EU Commission refuses to disclose authors behind its mass surveillance proposal

High-Level Group (HLG) recommendations:

https://home-affairs.ec.europa.eu/document/download/1105a0ef...

11. "The creation of a platform (equivalent to SIRIUS51) to share tools, best practices, and knowledge on how to be granted access to data from product owners and producers. Building further on SIRIUS, this should be expanded to include hardware manufacturers in its mandate and to create and map law enforcement points of contact with digital hardware and software manufacturers."

22. "Developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure, in order to implement lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security."

26. "Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users as well as without weakening or undermining the security of communications."

I could quote the entire PDF but it's too long. In short, they want to expand surveillance on all fronts and mandate backdoors both in software and hardware. Read the PDF.

they're still saying the old thing about accessing encrypted data and protecting privacy while it's obvious that it wouldn't be possible to access encrypted data and for that data to still be "secure" at the same time

Out of curiosity, despite its flaws and setbacks, what countries or organizations are in a better position to lecture others on those matters?

Russia? China? Iran?

The European court of justice could still deem such practice to be unlawful

>founded on core values including respect for human dignity, freedom, democracy, equality, the rule of law, and respect for human rights

For that reason it would be more embarrassing than anticipated if the authors were disclosed . . .

Also: "Going Dark expert group – EU's surveillance forge" https://www.patrick-breyer.de/en/posts/going-dark-expert-gro...

> The EU Commission is hiding the participants of the #EUGoingDark group meetings. I have requested lists of participants several times, but so far have only received completely redacted documents. (My Toot on Mastodon.) All that is known is that police forces and secret services are represented. Despite the highly sensitive topics in terms of data protection and fundamental rights, the EU Data Protection Supervisor only has the status of an observer. NGOs are not allowed to take part in the group’s meetings. While fundamental rights are muted, the #EUGoingDark group is planning to influence the EU Parliament with targeted surveillance PR.

To make things worse, Denmark will take hold of the Presidency of the Council of EU from July to December. They are one of the main forces behind Chat Control.

> the efficacy on the data provided by thorn, but we don't have any actual information about the trustworthyness of this claims

Why would we doubt these claims? North Korea, China, (Soviet) Russia, all of them were and are very effective at using surveillance against their population. Feel free to expand the examples, the list is not meant to be exhaustive.

See, the thing is, the reason that they want privacy for what they do, we want privacy for the exact same reason.

People in less developed countries are already more free. Some of their governments would like to or do push for laws like this but the infrastructure or power to force international companies to implement it is not there.

Not if they're importing American tech stuff: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...

You reminded me of "Consciousness Explained" [0], where Dennett makes a metaphorical distinction between the Orwellian and Stalinesque approaches, such that in the former, "wrong things" are allowed to happen and are then reconciled by changing history, while in the latter, everything is enforced and handled on the spot, before wrong information ever reaches the news [1]. I am concerned that we're headed into both dystopias at the same time, with some countries going further into the Stalinesque approach.

[0] https://en.wikipedia.org/wiki/Consciousness_Explained [1] https://en.wikipedia.org/wiki/Multiple_drafts_model

Yes, it's interesting that whilst they're not happy with Trump's version of authoritarianism, rather than moving in the opposite direction, they've just decided to switch to a parallel track.

that's the right question to be asked.

extreme capital concentration breeds this, and we had it happen everywhere.

There’s never a shortage of people who lacked a strong father figure and latch on to government authority to meet that psychological need.

Now that we have institutions devoted to spying on people and justifying it, there's no way this is going away through the normal mechanisms of government. You need to kill these things in their infancy or people accept them as normal. Folks working at the institution are invested in preserving it, and those jockeying to join the institution are incentivized to be more zealously bought in to the value of spying in the first place.

They will complete each other. Large websites and apps will be forced to implement age verification and thus your online identity will be tied to your real identity. No privacy from government spying and the end of anonymous accounts.

I don't see the connection. It's true, as others say, that extremist's use of surveillance tool poses the greatest danger, but the desire to monitor the population is present across the political spectrum. Since you mention Wilders: the centrist, and most liberal Dutch party D'66 actually supported a surveillance "drag net" for the Dutch intelligence services.

As a data point, the largest political parties in Norway (Arbeiderpartiet / Høyre), are now both seeking to introduce age limits backed by national BankID login systems to access social media, which would be a massive invasion in the right to privacy online.

The same parties voted in 2011 to introduce mass data storage, where all international internet traffic can be stored and kept for 6 months by the state.

I see no reason to believe that either party would protect the right to private communication or internet use.

Is Ursula von der Leyen "extreme right"? Because it was her (and her commission) who established the group responsible and it was the commission's decision to not disclose its members.

Yeah, I don't think enough of the centrists consider the question of how intrusive state powers might be used by a far-right government. Despite having several demonstrations at the moment.

I don't think the extreme right is pushing this. They are typically anti-EU.

I speculate that this is a result of centrist/neoliberal establishment wanting to solidify control.

The extreme right is typically using failures like this as a political attack vector.

[flagged]

I tried that with my MEPs on the Copyright Directive. Nearly all of them replied with parrotted talking points from the EU Commission, as opposed to any kind of understanding of the issues I raised.

At the end of the day, EU Parliament representation is dilute and indirect. Unlike the democratic systems of most nations, elected EU parliamentarians cannot originate any new law. Only appointed (unelected) individuals within the EU Commission/Council can do so, behind closed doors if it suits them.

MEPs are on a lucrative gravy train and they generally don't want to rock the boat. If the Commission doesn't get a "yes" from Parliament, it simply makes superficial amendments and retries Parliament until the "yes" is received.

With the Copyright Directive, after a "no" vote in Parliament in 2018, the Commission literally put the same contentious articles (11 and 13) back in again for the second vote - this time under different article numbers (15 and 17), so all the public activism and criticism linked to the original article numbers would be orphaned. MEPs voted "yes" the second time, like the good, obedient MEPs they are.

There's always a joker somewhere :-)

Try calling up, E-mailing or anything else with Dutch politians. No one will talk to you, answer your E-mails, allow you to call them. They make themselves unreachable.

Representatives don't care as much as you'd like them to, unfortunately.

Tried that with MEPs for my country of Denmark: no reply.

I’m sure they will have a good laugh. At your email I mean. They won’t pick up the phone.

They know. It's just their smugness telling them they will always be in power since they're the good guys and good guys prevail.

They think they're far too clever to let that ever happen, so the tyranny (not that they'd call it that) of technocratic managerialism that they're pushing will never let other tyrants rise again. They also tend to buy into an "end of history" thinking that says the Smart People have figured out how to solve all the problems, so the only challenge is getting the dumb citizens to go along with it, or keeping them sated and sedated until it's too late for them to get in the way.

Well, I think they're implementing it because they are the mad men!

Sometimes what passes for "leadership" is "kind of" disappointing.

And when too many blind followers arise it can really get out of hand.

Exponential disappointment can be one ofthe most ominous things . . .

Thank you for that link. I just left my statement there.

The main flaw is the enforced duopoly of iOS/Android for everyones favorite personal surveillance assistant. The secondary flaw is centralized control over transport layer access (internet really isn't decentralized anymore). And the last flaw is proprietary hadrware that controls the OS and transport layer access.

A technology based solution will only get you so far. You cannot win against people who control the law. What will you do when they decide to outlaw all VPN-like technology?

> Are authors of proposals usually hidden?

No and if they are not mentioned, you can request the participants via an information request. The Commission has failed at both. See my other comment https://news.ycombinator.com/item?id=44168505

In a way. The UK has long waged war against encryption, mandating backdoors and weaking security of people. There's no doubt they would salivating over these proposals and voted for them.

"45 organizations and cybersecurity experts sign open letter expressing concerns with UK’s Online Safety Bill" https://www.globalencryption.org/2022/04/45-organizations-an...

"UK Government Denies U-Turn on Plan to Scan Encrypted Messages" https://www.macrumors.com/2023/09/07/uk-government-plan-scan...

"UK’s secret Apple iCloud backdoor order is a global emergency, say critics" https://techcrunch.com/2025/02/10/uks-secret-apple-icloud-ba...

The UK has implemented measures much more draconian than what this working group is even considering at the moment.

Perhaps it was a good idea, seeing as the UK was often a major supporter of plans like these, and that they are now no longer a threat to EU citizens, but Brexit certainly won't protect you if you're a UK citizen.

are we pretending the UK isn't a pro surveillance state?

> In North Korea, your phone secretly takes screenshots every 5 minutes for government surveillance

Context: Under the EU's Chat Control proposal, your private messages (Signal, WhatsApp etc) will be scanned by an on-device AI agent. The current debate is around scanning images and videos but the original proposals called for analyzing all text too (I wish I was joking).

Nitpick: doublethink is not about language, it's about keeping two contradictory ideas in one's mind and thinking them both true ("war is peace").

This is just plain "surveillance is bad when bad people do it, not when good people do".

If it helps: the EU ones are still just proposals (likely to ve struck down by courts), the north korean surveillance is already active(?)

It's surreal and dismaying to see such a bogus comment at the top, especially since the BBC video about the North Korean phone is free of judgement, while they (and many other Western news) do report on Western surveillance critically, e.g. they called the Microsoft screenshots a "privacy nightmare" right in the headline...

There is this scene from the movie Dark Waters that stuck in my head [0]

[0] - https://www.youtube.com/shorts/Zoxxd6gM3oU

Actually,reporting on NK or China's surveillance is usually because they are geopolitical adversaries not because they are dystopian. So to think that the EU cares about freedom or privacy is to be naïve

> for the things the EU bureaucracy is doing,

While I agree with the rest of your comment, it doesn't make sens to talk about “bureaucracy” here, the Commission isn't a “bureaucracy” (which means unelected civil servants), and more like a government (the commission is proposed by head of European states and approved by parliament).

That doesn't change anything to the problem though, Western democracies have been doing creepier and creepier stuff year after years when it comes to mass surveillance.

It's not surreal, just human nature. Most people are not guided by principles. It might not even be that, but some people purposely have bad intentions and gaslight objections, and most of the rest are not interested to object and simply can't be bothered as long as their basic needs are met. If the answer to Stasi like espionage of citizens is outrage, but otherwise not because you have nothing to hide, then I conclude most people are content with living in a cage, as long as it's made of gold.

You don't get it - in north korea is brutal dictatorship that oppresses their citizens. EU commission is fighting hate, discrimination, racism and disinformation. And protecting the children too.

I really feel like we'd all be better off if Manufacturing Consent [1] was required reading.

The media is complicit in pushing domestic and foreign policy, is selective in what it covers and how it covers it and intentionally uses very different language to describe the exact same thing (eg [2][3]).

I generally agree that what the DPRK does and what Europe (or the US) does isn't really that different. Dig a little deper and look at the role the West played in creating the DPRK and the intentional starving (ie economic sanctions) we enacted, just like in Iraq, Iran, Syria or Venezuela.

European (and US) history of the last century is the neoliberals siding with fascists to quash anything communist or communist adjacent (eg labor unions). Germany might've lost the war but Nazism won. Whatever you do, don't look too deeply into the background of Adolf Heusinger [4] who was made the Chairman of the NATO Military Committee.

[1]: https://en.wikipedia.org/wiki/Manufacturing_Consent

[2]: https://x.com/trtworld/status/1785959608168731091?lang=en

[3]: https://www.middleeasteye.net/news/war-gaza-how-media-langua...

[4]: https://en.wikipedia.org/wiki/Adolf_Heusinger

>There's no daylight between North Korea's "dystopian reality" [sic] of capturing random screenshots of user devices, and the EU's mandatory data retention concept.

This is nihilistic BS and false equivalence.

EU commission's retraction can be challenged in the courts if it's not allowed.

This is nothing new. Most legislation is passed via trilogues, where EU institutions debate and negotiate laws behind closed doors with little to no public scrutiny. Once trilogue negotiations are completed, the law is quickly rubber-stamped within a few weeks leaving little time for the public to interfere.

It's always been this way. Here's an article from 2017 complaining about "secret law making taking over Brussels":

https://euobserver.com/institutional/136630

Jean-Claude Junker, despite his flaws, was one of the most honest heads of the EU Commission. He had this to say on the matter of secret lawmaking in 2011:

"I'm ready to be insulted as insufficiently democratic, but I want to be serious. I am for secret, dark debates."

... and in 2007 ...

"Britain is different. Of course there will be transfers of sovereignty. But would I be intelligent to draw the attention of public opinion to this fact?"

Other EU leaders said similar things at the time (in the context of the Lisbon Treaty):

“Public opinion will be led to adopt, without knowing it, the proposals that we dare not present to them directly” … “All the earlier proposals will be in the new text, but will be hidden and disguised in some way.” (Valéry Giscard d’Estaing)

“They decided that the document should be unreadable. If it is unreadable, it is not constitutional, that was the sort of perception… Should you succeed in understanding it at first sight there might be some reason for a referendum, because it would mean that there is something new.” (Giuliano Amato)

This is certain to be illegal though.

The previous data retention directive was found to be incompatible with EU human rights law and was annulled. What is scary is that they're still trying, as if though this would bypass it.

It reminds of their repeated adequacy decisions on EU-US data transfers.

I have been thinking the same for months.

EU citizens are giving way too much power to those people in Brussels.

That institution is getting power hungry.

Hardly. Abuse of power is easier the smaller the community in which it happens. Corrupting politicians on state level is much easier and buys you more power per pound than doing the same on EU scale. I much rather have ministers in Brussels decising my futures than the ones in the country I reside in.