undefined

points

[-]

The argument here is kind of hard to follow. Who is the "owner" of the phone, "the user" is also mentioned and it is not clear if these two are the same. Is the owner of the phone in the controlling-software sense, Google, or is it the end user? Both fits, and both are commonly used.

Because if it is the end user, the strong version of the argument would be as follows: The end user signs a document, baked in is an attestation that Google guarantees that this device is an approved Android device with a clean boot chain and a Chrome web browser. Then the end user contests the signature in court, either because they didn't understand what they signed, or they did not sign it at all, or did it under threat. How could the attestation help here?

I do not have experience with all EU countries, of course, but more than one, and nowhere is this an issue today. Countries use a wide variety of electronic identification, from soft certificates and mobile phones to smart cards. But as far as I know, all countries accept signatures made even with normal Windows PCs. You can contest a signed document in court for a multitude of reasons, but that's not specific to electronic signatures.

by GoblinSlayer6 hours ago|

prev|

[-]

Do you imply that google can prove such a thing or it's just a security theater for (((compliance)))? AFAIK attestation attests hardware, not software, but hardware attestation is self contained and doesn't require any remote cartel permission, cf yubikey attestation.

by spwa44 hours ago|

parent|

[-]

The EU is trying to make a standard that courts will enforce because EU politicians (the commission, not parliament) really want that. But all EU countries are trying to save cash without touching what's causing the money problem (that would be pensions, there is no way in hell EU governments can spend what's required to keep pensions going as is even in 2026. In the past they spent all the pension money instead of investing and now they have to start paying it back, except they can't. And if they touch pensions ... well there's a French joke. It goes something like this "One of the greatest accomplishments of the 20th century is that you can see Paris from space. Look there it is, that flame right there ...")

So they're just going to use the Apple/Google standards and declare the job done. So it's theater from all sides. Politicians will pretend this is a good solution because they don't want to spend real money, and they really want to tempt EU kids to get loans on their smartphones because, you know, in the EU you're protected from companies exploiting you. Of course, that just means governments will have to do it instead.