Chat Control

[SHNAGFNAY]

In this video, which is in Swedish, these lawyers talk about Chat Control and other things.

Watched the video yesterday so I could have forgotten the details somewhat.

Chat Control in Sweden means that telephone and internet providers must save all data which get stored in a "pool" forever. Every sms, phone call or internet history. A program then flags content which stands out and a human (police?) look at it. From what I understand, but could be wrong, phone calls are saved fully.

Then they speak about wiretapping, and that now, or soon, the police can eavesdrop on anyone who isn't a suspect of any crime and for however long they want.

They go on talking about drugs and that one gram of any drug will give at least 6 months in jail. In comparison I think 150 grams of cannabis has been 2 months in jail up till now - so a significant difference there. I don't know what sentence larger amounts will be.

This hasn't been announced on TV and Radio as far I know.

 

[KJS]

This "Chat Control Bill" is a crazy thing. It should be outright rejected, because it is clear that people pusing for it aren't competent in the field. Far from it, they are plainly wrong about how things work (Ylva Johansson is in charge of that bill):

[Andreas Ericson] Can I just ask you one thing Ylva. If that happens, under this Bill, would you and I be able to have contact in the future, if, for example, you feel that you want to blow the whistle on the European Commission and contact Svenska Dagbladet under source protection regulations? And, would we also be able to have encrypted contact that the authorities are unable to read, with this Bill?

[Ylva Johansson] Yes, that goes without saying.

[Andreas Ericson] But if that’s the case, won’t all pedophiles use the same encrypted contacts? And then what’s been gained?

[Ylva Johansson] No, but the thing is – the only thing that, the thing that ... sexual abuse of children, pictures of such, is always criminal.

[Andreas Ericson] But if you and I will be able to encrypt our communications, then surely pedophiles will be able to encrypt theirs too?

[Ylva Johansson] If that material is shared, it may be that it is detected, that material.

[Andreas Ericson] But then, isn't it encrypted?

[Ylva Johansson] But it's not as if you are able to read someone's communication. And there are techniques to detect without breaking the encryption[1]. I think it's very important that we defend the possibility and the right to encrypted communication, but that does not mean that we should say that as long as we use encrypted communication, we will not take steps to apprehend child sexual abuse.

[Andreas Ericson] I'm a technology idiot, Ylva. This is how I understand it: if you send me pictures in encrypted documents, the authorities will not be able to read them. But if pedophiles send abuse images to each other, the authorities will be able to read them because there are technological solutions for that. That’s how I understand it; have I understood you correctly?

[Ylva Johansson] No, you haven’t. You can make a comparison. Because encrypted communication today is scanned by the companies. They scan all communications for viruses. [???!!! :D] So, if you’re on Signal, and you want to send me a link to an interesting Svenska Dagbladet article, when you start typing the address of the article, a picture of the article pops up, because they’re scanning it. And that’s to make sure you aren’t sending me any viruses.

[Andreas Ericson] Okay, you can see the image but isn't it encrypted? Karl Emil (opponent in the debate), would you like to come in here?

[Karl Emil Nikka] That's not even how Signal works. The way Signal works is that if you get a preview, it's because your Signal client, from your device, is taking a picture of the website and including it in the message that's being sent. Signal has no access to this information ...

[Ylva Johansson] But that's not what I’m saying.

[Karl Emil Nikka] You said that Signal works the way you said, which it doesn't.

1. There are no techniques to analyze ciphertext currently. There's homomorphic encryption that can do very simple zero-knowledge operations on ciphertexts, but that's the deal with encryption: nobody knows what the encrypted message is. You can analyze encrypted traffic, and see some patterns common for ex. BitTorrent protocol, but that's it. I bet she was thinking about scanning performed on a device by some operating system component like Apple was trying to introduce in iOS, but what does it have to do with chat?

THE EUROPEAN COMMISSION DOES NOT UNDERSTAND WHAT IS WRITTEN IN ITS OWN CHAT CONTROL BILL

Ylva Johansson is the EU Commissioner in charge of the Chat Control Bill. In recent days she has taken part in several interviews in Swedish media and also spoken in front of EU parliament members.

mullvad.net

As I understand, the implications of that bill, are that Signal or WhatsApp (Facebook) will be forced to drop end-to-end encryption and store the messages in an unencrypted form on the server. I guess for Facebook that would be very fortunate (better ad targeting), but this defies the whole business model of Signal, rendering them unable to provide services in the EU.
Of course, people will come up with a decentralized solution, without any providers, just a device-to-device ciphertext exchange. They'll not touch any encryption laws, because it's a can of worms for a legislator.
So it looks like a really dumb people trying to do "something good" and causing unnecessary confusion, or some kind of gaslighting.

 

[KJS]

It didn't take too long to demonstrate how this whole "chat control" nonsense could be evaded. There's a proof-of-concept project, KryptEY, which is a special keyboard for Android, that performs message encryption using Signal protocol (full, even with key agreement) via the clipboard. The ciphertext can then be sent using SMS or Facebook Messenger or other monitored means of communication (a letter!). So the only thing that can be done is to regulate encryption, but I doubt that there's someone insane enough that would even touch that subject.

KryptEY/demo.gif at master · amnesica/KryptEY

Android keyboard for secure E2EE communication through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE -...

github.com