The linked PDF is an open letter undersigned by many scientists.
> Last year, many of us wrote to you to highlight some of the dangers in the European
Commission’s proposed eIDAS regulation. After reading the near-final text, we are deeply
concerned by the proposed text for Article 45. The current proposal radically expands the ability
of governments to surveil both their own citizens and residents across the EU by providing them
with the technical means to intercept encrypted web traffic, as well as undermining the existing
oversight mechanisms relied on by European citizens. Concretely, the regulation enables each
EU member state (and recognised third party countries) to designate cryptographic keys for
which trust is mandatory; this trust can only be withdrawn with the government’s permission
(Article 45a(4)). This means any EU member state or third party country, acting alone, is
capable of intercepting the web traffic of any EU citizen and there is no effective recourse. We
ask that you urgently reconsider this text and make clear that Article 45 will not interfere with
trust decisions around the cryptographic keys and certificates used to secure web traffic.
Article 45 also bans security checks on EU web certificates unless expressly permitted by
regulation when establishing encrypted web traffic connections (Article 45(2a)). Instead of
specifying a set of minimum security measures which must be enforced as a baseline, it
effectively specifies an upper bound on the security measures which cannot be improved upon
without the permission of ETSI. This runs counter to well established global norms where new
cybersecurity technologies are developed and deployed in response to fast moving
developments in technology. This effectively limits the security measures that can be taken to
protect the European web. We ask that you reverse this clause, not limiting but encouraging the
development of new security measures in response to fast-evolving threats.
Anything except self-governance, is an abuse. It abuses those who have been taught to go along with this external governance by those running the governance system. Its all it ever was, all it can ever be. There is no social contract, its all abuse. Legalised theft to put in roads, or remove them, as at present.
If some people want to work together, to opt-in voluntarily to do this or that, as long as it doesn't harm another - then great. To have this immoral monolith writing laws that no one can justify, is ridiculous. All pretence of legitimacy is gone, it is simply about control.
The above is not a political argument. It is a moral one. What circumstances allow one to forcibly extract from another and steal 40% of their work, or worse and then have the gall to call itself "good"? How big does a gang have to be to gain rights than an individual does not have? No one would think it "right" that I demand 40% of their income! Government is just an extractive mafia system that attempts to pose as the "best we've got", whilst using force to knock down any alternative possibilities of management.
An interesting philosophical argument, though it's probably been made tens of thousands of times on HN, at least. Including the obvious arguments and counter-arguments, could you boil it down to what's new?
> IDK what's new, but I'm 100 percent in agreement
I'll just say this part, then: IMHO that's always the wrong position to be in. We all desire logical consistency, but we don't ever get it. No theory even approaches 100% depiction of reality.
> The above is not a political argument. It is a moral one.
First, politics and morals (and ethics) are inherently inseparable.
Second, you are not making a practical argument.
Individual humans are simply incapable of having informed opinions on all matters that require coordination to maintain a peaceful productive society.
Thus, we have representatives who we do get to vote for individually, or appointees acting on representatives’ behalf.
And we have other levers as individuals, including processes for commenting on decisions prior to finalization, challenging decisions in courts, etc.
Is this perfect? Far, far from it!
Is there room for improvement? Absolutely!
But anarchy, where all individuals are sovereign, isn’t workable at all. Who can enforce any shared concept of equality if all concepts & organizations are varied & opt-in/out?
Anarchy has a very short half life. Power abhors a vacuum. People start banding together & enforcing their values on others very quickly, because the real natural default political system is might makes right, not some imagined innocent condition of a magically unanimously shared & voluntarily abided definition of “natural” rights/sovereignty.
Underlying all the existing power structures, which people are educated into accepting and even defending to their own detriment and loss of sovereignity, there is anarchism pure and simple.
No political system will ever outstrip inherent sovereignity, the same way no amount of laws and regulations can eliminate the inherent existence of an underlying free market.
Conceptually, it all comes down to individuals. In that sense anarchy is the basis for everything.
In practice, people easily exert their coercive influence on each other, to resolve disagreements, incompatible goals and exclusionary ambitions, and without some organized form of decision making and enforcement (government), nobody but a despot actually gets to live a life of real self-sovereignty.
Both statements actually support the original assertion made by verisimi that any form of imposition of will by one individual over another by force is inherently immoral.
If anarchy is the basis for everything - because it is obvious that 'society' (or 'humanity') is nothing other than a term referring to a specific set of individuals who are intrinsically sovereign entities, unless they suffer from some mental condition that renders them incapable of self-governance - then it follows that any individual who imposes his will over another by force is, as you rightly put it, a despot.
It is unclear to me, though, why an individual that imposes his will over another by force is (aptly) considered to be a despot, but a group of individuals that band together to impose their collective will by force on another group of individuals is considered as being a moral and acceptable state of affairs.
I want to be clear that my arguments on this matter are not political but merely philosophical, stemming from the original point made which was that, morally speaking "anything except self-governance, is an abuse."
> It is unclear to me, though, why an individual that imposes his will over another by force is (aptly) considered to be a despot, but a group of individuals that band together to impose their collective will by force on another group of individuals is considered as being a moral and acceptable state of affairs.
An authoritarian individual or group are equally immoral, although groups may be more stable given some diversity of thought and need to negotiate.
But the ideal of coordinated rule is that the whole population negotiates to create the rules for the whole population.
Democracy is an attempt at that, using multiple levels of representation to get around the inefficiency of everyone having to weight in on everything.
But its worth noting there are three aims of democracy and other attempts at good government:
1. Getting the highest quality decisions made. This, it turns out, is very difficult. We could even say, unsolved.
2. Demilitarizing politics. Democracies are a huge (but not perfect) success in this case. Peaceful coup, after coup, after coup, (i.e. elections replacing encumbants) is a tremendous improvement over civil wars, purges, assassinations, violent intimidation campaigns, ...
3. Decentralizing power, to water down governments self-interest. Any individuals forming a government are going to be prone to ruling the state for their own benefit. However term and role limits create turnover and power checks that reduce each individuals ability to self-deal significantly. Corruption can be rampant, but if the system holds, then by definition the corruption is far reduced from a despot situation.
Most people don't consider #2 and #3 the main reasons for having a democracy, but I think both are far more important and reliable benefit than #1. So effective (most of the time), that we mostly spend our times arguing about #1.
When you don't have governance beyond "self-governance", you get gang warfare.
Gang warfare conditons are worse because in addition to having to secure basic things like food, water, shelter, and comfortable surroundings, you also have to be constantly defending yourself, and you still don't escape the competitive landscape of humanity. You only make it less pleasant. Large groups consisting of numerous fighting gangs tend to get exploited for resource-extraction by larger groups with less infighting, because they need weapons constantly.
> How big does a gang have to be to gain rights than an individual does not have?
Not big IMHO. Does a family have a right to excommunicate a family member that they determine simply will not do anything but destroy them?
Large organized groups of people that follow rules and laws that are publicly known are not gangs - you have all the information you need to successfully interact with them available. There is no arbitrariness.
Where that is not true, then you are right. But going back to what you said: if you only consider self-governance the correct thing, then it can never be true for anything. Therefore you would never have large organized groups of people, which are necessary for things like the Internet you're using to read this right now.
Is it possible to build a trustless authentication system, that doesn't need certificates ? Cert-authorities have always been a attack-vector, which wasn't too bad because if they got compromised trust could be revoked, minimizing the damage. If that can't be done anymore because of legal or political risk, maybe a better system can be designed, which doesn't have this potential ?
Maybe technical design has to take into account the existence of bad political actors, and minimize the political and legal attack surfaces not just the technical ones.
>Instead of specifying a set of minimum security measures which must be enforced as a baseline, it effectively specifies an upper bound on the security measures
Share private thoughts between you and your friends in the future and get rounded up in no time!
I know we're already close with NSA, Five Eyes and whatnot but could the plutocracy be a little less blatant?
I wonder if at some point surveillance and tech bureaucracy will become so cemented there's zero chance of revolt or accountability for the upper echelons.
Whoever's on top at that point will stay on top until there's a sunstorm.
I still don't get the MITM argument. To me, it feels like there is a lot of heavy lifting beneath the could in "a EU government could MITM any other EU country citizen". Can somebody walk me through an example of how could the Romanian government MITM a portuguese citizen in Portugal accessing a website hosted in Sweden? Maybe there's something I'm missing? To me it feels like it would require a lot of third party cooperation (ie ISPs).
As to the tracking potential of eIDs, I agree it could be lessened by improving the legislation as the letter proposes, but to me if feels like it adds a small risk of abuse for a lot of benefits (digital access to the administration, and better security through relying on modern practices instead of handwritten signatures). Again, what is the threat model for being tracked with this ID? Will a random t-shirt shop ask me for my ID? Will this give them better insight into my online habits than asking for my CC number?
I see a lot of security professionals warning against this law, and I tend to defer to people who know more than me, but time and again, and as with other EU legislation, the arguments seem to feel unconvincing and mired with "potentials for abuse" and slippery slopes.
> Last year, many of us wrote to you to highlight some of the dangers in the European Commission’s proposed eIDAS regulation. After reading the near-final text, we are deeply concerned by the proposed text for Article 45. The current proposal radically expands the ability of governments to surveil both their own citizens and residents across the EU by providing them with the technical means to intercept encrypted web traffic, as well as undermining the existing oversight mechanisms relied on by European citizens. Concretely, the regulation enables each EU member state (and recognised third party countries) to designate cryptographic keys for which trust is mandatory; this trust can only be withdrawn with the government’s permission (Article 45a(4)). This means any EU member state or third party country, acting alone, is capable of intercepting the web traffic of any EU citizen and there is no effective recourse. We ask that you urgently reconsider this text and make clear that Article 45 will not interfere with trust decisions around the cryptographic keys and certificates used to secure web traffic.
Article 45 also bans security checks on EU web certificates unless expressly permitted by regulation when establishing encrypted web traffic connections (Article 45(2a)). Instead of specifying a set of minimum security measures which must be enforced as a baseline, it effectively specifies an upper bound on the security measures which cannot be improved upon without the permission of ETSI. This runs counter to well established global norms where new cybersecurity technologies are developed and deployed in response to fast moving developments in technology. This effectively limits the security measures that can be taken to protect the European web. We ask that you reverse this clause, not limiting but encouraging the development of new security measures in response to fast-evolving threats.
reply