypto is illegal, I may go stegan whether or not I have secret slush funds.

  • sapetoku@sh.itjust.worksEnglish
    71·
    8 hours ago

    France is a police state in which citizens are all suspects. Cryptography was illegal until 1996 outside of government/military use and it’s one of the worst countries for any hobbyist who needs to use radio frequencies, fly stuff around or even mere street photography. This law will make it easier for the government to crackdown on anyone using encrypted messaging as a pretext to arrest them or put them under surveillance.

    Note that the current interior minister and his predecessor both are vile fascist scum.

  • index@sh.itjust.worksEnglish
    271·
    14 hours ago

    The government is not your friend, we are ruled by power tripping authoritarian rulers. They are using security and defense as a pretext to abolish your rights. You can solve the narcotraffic problem by simply legalizing drugs, they are going after encryption for something else, they want to control everything and everyone.

  • Quik@infosec.pubEnglish
    1821·
    20 hours ago

    “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say”

    Snowden

    • rottingleaf@lemmy.worldEnglish
      1·
      4 hours ago

      It is not different and both are done. If you’ve met people of that worldview (thieves, relatives of bureaucrats, bureaucrats themselves), they really have nothing to say directly, they talk in subtle (they think) hints and subtle (they think) threats.

    • SlopppyEngineer@lemmy.worldEnglish
      38·
      16 hours ago

      And the things that are perfectly okay today might be the things you want to hide tomorrow. Abortions and pregnancies, thoughts about labor rights or climate, sexual orientation, …

    • floofloof@lemmy.caOPEnglish
      42·
      18 hours ago

      I expect many people might read this and think “yep, fair enough, I have nothing to hide and nothing to say” and still not understand why either privacy or free speech are valuable.

  • RobotToasterEnglish
    79·
    19 hours ago

    It feels like the UK and France are in a competition to see who can steamroller their peoples’ rights the fastest.

  • gedaliyah@lemmy.worldEnglish
    1471·
    21 hours ago

    The only thing that can stop a bad guy with access to my private phone data is a good guy with access to my private phone data. /s

    • rottingleaf@lemmy.worldEnglish
      2·
      4 hours ago

      They only thing that can stop a bad guy with surveillance fetish is the same bad bad guy with suddenly found exhibitionism fetish. OK, that’s not new, see “Enemy of the state” movie.

      • riot@lemmy.worldEnglish
        25·
        18 hours ago

        In the same vein, with my family I’ve been using the analogy of “Imagine that all law enforcement had a key to your home, and they could enter at any time and look through your things, but you wouldn’t even know it if they did, or if they took photos or recorded videos of your place to take with them. Their argument is that the only way to keep you and your stuff safe from the bad guys is for the good guys to have access. But because the good guys now have access, it’s also easier for the bad guys to get in, because now there’s all these extra keys to your home out there, which might fall into the hands of the bad guys.”

        Not a perfect analogy, but it seems to make them consider the issue from a more personal angle. And for those that argue, “Well, I don’t have anything to hide.”, I usually counter with “Then why do you close your curtains/blinds when you change your clothes or get out of the shower?” With my dad who grew up during the World War II, it also helped to mention that a law like this, once on the books, will not be easy to overturn, and while he might be fine with our current regime having access to all his data, that might not be the case with future authorities.

        • floofloof@lemmy.caOPEnglish
          6·
          18 hours ago

          Instead of extra keys, perhaps describe it as weaker locks. Would you consider the lock to which every cop had a key to be as strong and secure as a regular lock? And look at the USA for an instance of a new regime that can potentially use vast amounts of personal data to persecute and oppress anyone the fascists don’t like. Many people might have (naively) trusted the government with the surveillance Edward Snowden and others revealed, back when they did not perceive the US Government as an immediate threat to ordinary Americans. But the new regime quite clearly is ready to persecute and punish people for their political views, their race, their gender or their sexual orientation, and it now has all that data.

          • Reyali@lemm.eeEnglish
            2·
            9 hours ago

            I’d combine both metaphors: police have keys and deadbolts are banned.

            The “good guys” CAN get in, and the bad guys can easily break in.

          • ilinamorato@lemmy.worldEnglish
            13·
            17 hours ago

            I’m not the person you’re replying to, but “weaker locks” feels like something you can make allowances for or work around. “Extra keys” feels like the Damoclean threat that it is.

  • zephorah@lemm.eeEnglish
    50·
    19 hours ago

    Signal, Tuta, Proton. And that Apple bullshit.

    This push to know everything about everyone is outrageous, expected, and depressing.

      • zephorah@lemm.eeEnglish
        5·
        12 hours ago

        Luigi wasn’t talking with anyone. None of this would’ve helped them with him.

        • SacralPlexus@lemmy.worldEnglish
          6·
          12 hours ago

          I think you’re falling into the trap of making a good faith argument when the people pushing to destroy encryption are not.

  • Yingwu@lemmy.dbzer0.comEnglish
    401·
    19 hours ago

    A reminder that the people voting for these laws do not understand technology. They don’t get it. Yes, this law sucks, but even if it passes, I’d be really surprised if it was actually enforceable.

    • cley_faye@lemmy.worldEnglish
      7·
      15 hours ago

      The law is enforceable. If the options you’re given is “put a backdoor in your product or stop operating in the country”, it’ll happen. And even if you reply “then I’ll go away”, laws like this, stupid, dangerous, breaking everything, will keep popping in one country after another until it’s too late.

      It not making sense have no bearing on whether it can be enforced or not. And the mere existence of the law may be enough to later put you in hot water if you have some de-facto illegal software on your phone or computer, for example. It would not be automatic everywhere, but another tool to just legally have something against most people.

    • floofloof@lemmy.caOPEnglish
      13·
      18 hours ago

      It could be enforced for the majority of people just by blocking the download of non-backdoored software from well known sources. And then for the relatively few tech-literate types who still obtain and use E2EE messaging software, the government will have a ready way to prosecute you whenever you do anything inconvenient, or look like you might do something. So it can be a serious problem even if it can’t technically be enforced for everyone.

    • fuzzzerd@programming.devEnglish
      5·
      17 hours ago

      That’s being too generous. Some may not fully understand, but many do and simply don’t care. Not sure if better or worse, but its not entirely lack of understanding.

  • Ulrich@feddit.orgEnglish
    121·
    17 hours ago

    Its funny, I’m watching this show called Prime Target and basically the NSA is trying to prevent people from figuring out some sort of mathematical equation that would instantly break all encryption and talking about how it would be the end of the world as we know it.

    Meanwhile the EU is forcing everyone to put in an express lane IRL.

    • floofloof@lemmy.caOPEnglish
      10·
      18 hours ago

      I haven’t seen that show, but it sounds like it has a basis in reality: there has been a real concern that quantum computers might be able to break much of current encryption because they are far quicker than classical computers at problems like finding the prime factors of a number, and widely used schemes like RSA encryption depend on that being hard to do. And that could be fairly catastrophic, not only for current communications and for data encrypted at rest, but because communications data can be collected now and decrypted later when the technology becomes available. As far as we know, no one has done it yet, but quantum computers are developing rapidly so the day may well come. So there’s a reason to move to encryption algorithms that are hard for quantum computers, even before such computers become a practical reality.

      • Ulrich@feddit.orgEnglish
        21·
        18 hours ago

        They do talk about quantum computing in the show in a different context, saying it’s still a decade away. Their tech has something to do with Prime numbers (hence the title).

        But also several companies already advertise “quantum resistant encryption” for whatever that’s worth.

    • exu@feditown.comEnglish
      2·
      17 hours ago

      I’m no cryptographer, so take this with a good heap of salt.

      Basically, all encryption multiplies some big prime numbers to get the key. Computers are pretty slow at division and finding the right components used to create the key takes a long time, it’s basically trial and error at the moment.
      If you had an algorithm to solve for prime numbers, you could break any current encryption scheme and obviously cause a lot of damage in the wrong hands.

      • patatahooligan@lemmy.worldEnglish
        4·
        10 hours ago

        Basically, all encryption multiplies some big prime numbers to get the key

        No, not all encryption. First of all there’s two main categories of encryption:

        • asymmetrical
        • symmetrical

        The most widely used algorithms of asymmetrical encryption rely on the prime factorization problem or similar problems that are weak to quantum computers. So these ones will break. Symmetrical encryption will not break. I’m not saying all this to be a pedant; it’s actually significant for the safety of our current communications. Well-designed schemes like TLS and the Signal protocol use a combination of both types because they have complementary strengths and weaknesses. In very broad strokes:

        • asymmetrical encryption is used to initiate the communication because it can verify the identity of the other party
        • an algorithm that is safe against eavesdropping is used to generate a key for symmetric encryption
        • the symmetric key is used to encrypt the payload and it is thrown away after communication is over

        This is crucial because it means that even if someone is storing your messages today to decrypt them in the future with a quantum computer they are unlikely to succeed if a sufficiently strong symmetric key is used. They will decrypt the initial messages of the handshake, see the messages used to negotiate the symmetric key, but they won’t be able to derive the key because as we said, it’s safe against eavesdropping.

        So a lot of today’s encrypted messages are safe. But in the future a quantum computer will be able to get the private key for the asymmetric encryption and perform a MitM attack or straight-up impersonate another entity. So we have to migrate to post-quantum algorithms before we get to that point.

        For storage, only symmetric algorithms are used generally I believe, so that’s already safe as is, assuming as always the choice of a strong algorithm and sufficiently long key.

  • String@lemmy.caEnglish
    15·
    20 hours ago

    If this is passed, would this only apply to people in France? Like Signal and WhatsApp, etc, could they make a different version of the app / backend that’s unencrypted just for them? Is that even possible? I can’t imagine Signal adding a backdoor for everyone in the world.

    Or would they just outright pull their software / apps from being used in France? But then what’s stopping someone in France from sideloading the app and using a VPN?

    • Ellatsu@lemmy.worldEnglish
      31·
      19 hours ago

      Signal has already threatened to pull out of both Australia and the UK when they were talking about passing similar laws.

      • EngineerGaming@feddit.nlEnglish
        8·
        18 hours ago

        This is yet another way tying accounts to phone numbers can come back to bite you! I guess pulling out means denying registration from the country’s numbers as well? So that would mean either a constant additional expense (which might be significant for poor people), or constantly risk getting the account deleted if you tied it to one-time rental.

    • cley_faye@lemmy.worldEnglish
      5·
      14 hours ago

      It is possible to do, to some extent. Everything’s possible. But then, when people that are on both side of this encryption barrier wants to talk, then both must use unencrypted messages. You’d also have the obvious case of someone having a phone/device/account from country A temporarily crossing through country FuckingFranceOrUK, so what do you do in that case?

      You’d need to implement that, add UI features to know if you’re using encryption or not, and above all, it’s fucking stupid and against what most sane messaging solutions wants to do.

      I’m sure it’s possible to find people that would gladly do all that. Hopefully those people are not in the business of making all the useful communication services we currently use.

    • Zak@lemmy.worldEnglish
      9·
      18 hours ago

      But then what’s stopping someone in France from sideloading the app and using a VPN?

      The need for a phone number and SMS verification to create an account. Signal should do something about that.

      There are ways around that, but the goal isn’t to stop everyone from using E2EE; it’s to make E2EE non-mainstream.

      • floofloof@lemmy.caOPEnglish
        8·
        18 hours ago

        Nothing technically stops you. But if the government can prove you have been using Signal, all of a sudden you can be in a lot of trouble. This could be used for political oppression. Plus, the fewer the number of countries allowing E2EE, the less incentive there is to make or distribute such software. As it becomes harder to find, most people will end up using sanctioned, backdoored software, which makes the few that don’t stand out even more.

        • Zak@lemmy.worldEnglish
          7·
          18 hours ago

          I don’t think the current proposal in France sanctions individuals for using E2EE; it sanctions service providers for providing it.

  • archonet@lemy.lolEnglish
    31·
    14 hours ago

    not at all arguing this is okay, not even a little

    but

    If you are the French government, and you know what the French populace has a history of doing to the French government, it would be understandable to want to keep your eye on them, no?

    again. It ain’t cool. But I’m honestly surprised they didn’t hop on the “intrusive surveillance” bandwagon sooner, like, as soon as mass surveillance became feasible, and have the privacy laws they do.

  • RegalPotoo@lemmy.worldEnglish
    613·
    13 hours ago

    So I’m going to get down voted to hell for this, but: this kind of legislation is a response to US tech companies absolutely refusing to compromise and meet non-US governments half-way.

    The belief in an absolute, involute right to privacy at all costs is a very US ideal. In the rest of the world - and in Europe especially - this belief is tempered by a belief that law enforcement is critical to a just society, and that sometimes individual rights must be suspended for the good of society as a whole.

    What Europe has been asking for is a mechanism to allow law enforcement to carry out lawful investigation of electronic communications in the same way they have been able to do with paper, bank records, and phone calls for a century. The idea that a tech company might get in the way of prosecuting someone for a serious crime is simply incompatible with law in a lot of places.

    The rest of the world has been trying to find a solution to the for a while that respects the privacy of the general public but which doesn’t allow people to hide from the law. Tech has been refusing to compromise or even engage in this discussion, so now everyone is worse off.

    • Uriel238 [all pronouns]@lemmy.blahaj.zoneEnglish
      4·
      7 hours ago

      It sounds like you haven’t observed the conversation.

      And it’s not the tech companes so much as the Linux community who have pushed for e2e.

      Considering how many abuses (pretty clear violations of the fourth amendment to the Constitution of the United States) have been carved out by SCOTUS during mob investigations and the International War on Terror, no, the people of the US want secure communication. The law enforcement state wants back doors and keep telling tech folk to nerd harder to make back doors not already known to industrial spies, enthusiast hackers and foreign agents.

      You’re asking for three perpendicular lines on a plane. You’re asking for a mathematical impossibility.

      And remember industrial spies includes the subsets of industries local and foreign, and political spies behind specific ideologies who do not like you and are against specifically your own personhood.

      • RegalPotoo@lemmy.worldEnglish
        1·
        4 hours ago

        This is exactly the sort of argument I was talking about

        • The forth amendment counts for less than the paper it is written on outside the bounds of the US
        • Most of the rest of the world has laws requiring companies that operate in their jurisdiction - even if they aren’t based in that country - to prove access to law enforcement if requested
        • If complying with the law is truly actually impossible, then don’t be surprised if a country turns around and says “ok, you can’t operate here”. Just because you are based in the US and have a different set of cultural values, doesn’t mean you get to ignore laws you don’t like

        To illustrate the sort of compromise that could have been possible, imagine if Apple and Google had got together and proposed a scheme where, if presented with:

        • A physical device
        • An arrest warrant aledging involvement in one of a list of specific serious crimes (rape, murder, csam etc)

        They would sign an update for that specific handset that provided access for law enforcement, so long as the nations pass and maintain laws that forbid it’s use outside of a prosecution. It’s not perfect for anyone - law enforcement would want more access, and it does compromise some people privacy - but it’s probably better than “no encryption for anyone”.

    • Steve Dice@sh.itjust.worksEnglish
      10·
      12 hours ago

      I can invite someone over to my house and talk about anything I want with no risk of government meddling. Why should it be any different in online communication regardless of the country?

      • SoleInvictus@lemmy.blahaj.zoneEnglish
        4·
        12 hours ago

        Continuing the analogy, government agencies can absolutely eavesdrop on in-person conversations unless you expend significant resources to prevent it. This is exactly what I believe will happen - organized crime will develop alternate methods the government can’t access while these backdoors are used to monitor less advanced criminals and normal people.

        • Steve Dice@sh.itjust.worksEnglish
          1·
          5 hours ago

          Spending significant resources to prevent it is exactly what encryption is. What the government wants is to completely eliminate online private communication. Continuing with the analogy: you want telescreens.