It's the ability to surveil traffic from/to a clearly identified party, upon a judicial order for specific reason, for a limited time.
ChatControl, on the other hand, is mass interception. I'm against it. Most people in the EU are against it. But to prevent things like ChatControl coming up over and over again, a basic tool to combat Internet crime is required.
The problem we have is that was OK when someone had to actually listen in or you had to have a tape recorder connected up to every line you want to tap, or physically open individual letters.
Now we have found “lawful intercept” can easily just become mass surveillance, and not just by the people who are meant to use it but other parties too. We saw this with CALEA which was used by China (and who knows who else) for espionage and spying for years before anyone realised.
You make a system for the “good guys” and it always turns out adversary, criminal groups etc. will gain access, even if the “good guys” don’t start acting like bad guys themselves.
Technology made mass surveillance easy, so every lawful intercept becomes mass surveillance as well as vulnerable to scammers, criminals and foreign intelligence.
And we don’t have any way of making lawful intercept possible without that unfortunately.
From what I know this basic tool already exists. In the US, the government can just ask any old company for their data and they have to give it up, just like they would their mail or their physical locations. I'm assuming the rest of the West has similar tools, warrants of some kind.
The problem is nobody uses them to combat crime on the internet. They use them for stupid shit usually or stuff that involves lots and lots of money.
We're jumping the gun here. We already have a fire bomb, and we're not using it, but we're going ahead to developing the nuke. Makes no sense.
We're talking about end-to-end encrypted data here. It doesn't matter if LE have the company's data because it's just a scrambled mess. They don't have the keys to decrypt it. They only exist on the users' devices.
Chat Control seeks to execute on each and every device before/after encryption so it has access to the data pre/post encryption.
Sigh. We already have a mechanism to get the data off the devices.
If the servers don't have it, what do you do? You go to the end points, you issue a warrant, and there's your unencrypted data.
What if they don't wanna do that? I don't know, that's out of scope.
People refuse warrants all the time. You know what we DON'T do? Say, "fuck it" and no longer require warrants.
Again, let's look at good old mail. I can encrypt mail. I can write in ciphers.
Okay, now FedEx gets a warrant. They give me the mail. I can't read it. Uh oh. What do I do? I go to the sender and recipient, and I issue warrants. Problem solved.
That's how we do things, that's how weve always done things, and that's the only reasonable way to do things. We don't say "hey post office, open up every letter and read it. And if it sounds suspicious, tell us". We don't do that.
Okay, so everyone understands that and there's no confusion. When we go online, suddenly there's confusion. Is it confusion, or is the confusion a viel for authoritarian?
Lawful interception is not "mass intercept."
It's the ability to surveil traffic from/to a clearly identified party, upon a judicial order for specific reason, for a limited time.
ChatControl, on the other hand, is mass interception. I'm against it. Most people in the EU are against it. But to prevent things like ChatControl coming up over and over again, a basic tool to combat Internet crime is required.