Tuesday, May 6, 2025

Polaris of Enlightenment

Ad:

Loophole in Chat Control 2.0 compromises information security

Mass surveillance

Published 14 October 2023
– By Karl Emil Nikka

The controversial mass surveillance proposal, Chat Control 2.0, is plagued by several technical and information security-related issues. The biggest problem is the requirement that even end-to-end encrypted communication services be included. This requirement exists despite it being technically impossible for service providers to scan the contents of properly end-to-end encrypted conversations. It has always been this way, and it always will be.

The face of the mass surveillance proposal, EU Commissioner Ylva Johansson, initially believed that such scanning was possible (see for instance Many inaccuracies around Chat Control 2.0 in the ‘Aktuellt’ interview). She likened the process to how a drug-sniffing dog can sniff for drugs in closed bags. This analogy is completely incorrect because properly end-to-end encrypted conversations never leak any sniffable traces of their content. It doesn’t matter how advanced future scanning technology becomes because there are never any traces to scan (“sniff”) for.

Proponents of the proposal, therefore, want to bypass the function of end-to-end encryption by implementing a technology called client-side scanning. This means that service providers have to equip their apps with backdoors, allowing them to scan the content before it is sent (before it’s encrypted) and after it has been received (after it has been decrypted). This is the technology that the UN’s Human Rights Commissioner literally advises against, partly due to the dangers it poses for vulnerable children and adults in totalitarian states. (The imminent risk of data leaks and the obvious risk of self-censorship are two other reasons highlighted by the UN’s Human Rights Commissioner.)

The loophole in the definition

From a strictly technical perspective, client-side scanning could be implemented without either prohibiting end-to-end encryption or weakening the encryption. Technically speaking, the client-side scanning itself doesn’t affect the encryption. Client-side scanning merely causes the encryption to cease serving its purpose. With implemented client-side scanning, conversation participants continue to send messages end-to-end encrypted to each other, but both parties simultaneously have a spy looking over their shoulder, seeing everything they write and hearing everything they say.

This definitional loophole is now being exploited by several parties. The parties and their EU Parliamentarians claim that they want to allow end-to-end encryption, yet at the same time, they demand that the content in end-to-end encrypted services can be scanned. In this way, their permission of end-to-end encryption becomes irrelevant. This loophole argument was, incidentally, precisely what I feared when I expressed my skepticism in an interview with Dagens Nyheter at the end of April (see comment in Possible EU turnaround on chat control law – must not weaken encryption).

On our theme website, chatcontrol.se, we have a monitoring database with over 400 Swedish articles written about the proposal. I’ve reviewed these articles as well as the amendment proposals that Swedish parties’ EU Parliamentarians have put forward. Based on this, I’ve been able to identify which proposal advocates are trying to mislead the public by allowing end-to-end encryption while simultaneously demanding that end-to-end encryption be bypassed.

The Tidö agreement parties and the Green Party

The governing parties have presented a proposal for Sweden’s position in the Council of Ministers. The proposal contains the following text which paradoxically wants encrypted messages to be protected while also needing to be scanned:

A tracing order must ultimately be executed without being impeded by a service being encrypted, for example, through machine scanning before the message is encrypted and sent. At the same time, information security must not be jeopardized; encrypted messages should be protected against unauthorized access”.

(From an appendix to a document from the EU Committee 2023/24:4F1902, 2023-09-18)

In the European Parliament, neither the Moderates nor the Christian Democrats share the stance of the Swedish government. Both the Moderates and the Christian Democrats are clear that the function of end-to-end encryption must never be undermined. This is evident in amendment 389 signed by all EU Parliamentarians from the Moderates and the Christian Democrats (Arba Kokalari, Jessica Polfjärd, Tomas Tobé, Jörgen Warborn, David Lega, and Sara Skyttedal).

“End-to-end encryption is an essential tool to guarantee the security, privacy, and confidentiality of the communications between users, including those of children. Any weakening of the end-to-end encryption’s effect could potentially be abused by malicious third parties. Nothing in this Regulation should therefore be interpreted as prohibiting or compromising the integrity and confidentiality of end-to-end encrypted content and communications. As compromising the integrity of end-to-end encrypted content and communications shall be understood the processing of any data, that would compromise or put at risk the integrity and confidentiality of the aforementioned end-to-end encrypted content. Nothing in this regulation shall thus be interpreted as justifying client-side scanning with side-channel leaks or other measures by which the provider of a hosting service or a provider of interpersonal communication services provide third party actors access to the end-to-end encrypted content and communications”.

(Amendment 389, 2023-07-28)

The Sweden Democrats have not criticized the government’s line domestically. However, in the European Parliament, the Sweden Democrats have clarified that they are opposed to the proposal. SD Parliamentarian Johan Nissinen has signed the same amendment as the Moderates and the Christian Democrats (amendment 389).

The Green Party, which was previously opposed to the proposal, has now chosen to support the government’s line, even though the Green Party initially said they did not want to support “the parts that involve mandatory scanning of private communication as it is formulated in the Commission’s proposal right now” (2023-04-18). The change is evident from the minutes of the Justice Committee’s meeting on 2023-09-14 and is confirmed by Rasmus Ling in an interview with Syre (2023-09-22).

The Social Democrats

The Social Democrats in Sweden support the Presidency’s (Spain) compromise proposal. This is reflected in the minutes of the Justice Committee meeting on September 14, 2023.

In addition, in the European Parliament, three Socialist MEPs are trying to use the same loophole to advocate for scanning of end-to-end encrypted services without banning end-to-end encryption.

Heléne Fritzon and Carina Ohlsson first want to introduce an amendment to allow for end-to-end encryption. They want to add the following point to Article 10’s list of technologies and safeguards.

“[The technologies shall be] not able to prohibit or make end- to-end encryption impossible”.

(From Amendment 1161, 2023-07-28)

In the introductory recitals, they also stress, together with S-Parliamentarian Evin Incir, that nothing in the proposal should be interpreted as prohibiting full-spectrum encryption.

Nothing in this Regulation should therefore be interpreted as prohibiting end-to-end encryption or making it impossible.

(From Amendment 385, 2023-07-28)

However, Heléne Fritzon and Carina Ohlsson also want the following addition to Article 7 (Issuance of tracking orders).

For the scope of this Regulation and for the sole purpose to prevent and combat child sexual abuse, providers of interpersonal communications services shall be subjected to obligations to prevent, detect, report and remove online child sexual abuse on all their services, which may include as well those covered by end-to-end encryption, when there is a significant risk that their specific service.

(From Amendment 1049, 2023-07-28)

Other parties

The Left Party and the Center Party have, unlike the other parliamentary parties, chosen not to use the definitional loophole. Both the Left Party and the Center Party instead side with the children and distance themselves from the mass surveillance proposal that violates the Convention on the Rights of the Child.

 


This article is published under the CC BY 4.0 license, except for quotes and images where another photographer is indicated, from Nikka Systems.

The position of the Swedish parties

More information on the positions of all parties and MEPs can be found on the thematic website chatcontrol.se. The information on these positions is also updated on a weekly basis.

TNT is truly independent!

We don’t have a billionaire owner, and our unique reader-funded model keeps us free from political or corporate influence. This means we can fearlessly report the facts and shine a light on the misdeeds of those in power.

Consider a donation to keep our independent journalism running…

Dutch opinion leader targeted by spy attack: “Someone is trying to intimidate me”

Mass surveillance

Published 1 May 2025
– By Editorial Staff
According to both Eva Vlaardingerbroek and Apple, it is likely that the opinion leader was attacked because of her views.

Dutch opinion maker and conservative activist Eva Vlaardingerbroek recently revealed that she had received an official warning from Apple that her iPhone had been subjected to a sophisticated attack – of the kind usually associated with advanced surveillance actors or intelligence services.

In a social media post, Vlaardingerbroek shared a screenshot of Apple’s warning and drew parallels to the Israeli spyware program Pegasus, which has been used to monitor diplomats, dissidents, and journalists, among others.

– Yesterday I got a verified threat notification from Apple stating they detected a mercenary spyware attack against my iPhone. We’re talking spyware like Pegasus.

– In the message they say that this targetted mercenary attack is probably happening because of ‘who I am and what I do’, she continues.

The term mercenary spyware is used by Apple to describe advanced surveillance technology, such as the notorious Pegasus software developed by the Israeli company NSO Group. This software can bypass mobile security systems, access calls, messages, emails, and even activate cameras or microphones without the user’s knowledge.

Prominent EU critic

Although Apple does not publicly comment on individual cases, the company has previously confirmed that such warnings are only sent when there is a “high probability” that the user has been specifically targeted. Since 2021, the notifications have mainly been sent to journalists, human rights activists, political dissidents, and officials at risk of surveillance by powerful interests.

Vlaardingerbroek has long been a prominent voice critical of the EU and has become known for her sharp criticism of EU institutions and its open-border immigration policy. She insists that the attack is likely politically motivated:

– I definitely dont know who did it. It could be anyone. This could be name a government that doesn’t like me. Name a organization that doesnt like me. Secret services, you name it.

– All I know for sure right now is that someone is trying to intimidate me. I have a message for them: It won’t work.

“There must be full transparency”

The use of Pegasus-like programs has been heavily criticized by both governments and privacy advocates. The tools, originally marketed for counterterrorism, have since been reported to be used against journalists and opposition leaders in dozens of countries.

In response, Apple sued NSO Group in 2021 and launched a system to warn users. However, the company claims that the threats are “rare” and not related to common malware.

The Vlaardingerbroek case is now raising questions about whether such technology is also being used in European domestic political conflicts, and the organization Access Now is calling on authorities in the Netherlands and at the EU level to investigate the attack.

– There must be full transparency. No one in a democratic society – regardless of political views – should be subjected to clandestine spying for expressing opinions or participating in public discourse, said a spokesperson.

Neither Apple nor the Dutch authorities have commented publicly on the case. Vlaardingerbroek says she has not yet seen any signs that data has actually been leaked, but has taken extra security measures.

Swedish government proposes wiretapping children without criminal suspicion

Mass surveillance

Published 1 May 2025
– By Editorial Staff
The government's own investigator proposed that only the Swedish Security Service (Säpo) should be allowed to eavesdrop on children without criminal suspicion - but this is not enough, according to the government.

Gang crime continues to plague Sweden, with recurring bombings, shootings and contract killings spreading fear in society, without those in power managing to get a grip on crime.

Criminal gangs often use minors to carry out serious crimes. For this reason, the Tidö parties (the center-right coalition government) want to give police the authority to wiretap children under the age of 15 – even in cases where there is no specific suspicion of a crime.

During a press conference the government stated that the social trend is bleak, that “serious crime is penetrating lower and lower down the age scale” and that children are increasingly “playing central roles in the commission of serious crimes“.

Currently, police are not allowed to use “secret coercive measures” against children under the age of 15 – which allegedly hinders police work when investigating murders and bombings.

At a press conference on Wednesday, representatives of the Tidö parties confirmed that they want to change the legislation so that children can also be wiretapped – partly when they are being investigated for crimes – but also for “preventive purposes” – i.e. without any actual suspicion of crime.

These are far-reaching proposals. But it is justified by the development of society, said Minister for Justice Gunnar Strömmer (M), and continued:

– It is about preventing crime, but also about reaching those who are behind and controlling via children’s cell phones.

Dismisses own investigator’s limitations

The government’s own legal investigator had recommended that only the Swedish Security Service (Säpo) be allowed to use wiretapping without suspicion of a crime. However, the government disagrees, arguing that it is “absolutely necessary” for regular police to also be allowed to wiretap children if they can be linked to serious organized crime.

The government maintains that fighting gang crime is more important than protecting the integrity of minors. Strömmer stated that “there are very significant risks in allowing the current reality to continue as it is”.

The change in the law is proposed to come into force this fall for at least five years, after which it will be evaluated.

Although most people seem to agree that organized crime needs to be fought, many are also opposed to the fact that the moderate-led government repeatedly chooses to focus so much on increased wiretapping and surveillance. Critics also point out that there is a real risk that the surveillance apparatus will be abused in the future or used very arbitrarily and without legal certainty.

Amazon updates privacy settings – all voice data to be stored in the cloud

Mass surveillance

Published 26 March 2025
– By Editorial Staff
Amazon itself states that it saves users' calls in order to improve the service.

As of March 28, some Echo devices will no longer be able to process voice data locally – all voice information will be sent to Amazon’s cloud service, regardless of the user’s will.

Echo is a series of smart devices, including speakers, developed by Amazon. The device records what you say and sends it to Amazon’s servers to be stored and analyzed, allegedly to improve the service. Privacy settings have previously allowed some devices to process voice data locally without sending it to Amazon.

In an email to Echo users, shared on Reddit, Amazon announced that the ability to process voice commands locally is being removed. Instead, all recordings will be sent to the cloud for processing, as Sweclockers has reported.

If the user doesn’t actively change their settings before March 28, they will automatically be set to “do not save data”. This means that Amazon will still collect and process your voice information, but that this will be deleted after Alexa handles the request. However, it is unclear how long the information will be stored before it is actually deleted.

Amazon states that voice data is needed to train the company’s AI model, Alexa Plus. At the same time, the company promises that all previously saved voice data will be deleted if the user has the “do not save data” feature enabled.

The tech mogul on the future of AI: Constant mass surveillance

Mass surveillance

Published 24 January 2025
– By Editorial Staff
With the help of AI, Ellison believes that in the future, those in power will be able to follow citizens' every move.

Tech giant Oracle’s CEO Larry Ellison believes in a future where artificial intelligence becomes an integral part of a borderless mass surveillance society where privacy no longer exists and where everything citizens do is mapped and recorded.

Oracle and Larry Ellison will play a key role in Trump’s AI venture “Stargate” expected to cost upwards of $500 billion and described by the President himself as “by far the largest AI infrastructure project in history”.

There is no doubt that Ellison is one of the world’s most successful tech moguls just last fall he overtook Amazon founder Jeff Bezos to become the world’s second richest man after Elon Musk. But how does he see the future of artificial intelligence and how it will affect our lives?

During a meeting with financial analysts last fall, he predicted a future that critics say is reminiscent of dark dystopian novels like George Orwell’s 1984, where humans are subject to constant mass surveillance and AI is used to map citizens’ every move.

According to Ellison, it is highly likely that in the future, AI models will be used to analyze in real time all the material not only from surveillance cameras, police body cameras, but also from car cameras and doorbells.

Citizens will be on their best behavior because we are constantly recording and reporting everything that’s going on.

Every police officer is going to be supervised at all times, and if there’s a problem, AI will report the problem and report it to the appropriate person, he continued.

“Big brother is watching you”

The multi-billionaire also believes that AI-controlled drones will replace real police officers during car chases and other types of crime and disorder.

– If something happens in a shopping center, a drone goes out there and reaches the scene way faster than a police car.

Technology website Ars Technica’s writer Benji Edwards is one of many who reacted strongly to Ellison’s vision of AI surveillance, saying his comments raise questions about the future of citizens’ privacy and right to privacy.

Ellison’s vision bears more than a passing resemblance to the cautionary world portrayed in George Orwell’s prescient novel 1984. In Orwell’s fiction, the totalitarian government of Oceania uses ubiquitous ‘telescreens’ to monitor citizens constantly, creating a society where privacy no longer exists and independent thought becomes nearly impossible“, Edwards notes.

But Orwell’s famous phrase ‘Big Brother is watching you’ would take on new meaning in Ellison’s tech-driven scenario, where AI systems, rather than human watchers, would serve as the ever-vigilant eyes of authority. Once considered a sci-fi trope, automated systems are already becoming a reality: Similar automated CCTV surveillance systems have already been trialed in London Underground and at the 2024 Olympics“, he continues.

“A slave obeys”

He points out that automated surveillance systems have already been implemented in Chinese cities, among others, and that AI software is already available that can sort and organize the data collected on residents using a network of deployed surveillance cameras.

According to many observers, similar and even more advanced solutions may soon become part of everyday life in the United States and other countries, and there are warnings that a “digital dictatorship” is emerging where the surveillance state is so all-encompassing that it is impossible for anyone to escape.

“‘Good Behavior’ as defined by the billionaires who own and control everything. Otherwise known as blind obedience and willful subservience to their every whim and want. Because a slave obeys, expresses one of many worried voices.

Our independent journalism needs your support!
We appreciate all of your donations to keep us alive and running.

Our independent journalism needs your support!
Consider a donation.

You can donate any amount of your choosing, one-time payment or even monthly.
We appreciate all of your donations to keep us alive and running.

Dont miss another article!

Sign up for our newsletter today!

Take part of uncensored news – free from industry interests and political correctness from the Polaris of Enlightenment – every week.