The Dutch government released a memo about their stance on #ChatControl The cabinet is worried about the impact of these measures on fundamental rights, and is not convinced the new "compromise" fix that. > ... the Cabinet believes that there is currently insufficient clarity about the impact of the proposed measures. The Cabinet's concerns about the protection of fundamental rights at stake, particularly in the area of ​​privacy and the confidentiality of correspondence and telecommunications, and the security of the digital domain have not been sufficiently addressed at this time. So that's good. > The cabinet has therefore decided to refrain from taking a position and to actively make this known. The Netherlands will therefore be counted among the countries that do not support the general orientation. This seems different to me than a no vote, which could be problematic? cc nostr:npub1j970xxntqmx8d986lpndhy2p0ccefczx8teahqvz4uwzt9x8p8zs7j50h9 There seem to be multiple shades of "no" in EU politics which is thoroughly confusing. The memo goes into more detail about why they're not happy with the proposal: > Only with regard to the detection of already known material can such an order be executed in a proportionate manner (via hashing technology). Because the government does not support measures that make end-to-end encryption impossible, the only way in which this order can be executed for end-to-end encrypted services is via client-side scanning. The previous government explicitly communicated with the House that it saw this as an option. I've said before that I consider the previous Minster of Justice Yeşilgöz a threat to democracy and this confirms that. The letter continues to explain the new administration initially wanted to continue this positive attitude towards client-side scanning. However it seems the intelligence service AIVD intervened: > Last week, following a new advice from the AIVD, the position regarding the compromise proposal was reviewed. The AIVD warns that ‘introducing a scan application on every mobile phone with an associated infrastructure of management systems results in an extremely extensive and complex system. This complex system also has access to a large number of mobile devices and the personal data on them. This ultimately results in a situation in which the AIVD considers the risks to digital resilience to be too great.’ "digital resilience" is roughly defined as (different government website): > the digital resilience of government, companies and social organisations. This concerns the ability to reduce risks to an acceptable level by means of a collection of measures to prevent cyber incidents and, when cyber incidents have occurred, to detect them, limit damage and make recovery easier The memo continues: > If a detection order is imposed on a service provider that uses end-to-end encryption, the AIVD estimates that detecting child pornography material through client-side scanning poses too great a security risk to the digital resilience of the Netherlands. > What is clear is that the security risks mentioned by the AIVD with regard to client-side scanning mean that it is very questionable whether the infringement of fundamental rights can be justified, because with regard to this method there is no proportionate measure. Quotes are Google translated. ht nostr:npub1xtmjmagwqqwcunas89zk8a0da6tkdp3dsw07g9jgvvrnwxrt3lqqrplxd5 https://berthub.eu/tkconv/get/2024D35955