EU to ban open source operating systems

The EU is currently in the process of enacting the [chat control] https://chatcontrol.eu/ law.
It has been criticized for creating an EU-wide centralized mass surveillance and censorship system and enabling government eavesdropping on all private communication.

But one little talked about consequence of the proposed law is that it makes practically all existing open source operating systems illegal, including all major Linux distributions. It would also effectively ban the F-Droid open source Android app archive.

Article 6 of the law requires all "software application stores" to:

• Assess whether each service provided by each software application enables human-to-human communication
• Verify whether each user is over or under the age of 17
• Prevent users under 17 from installing such communication software

Leaving aside how crazy the stated intentions are or the details of what software would be targeted, let's consider the implications for open source software systems.

A "software application store" is defined (by Article 2) to mean " a type of online intermediation services, which is focused on software applications as the intermediated product or service".
This clearly covers the online software archives almost universally used by open source operating systems since the 1990s as their main method of application distribution and security updates. These archives are often created and maintained by small companies or volunteer associations. They are hosted by hundreds of organizations such as universities and internet service providers all over the world. One of the main ones, the volunteer run Debian package archive, currently contains over 170,000 software packages.

https://mullvad.net/sv/blog/2023/2/1/eu-chat-control-law-will-ban-open-source-operating-systems/

This might be a reason that Red Hat is leaving open source as foundation for RHEL sourced (via the customer/partner portals, according to their subscriptions). To secure their future.. (?)
https://news.itsfoss.com/red-hat-restricts-source-code/

It's solid info but posts about this topic is hard to find... I haven't seen any other distros discussing this "death-threat" and if/how to adapt.
Personally I'm willing to make FOSS a full time job because it is my believes open sourced software is the last resource for any kind of privacy and security and thereby cyber freedom

Not a big problem ! Because anyway the EU Union reached the falls apart stage , so any stupid enforced ' Law ' will be dead !!

Yep I’ve heard about this a month ago.
They can kiss my a$$ I’m not giving up whether Garuda Linux nor ANY Linux for that sake.

Next point there is: @Dr.Fanatik-US wrote it already the EU has become ultra unpopular in many EU countries (and myself tbh).

The EU is not Europe and it is slowly killing all those precious cultures in Europe.
I won’t get into politics b/c of forum rules but I can assure I won’t give up Linux nor I won’t give it up to get better spied on, doesn’t matter the “good intent” or entity which is trying to do it.

My fav sentence of the article:

To comply with the law all of it would have to shut down, globally, as the servers providing software and security updates can’t tell the difference between a web server, a Japanese software developer, a refrigerator and an EU teenager.

Actually RHEL’s move makes sense with this in mind…

subcutaneous chip anyone?

In some ways I support recent extreme government actions against populations. For decades governments were gradually working to destroy the world, and people just let each bit go by unnoticed. But now they are really accelerating the pace, which is causing people to notice.

If cryptocurrency is made illegal for example, it will revert to its actual value as investors are no longer involved and then can be used as intended, to weaken bank and government control over finances, as CBDCs come in and cash is banned.

If Linux is also effectively illegal, it will also force people who in the past wouldn't have considered breaking the law, to start to realise that laws have nothing to do with morality, and then will question the validity of other laws in turn.

You’ve got a point there.

This is why/how.
I guess I know what you’re mentioning, getting things into the blatant offensive makes set things also visible and ignorance can’t help anymore. Interesting thought.

And welcome to the Garuda Forum

@Gavin Hell no! Hence NeuralLink is kinda awkward, even a bit spooky to me.

Bruce

It’s awful but I think it only applies to commercial entities. Free software is not a product or a service in that sense.

I feel this is a very important threat that we, especially EU citizens, must stay on top of..
I read in deep to this and Chat Control is WORSE THAN Snowdens reveal of NSA's XkeyScore program with the five eyeys mirroring hubs. Not to be to conspiratorial about it but one main objectives is to enforce a single global e-currency and a social score system that will run on this "grap-all-info" in real time harvesting/managing structure for web communications.

This machine will be operated by a (non-EU based or owned) corporation which scares me most of all. I'm not really against or afraid of social scoring but there must be transparency and trust for the system so we can be sure it's fair for all citizens and what behaviors we should do and don't exercise!

I read about China's social-score system and if what I learned of it actually is true then I would say it is a very fair system that probably makes most of us just choose our actions more wisely.

Globalism and "the new world order" has fought for 20 years to monopolize the stuff and services we like to have in our life's, probably much good will come from it, but knowing how our whole life's whereabouts/all access information is traded and exploited for (mostly tho) financial purposes takes the right to owning our own life's and pushes a life full of subscriptions without ever even owning or things anymore upon us.

I wanted to share this because we need to be aware of possible outcomes SO that we can counter possibly upcoming obstacles by taking the necessary steps to make our foss world legal!

Let's grab some of that old hippie culture values and come together and stay strong!
It took 50 years but now their fight for legalizing Cannabis has grown momentum and now more and more countries are actually agreeing to allow this drug for many different uses and more are adding on as research is booming.

We are one

So called "Government" doesn't exist, it is just an incorrect and evil idea, a fiction. The only true "power" is that of a man actualizing his intention into free will. Once you realize this evil men are unable to influence you and these sorts of things aren't of concern.

Follow your heart.

that’s why i use Garuda Linux

Those things aren't a concern until you are locked in jail for a peaceful protest and lose your job for refusing to take experimental drugs. Then die because they refuse to treat you in hospital. You can ignore them for a while, but that only allows them to get stronger. And then they kill 100 million people, like Stalin.

It's definitely important to keep FOSS alive, as all closed source operating systems are now just spyware. Over the last few years it was mainly location tracking used to feed government agencies data to allow people to be arrested. But I'm sure in the near future with laws like this in place, and like many others in countries whose governments have been usurped by terrorists and traitors (like Australia), we will get to the point where non FOSS systems will be reporting every suspicious chat message and web search to government agencies.

I've already left Australia to escape communism, but there aren't a whole lot of great places to go.

If the thug trying to throw you into a metal cage for protesting also didn't believe in this fiction then it probably wouldn't happen in the first place.

I don't suggest ignoring them outright, just don't let them influence your behavior. These scum who think they are our overlords aren't important so we shouldn't treat them as such. The more people that abolish this idea from their mind the less affect it will have on the world.

I love chips, I’ll have the salt & vinegar please.

I’m sure I’ll get used to the stinging eventually.

I won’t get into politics b/c of forum rules but I can assure I won’t give up Linux nor I won’t give it up to get better spied on

Linux is now a political topic and thus forbidden here

Im so sorry. That was not mine intention. Hard to stay on topic on a topic concerning privacy and so on, so easyly gets emotional

So to steer up on track again, just now this now and have your eyes open for any further information regarding Chat Controls ban on open source disrtos that might pop up somewhere online...

We can't risk missing to be suddenly blacked out and have to consider multiple outcomes

Has anyone heard this ANYWHERE else!?!?

I'd like this threat to be a fact based conversation and it might spawn a think-tank for how to counter this possibly great threat. **IF NOT, **please suggest another channel/platform/ place for sharing and discussing our concerns!

First off, I did not read all of the proposal but the small part that I read does not sound as strict as others make it sound.

There are obvious reasons why the chat control proposal (as analyzed by Patrick Breyer) is a wrong idea and autocratic (or conservative) in some way. (The current president of the EU Commission is from a German conservative notorious party btw.) From one perspective, it looks like imitating China, a big surveillance state. It conflicts with other case laws made by a European Court.

But the initial claim of threatening open-source operating systems is simply wrong or far-fetched.

I also read the link in the original post. The statement likely gained criticism quickly. The author added a disclaimer section at the start that disclaims what the author actually wrote in the title.
And "totalitarian control of all private communication" is certainly incorrect to state. The chat control law also doesn't give reason to the statement that the "government" is "eavesdropping" on all private communication.

The law actually intends that all online communication shall be screened by machines and reported to law enforcement if something "creepy" is found (even though going too far at other points). It does not mention explicit censorship or control over your data. Obviously, the child abuse content targeted by chat control is indeed bad, there is no debate! It doesn't require manual screening at all (which is not feasible either), so nobody actually gets to see your messages or photos unless they are reported and then, it's also just maybe one person who likely will discard it if your content does not violate existing laws. Apparently, due to the first link you provided, it doesn't even require automatic screening to be effective at all.

But I really agree that the strict rules that the original post mentions for "software application stores" would be "crazy" and non-sense and would look like being proposed by people who know nothing about non-commercial technology. Under these circumstances of missing the declared goal or scope with the proposed measures, I see, how people want to insinuate evil intentions. However, it does not put them on solid ground.

There are many other big problems. One big problem is, machine learning models are unreliable (they are stochastic and therefore necessarily imprecise) and necessarily biased due to human supervision, inheriting human bias.

The proposed solution also is a ridiculous overkill measure in comparison to the size of the crime. Massive amounts of energy are wasted to find almost nothing most of the time, looking at places most of the time where nobody would expect any offense. The European Commission could spend more resources on a solution for ransomware, spam, phishing, scams, data abuse by companies (and prize games), malware protection or even telephone terror from call centers.
It does not make sense to suspect the generality of crime for no reason (just because of a small number of idiots).

It is possible that machine learning models would confuse adult female people (particularly those with image filters) with children. There are actrices that have some kind of child schema in their face. I am also thinking about fictional works such as Japanese Manga depictions which, in some cases, could be reported by screening software without falling under the crime targeted by the chat control law. [Even though the level of ephebophilia in such Japanese media can certainly be questioned morally sometimes.]

But everyone who knows a bit about machine learning should know that you can easily deceive machine learning models by adding noise to your picture. When you put enough (or specific) noise onto any "evil" image – which is easy to do in any programming language – then the machine learning algorithm might not recognize any reasonable thing while an ordinary person would still recognize the content of the image.

Central ideas of the proposal do not enjoy acceptance by EU citizens anyway.

In my view, the biggest danger actually is an (unofficial) prohibition or prevention of communication between humans at all, particularly between "minors". A high potential of danger would be if the wording is so broad that chat control also applies to chat-unrelated topic-specific communication or things unrelated to addressing children in any way (such as comments on online help videos of adult YouTubers, blog posts, version control system comments, change logs and comments on software updates/changes). But the proposal expressly sounds like they want to rule out such cases.

The extraordinary measure of prohibiting communication (features) would not be reasonable. But even though it could sound dystopian, it does not mean per se that open source is forbidden by the proposal. It's rather that certain application communication features could be hidden from the users or removed entirely. It could empower big giant companies which can spend money on Machine Learning and could destroy the usability of software by prohibiting chat features. Big corporations such as Meta, Google or Apple probably see a chance here.

If such a chat control law would be successful what would be the consequence for future laws? Would they think about prohibiting insults and negative talking as well? There would be good reasons to censor (very) bad talk, cyberbullying, discrimination against others and verbal violence, and no doubt, in some cases, verbal violence can be lethal or cause psychological damage.
In the extreme, it reminds me of the Grammarly Chatbot that is designed to not permit or say anything negative, going as far as censoring (or rather crashing on) generated reports of historical events. It is actually very successful in removing any negativity from its output. It would be kind of dire if such a chatbot system would determine what you are allowed to write and what not. Any logical system without negativity is incomplete.

But I think, products would be safe by restricting the possible set of messages to a finite set. As a notable example, Nintendo has been doing that for all of the Mario Kart online services, where you only can communicate using messages from a fixed set of messages.

But even in the worst case, the open-source community would have an answer to this, even if it's just a free fake filter that everyone can use and that pretends to do something but actually doesn't recognize anything. The main effect however is to bloat software and make software slower.

From a sober perspective, the chat control instrument is already voluntary and already implemented by some major messaging providers. Also, many forums already support some kind of screening, looking for illegal words. Only the screening part might be less harmful and much less interesting than it actually sounds.

I can only recommend everyone to not create fears, hate or hefty speculation about the proposal or the outcome. A proposal is not a law and is not something that is sent to the parliament for ratification. I think the current proposal of the Commission cannot be successful and typically, the parliament also will make changes to the proposal of the EU Commission which does provide topics but does not make laws by itself.

On the other side, the EU is a very successful and outstanding institution. Maybe you did not notice it but one month ago, the EU successfully passed a law of due diligence in supply chains, finally!, and I am almost proud or kind of happy about this. It's not very strong but it's a strong signal that crime against human rights for economic reasons is not tolerated anymore by the standards of the EU.

I appreciate that you have read up a bit on this and share your rational thoughts about [chat control] !

NO, I don't want to create a fear or hate wave on the topic, nor make it a political discussion. I jsut found it so hard expressing my concerns in a journalistic manner, I'm lacking the proper skills for that, but I have read all public/official publish I could find about it and in my opinion this information needs to reach open source users!

My pupouse is to engage awareness and discussion in hope that community members keeps their eyes open for more info/updates about the actual effects to foss and our community driven alternatives to big techs "only by subscription services".

We are a competitor and there buy a threat to big tech's business plan and never ending crave for maximized profits and monipolized ownership to all and every bit of information they ever can get about us AND without letting us really own anything we pay using and having in our life.

The "leader of introducing" chat control Ylva Johansson explains how all corporations must give full in real time access too all users information and what the post/send from their service, unencrypted. ( she claims this "scanning" will be done without breaking any encryption )
Further she explains the very reason is to protect young-ones from CSAM, however this is NOT even mentioned in the law proposal! In fact there is NO clear or specified paragraphs on WHAT information the will scan for and HOW it will be further processed by this non disclosed US based organization.

But I don't want to make this to much about chat control and it's totalitarian surveillance.
M;y only concern is that, as she states, all CORPORATIONS must by law give TOTAL FULL-TIME ACCESS and there is just that, FOSS can't comply with this as it is structured today for a number of reasons...

Live support to all it's users are one stated demand, having an unencrypted backdoor to all our services giving full in real time access to every users information is another problem for open sourced software, distros and all foss many chat/messaging/filesharing apps.

A similar story here in India:

The reason behind these banning of apps is terrorism, well there is no way to stop the use of these apps by terrorists as everyone knows where it's source code is, and they will grab it from there and compile it , it will just make access difficult for general users, I like the development done by current government but the banning of apps seems like a foolish thing , most of the people won't shout against this because, yes terrorism by neighbor countries is still done and many people don't know what is FOSS so actually they will support it , it will be same as the case of p**n websites , I heard that they banned it , next time I heard that they are now again active as they changed their domain names . Currently Indian government is trying to remove this terrorism thing from every place in India but they sometimes do extremely crazy thing which actually doesn't helps for what purpose they are doing it.

Well only thing I will argue or I am against with this video is that he said terrorism is very small thing in India , no it's still a big problem , but yeah banning encrypted apps aren't the solution.

Yeah India have some "terroist issues" in some few places, as I understand it this its pretty much only in the Kashmir region which is a conflict-zone between India (who claims it) and Pakisatan (which is the rightful owner) I was actually there in 2018 and thats the toughest place iv'e experinenced during my 30+ countries backpacking. China is also a bit to close in on the border as well.

However in this case the armed attacks from the Pakistan militant groups are considered terrorists, when theyre fighting for reclaiming their land. Because Paki gouverment don't support this conflict, oficially anyways.

India have had 50-100k solidiers placed there to "secure the region" but this has little effect to be honest.

If they could know everything being said in communications (phone/apps) they would only need a s,aller taskforce to srike hard with precision to eliminmate the "leading persons" when an attack is on its way...

But this is just a justification of enforcing tools for total control of all 1.3B people!
Same as Chat Control will do to 700M people with "the argument" to safening a minor group of younsters that actually are or risking to to become abused through online relations.

The true purpose of these systems are not in any way made public nor will they ever be.
In both cases here the argued needs for implemaenting totalitarian control structures are not solving the actually problems they is suppose to solv! That takes human effeorts working together in a social, methodical manner to actually m,ake a change in whats broken.