“Think of the children” is, as usual, just to get the foot in the door. They use it as a justification, because it works.
Of course CSAM is bad, shouldn’t we do everything in our power to prevent it? If you implement client-side scanning, you will catch some rookies. Some old pervs that don’t know how to use encryption manually, or use Matrix. They will use them to show how effective the system is…
with the exception that it doesn’t work against anyone who knows anything about computers. And I think the regulators know it, they aren’t dumb (imo). It’s, like I said earlier, an excuse to expand the scope of scanning later.
And of course in the released minutes the details of which idiot made which claim are redacted.
So much for the transparency and accountability they’ll no doubt promise will be there for the process of accusations (not that this makes the idea any better, useful, or more palatable), which need not apply to themselves.
Sorry this is not quality journalism and you misunderstood the message further.
1. The meeting tool place after the commission made it's proposal, meaning that contrary to the way the article sets it up, the meeting couldn't have shaped the proposal.
2. The screenshot of a meeting report states that Europol wants access to the same info as Member States for specific cases, contrary to your summary it doesn't say anything about access to all data.
3. That police agencies want to include further areas into the legislation is not unusual. That doesn't guarantee it will happen, nor does the police body speak for the executive or legislators or represent the EU views as a whole.
I do think the proposals go a bit too far, on the other side the whole tech world assumption that anything has to stay lawless is just absurd. No one can deny there is a problem with pedophile material and to say to protect the purity of free speech all such issues have to stay unaddressed is just a position blind to reality.
It's so disheartening to follow these. Time after another we hear about some insane Orwellian plot to exploit our deepest secrets. All spun so that the masses will think it's for some noble cause like protecting the children when really it's anything but. And it never stops! Tackle one and it's back a year later in some even more devious form like a fucking Hydra. I'm just so tired I wanna move into a cottage in the woods.
> shouldn’t we do everything in our power to prevent it?
I'm more concerned about the original abuse. The pictures are obviously an issue as they create a market _for_ abuse, but if you're not targeting the original crime, I don't think you stand a chance of actually improving the world by destroying rights.
Are they thinking of the children when they raid dad's home because a picture of a kids genitals went to a physician for tele-medicine?
Are they thinking of the kids when they come for dad when dad really doesn't like his pictures scanned and self-hosts his infra and uses a Linux based phone?
Still flabbergasted how effective the lobbying circles around Thorn have been in recent years. I wish no less than this law getting sent to Spam and Ylva Johansson, the accountable EU commissioner, to be forced to step back.
The EU legislator Martin Sonneborn, member of the German satirist party "Die Partei", is proven he was right when in beginning of the legislature he just enumerated all the criminal and semi-criminal acts of several members of the current EU commission. Led by von der Leyen who also has a horrible track record in German politics. "Europa nicht den Laien überlassen"
It's actually not funny anymore because those people are destroying everything.
Now now, millionaires need hobbies too. They can't swing for the outer edges of the atmosphere so decimating privacy on the Internet will have to do I guess. Ashton's urge to protect the children apparently trumps the privacy of 450 million EU citizens and you would think he'd be able to extend some of that zeal to adult victims of abuse as well but going by his letter to the jury on behalf of Danny Masterson, you'd be wrong.
From my understanding, Johansson is also the Commissioner who, after it coming to light that the Europol had had a little too much fun mass collecting data and gleefully violating EU citizens' privacy rights, stepped into action that resulted in an effort to pass a new law that retroactively made everything the Europol did legal.
It's the 1,5min speech where Sonneborn enumerated some cases, unfortunately in German. AFAIR when he held it, I researched a couple of names and issues he mentioned that didn't look too polemic. In general, he (and his team) is doing what I'd call "trustworthy research" packed up into satire.
I want to see a mockup of the UI that Whatsapp will show for this...
I want to see some quick animation that shows each image sent being inspected for nudity, children, weapons, and a list of other things. I want to see the probability of each item shown to the user. I want the decision thresholds to be shown, and the animation showing the rest of what will happen to them if the threshold is exceeded (ie. "Report to police", "fired from job", "Judge", "Prison").
If whatsapp manage to manage to convey all that in a 3 second animation whenever an image is sent, I think users will baulk and the law will be removed.
In the future sending a WhatsApp text message such as "I stand with Palestine" will have the police knocking at your door with an arrest warrant in hand. I think Germany or the UK will be the first places to implement it. The spirit of the Gestapo and Stasi lives on.
Not specific to this, but can we just rename the "European Union" to "Big Government" at this point? It feels like every month there is something else the EU is trying to be a nanny for and it is starting to feel like they're moving towards becoming something in the vein of what China does to their citizens and internet.
The EU is nothing like China. China is basically a dictatorship, run by a single party, with a single guy on top who can make far reaching decisions. The EU is a huge collection of institutions and political parties. Even if they agree on something in the parliament and the commission, they still need all the heads
of government - from every single member country - to agree before it becomes law. And even if they manage to do that, political activists can and have brought down laws using the European court of justice. These spy laws under the guise of protecting children from sexual abuse from zealot parties have come and gone for many years now, but functioning democracies like the EU have never seen them come to fruition.
The key difference is the EU doesnt have as much enforcement ability because they are not a dictatorship and the people they are governing have higher expectations. None of which is really a credit to the EU.
This is a fallacy of composition. A hearing to evaluate one proposal in one country is not 'The EU is doing a thing', any more than a hearing in a US state legislature or even in Congress is equivalent to a law being passed.
The thing is the Tech community doesn't have a clear and simple response to CSAM, although CSAM has proliferated with the growth of the internet. Nobody cares about the technical excuses; people care about the absence of any clear effort to reduce its availability and spread. Absent technical measures, people will continue to demand legislative ones.
> The thing is the Tech community doesn't have a clear and simple response to CSAM
The Automotive community doesn't have a clear and simple response to bank robbery. Nor are they expected to, because they are not a law enforcement agency.
There are lots of things you can do to reduce child abuse, the problem is conservatives hate anything that means sex is not taboo. The result is that they block any kind of meaningful sex ed, and make manipulating and abusing children much easier - manipulating children by telling them people will think they're sluts, or their parents will abandon them, or better yet that the victims are responsible are all standard tricks of abusers.
Then you get the constant negligible sentences when "good" people are found to be pedophiles, the constant victim blaming in courts (apparently "well look how they were dressed", "they were drinking", etc are still real defenses in the US). Look at the abuse received by people who reported that "great" coach in the US, when suddenly sports was more important than child abuse. Then of course you have the constant church coverups that are routinely ruled legal, and then the victims get called scammers.
This is before you get to the abuse of children allowed by people who are trying to "stop their child being LGBT", which is literally torture, but again 100% ok because the people doing it are the conservatives who fight actual meaningful changes to protect children.
Instead what we get is police saying we need to have an unauditable system to report the content of people's phones with no warrant. Ignore the immense cost of false accusations, ignore the documented failures of these systems, ignore the incredible scope for abuse by other people (is it CSAM, or is just LGBT content? because plenty of US states and countries consider them equal). Is it reporting to parents? Plenty of child abusers will want to know if their children are looking at anything LGBT related so they have an excuse to abuse their children.
Or maybe it's protest pictures, or pro-democracy material - once you've shipped this for CSAM, plenty of countries will immediately say "now you can do that, also include this opaque database of criminal images".
Or it could be Iran saying "images of women without a hijab should be reported".
You need to understand, once you say "a persons device should report a specific kind of content on a device to any entity", the technology is in place, and the original "specific kind" becomes whatever the country says a legal requirement, and it's legally required to report to the government.
The EU is speed running totalitarianism with good PR. What happened to the free market only and the absolutely swearing up and down it would stay that.
This law or proposal is so fundamentally absurd, instead of the EU or member states coming up with a proposal like Frontex but for hosting a centralized CSAM + other horrible potentially illegal images/links/videos hash/identifiers, where anyone with a website can pay lets say 20€ a month to access the API to scan images/links/videos instead it has to be the most dumbest "private market will regulate it" which effectively means, everything and anyone has to be scanned.
“Private market will regulate it” in this context doesn’t mean “no rules, they will sort it out on their own”, but “we don’t care and don’t know how they will comply with that law, and we won’t assist them in any way either, they will figure it out on their own.”
I would like to see an open discussion include the people who actually investigate CSAM crimes to talk about the tools they have and their limitations etc. to give people real context about what they might need for new laws.
Not that we should give law enforcement everything they want to do their jobs, but a voice coming from people with actual experience would help.
I get the sense that nearly everyone on both sides of this issue is entirely guessing.
I would like evidence that police actually use the tools and evidence they already have. There are currently more than 25 thousand rape kits in the US alone that have not been tested.
That is the entire answer for "is there any interest in solving sex crimes". If the police do not have the time or the money to do the most basic work possible having already made rape victims sit through the incredibly invasive process of taking the rape kit, why should we think that anything that gives them access to the content of people's devices is going to be used for any kind of sex crime inquiry?
Police do not care about sex crimes. CSAM detection is just their new angle to get unfettered warrantless access to everyone's data. Europol representatives have already explicitly stated that that's what they want this for.
> I get the sense that nearly everyone on both sides of this issue is entirely guessing.
I would hope that people base their political positions on strong evidence and/or the voices of subject matter experts. Alas, political positions are more based on what people want to be true, rather than what is true.
I'm almost 100% positive they will, there's a broad consensus among left and right that this proposal is bonkers.
What I've heard is that the only this is a proposal that child rights NGOs has been lobbying for, which I think we can both agree, are not expert in anything tech.
Sometimes I wonder if criminals aren't as lazy and prone to just using what's popular as the rest of us.
How often do communications done through a wide variety of channels that wouldn't satisfy a cypherpunk from email to Whatsapp show up on evidence before court, even if the people involved knew that they could end up in court? Weren't a bunch of criminals fooled by a literal FBI phone?
It depends on the level of criminal. The larger criminal organizations had their own phone networks. But even then, it's still suffers the same issues as any other organization in that at some point some of its members are going to be top notch and great at what they do, others will be the types to do the least possible or even ignore procedures.
If i open kik in my location there's whole bunch of people openly dealing drugs.
Maybe some are lazy. But it's a two way street. They probably are capable of using more secure means but that means far less customers.
Most Linux contributions are made by multi-billions companies like IBM/Redhat. They would not risk to contravene to law. For example that it conforms to the law, look at WiFi drivers. There are many requirement by local laws on which band to use, what kind of traffic is authorized, etc. The WiFi drivers (most of them opaque binaries) conform to each country law.
To make Linux not lawful, you would have to create your own kernel with your own altered drivers, except you can't modify binaries.
Even then how could you make you system unidentifiable? How would you have control over booting your modified Linux in a commercial computer that uses UEFI? How would you know that the commercial CPU is not phoning home through the Intel Management Engine?
You would have use a FPGA CPU, your own designed hardware and a trusted OS but at the end you will always rely on the work of thousands people and hundred companies.
Mainline WiFi drivers will easily let you break the law by just pretending to be in a place with different regulations. Assuming this ever gets implemented in Linux, there's no reason to believe you won't be able to just pretend to be in Uzbekistan or whatever where this EU law doesn't apply.
If literally every jurisdiction on Earth makes it a crime, then I guess this option would go away, but that seems unlikely to me.
> Most Linux contributions are made by multi-billions companies like IBM/Redhat.
The source code is published on the internet under the GPL. Anyone who doesn't like any of their contributions can take that one out and keep any of the others. Do you expect the Kali Linux people to include a backdoor?
> To make Linux not lawful, you would have to create your own kernel with your own altered drivers, except you can't modify binaries.
You can in fact modify binaries, it's just more work. For one person, once. Although that's fairly irrelevant because there exists hardware that doesn't require binary-only drivers.
> How would you know that the commercial CPU is not phoning home through the Intel Management Engine?
You install a firewall in front of it to detect or prevent this. Also, because it can be so easily detected and would be a scandal, it's very likely to be public knowledge if any commercial hardware in widespread use actually did this.
Remember, these are politicians. What they do doesn't have to make sense or be possible. All they have to do is pass laws. If it makes everyone a criminal that's good. The law just won't be enforced unless you rock the boat. Much like with the CFAA in the USA or GDPR in Europe.
but you are missing out that the solution is to keep making it inconvenient to let people use linux and other kinds of custom devices
eventually either nobody will use that, or they'll just jump the shark and outlaw such things
I know that for example in Canada, because taxes, ALL restaurants are (were?) FORCED to use a specific sets of devices else they're branded as tax-avoiders and dealt with accordingly
I've already had trouble using banking stuff under linux, I have had to cancel some cards because they became useless without a smartphone app (the real punchline is that I got a new card that's only works on a smartphone. but at least it was like this when I signed up; they didn't change how it works under my feet)
The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications.
Assuming the OS has privileged access to everything that runs on it, the EU just has to tell the vendor to implement scanning and reporting at ring(app-1) and let the vendors scramble to figure out how to make that fever dream a reality, no? Hell, put it into the Intel Management Engine/analogue and compromise every device subsequently manufactured. The pervs (or the freedom fighters, or the tentacle hentai underground, or whatever) will just have to go back to passing hardcopy in dank backrooms of no-longer-smoky-because-they-banned-smoking-in-pubs...pubs
>It's not dark magic to host a private, e2ee chat service.
But it might be a good way to attract the attention of law enforcement.
People running PGP phone services have been arrested and prosecuted because their networks were primarily used by criminals. If you run a encrypted chat service to circumvent the law you might be held accountable for what users use your encrypted chat service for.
I wonder what will happen if I just refuse. Get rid of apps or phones that scan. What are they going to do, really? I mean really? Am I going to jail? And for how long?
Me a father, hard working, tax paying, I just don’t want my messages scanned, are they going to put me in prison?
Readit News
Of course CSAM is bad, shouldn’t we do everything in our power to prevent it? If you implement client-side scanning, you will catch some rookies. Some old pervs that don’t know how to use encryption manually, or use Matrix. They will use them to show how effective the system is…
with the exception that it doesn’t work against anyone who knows anything about computers. And I think the regulators know it, they aren’t dumb (imo). It’s, like I said earlier, an excuse to expand the scope of scanning later.
Europol wants unfettered, unfiltered access to all scanned data, regardless if there's a crime or not.
And they want to inject all of that into their Police AI (which they also want unregulated).
It's going to be awesome future.
So much for the transparency and accountability they’ll no doubt promise will be there for the process of accusations (not that this makes the idea any better, useful, or more palatable), which need not apply to themselves.
1. The meeting tool place after the commission made it's proposal, meaning that contrary to the way the article sets it up, the meeting couldn't have shaped the proposal. 2. The screenshot of a meeting report states that Europol wants access to the same info as Member States for specific cases, contrary to your summary it doesn't say anything about access to all data. 3. That police agencies want to include further areas into the legislation is not unusual. That doesn't guarantee it will happen, nor does the police body speak for the executive or legislators or represent the EU views as a whole.
I do think the proposals go a bit too far, on the other side the whole tech world assumption that anything has to stay lawless is just absurd. No one can deny there is a problem with pedophile material and to say to protect the purity of free speech all such issues have to stay unaddressed is just a position blind to reality.
I'm more concerned about the original abuse. The pictures are obviously an issue as they create a market _for_ abuse, but if you're not targeting the original crime, I don't think you stand a chance of actually improving the world by destroying rights.
by these two actions combined this anti-freedom garbage (further consolidating and centralizing powers) will work effectively
Are they thinking of the children when they raid dad's home because a picture of a kids genitals went to a physician for tele-medicine?
Are they thinking of the kids when they come for dad when dad really doesn't like his pictures scanned and self-hosts his infra and uses a Linux based phone?
The EU legislator Martin Sonneborn, member of the German satirist party "Die Partei", is proven he was right when in beginning of the legislature he just enumerated all the criminal and semi-criminal acts of several members of the current EU commission. Led by von der Leyen who also has a horrible track record in German politics. "Europa nicht den Laien überlassen"
It's actually not funny anymore because those people are destroying everything.
From my understanding, Johansson is also the Commissioner who, after it coming to light that the Europol had had a little too much fun mass collecting data and gleefully violating EU citizens' privacy rights, stepped into action that resulted in an effort to pass a new law that retroactively made everything the Europol did legal.
any chance anyone can link or give some suggestions of search terms to try to find this?
It's the 1,5min speech where Sonneborn enumerated some cases, unfortunately in German. AFAIR when he held it, I researched a couple of names and issues he mentioned that didn't look too polemic. In general, he (and his team) is doing what I'd call "trustworthy research" packed up into satire.
I want to see some quick animation that shows each image sent being inspected for nudity, children, weapons, and a list of other things. I want to see the probability of each item shown to the user. I want the decision thresholds to be shown, and the animation showing the rest of what will happen to them if the threshold is exceeded (ie. "Report to police", "fired from job", "Judge", "Prison").
If whatsapp manage to manage to convey all that in a 3 second animation whenever an image is sent, I think users will baulk and the law will be removed.
The thing is the Tech community doesn't have a clear and simple response to CSAM, although CSAM has proliferated with the growth of the internet. Nobody cares about the technical excuses; people care about the absence of any clear effort to reduce its availability and spread. Absent technical measures, people will continue to demand legislative ones.
The Automotive community doesn't have a clear and simple response to bank robbery. Nor are they expected to, because they are not a law enforcement agency.
Do you know if actual child abuse also proliferated?
Then you get the constant negligible sentences when "good" people are found to be pedophiles, the constant victim blaming in courts (apparently "well look how they were dressed", "they were drinking", etc are still real defenses in the US). Look at the abuse received by people who reported that "great" coach in the US, when suddenly sports was more important than child abuse. Then of course you have the constant church coverups that are routinely ruled legal, and then the victims get called scammers.
This is before you get to the abuse of children allowed by people who are trying to "stop their child being LGBT", which is literally torture, but again 100% ok because the people doing it are the conservatives who fight actual meaningful changes to protect children.
Instead what we get is police saying we need to have an unauditable system to report the content of people's phones with no warrant. Ignore the immense cost of false accusations, ignore the documented failures of these systems, ignore the incredible scope for abuse by other people (is it CSAM, or is just LGBT content? because plenty of US states and countries consider them equal). Is it reporting to parents? Plenty of child abusers will want to know if their children are looking at anything LGBT related so they have an excuse to abuse their children.
Or maybe it's protest pictures, or pro-democracy material - once you've shipped this for CSAM, plenty of countries will immediately say "now you can do that, also include this opaque database of criminal images".
Or it could be Iran saying "images of women without a hijab should be reported".
You need to understand, once you say "a persons device should report a specific kind of content on a device to any entity", the technology is in place, and the original "specific kind" becomes whatever the country says a legal requirement, and it's legally required to report to the government.
Not that we should give law enforcement everything they want to do their jobs, but a voice coming from people with actual experience would help.
I get the sense that nearly everyone on both sides of this issue is entirely guessing.
That is the entire answer for "is there any interest in solving sex crimes". If the police do not have the time or the money to do the most basic work possible having already made rape victims sit through the incredibly invasive process of taking the rape kit, why should we think that anything that gives them access to the content of people's devices is going to be used for any kind of sex crime inquiry?
Police do not care about sex crimes. CSAM detection is just their new angle to get unfettered warrantless access to everyone's data. Europol representatives have already explicitly stated that that's what they want this for.
I would hope that people base their political positions on strong evidence and/or the voices of subject matter experts. Alas, political positions are more based on what people want to be true, rather than what is true.
What I've heard is that the only this is a proposal that child rights NGOs has been lobbying for, which I think we can both agree, are not expert in anything tech.
How often do communications done through a wide variety of channels that wouldn't satisfy a cypherpunk from email to Whatsapp show up on evidence before court, even if the people involved knew that they could end up in court? Weren't a bunch of criminals fooled by a literal FBI phone?
I am often dumbfound by the exsessive paper trail people leave for all kind of things...
It's far more difficult than that.
Most Linux contributions are made by multi-billions companies like IBM/Redhat. They would not risk to contravene to law. For example that it conforms to the law, look at WiFi drivers. There are many requirement by local laws on which band to use, what kind of traffic is authorized, etc. The WiFi drivers (most of them opaque binaries) conform to each country law.
To make Linux not lawful, you would have to create your own kernel with your own altered drivers, except you can't modify binaries.
Even then how could you make you system unidentifiable? How would you have control over booting your modified Linux in a commercial computer that uses UEFI? How would you know that the commercial CPU is not phoning home through the Intel Management Engine?
You would have use a FPGA CPU, your own designed hardware and a trusted OS but at the end you will always rely on the work of thousands people and hundred companies.
If literally every jurisdiction on Earth makes it a crime, then I guess this option would go away, but that seems unlikely to me.
The source code is published on the internet under the GPL. Anyone who doesn't like any of their contributions can take that one out and keep any of the others. Do you expect the Kali Linux people to include a backdoor?
> To make Linux not lawful, you would have to create your own kernel with your own altered drivers, except you can't modify binaries.
You can in fact modify binaries, it's just more work. For one person, once. Although that's fairly irrelevant because there exists hardware that doesn't require binary-only drivers.
> How would you know that the commercial CPU is not phoning home through the Intel Management Engine?
You install a firewall in front of it to detect or prevent this. Also, because it can be so easily detected and would be a scandal, it's very likely to be public knowledge if any commercial hardware in widespread use actually did this.
Remember, these are politicians. What they do doesn't have to make sense or be possible. All they have to do is pass laws. If it makes everyone a criminal that's good. The law just won't be enforced unless you rock the boat. Much like with the CFAA in the USA or GDPR in Europe.
Deleted Comment
Dead Comment
eventually either nobody will use that, or they'll just jump the shark and outlaw such things
I know that for example in Canada, because taxes, ALL restaurants are (were?) FORCED to use a specific sets of devices else they're branded as tax-avoiders and dealt with accordingly
I've already had trouble using banking stuff under linux, I have had to cancel some cards because they became useless without a smartphone app (the real punchline is that I got a new card that's only works on a smartphone. but at least it was like this when I signed up; they didn't change how it works under my feet)
https://en.m.wikipedia.org/wiki/ANOM
Either a Matrix Server or even NextCloud chat will do the job just fine. Then just sideload an APK which is rather trivial
But it might be a good way to attract the attention of law enforcement. People running PGP phone services have been arrested and prosecuted because their networks were primarily used by criminals. If you run a encrypted chat service to circumvent the law you might be held accountable for what users use your encrypted chat service for.
Me a father, hard working, tax paying, I just don’t want my messages scanned, are they going to put me in prison?
Deleted Comment