The governments don't want the user to be told, they want the government to be told.
There are already numerous stories of people suffering tremendous harm because of the systems that are already in place for this purpose. Do you have a photo of your tiny kids playing in a pool? better hope google doesn't report you to the police and permanently ban you from all their services and delete all your data.
I think it’s far, far worse than this. Have you ever been inconvenienced because of a software bug? Now imagine you’re in jail for child sexual exploitation.
Have you ever tried to contact one of these big service providers to get something fixed? Would you like Google tech support (snort) be the last thing standing between you and a prison sentence?
I think the absolute last place we want to be is in a world where we can’t make money to eat without our portable computer/phone that runs broken software made by some scammy dot com whose salient feature is that if we don’t stay ahead of it, it will imprison the user.
I agree entirely, but I used the google example because they've specifically done exactly that:
* Reported an image for being CSAM
* Terminated the account
* The police correctly recognized it isn't CSAM
* Google refused to reinstate the account
But even if you assume a functioning and rule-of-law based legal system and you don't go to jail without actually committing a crime, the cost of bogus CSAM reports is in no way lost on me, especially in the conservative US and many similar regressive regimes around the world where LGBT anything is legislated as child abuse. Even if you are found innocent (which again, regressive regimes make hard) and news reports and anything on the internet will be "X was arrested for having child abuse imagery" nothing will ever be updated to reflect the result.
This is ignoring what happens if people maliciously inject child abuse into your device's "CSAM" filter. Before the "CSAM" detection gets expanded to "weapons", "graffiti", "evidence of crime", etc. Take the UK where politicians aggressively passed laws to allow spying to prevent "terrorism", and those laws are used almost exclusively for councils to enforce local ordinances related to cleaning, taxes, and fees. And of course none of those laws were needed to prevent the crimes they're ostensibly meant to stop (literally multiple reports to the police prior to Manchester, etc).
There is a solution to the latter point, don't use malicious companies like Google, because really they're awful in so many other ways this is way down on the list.
You can host whatever it is yourself which exempts you from most obligations, and even if not you're free to ignore the rules because nobody cares about you as an individual.
There are enough alternatives also these days that may not be obligated due to size or jurisdiction etc (eg incoming EU regulations require a minimum user count, and such)
The USA is unlikely to blanket ban encryption due to the way the country is organised from a federal and state point of view, and others like the UK are basically irrelevant as nobody will rule in their favour over domestic entities, as much as they'd like to believe otherwise and many countries just do not care about anyone else so that is always an option.
The whole point of on device detection is that no hosting is involved or required: the media is scanned on device, and if the media matches the criminal material (actual child abuse, but in many US states easily anything transition or LGBT related, etc in other states anything gun or weapon related, etc) that is directly reported to law enforcement.
Your ability to use an EU service gets exceedingly restricted when the US requires all EU businesses that serve US customers to comply with US law.
Well sure but the parent comment was re Google, who do cloud scanning already, that can be avoided by doing it yourself - device scanning is pretty pointless as the people who it's "intended" to catch won't use devices that have that capability and more likely it'll just be used by the more authoritarian states to curb dissent etc, or put people in jail for having a meme with Hitler in it...
The USA is still probably safe there, the EU do what they want anyway without any regard for the impact it has.
(From the POV of an EU citizen with US legal entities, so I'm getting shafted from both sides)
I would think that’s a profoundly intrusive way to treat 330 million citizens of a liberal democracy against whom you have discovered no reasonable suspicion and developed no probable cause. We have a fourth amendment for a reason and it’s to prevent evil tyrants from oppressing us.
Run whatever you want on your phone but this is a hard pass from me.
You may already be aware, but Apple tried to implement this on their devices a couple years ago. "Client side scanning". There was huge public backlash and Apple eventually moved away from the idea.
Releasing Epsteins client list would let people ensure that they don't allow children to come in contact with travelers on the Lolita Express. They could do that today.
The most stupid and frustrating thing is all the required agencies knew about 9/11, but did nothing because internal politics meant they weren't cooperating.
In the UK the Manchester bomber had been reported repeatedly to the police.
How about governments demonstrate an ability to use the information they already have, before they start mass reduction in safety and privacy. Especially when the US government has been repeatedly found to engage in mass warrantless surveillance, or in the UK where all the "prevent terrorism and child abuse" laws are used to fine people for not paying TV licensing fees, or catch people not cleaning up after dog poop, etc.
Similarly any surveillance law should have a poison pill: "this law is rescinded in its entirety if any government agency or organization at any level uses any ability from this law for any purpose other than preventing terrorism or child abuse". Of course you still run into things like conservatives saying that anything that acknowledges gay or trans people as being people with human rights is child abuse and terrorism, so...
Exactly. It's immoral to bet the lives of people that governments of the future will always be sane or benevolent. History has shown democratically-elected populist autocrats can go in dark directions. Make it as difficult as possible to target individuals and groups from harm by guarding their data.
The ridiculous thing is that encryption is so trivial, any criminal can implement it with a few lines of code and can keep their key entirely private, known only to them and whoever they decide.
No reasonable person wants kids to be abused, but trading the privacy and security of an entire planet to make it easier for law enforcement to catch a few criminals is not reasonable either.
Law enforce can get wiretaps for call content and conversations on traditional media.
What's frightening without e2ee is the possibility of governments targeting people with secret mass surveillance orders searching for particular keywords at any point in the future.
It's better to not store content or metadata in a way that puts users at risk. Lock it up.
Intelligence and law enforcement will need to use traditional techniques rather than have backdoors into every corner of every system, because we know those were never abused. ;-]
Two things need to happen before I would even begin to consider a ban on E2EE:
1. Show that the problem of child abuse on social networks is wildly out of control. I hear about it all the time, but what are the numbers? Where is the data?
2. Make a concrete argument explaining why there are no viable alternatives. What are the proposed alternatives, and why aren't they viable? All I ever hear is "omg we're going dark all hope is lost".
The article only includes one example:
> The Virtual Global Taskforce statement cited the case of UK-based sex offender David Wilson ... Wilson used Facebook "to contact thousands of children, grooming hundreds of victims using fake online profiles" ... law enforcement were able to access the evidence contained within over 250,000 messages through Facebook.
Thousands of children. A quarter million messages. I find it hard to believe that E2EE would have hidden all this activity. Surely Meta could monitor for suspicious activity on their platform and investigate any red flags. Surely, of the thousands of children contacted by this person, some of those children would have reported it, providing law enforcement with potentially thousands of unencrypted messages?
Honey pots. Law enforcement can setup fake profiles of children. I've seen deepfakes that make adults look and sound like children. Then just sit and wait for one of these sick f**s to contact you. Voila, you receive all the messages unencrypted because you're one of the "end"s in END to END encryption.
At the end of the day, I feel they haven't made a compelling argument against E2EE encryption. And, frankly, I just don't trust our institutions - our governments, corporations, and even non-profits - have proven again and again they can't be trusted. Anybody remember when the FBI tried to force Apple to decrypt an iPhone on some b***s**t excuse, and later it turned out the FBI really just wanted a general backdoor into ALL iPhones? Yeah, those institutions.
> 1. Show that the problem of child abuse on social networks is wildly out of control. I hear about it all the time, but what are the numbers? Where is the data?
The same people that say it's rampant on social media are the same people that also still say the majority know their abuser (ie family members etc) - it's all narrative, no substance.
Also if it was as widespread as they claim, the statistical probability would mean that almost everyone knows one or more victims, that isn't the case either...
I know a few victims. Technology was never even part of the equation. The internet didn't even exist at least as we know it today. In every case that I know of it was coaches and family members. Even banning the internet entirely would not have prevented any of those cases.
Exactly, I also know a few victims very well and the internet was not involved, because it's pretty much spray and pray versus a trusted friend or such where the chance of success nears 100% - this is why the whole argument is really disingenuous and really contemptible.
It's pretty hilarious, surely nobody will take either the FBI or ICE seriously?
One is a law enforcement agency, the other is a migrant rights abusing agency so there is a severe conflict of interest...
Also, officers of old did a lot more with a lot less, so they should just do their jobs instead of relying on easy access to communications, or simply put: be less incompetent.
The horror. The authorities may have to get warrants and individually investigate suspicious people instead of abusing dragnet surveillance. Won't somebody please think of the children?
Even with E2E encryption, you can still see that a suspicious person is contacting a child. You can still see what he's saying from the child's device, which parents absolutely should be doing, and you can still ascertain what sick things he's doing through a rudimentary investigation.
34 comments
[ 3.7 ms ] story [ 93.8 ms ] threadDo the AI threat detection stuff on the device, and warn the user if suspected abusive images/text are detected?
There are already numerous stories of people suffering tremendous harm because of the systems that are already in place for this purpose. Do you have a photo of your tiny kids playing in a pool? better hope google doesn't report you to the police and permanently ban you from all their services and delete all your data.
Have you ever tried to contact one of these big service providers to get something fixed? Would you like Google tech support (snort) be the last thing standing between you and a prison sentence?
I think the absolute last place we want to be is in a world where we can’t make money to eat without our portable computer/phone that runs broken software made by some scammy dot com whose salient feature is that if we don’t stay ahead of it, it will imprison the user.
This is ignoring what happens if people maliciously inject child abuse into your device's "CSAM" filter. Before the "CSAM" detection gets expanded to "weapons", "graffiti", "evidence of crime", etc. Take the UK where politicians aggressively passed laws to allow spying to prevent "terrorism", and those laws are used almost exclusively for councils to enforce local ordinances related to cleaning, taxes, and fees. And of course none of those laws were needed to prevent the crimes they're ostensibly meant to stop (literally multiple reports to the police prior to Manchester, etc).
There are enough alternatives also these days that may not be obligated due to size or jurisdiction etc (eg incoming EU regulations require a minimum user count, and such)
The USA is unlikely to blanket ban encryption due to the way the country is organised from a federal and state point of view, and others like the UK are basically irrelevant as nobody will rule in their favour over domestic entities, as much as they'd like to believe otherwise and many countries just do not care about anyone else so that is always an option.
Your ability to use an EU service gets exceedingly restricted when the US requires all EU businesses that serve US customers to comply with US law.
The USA is still probably safe there, the EU do what they want anyway without any regard for the impact it has.
(From the POV of an EU citizen with US legal entities, so I'm getting shafted from both sides)
Run whatever you want on your phone but this is a hard pass from me.
"Child abuse" is the current excuse.
Meta should go ahead with encryption.
In the UK the Manchester bomber had been reported repeatedly to the police.
How about governments demonstrate an ability to use the information they already have, before they start mass reduction in safety and privacy. Especially when the US government has been repeatedly found to engage in mass warrantless surveillance, or in the UK where all the "prevent terrorism and child abuse" laws are used to fine people for not paying TV licensing fees, or catch people not cleaning up after dog poop, etc.
Similarly any surveillance law should have a poison pill: "this law is rescinded in its entirety if any government agency or organization at any level uses any ability from this law for any purpose other than preventing terrorism or child abuse". Of course you still run into things like conservatives saying that anything that acknowledges gay or trans people as being people with human rights is child abuse and terrorism, so...
No reasonable person wants kids to be abused, but trading the privacy and security of an entire planet to make it easier for law enforcement to catch a few criminals is not reasonable either.
What's frightening without e2ee is the possibility of governments targeting people with secret mass surveillance orders searching for particular keywords at any point in the future.
It's better to not store content or metadata in a way that puts users at risk. Lock it up.
Intelligence and law enforcement will need to use traditional techniques rather than have backdoors into every corner of every system, because we know those were never abused. ;-]
Meanwhile, users are at risk from being targeted by hostile governments because their data isn't encrypted.
1. Show that the problem of child abuse on social networks is wildly out of control. I hear about it all the time, but what are the numbers? Where is the data?
2. Make a concrete argument explaining why there are no viable alternatives. What are the proposed alternatives, and why aren't they viable? All I ever hear is "omg we're going dark all hope is lost".
The article only includes one example:
> The Virtual Global Taskforce statement cited the case of UK-based sex offender David Wilson ... Wilson used Facebook "to contact thousands of children, grooming hundreds of victims using fake online profiles" ... law enforcement were able to access the evidence contained within over 250,000 messages through Facebook.
Thousands of children. A quarter million messages. I find it hard to believe that E2EE would have hidden all this activity. Surely Meta could monitor for suspicious activity on their platform and investigate any red flags. Surely, of the thousands of children contacted by this person, some of those children would have reported it, providing law enforcement with potentially thousands of unencrypted messages?
Honey pots. Law enforcement can setup fake profiles of children. I've seen deepfakes that make adults look and sound like children. Then just sit and wait for one of these sick f**s to contact you. Voila, you receive all the messages unencrypted because you're one of the "end"s in END to END encryption.
At the end of the day, I feel they haven't made a compelling argument against E2EE encryption. And, frankly, I just don't trust our institutions - our governments, corporations, and even non-profits - have proven again and again they can't be trusted. Anybody remember when the FBI tried to force Apple to decrypt an iPhone on some b***s**t excuse, and later it turned out the FBI really just wanted a general backdoor into ALL iPhones? Yeah, those institutions.
The same people that say it's rampant on social media are the same people that also still say the majority know their abuser (ie family members etc) - it's all narrative, no substance.
Also if it was as widespread as they claim, the statistical probability would mean that almost everyone knows one or more victims, that isn't the case either...
One is a law enforcement agency, the other is a migrant rights abusing agency so there is a severe conflict of interest...
Also, officers of old did a lot more with a lot less, so they should just do their jobs instead of relying on easy access to communications, or simply put: be less incompetent.
Even with E2E encryption, you can still see that a suspicious person is contacting a child. You can still see what he's saying from the child's device, which parents absolutely should be doing, and you can still ascertain what sick things he's doing through a rudimentary investigation.