It’s naive to think this is about child-abuse. That’s just there to frame the discussion.
Interpol is not going to stop at analyzing images for csam - it’s not even the real goal. The goal is complete government oversight.
And no I am not into conspiracy theories. It’s same as with attempts at “breakable encryption”, it’s offered up under the guise of fighting child-abuse/terrorism/<insert-terrible-thing-everybody-has-to-agree-is-terrible>, but the goal is to increase government access to all communications between civilians.
Behind the proposal is several Big Tech companies with a lot of money which are seeking lucrative government contracts. One of them is Aston Kutcher's Thorn which seems to have a very good report with the EU Commissioner Ylva Johansson.
"...Those aforementioned media reports point to alleged close working relationships between the European Commission and a broad network of tech companies, foundations, security agencies and PR agencies, including Thorn and WeProtect Global Alliance, indicating possible undue influence in the drafting of the proposal. Of particular concern are the allegations that the solutions laid down in the legislative proposal to fight CSAM supposedly replicate the solutions designed by those groups, contributing thereby to furthering their economic interests..."
This is of course, the same Ashton Kutcher, who recently wrote a letter advocating leniency for a Scientology member convicted to 30 years in prison for rape, after his sentence.
The thing that gets me is that "paedophile" is an easy bogey man to let us point fingers because literally everyone (no offense ace folk) has at one time been attracted to minors. And we are embedded in a Patriarchal society that puts an emphasis on youthful femininity as a commodity. So pushing the "paedo" button is the same thing that cults do: leverage shame to gain authority.
Even the purest of intentions can't justify by itself any particular decision or action taken. The decision or action itself must be evaluated on its own merits. Or you find yourself excusing everybody from abusive partners to dictators (which we see everywhere, unfortunately).
> But time and time again the outcome of such actions (when left un-countered) does seem to end up with more spying on civilians.
A good example of this in the UK is the Regulation of Investigatory Powers Act [0] that constrains anti-terrorist surveillance and investigation, but which ended up, amongst other things, being used by local councils to track whether children lived in particular school catchment areas, tracking fly-tippers, etc.
It's the same with benevolent aristocracy, I'm sure there have been good rulers in the past who considered it their duty to serve the interest of the people and be benevolent, however 80-90% (conservative estimate) are not. They see themselves as the pinnacle of humanity and "why not? why shouldn't I do whatever I want? The peasants are wrong!" . It's the same with all positions of power and why there have to be counterbalances like courts and laws to protect privacy.
You are so conspiratorial! I just can't believe that anyone would want total control of everyone else's data, while remaining entirely anonymous and unaccountable themselves! /s
I actually think that it's coming to the point that the gains of technology, even large bits such as 'the internet' or mobile phones, are so inhuman that it's not worth it. I think modern tech can easily be characterised an almost entirely subsumed for governmental and corporate control. If we thought giving banks licenses to print money was bad, giving these nefarious entities control over everyone's data will be far worse.
I am all for privacy and so on, however you have to admit that with the current technology alone it's basically impossible to track or prevent certain types of crimes - and it's becoming more and more difficult. I am decently sure that terror attacks are prevented on a monthly/yearly basis - luckily, it doesn't make the news, when it does it's too late.
Child pornography is another beast difficult to solve - again, I am quite sure that they are able to find groups etc on a more frequent basis than we think. When they don't, I don't even want to think about it.
What tools do current investigators have? If you were a detective investigating a case, what would you do or use?
Basically everything useful is either 1) illegal, or 2) technically almost impossible to do (e.g, decrypting https which takes still years to brute force). You could try to ask for a favor left and right to get to a search warrant or install spying devices and "fix" (1) but how the hell do you break (2)?
Communication is happening online and a "military grade encrypted channel" has basically become the standard way of communicating with each other.
The few who still use outdated clients or protocols - shame on them.
So, yeah, I really do understand the fact that governments want access to data for their own nasty purposes, however, what can we do as a society to make it 1) difficult for average Joe to use military grade encryption to act criminal, 2) easier for police to find criminals?
I know a knife can be used to cut bread or to kill someone, however, we're talking here about groups of hundreds of people sharing child pornography - that's not a knife, it's a freaking weapon of mass destruction in the hands of people who shouldn't ever ever have access to them.
No, I don't want the Chinese way, but what can we do to avoid getting there?
Encryption is a solved problem. Easy to implement solutions are available everywhere. (yes, post-quantum cryptography is not yet solved, irrelevant for the current discussion).
That means that even if it were technically possible to create "legally-breakable-encryption", criminals would simply use real encryption and law abiding citizens would be stuck with broken "encryption" and be vulnerable to government surveillance... and to said criminals. I.e.: there are only downsides. And government experts know this just as well as anyone. Which makes their agenda very clear.
More in general, imho, the benefits have to outweigh the costs: even if breaking all encryption would have offered a small benefit in fighting bad guys, that still does not outweigh the costs of a total loss of privacy (think china) for everyone.
Same for digitalID. Or digital currency. Soon there will be lobbying for removing cash. Of course because it is used by criminals and cannot be tracked. Who cares that you need electronic device and connection for make any digital transaction. Or who cares that it is absloute surveillance by state. But it is for our safety of course. You need to sacrifice your freedom for safety of others!
I see this argument often, it's basically taken as an obvious truth in tech circles at this point, but I've seen very little evidence of that happening so far.
To be clear, I think these anti-CSAM laws are pretty terrible, but I wouldn't attribute malice where simple incompetence suffices, as the saying goes.
Why not both? Incompetence AND lust for power. It's evident all over humanity, back as long as we have recorded history. You can see it from an assistant manager at your local convenient mart all the way up to Presidency and Prime Ministership. Every bit of liberty you cede to these jokers is one you likely won't get back. I don't want that for my children or descendants.
Apple’s ill thought out on-device CSAM detection and thankfully, the removal of it from its plans after heavy pushback comes to mind.
Any time a specific ability is granted or is available to law enforcement, it will expand to broaden surveillance on everything. CSAM is horrific, despicable and devastating. But the way law enforcement treats it as an easy “in” to push for more surveillance and more powers for itself is shameful.
It’s not shameful that people try to grab power to stop evil, it’s natural. What’s shameful is that we don’t have more political checks against these type of power grabs. And that citizens who could stand up and fight against abusive surveillance are increasingly apathetic.
Mostly because they can go for those power grabs again, and again - ad nauseam.
After a while populace is just bored of fighting, and only few people care.
It's absolutely shameful. These people are not naive children. They know exactly the ramifications of the tradeoff, which indicates that they are not doing so in good faith, but rather at the behest of vested interests.
Pedantic but I would still say it's shameful although expected. Like that it is shameful to have your car stolen if you leave it unlocked with the keys in clear view on the driver's seat, although it is expected.
Also that would have set the precedence for the police to use apple as a proxy to put software on your phone/computer to monitor everything you do and scan for them, while they lean back in office chairs and wait for a hit. Same would have been extended to any and all government bureaucracy. No warrant, no innocent until proven guilty; guilty until proven innocent is their credo.
> Apple’s ill thought out on-device CSAM detection and thankfully, the removal of it from its plans after heavy pushback comes to mind.
Calling Apple's CSAM detection "ill thought out" seems to me to be letting the perfect be the enemy of the good.
Remember when everyone was up in arms about W3C standardizing DRM? Yes, the world would be better without DRM. But the DRM exists and will continue to exist. Arguing for not standardizing DRM isn't arguing for DRM to not exist, it's arguing for it to not be standardized. The encrypted media extensions let me watch DRM-protected content on Linux instead of being locked out of it all because none of the proprietary DRM everyone's using works on anything but Windows/OSX. Linux and Firefox and a DRM blob so I can watch Netflix is better than being forced to use Windows 10 with all its telemetry, Microsoft proprietary DRM, and a browser from Google or Microsoft to watch things.
Yes. It would be better if the government stayed the hell away from my files. Apple not implementing their CSAM scanning didn't get rid of the underlying issue or argument. It just means that it's no longer the tech industry setting the standard for how this will work--it's going to be the government.
Apple's implementation[0] was about as privacy preserving as we can hope for. It only scanned media that was about to be uploaded to their cloud service. It did scanning on device and used crypto to ensure, mathematically, that they couldn't even access the _hash_ of matching images until such a point that enough images matched to cross a threshold. They had client devices feed in fake matches to obscure even the number of potential matches that occur before reaching the threshold. At any no point in any of this is it possible for them to retrieve even the hash of an image that does not match, even after you've passed the threshold.
Would it be better if none of this happened at all? Sure. Is this a _fuck_ of a lot better than what we're seeing Europol pushing for? Absolutely.
Apple cancelling their scanning was a short term win. This isn't a new problem, and this isn't one that's going away. We can throw all the technical solutions we want at it, but it's not a technical problem. ("Sorry, can't scan user's content it's all end-to-end encrypted!". "Don't care. You wrote the encryption. Work around it.". "It's impossible!". "Okay, enjoy your new regulation that all encryption has to have a backdoor HTH HAND.")
I'd rather lose the battle and win the war. Let's put the most privacy-preserving CSAM scanning we can in place and take that card out of play. Let the regulators come out and try and explain how "Well yeah, you're scanning every image for CSAM but, uh, it's not enough. We do really need to see _all_ the images people have on their phones!". We're not making an argument, we're drawing a hard line and standing in place. The Europols of the world are not going to stop pushing. Apple's big, but not "override the EU" big.
When push comes to shove, we will lose. The EU _will_ respond with regulations. Maybe not now, but it should be obvious the way the winds are shifting. I'd bet my left testicle their vision for this is much more onerous than what Apple was proposing.
But hey, at least we can tell our children (away from our phones or any other electronics, and probably standing somewhere deep in the woods) that we were proudly defiant to the end.
The question being debated right now is not “which precise scanning technology should we use,” but rather: “should we scan private photos and messages for CSAM and other illicit content.” By proposing a scanning system that scanned user-private, unshared photos Apple announced that they felt the answer was “yes.” Everything else is a technical detail.
And to be clear, once you’ve established the capability and the principle of the thing, the technical details will not remain static. The EU regulation already requires scanning for novel CSAM content and “grooming conversations,” because the people proposing this tech think hash-based photo scanning is insufficient. Having conceded the need to scan users’ private data Apple would have found itself mired in a long-term losing argument about specific technologies, one that the public wouldn’t understand or care about. And the other side would have the force of law behind them.
What precisely was Apple’s plan to maintain this “balance” then? Refuse to obey the law? Leave Europe? To paraphrase apocryphal Winston Churchill: there is one point at which you can defend your stance on principle, once you abandon that everything else is just haggling on price.
> Remember when everyone was up in arms about W3C standardizing DRM?
I'm really surprised how well that actually turned out.
Whatever you say about DRM (and I'm no fan of it myself), at least W3C's version is as open as it can be. You're prevented from making a copy of whatever you watch (which, to be entirely honest, is a very reasonable precaution in the age of streaming), but you can still write browser extensions[1] or even custom Electron apps[2] that interact with the video element in other ways. If you want automatic skipping of intros, changing playback rate where such functionality isn't supported, access to community subtitles or subtitle-related tools useful when learning foreign languages[3], automatic subtitle reading (with a synthetic voice) or even a completely custom Multi View interface, it's all possible. You can even do synchronized playback across multiple users[4], as long as all of them are authorized to play the relevant media. You could have achieve none of this if you had to use a Flash-based player with no programmatic access to its state whatsoever. It's the best compromise we could have hoped for.
That's exactly it. We know Apple plays by the rules. EU demands it and they make all phones USB-C, CCP demands it and they host iCloud stuff in PRC. If they are required to give out data to fight CSAM, they will comply. Hopefully Apple would try to not make it "free for all" but whatever they do it will probably be hidden behind relevant regulations, as opposed to a solution they tried to push.
It's very naive to think that Apple's solution would remain as described in that paper. All it takes is a push for 'proactive searching for images not in the database' through e.g. models predicting whether an image is CSAM or something and you have countless cases like [0]. This needs to be wholly unacceptable. Once the system is put in place, expanding it is a much easier pill for the public to swallow.
CSAM & apple debacle shows we can win some of the time. I'm not going to give up. CSAM was a huge precedent for having government sponsored software on your phone, running 100% of the time, scanning your device. That is just plain fucking awful and it was new and precedent setting. It had to fought tooth and nail, and it was just "don't let perfect be the enemy of the good". I'm sorry to be so blatant but that's what it was. Yeah I read the pdf and understood what they were doing, it was a crack in the armor of having government surveillance software on your phone and computer 24/7 and that is huge.
This is part of why I think politically there is no point trying to co-operate with these people and convince them to maybe not collect so much.
The only way to stop them doing this is for folks in the right places to make it technically impossible.
In a similar note: The fact that its taken years to roll out TLS ECH and DoH which would make a lot of passive surveillance of the internet much more difficult is only enabling bad faith actors like Europol et al.
> The only way to stop them doing this is for folks in the right places to make it technically impossible.
Sure. Then they'll pass legislation making it a crime to implement technical measures preventing such data collection, and simply lock up everyone you are talking about.
The premise is more optimistic than you are suggesting:
1. Mass spying is unpopular. The only reliable support base is a small-ish group of unlikable busybodies.
2. Reducing civil liberties tends to come back to bite the people who implement it. The best part of the Trump backlash is watching the intelligence apparatus come down on the Republicans. Karma in a nutshell, they were one of the major enablers of all that stuff after 9/11. All these ideas like free speech and private communication are ultimately to protect politicians.
3. It is practically difficult to stop. Any country that tries to stop encrypted messengers would have to cripple their own economy by bringing in such limited computers that they can't do anything. And they'd be hopelessly vulnerable to foreign espionage.
This is not that hard of a political fight. They tried to ban strong encryption back in the PGP era and look how that went - SSL is everywhere, encrypted protocols are everywhere, we have cryptographically based assets and every company is encrypting everything they can lay their hands on at rest. The ban-encryption camp has a track record of complete failure. And The Children have been Thought Of and are living in the best era ever to be children.
If I were a government, I would let the police do its job without mass surveillance. Also, not all problems can be solved. Or, if I were a government, I would command all companies and individuals to drop what they are doing and work non-stop on cancer research.
Always keep in mind that such oppressive legislation backed by silly arguments is possible because the people at large are essentially OK with this, and many of them even support it outright if it means getting "tougher on crime" or whatever.
The true enemies of freedom aren't shadowy cabals scheming in back rooms – they are your neighbors, your coworkers, some of your friends, and possibly even some of your family members.
One of my problems with representative democracy is that there is never a candidate that ticks all my boxes. I.e. an actual representative. If I vote for someone to keep my digital liberties, they want to ban nuclear power instead, or whatever. It's all a tradeoff, and I don't think it's good that the tradeoff needs to happen so early in the process of representating me.
I like Switzerland (where I currently live,) because they have direct voting on topics, mixed with electing representatives. There's a filter so the people don't have to vote on everything, but for the big questions, there's already a system in place to ask the people. That must have sucked 100 years ago, when communication was more limited, but today, I think every nation should move to it. It also keeps the people engaged (voting on 3-4 topics every quarter,) and not just something that happens every four years.
Maybe that would have saved Sweden from the extreme sides of (nationalist) politics, and from banning investments into nuclear for 40 years before ripping that up. Mind you the nuclear disinvestment was based on a (non-binding) ballot vote, but my problem is no one dared challenge it, or have a process to re-ballot the question, in 40 years. Even in light of new climate information.
> because the people at large are essentially OK with this,
Only because they are not informed about what this is actually about. It's all about framing.
* Do you want the police to have better tools to fight child abuse? -> Of course!
* Do you want the police to see what private messages you are sending to your loved ones so that they can ensure that you are not a pedophile? -> Hell no!
> Do you want the police to see what private messages you are sending to your loved ones so that they can ensure that you are not a pedophile?
Most people doesn't even care anymore, they know they're always spied on when they use messenger or instagram (covering the whole age spectrum here), they'll always hit you with the "I don't have anything to hide"
These two questions are at the root of this conundrum, but you're not being completely accurate.
What exactly is your justification for regarding your right to privacy in your communication with your loved ones is more important than the right of the police to fight child abuse?
I believe most people would not agree with this exact proposition, but with a different one: that once the police is given the power to fight child abuse, which can only be given by allowing them to access private communications of anyone suspect of being involved in such crime, then there will be abuse of power and they will use that access to also fight other crimes or even for political gain, as tends to happen in authoritarian states.
I would absolutely be willing to forego my right to privacy under certain circumstances given that there were strong enough guardrails in place to prevent abuse in the future if that would allow child abuse and other hideous crimes to be prevented - it would be immoral to not do so. However, as most other people in tech, I have enough knowledge to understand that it would not be possible at all to prevent abuse with current technology - once the power exists at all to break into communications, anyone with enough motivation and resources available will be able to do it, not just the intended receipients of such power, unfortunately.
If you really want people on the other side of the debate to understand you, you need to stop being so simplistic - there are very good justifications for their positions if you remove the practical limitations of being able to stop abuse - which they do not understand, and I suspect a lot of people in tech even also fail to comprehend.
I would even go as far as to say that future technology may change this: it may be possible to have completely abuse-proof technologies in the future which, if it existed, would make me change my position on this matter.
For example, something that uses blockchain technology to make it cryptographically impossible for the police to access someone's communications without having a warrant?? And making that warrant only usable by the police if it was also approved by a number of different, independent groups, including groups advocating for privacy (something like a "smart contract" could do this?)??
You can say these are stupid ideas, and I would probably agree... but my point is that this may not be impossible, and perhaps people who are really concerned about privacy while also having an understanding of why the police may need this sort of power should be actually trying to find ways to do this properly instea d of just keeping repeating the mantra that no, this is impossible and we'll have to live with child abuse , terrorism etc. forever?!
The "true enemies" are the folk scheming in backrooms who hope to succeed by the ignorance of the rest of the folk you listed. Are my neighbors, coworkers, etc. a problem in this battle? Yes, absolutely, but they're not the ones acting with malicious intent.
It's not ignorance, it's malice. "The people" are much smarter, but much more evil, than commonly assumed.
And ironically, the false idea that the population is ignorant of every important issue is yet another argument for invasive, controlling regulation of everything...
You are quite possibly correct. Late-modern monarchies, absolutist on paper, were certainly granting more freedoms to their people than those people themselves would have likely voted for, had they been given the power to do so. I can only imagine what an "Enlightened Absolutist" European monarchy would look like in the 21st century. Pity that proto-fascist faux-democracies are all that is left.
It's ironic to me that the EU led the charge in cookie notices and is now pushing this. Although one is privacy from corporations and the other is privacy from the government.
Definitely, it's this. The EU treats companies like they're horrible monsters, and then looks away when it does far worse shit.
It's (the EU's) authoritative to companies by suppressing them with penalties and bueacratic laws, but allows itself (the governments and states) unending tolerance in whatever it does.
> “All data is useful and should be passed on to law enforcement, there should be no filtering by the [EU] Centre because even an innocent image might contain information that could at some point be useful to law enforcement.
Aha, you first. Oh, this lady only meant our data, not theirs.
Stuff like this happens because people at large lose their shit, or at least pretend to, when it comes to "child safety". Impossible to even have a straight conversation. It's straight up dangerous
> When Lauren McCluskey, a University of Utah senior and track star, first alerted campus police to the fact that someone had accessed compromising photos of her and was attempting to extort her for $1000 in 2018... But she forwarded the photos and threatening messages she’d received to campus police anyway, and now, nearly two years after her death, the Salt Lake Tribune reports that the officer who received them saved them to his personal cell phone and later flaunted the photos to male coworkers.
Can't wait for the competent police officers at my local station to call me in order to have full access to my phone based on some photos I sent to my mom regarding her niece (my daughter).
> In the same meeting, Europol proposed that detection be expanded to other crime areas beyond CSAM, and suggested including them in the proposed regulation.
And there it is, just as anyone would expect. It’s never just about Protecting The Children™.
I was wondering why there are suddenly so much vitriol online lately about "protecting the children". I guess it is just the same old social engineering trick.
Like the war on terror and drug war and all kind of "icky things" previously. Just excuses and a red herring to implement something dubious.
There's plenty to actually protect children from. Doesn't mean it doesn't also get used as a fig leaf for other things, but if you think it's only ever a fig leaf you are sorely mistaken.
Readit News
And no I am not into conspiracy theories. It’s same as with attempts at “breakable encryption”, it’s offered up under the guise of fighting child-abuse/terrorism/<insert-terrible-thing-everybody-has-to-agree-is-terrible>, but the goal is to increase government access to all communications between civilians.
https://www-svd-se.translate.goog/a/ona477/kandisbolaget-tho...
https://www.lemonde.fr/en/les-decodeurs/article/2023/09/26/t...
"...Those aforementioned media reports point to alleged close working relationships between the European Commission and a broad network of tech companies, foundations, security agencies and PR agencies, including Thorn and WeProtect Global Alliance, indicating possible undue influence in the drafting of the proposal. Of particular concern are the allegations that the solutions laid down in the legislative proposal to fight CSAM supposedly replicate the solutions designed by those groups, contributing thereby to furthering their economic interests..."
This is of course, the same Ashton Kutcher, who recently wrote a letter advocating leniency for a Scientology member convicted to 30 years in prison for rape, after his sentence.
But time and time again the outcome of such actions (when left un-countered) does seem to end up with more spying on civilians.
A good example of this in the UK is the Regulation of Investigatory Powers Act [0] that constrains anti-terrorist surveillance and investigation, but which ended up, amongst other things, being used by local councils to track whether children lived in particular school catchment areas, tracking fly-tippers, etc.
[0] https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Po...
I actually think that it's coming to the point that the gains of technology, even large bits such as 'the internet' or mobile phones, are so inhuman that it's not worth it. I think modern tech can easily be characterised an almost entirely subsumed for governmental and corporate control. If we thought giving banks licenses to print money was bad, giving these nefarious entities control over everyone's data will be far worse.
Child pornography is another beast difficult to solve - again, I am quite sure that they are able to find groups etc on a more frequent basis than we think. When they don't, I don't even want to think about it.
What tools do current investigators have? If you were a detective investigating a case, what would you do or use?
Basically everything useful is either 1) illegal, or 2) technically almost impossible to do (e.g, decrypting https which takes still years to brute force). You could try to ask for a favor left and right to get to a search warrant or install spying devices and "fix" (1) but how the hell do you break (2)?
Communication is happening online and a "military grade encrypted channel" has basically become the standard way of communicating with each other. The few who still use outdated clients or protocols - shame on them.
So, yeah, I really do understand the fact that governments want access to data for their own nasty purposes, however, what can we do as a society to make it 1) difficult for average Joe to use military grade encryption to act criminal, 2) easier for police to find criminals?
I know a knife can be used to cut bread or to kill someone, however, we're talking here about groups of hundreds of people sharing child pornography - that's not a knife, it's a freaking weapon of mass destruction in the hands of people who shouldn't ever ever have access to them.
No, I don't want the Chinese way, but what can we do to avoid getting there?
Can you think of something?
Encryption is a solved problem. Easy to implement solutions are available everywhere. (yes, post-quantum cryptography is not yet solved, irrelevant for the current discussion).
That means that even if it were technically possible to create "legally-breakable-encryption", criminals would simply use real encryption and law abiding citizens would be stuck with broken "encryption" and be vulnerable to government surveillance... and to said criminals. I.e.: there are only downsides. And government experts know this just as well as anyone. Which makes their agenda very clear.
More in general, imho, the benefits have to outweigh the costs: even if breaking all encryption would have offered a small benefit in fighting bad guys, that still does not outweigh the costs of a total loss of privacy (think china) for everyone.
I see this argument often, it's basically taken as an obvious truth in tech circles at this point, but I've seen very little evidence of that happening so far.
To be clear, I think these anti-CSAM laws are pretty terrible, but I wouldn't attribute malice where simple incompetence suffices, as the saying goes.
Dead Comment
Any time a specific ability is granted or is available to law enforcement, it will expand to broaden surveillance on everything. CSAM is horrific, despicable and devastating. But the way law enforcement treats it as an easy “in” to push for more surveillance and more powers for itself is shameful.
They only have to succeed once, and the law is written and stamped.
Those who seek this kind of power over others are themselves EVIL by definition
An absolutely stupid and disastrous move.
Except all of the cloud providers are already scanning uploaded photos for CSAM and have been for years. Trying to blame Apple for this is insane.
Calling Apple's CSAM detection "ill thought out" seems to me to be letting the perfect be the enemy of the good.
Remember when everyone was up in arms about W3C standardizing DRM? Yes, the world would be better without DRM. But the DRM exists and will continue to exist. Arguing for not standardizing DRM isn't arguing for DRM to not exist, it's arguing for it to not be standardized. The encrypted media extensions let me watch DRM-protected content on Linux instead of being locked out of it all because none of the proprietary DRM everyone's using works on anything but Windows/OSX. Linux and Firefox and a DRM blob so I can watch Netflix is better than being forced to use Windows 10 with all its telemetry, Microsoft proprietary DRM, and a browser from Google or Microsoft to watch things.
Yes. It would be better if the government stayed the hell away from my files. Apple not implementing their CSAM scanning didn't get rid of the underlying issue or argument. It just means that it's no longer the tech industry setting the standard for how this will work--it's going to be the government.
Apple's implementation[0] was about as privacy preserving as we can hope for. It only scanned media that was about to be uploaded to their cloud service. It did scanning on device and used crypto to ensure, mathematically, that they couldn't even access the _hash_ of matching images until such a point that enough images matched to cross a threshold. They had client devices feed in fake matches to obscure even the number of potential matches that occur before reaching the threshold. At any no point in any of this is it possible for them to retrieve even the hash of an image that does not match, even after you've passed the threshold.
Would it be better if none of this happened at all? Sure. Is this a _fuck_ of a lot better than what we're seeing Europol pushing for? Absolutely.
Apple cancelling their scanning was a short term win. This isn't a new problem, and this isn't one that's going away. We can throw all the technical solutions we want at it, but it's not a technical problem. ("Sorry, can't scan user's content it's all end-to-end encrypted!". "Don't care. You wrote the encryption. Work around it.". "It's impossible!". "Okay, enjoy your new regulation that all encryption has to have a backdoor HTH HAND.")
I'd rather lose the battle and win the war. Let's put the most privacy-preserving CSAM scanning we can in place and take that card out of play. Let the regulators come out and try and explain how "Well yeah, you're scanning every image for CSAM but, uh, it's not enough. We do really need to see _all_ the images people have on their phones!". We're not making an argument, we're drawing a hard line and standing in place. The Europols of the world are not going to stop pushing. Apple's big, but not "override the EU" big.
When push comes to shove, we will lose. The EU _will_ respond with regulations. Maybe not now, but it should be obvious the way the winds are shifting. I'd bet my left testicle their vision for this is much more onerous than what Apple was proposing.
But hey, at least we can tell our children (away from our phones or any other electronics, and probably standing somewhere deep in the woods) that we were proudly defiant to the end.
[0]: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...
And to be clear, once you’ve established the capability and the principle of the thing, the technical details will not remain static. The EU regulation already requires scanning for novel CSAM content and “grooming conversations,” because the people proposing this tech think hash-based photo scanning is insufficient. Having conceded the need to scan users’ private data Apple would have found itself mired in a long-term losing argument about specific technologies, one that the public wouldn’t understand or care about. And the other side would have the force of law behind them.
What precisely was Apple’s plan to maintain this “balance” then? Refuse to obey the law? Leave Europe? To paraphrase apocryphal Winston Churchill: there is one point at which you can defend your stance on principle, once you abandon that everything else is just haggling on price.
I'm really surprised how well that actually turned out.
Whatever you say about DRM (and I'm no fan of it myself), at least W3C's version is as open as it can be. You're prevented from making a copy of whatever you watch (which, to be entirely honest, is a very reasonable precaution in the age of streaming), but you can still write browser extensions[1] or even custom Electron apps[2] that interact with the video element in other ways. If you want automatic skipping of intros, changing playback rate where such functionality isn't supported, access to community subtitles or subtitle-related tools useful when learning foreign languages[3], automatic subtitle reading (with a synthetic voice) or even a completely custom Multi View interface, it's all possible. You can even do synchronized playback across multiple users[4], as long as all of them are authorized to play the relevant media. You could have achieve none of this if you had to use a Flash-based player with no programmatic access to its state whatsoever. It's the best compromise we could have hoped for.
[1] https://chrome.google.com/webstore/detail/netflix-extended/g... [2] https://multiviewer.app/ [3] https://chrome.google.com/webstore/detail/netflix-dual-subti... [4] https://www.teleparty.com/
You're just advocating for frog boiling.
https://www.nytimes.com/2022/08/21/technology/google-surveil...
The only way to stop them doing this is for folks in the right places to make it technically impossible.
In a similar note: The fact that its taken years to roll out TLS ECH and DoH which would make a lot of passive surveillance of the internet much more difficult is only enabling bad faith actors like Europol et al.
Sure. Then they'll pass legislation making it a crime to implement technical measures preventing such data collection, and simply lock up everyone you are talking about.
What's the real solution?
1. Mass spying is unpopular. The only reliable support base is a small-ish group of unlikable busybodies.
2. Reducing civil liberties tends to come back to bite the people who implement it. The best part of the Trump backlash is watching the intelligence apparatus come down on the Republicans. Karma in a nutshell, they were one of the major enablers of all that stuff after 9/11. All these ideas like free speech and private communication are ultimately to protect politicians.
3. It is practically difficult to stop. Any country that tries to stop encrypted messengers would have to cripple their own economy by bringing in such limited computers that they can't do anything. And they'd be hopelessly vulnerable to foreign espionage.
This is not that hard of a political fight. They tried to ban strong encryption back in the PGP era and look how that went - SSL is everywhere, encrypted protocols are everywhere, we have cryptographically based assets and every company is encrypting everything they can lay their hands on at rest. The ban-encryption camp has a track record of complete failure. And The Children have been Thought Of and are living in the best era ever to be children.
As a start, moving away from UDP is an improvement
The true enemies of freedom aren't shadowy cabals scheming in back rooms – they are your neighbors, your coworkers, some of your friends, and possibly even some of your family members.
I like Switzerland (where I currently live,) because they have direct voting on topics, mixed with electing representatives. There's a filter so the people don't have to vote on everything, but for the big questions, there's already a system in place to ask the people. That must have sucked 100 years ago, when communication was more limited, but today, I think every nation should move to it. It also keeps the people engaged (voting on 3-4 topics every quarter,) and not just something that happens every four years.
Maybe that would have saved Sweden from the extreme sides of (nationalist) politics, and from banning investments into nuclear for 40 years before ripping that up. Mind you the nuclear disinvestment was based on a (non-binding) ballot vote, but my problem is no one dared challenge it, or have a process to re-ballot the question, in 40 years. Even in light of new climate information.
Only because they are not informed about what this is actually about. It's all about framing.
* Do you want the police to have better tools to fight child abuse? -> Of course!
* Do you want the police to see what private messages you are sending to your loved ones so that they can ensure that you are not a pedophile? -> Hell no!
Most people doesn't even care anymore, they know they're always spied on when they use messenger or instagram (covering the whole age spectrum here), they'll always hit you with the "I don't have anything to hide"
Most conversations I have with non-techy people, they end up saying "Yes" to both.
What exactly is your justification for regarding your right to privacy in your communication with your loved ones is more important than the right of the police to fight child abuse?
I believe most people would not agree with this exact proposition, but with a different one: that once the police is given the power to fight child abuse, which can only be given by allowing them to access private communications of anyone suspect of being involved in such crime, then there will be abuse of power and they will use that access to also fight other crimes or even for political gain, as tends to happen in authoritarian states.
I would absolutely be willing to forego my right to privacy under certain circumstances given that there were strong enough guardrails in place to prevent abuse in the future if that would allow child abuse and other hideous crimes to be prevented - it would be immoral to not do so. However, as most other people in tech, I have enough knowledge to understand that it would not be possible at all to prevent abuse with current technology - once the power exists at all to break into communications, anyone with enough motivation and resources available will be able to do it, not just the intended receipients of such power, unfortunately.
If you really want people on the other side of the debate to understand you, you need to stop being so simplistic - there are very good justifications for their positions if you remove the practical limitations of being able to stop abuse - which they do not understand, and I suspect a lot of people in tech even also fail to comprehend.
I would even go as far as to say that future technology may change this: it may be possible to have completely abuse-proof technologies in the future which, if it existed, would make me change my position on this matter.
For example, something that uses blockchain technology to make it cryptographically impossible for the police to access someone's communications without having a warrant?? And making that warrant only usable by the police if it was also approved by a number of different, independent groups, including groups advocating for privacy (something like a "smart contract" could do this?)??
You can say these are stupid ideas, and I would probably agree... but my point is that this may not be impossible, and perhaps people who are really concerned about privacy while also having an understanding of why the police may need this sort of power should be actually trying to find ways to do this properly instea d of just keeping repeating the mantra that no, this is impossible and we'll have to live with child abuse , terrorism etc. forever?!
Dead Comment
The "true enemies" are the folk scheming in backrooms who hope to succeed by the ignorance of the rest of the folk you listed. Are my neighbors, coworkers, etc. a problem in this battle? Yes, absolutely, but they're not the ones acting with malicious intent.
And ironically, the false idea that the population is ignorant of every important issue is yet another argument for invasive, controlling regulation of everything...
It's (the EU's) authoritative to companies by suppressing them with penalties and bueacratic laws, but allows itself (the governments and states) unending tolerance in whatever it does.
you got it backwards
eu: cookies/tracking is bad, don't do it. if you _really_ need to, you have to ask.
big-tech: fuck this! of course we need to track users. we're just gonna ask everyone all the time and put the blame back on you.
It's one and the same thing.
They disregard property rights and order everyone about.
The reason this seems strange to you is you didn't care when they did that to Web site operators.
'Authoritarian supporters of privacy' is a position it's possible to take.
Which begs the question of whether democratic/authoritarian or surveillance/privacy is the more important characteristic.
Aha, you first. Oh, this lady only meant our data, not theirs.
Stuff like this happens because people at large lose their shit, or at least pretend to, when it comes to "child safety". Impossible to even have a straight conversation. It's straight up dangerous
Can't wait for the competent police officers at my local station to call me in order to have full access to my phone based on some photos I sent to my mom regarding her niece (my daughter).
This will have a Streissand effect like no other.
Is this a typo? I can't imagine how this would work without some familial intermingling.
And there it is, just as anyone would expect. It’s never just about Protecting The Children™.
Like the war on terror and drug war and all kind of "icky things" previously. Just excuses and a red herring to implement something dubious.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...