EU Commission refuses to disclose authors behind its mass surveillance proposal
292 comments
·June 3, 2025Hilift
nickslaughter02
High-Level Group (HLG) recommendations:
https://home-affairs.ec.europa.eu/document/download/1105a0ef...
11. "The creation of a platform (equivalent to SIRIUS51) to share tools, best practices, and knowledge on how to be granted access to data from product owners and producers. Building further on SIRIUS, this should be expanded to include hardware manufacturers in its mandate and to create and map law enforcement points of contact with digital hardware and software manufacturers."
22. "Developing a technology roadmap that brings together technology, cybersecurity, privacy, standardisation and security experts and ensures adequate coordination e.g. potentially through a permanent structure, in order to implement lawful access by design in all relevant technologies in line with the needs expressed by law enforcement, ensuring at the same time strong security and cybersecurity and providing for the full respect of legal obligations on lawful access. According to the HLG, law enforcement authorities should contribute to the definition of requirements, but it should not be their role to impose specific solutions on companies so that they can provide lawful access to data for criminal investigative purposes without compromising security."
26. "Establishing a research group to assess the technical feasibility of built-in lawful access obligations (including for accessing encrypted data) for digital devices, while maintaining and without compromising the security of devices and the privacy of information for all users as well as without weakening or undermining the security of communications."
I could quote the entire PDF but it's too long. In short, they want to expand surveillance on all fronts and mandate backdoors both in software and hardware. Read the PDF.
amarcheschi
they're still saying the old thing about accessing encrypted data and protecting privacy while it's obvious that it wouldn't be possible to access encrypted data and for that data to still be "secure" at the same time
reliabilityguy
They can use homomorphic encryption to learn about the data without actually seeing it.
tsimionescu
No, they couldn't. Homomorphic encryption makes it possible for whoever holds the keys to the data to get certain kinds of processing done on it by someone who doesn't know what the data represents, and who won't know what the results represent.
It is very carefully constructed exactly to prevent what you're talking about: leaking any kind of information about the data to someone who doesn't already know what the data is.
amarcheschi
I'm not an expert at all on cryptography so I can't comment on that, however when looking for info about thorn I found a ftm page where a uni researcher acknowledges it's not possible to do it yet. It should be either this https://www.ftm.eu/articles/ashton-kutchers-non-profit-start... or this one, I can't remember at the moment https://www.ftm.eu/articles/ashton-kutcher-s-anti-childabuse...
Edit "possible" as in very computationally expensive to do it on a mass scale
falcor84
That's interesting - is there anything relevant they could do under homomorphic encryption? For example, let's say that the government wants to only flag content with the substring "I am planning an attack" - is there any way to do that while keeping encryption intact?
7bit
Learn what exactly? Homomorphic encryption allows for mathematical operations on the data. X+1 can be applied to the data, but it still won't let you know whether x was 1, 2, 3 or any other value.
Despite all this, fuck the EU for consistently trying to undermined data privacy and introducing Kim Jong Um style mass surveillance. None of that shit protects privacy, as they claim.
Zealotux
Remember: "the EU is founded on core values including respect for human dignity, freedom, democracy, equality, the rule of law, and respect for human rights."
No doubt we'll keep on giving lessons about these to non-EU countries anyway.
amarcheschi
The European court of justice could still deem such practice to be unlawful
hcfman
So long as you were quick enough to file within three months of exhausting all your local options. Too late? Oh, too bad.
amarcheschi
Well, I'm not saying that I want to see if it eventually gets there, I can only hope that it is not necessary to get there
nickslaughter02
I am positive they will start attacking it on this front too. Changing the rules is just a vote away.
libertine
Out of curiosity, despite its flaws and setbacks, what countries or organizations are in a better position to lecture others on those matters?
Russia? China? Iran?
seydor
The US. The EU is a bureaucratic institution, not a democratic one, and arguably doesn't have more legitimacy than its current bureaucrats at any time. At this time there are 0 people worth talking about in the Commission or the council. Despite the flaws of its president, the US has democratic checks and balances
ChocolateGod
> The US. The EU is a bureaucratic institution, not a democratic one,
The US has a democratic system where the President is ultimately voted for by an unelected electoral college who can refuse to vote for the candidate their state voted for and has ended up with the candidate with most votes loosing.
Then said president can change the countries top court on obviously political lines and re-interpret existing laws and the constitution.
> At this time there are 0 people worth talking about in the Commission or the council
The European Commission has no need to play popularity contests, it's accountable to the heads of governments, not randoms on social media.
libertine
Didn't the current president of the US say that his 2016 election was stolen and triggered an insurrection, and then proceed to pardon those who attacked democratic institutions? Isn't he now seeking to dismantle all the checks and balances, all while doing crypto dumps, enabling him to receive money from undisclosed sources?
This is your democratic reference?
> At this time there are 0 people worth talking about in the Commission or the council.
What's with the cult of personality? Why do you need someone worth talking about? For example, everyone talks about Trump for all the wrong reasons, does that mean that's worth it?
It just sounds like you don't know much about the EU.
lawn
It's frankly laughable to claim that the US still has democratic checks and balances with all the shit Trump and his gang has done.
dinfinity
[flagged]
hulitu
> Out of curiosity, despite its flaws and setbacks, what countries or organizations are in a better position to lecture others on those matters?
One should try living in more than one country. After some time, one might realize, that the adjective "better" has no place in one's sentence.
libertine
I find it odd that one needs to live in more than one country to be able to make a judgment on the use of the adjective better.
But I'll take the bait, let's say someone who lived in Syria during the Assad rule and then changed to the US, will that person come to that realization?
Gud
Switzerland.
Zealotux
None? I just think the EU should stop acting holier-than-thou when it has been actively attacking individual freedoms and privacy for years now.
libertine
But how are they acting holier-than-thou?
sdoering
Any institution that does not kill thousands every year:
Annual Deaths (Recent Years): - Mediterranean Sea 2,000–3,000+ (60% drownings) - Pushbacks/Frontex Several hundred (2,000 deaths linked to Frontex actions) - Land Borders/Camps Dozens to hundreds (Winter peaks, underreported)
There are by far too few NGOs or journalists looking into the despicable practices of the EU - but we Europeans definitely should not sit oh the high horse and preach about human rights to anyone.
It is a disgrace what we as a European people let our elected officials get away with.
snehk
Australia hat a similar situation. They cut that number down to basically zero when they publicly announced that no one entering Australia that way would ever be able to settle in Australia in any way.
fuzzfactor
>founded on core values including respect for human dignity, freedom, democracy, equality, the rule of law, and respect for human rights
For that reason it would be more embarrassing than anticipated if the authors were disclosed . . .
amarcheschi
it might be worth reading edri article on it https://edri.org/our-work/high-level-group-going-dark-outcom...
i've just yesterday uploaded my final essay for a uni course on ethics where i'm debating on chat control and i have to say that being unsatisfied with some commission moves is not enough. there would be a shitton to talk about, but i'll just leave here that:
-while chat control was being discussed, europol was already salivating at the thought of expanding the regulation scope to other crime areas (as they said, "all traffic is useful" or something like that)[1]
-the european commission bases his thesis on the efficacy on the data provided by thorn, but we don't have any actual information about the trustworthyness of this claims. the european commission refused to comply with a FOIA request and the ombudsman suggested to comply, but still the eu commission refused to protect commercial interest of thorn. eu ombudsman ruled the case as maladministration on behalf of the eu commission but it has no power to do anything else[2]. another foia request filed in a member state revealed some other documents that still do not give any insight to thorn software, so we can't trust it yet
-a few europol members moved to thorn, with one violating rules about conflict of interest [3]
[1] https://balkaninsight.com/2023/09/29/europol-sought-unlimite...
nickslaughter02
Also: "Going Dark expert group – EU's surveillance forge" https://www.patrick-breyer.de/en/posts/going-dark-expert-gro...
> The EU Commission is hiding the participants of the #EUGoingDark group meetings. I have requested lists of participants several times, but so far have only received completely redacted documents. (My Toot on Mastodon.) All that is known is that police forces and secret services are represented. Despite the highly sensitive topics in terms of data protection and fundamental rights, the EU Data Protection Supervisor only has the status of an observer. NGOs are not allowed to take part in the group’s meetings. While fundamental rights are muted, the #EUGoingDark group is planning to influence the EU Parliament with targeted surveillance PR.
bondarchuk
> #EUGoingDark is our label for an EU working group set up by the EU Commission in June 2023.
Oh, at least he discloses upfront that "going dark" is an unofficial slogan from the opposition. Not sure if that's necessary, "High Level Group on Access to Data for Effective Law Enforcement" sounds sinister enough already.
nickslaughter02
The official email of the High-Level Group (HLG) is EC-HLG-GOING-DARK@ec.europa.eu
https://home-affairs.ec.europa.eu/networks/high-level-group-...
nickslaughter02
To make things worse, Denmark will take hold of the Presidency of the Council of EU from July to December. They are one of the main forces behind Chat Control.
skrebbel
Got any source? I thought it was primarily a Swedish commissioner (Ylva Johansson) pushing it. EDIT: I don't mean this as "I don't believe you", I just want to know more.
nickslaughter02
"No majority in the EU Council for Polish proposal that #ChatControl should remain voluntary and secure #E2EE encryption be exempted. https://netzpolitik.org/2025/interne-dokumente-polen-gibt-ei...
In autumn, the new Danish presidency will try to push through the original extreme version of #ChatControl 2.0"
https://digitalcourage.social/@echo_pbreyer/1145965873906841...
> Swedish commissioner (Ylva Johansson) pushing it
She has retired since. She faced major criticisms after refusing to meet any of the privacy focused NGOs and had regular meetings with Thorn, the US company selling surveillance software.
amarcheschi
It is much more than just ylva Johansson, here's an interesting read about how she's just the "face" of it
https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
like_any_other
> the efficacy on the data provided by thorn, but we don't have any actual information about the trustworthyness of this claims
Why would we doubt these claims? North Korea, China, (Soviet) Russia, all of them were and are very effective at using surveillance against their population. Feel free to expand the examples, the list is not meant to be exhaustive.
amarcheschi
Because thorn sells software to detect csam and has a commercial interest in making its software appear in the best way possible
We also doubt this claims because thorn might have published further data but guess what, we can't because there's no info about it
It is also reasonable to assume they use some kind of machine learning, (now we're entering speculation territory since we have few data about it) but the Ai act would require high risk ai systems - and I think a csam detection algorithm would be that - to comply with some requirements in regard to transparency for the product to be used
miohtama
Already in the EU Spain, Poland and Hungary are illegally using Pegasus spyware to spy their own opposition politicians. Why they should settle less with lawful means if they already use illegal means.
amarcheschi
That's some secret service or at least non public things though, what is being regulated is "clear day" practices
I know it's not the best, but still
ahartmetz
Secret democracy, eh? Against the people, distrusting the people, and fuck the people.
I suspect von der Leyen. She has pushed similar crap in Germany, and the temerity of not telling who proposed it is completely in character for her. She has told straight lies about her intentions before.
DoingIsLearning
Is there any precedent in prior government bodies or other countries where you have a number of attempts or a moratory period to propose embodiments of the same law?
As in if you propose a law in a general area and gets shot down you cannot simply rewrite it slightly and once again pitch through attrition.
Something like 4 strikes and you can never bring it back to vote or for every proposal you lose a vote you cannot repackage the same core for the next 10 years.
nickslaughter02
original title: The EU Commission refuses to disclose the orchestrators behind its mass surveillance proposal, which would effectively end citizens’ online privacy
AnimalMuppet
See, the thing is, the reason that they want privacy for what they do, we want privacy for the exact same reason.
Havoc
Is there any part of the world that isn't pushing orwellian stuff?
nickslaughter02
People in less developed countries are already more free. Some of their governments would like to or do push for laws like this but the infrastructure or power to force international companies to implement it is not there.
falcor84
You reminded me of "Consciousness Explained" [0], where Dennett makes a metaphorical distinction between the Orwellian and Stalinesque approaches, such that in the former, "wrong things" are allowed to happen and are then reconciled by changing history, while in the latter, everything is enforced and handled on the spot, before wrong information ever reaches the news [1]. I am concerned that we're headed into both dystopias at the same time, with some countries going further into the Stalinesque approach.
[0] https://en.wikipedia.org/wiki/Consciousness_Explained [1] https://en.wikipedia.org/wiki/Multiple_drafts_model
BLKNSLVR
Yes, it's interesting that whilst they're not happy with Trump's version of authoritarianism, rather than moving in the opposite direction, they've just decided to switch to a parallel track.
bigyabai
Not if they're importing American tech stuff: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
1oooqooq
that's the right question to be asked.
extreme capital concentration breeds this, and we had it happen everywhere.
spacebanana7
The governments of North Korea, China, the EU and Australia are all trying to get as much surveillance as they can get away with, despite having radically different economic systems.
I suspect there’s a universal desire for governments to want to spy on the people they govern.
Etheryte
All listed parties have very strong capital concentration in the top small percentile, despite different economic systems and political backgrounds.
account42
The only one of these that has a radically different economic system is NK.
1oooqooq
they are all catching up with the US, where capital accumulation was faster.
government is just a higher level cop, protecting property.
kmlx
how would those proposals work with these other initiatives that will go live in 2026?
EU Digital Identity Wallet: https://ec.europa.eu/digital-building-blocks/sites/display/E...
EU Age Verification: https://digital-strategy.ec.europa.eu/en/policies/eu-age-ver...
nickslaughter02
They will complete each other. Large websites and apps will be forced to implement age verification and thus your online identity will be tied to your real identity. No privacy from government spying and the end of anonymous accounts.
furkansahin
Are you surprised with the extreme right being on the rise! No worries, they will loose their power like Geert of Netherlands does nowadays...
tgv
I don't see the connection. It's true, as others say, that extremist's use of surveillance tool poses the greatest danger, but the desire to monitor the population is present across the political spectrum. Since you mention Wilders: the centrist, and most liberal Dutch party D'66 actually supported a surveillance "drag net" for the Dutch intelligence services.
pveierland
As a data point, the largest political parties in Norway (Arbeiderpartiet / Høyre), are now both seeking to introduce age limits backed by national BankID login systems to access social media, which would be a massive invasion in the right to privacy online.
The same parties voted in 2011 to introduce mass data storage, where all international internet traffic can be stored and kept for 6 months by the state.
I see no reason to believe that either party would protect the right to private communication or internet use.
hhjinks
> international internet traffic
Which means all internet traffic that crosses the border at any point. So it practically includes all domestic traffic, too.
nickslaughter02
Is Ursula von der Leyen "extreme right"? Because it was her (and her commission) who established the group responsible and it was the commission's decision to not disclose its members.
gizmo
Her personal politics are not extremist in the conventional sense. She is a center-right technocrat at heart. She believes people like her have to protect Europe against the idiot masses. When she dismantles European civil rights she does so for the "greater good". People can't be trusted to vote in their own best interest, or so the logic goes. She thinks she and people like her protect Europe against the rising populist right. I think she's badly mistaken and that the populist right is fueled by EU arrogance, and the GP probably shares that view.
anal_reactor
> People can't be trusted to vote in their own best interest, or so the logic goes.
Is this wrong.
postepowanieadm
Ursula "I won't show my emails from Pfizer" von der Leyen wold never do such thing.
holoduke
Ursula von der Leyen is the example of where things are wrong in the EU. She is powerhungry. Has a history of things close to corruption. And she creates a very toxic environment to work in. Anxiety amongst personnel around her is very common. The balance between serving the people and serving the interest of corporations is very off.
nickslaughter02
She has managed to create an environment where people (me at least) do not want to live and which corporations are eager to leave.
pjc50
Yeah, I don't think enough of the centrists consider the question of how intrusive state powers might be used by a far-right government. Despite having several demonstrations at the moment.
collyw
The far left seem to be a far greater danger at present. They are the ones pushing for all the authoritarianism.
f_devd
I know a few examples of upcoming far right, who are the upcoming far left?
williamdclt
We must be living in parallel universes with HN being our only interdimensional link.
On the far-right, we have authoritarian politicians openly mingling with fascists and neonazis. Le Pen in France, Reform in UK, whatever parties in Germany and Italy... Not to speak of the counties where they are _already_ in power like Hungary.
On the far-left we have... well actually, who is left enough that they'd be as "far" as the fascists and neonazis are on the right of the spectrum? I'm not aware of any party or politician with any sort of influence that'd be that far left. Is anyone proposing full-on marxism? USSR-style or chinese-style central planning (not that anyone on the left considers these a model to repeat)? The "communist" and "socialist" parties are wayyyy more centrist. The political horseshoe actually looks more like a hook.
asimovfan
Whom do you mean by that could you please elaborate?
dgb23
I don't think the extreme right is pushing this. They are typically anti-EU.
I speculate that this is a result of centrist/neoliberal establishment wanting to solidify control.
The extreme right is typically using failures like this as a political attack vector.
zaruvi
[flagged]
sbszllr
Usual reminder -- if you're an EU citizen, call up your representative.
hcfman
There's always a joker somewhere :-)
Try calling up, E-mailing or anything else with Dutch politians. No one will talk to you, answer your E-mails, allow you to call them. They make themselves unreachable.
ekianjo
Representatives don't care as much as you'd like them to, unfortunately.
emptysongglass
Tried that with MEPs for my country of Denmark: no reply.
cbeach
I tried that with my MEPs on the Copyright Directive. Nearly all of them replied with parrotted talking points from the EU Commission, as opposed to any kind of understanding of the issues I raised.
At the end of the day, EU Parliament representation is dilute and indirect. Unlike the democratic systems of most nations, elected EU parliamentarians cannot originate any new law. Only appointed (unelected) individuals within the EU Commission/Council can do so, behind closed doors if it suits them.
MEPs are on a lucrative gravy train and they generally don't want to rock the boat. If the Commission doesn't get a "yes" from Parliament, it simply makes superficial amendments and retries Parliament until the "yes" is received.
With the Copyright Directive, after a "no" vote in Parliament in 2018, the Commission literally put the same contentious articles (11 and 13) back in again for the second vote - this time under different article numbers (15 and 17), so all the public activism and criticism linked to the original article numbers would be orphaned. MEPs voted "yes" the second time, like the good, obedient MEPs they are.
sbszllr
Anecdata but I also had good experiences reaching out to MEPs, so not all is lost.
At its core, the core issue seems to be the lack of accountability between the MEP, and people that voted them in. Few people vote in the EU elections, and even fewer follow up on what happens there.
Chicken and egg problem but if you want your MEP not to be just "a good obedient MEP they are", the electorate needs to ask more of them.
cbeach
So we expect our public to care, and to engage with a Parliament in a foreign country, where elected representatives wield barely any power and cannot originate law?
Prior to Brexit, the UK had less than 10% of a stake in the European Parliament, so our 73 representatives had little effect on the overall system.
I didn't know a single person who could name their MEP.
Direct democracy at the national level is simply more engaging and relatable. It matters that the electorate, and their representatives are accountable for the outcomes of their decisions.
00__00
Those articles 13 and 15 may also protect you from AI thieving all your work!
jaoane
I’m sure they will have a good laugh. At your email I mean. They won’t pick up the phone.
otikik
Wow the irony is palpable
elric
The MEPs should put as much pressure as possible on them until the Commission stops this foolishness, abandons this proposal, and starts acting transparently. If they don't, the Commission should step down, as their Orwellian power grabby bullshit is not in the interest of their supposed constituents.
https://www.statewatch.org/news/2024/june/policing-by-design...
"The paper calls for “a harmonised EU regime on data retention” that is “technology neutral and future-proof,” covers all types of telecommunications service providers, includes measures ensuring both retention of and access to data, and is “in full compliance with privacy and data protection rules.”
"The EU’s previous data retention legislation was struck down by the Court of Justice in 2014, which found that the law allowed for “a wide-ranging and particularly serious interference” with the fundamental rights to privacy and data protection. The court has confirmed this interpretation in several cases about national data retention measures."
"the paper calls for retention of data from “service providers of any kind that could provide access to electronic evidence."
"agreed upon the need for law enforcement to have access to data en clair"