[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

The European chat control law could block the functioning of open source operating systems

Hi all,

an Italian article which is important to read and possibly an urgent
matter to address.



The European chat control law could block the functioning of open
source operating systems

Mullvad, a well-known VPN service provider, focuses attention on one
of the most unfortunate consequences of the proposed law that aims to
force messaging apps to scan users' personal messages: open source
software repositories and archives could become illegal.

In May 2022, the European Commission put forward a bill that could
force messaging apps to scan private messages exchanged between normal

As can be learned by reading the text of the regulation of the
European Parliament and of the Council, which is part of the broader
framework of the Digital Markets Act (DMA), the aims are certainly
noble and have the aim of preventing the solicitation of minors via

Prescriptions such as those contained in the European law proposal,
however, would in fact mean saying goodbye to all the guarantees
offered by end-to-end encryption mechanisms when the use of encryption
is fundamental today and is now a tool to which users do not they
should never give up.

WhatsApp won't crack end-to-end encryption, and at this point, by CEO
Will Cathcart's own admission, the only way instant messaging apps
could go is by scanning users' messages and media locally, on their
same devices.

Apple had already tried to do something similar but the initiative
aimed at scanning the content of iOS, macOS and iPadOS devices had
been so strongly criticized that Apple gave up. Fierce, among others,
the notes of EFF (Electronic Frontier Foundation) which spoke of an
unacceptable interference in the private sphere of citizens.

Because the European Commission's proposal can lead to the blocking of
open source platforms and repositories used by operating systems

Patrick Breyer, MEP of the Pirate Party, put black and white all the
critical points of the European law proposal speaking of Chat Control
2.0: the result was a completely automated mass surveillance system
that has no precedent in the Western world, the screening by third
parties of the content of cloud storage services, the mandatory age
verification with the consequent end of anonymous communication,
censorship activities on online application stores and the exclusion
of minors from the digital world. Reads the page set up by Breyer.

"As an unintended consequence," Mullvad, a well-known Swedish company
offering VPN services, writes today, "the proposed EU law on chat
control will not only take totalitarian control of all private
communications but will also ban operating systems open source".

According to Mullvad, among the side effects of the regulation of
which little or no discussion has been made to date, there would be a
ban on all existing open source operating systems, including the main
Android stores and third-party stores such as the historic F- Droids.

Software repositories have been used almost universally by open source
operating systems since the 1990s as the primary method of
distributing applications and security updates. These online archives
are often created and maintained by small businesses or volunteers;
they are hosted by hundreds of organizations such as universities and
internet service providers around the world.

One of the main ones, the volunteer-run Debian Package Archive,
currently contains over 170,000 software packages.

These services are not built around the concept of an account and do
not provide for the verification of the users' identity: the download
of the software takes place directly to the client systems that
request it, in a completely anonymous way.

Here, the European law proposal would also oblige these repositories
to no longer be managed anonymously, to verify the user's identity and
to ascertain their age.

To meet legal requirements, the open source world would be forced to
completely redesign its software update procurement and distribution
system, radical organizational restructuring with the consequent
centralization and reconstruction of the package distribution

Obviously we are only talking about a purely theoretical approach
because the technical-practical issues would be insurmountable.

“To comply with the law everything should be shut down globally as
servers delivering software and security updates cannot distinguish
between a web server, a Japanese software developer, a fridge and a
teenager from the EU,” he notes Mullvad. "It may seem incredible that
the authors of the legislation did not think about it, but it is not
so surprising considering that this is just one of the many gigantic
consequences of this poorly thought out and written law".

Mullvad is one of the VPN managers that has already started migrating
to diskless servers since 2022 to protect users' privacy and personal
data even more effectively.

Best regards, R-

Reply to: