I received this brief but I don’t expect much from it. You can define EU requirements, but if there are no independent standards at all, then you certainly can’t meet them at all.
I have high expectations for that. It probably won’t work flawlessly from day one, but I personally don’t see a problem at all. The players involved are told that they must do so and must therefore sit together at the table. It wouldn’t be the first time they did this.
Just look, for example, at the phone’s recent disclosure of these Corona apps (aside from discussing how useful it all is). This is a technical work only. They came to an agreement together on how the disclosure and related data should work.
They can do that with this one, too. The easiest example is if Apple insists on using iMessage/APNs, Google RCS, WhatsApp XMPP, etc., etc., you get something like lenwar@telegram and dycell@signal and federate them from there. Can they all keep their primary platform and on the server side can they forward to each other, if needed, with a new generic standard across platforms if they can’t use an existing one. The e2ee piece shouldn’t spoil the fun as far as I’m concerned.
Typical bureaucrats, they demand things without regard to practice. This is exactly why governments have such massive problems with technology.
I see it completely differently. In this case, governments set the functional requirements. The government should not get involved in how the market is managed to do this. The government shouldn’t say “You need https with TLS 1.2 and a key length that many kilobytes, et cetera, et cetera”. The government should say “it should be secure and encrypted with modern methods…etc”. Of course they don’t have to ask for “impossible things”, but this is something they themselves know very well what is technically “possible” or not. It may not be the civil servant himself, but that’s what they have their advisory bodies for.
Without thinking about the consequences…
They sure do. This is why the proposal is first posted so that everyone can complain/complain, before they come up with a final bill.
If they are going to demand the industry to set a global standard…
This, of course, is the actual condition. Every application must be able to deliver. This only works if there is some kind of open standard. It doesn’t matter which one it is. It could be a new one, it could be an existing one. As long as it works. That’s up to the market.