As per my last blog post
You did not listen. To be honest, I doubt you read this, but still, you did not listen. Let’s try that again, in much clearer terms. In this blogpost, I will ommit any human rights and assume you are trying to ban encryption services with no regard for laws or my right to privacy.
What you want
You want to spy on all EU citizens. A foolish goal, to say the least. You gift-wrapped your proposal in a paper made of “Won’t anyone think of the children?!” and you think it’s going to work. You expect us to just bow down and let you in our devices, our personal lives.
I must say, protecting children is an admirable goal, but your method is equivalent to “Let’s stop people getting skin cancer by locking everyone in dark rooms forever.”
How you wish to go about this
You want to catch a tiny percentage of the population by undermining everyone’s privacy. You want companies like Signal, Whatsapp and Protonmail to give you a backdoor into their communication. This is not only dystopian as fuck (you have no business doing this), but also inherently insecure. Any backdoor, however legitimate it may be, will be abused, whether by nosy officials or malicious actors. It’s only a matter of time. You cannot call any system with a backdoor “bulletproof” because it simply cannot be.
“Oh, but we’ll use an AI to look for malicious behaviour!”
Okay, then how much do I get when your information leaks or I get unrightfully arrested because ChatGPT made an oopsie. AI will never be a silver bullet, either. It will make mistakes and then it is up to humans to figure out what went wrong. Your system will be put together with duct tape and spit, and will never be secure or functional.
Why your proposal is shit
Banning maths
In short, you’re banning mathematics. I own at least three books which talk about encryption. One of these has mathematical formulas detailing how to create ciphers which your computers would take decades, if not centuries to break. You are late to this party. You are fighting against 30 years of unhindered cryptographic progress, stronger ciphers, longer keys. You got nowhere near the manpower to fight against this. Even if you bully every company to give you access to their system, if it is set up properly, you will get nothing. Metadata is all you are going to see. If you bully them to use encryption you can decrypt, then it’s not encrypted, is it?
Encryption is not service-dependent
You are targeting companies. Signal, Whatsapp, Tutanota, Protonmail, whatever. What you fail to see is that these are companies using standards, not encryption itself. If you succeed in banning these companies from providing services, we will move elsewhere.
“But where? We banned all of them, what will you do to hide your messages now?!”
Look at the Twitter situation. People got pissed at Twitter for being unregulated and taking dumb steps, so they moved to other platforms that better serve their needs. Mastodon replaced Twitter for many, Lemmy replaced Reddit. Whenever something turns to shit, people move elsewhere. So I urge you, go on, ban Signal. We have Element, XMPP, PGP. These are standards, mind you, not companies. You cannot ban me from signing my family up to my own server which is end-to-end encrypted and that only I and people I love have access to. The best part? I can do this all in my own home network. I would rather be in charge of running my own comms than give you people the messages I send to my family.
Now, after I said all this, keep in mind that I’m not transmitting any extremely sensitive information. I am not doing this because I am doing something bad or illegal, this is all being done just to spite you. Now imagine what lengths someone will go to if they are actually doing something illegal or bad. The people you want to hunt down will be the first to run away. You may catch some dumb folk who don’t know any better, but anyone seriously interested in bypassing your regulations will easily do so.
Encryption is everywhere
You are reading this over HTTPS, an encrypted communication channel. This blogpost was uploaded to the server via SSH, an encrypted communication channel. You can access this website via Tor, a multiple times encrypted communication channel. Encryption is everywhere, even your own employees are advised to use Signal for their comms. You are at the very least hypocritical, at most absolutely fucked in the head.
Not everyone is a terrorist
Your laws are meant to target terrorists and perverts. Are you willing to throw everyone else under the bus? Or will you go the route France went and describe anyone who doesn’t like Google, Apple, Facebook, etc. to be a terrorist? If so, your definition will soon include millions of people who just don’t want to be spied on.
What you will accomplish
Now, I am not going to slam you all the time. There are some positive outcomes for us, the people, that you will accomplish if your bullshit laws go into effect. These outcomes may not seem positive for you, but they are for me.
Killing data silos
You will probably ban Signal, because they will refuse to comply.
Meta will probably comply and hand you all the data they have.
What will this accomplish? Any service that complies will be a huge red flag. Your entire plan relies on the fact that people will be too lazy or dumb to move away. We are not that lazy. Sure, some will remain, but people are starting to care more about their privacy. Do you honestly believe people you want to hunt will be too lazy or dumb to move away? If they were that lazy, they wouldn’t rely on encrypted services in the first place and share their loot over yahoo mail.
Are you honestly that delusional to believe people with everything to hide will stay and wait to get caught? What are you smoking?
I am grateful to you for that. What Zuck’s leaks and Musk’s bullshit policies couldn’t do in months, you may accomplish overnight.
Raising awareness
Your policies and laws will only work if people are completely unaware of what you are doing. Unfortunately, many NGOs and individuals are already pointing out your nonsense. You have already failed your first and only chance to keep this out of sight. Furthermore, a gag order will probably not stop any company that cares about privacy of their users. They will either pack up or call you out on it.
You have not only put privacy in the spotlight of public discussion, you have shown your true colours. You are a draconian government that does not care about the privacy of its people. You deserve no trust from your people. If government employees are advised to use Signal, why shouldn’t the people have the same privileges?
In closing
Your proposal is dumb. France fucked up and showed that anyone running non-stock Android and caring about their privacy is a potential terrorist. You cannot ban maths. PGP is still strong enough and for a few more years, it will be. After it breaks, something new will come up and we will still have privacy.
Fuck you. Again.