11 comments

[ 3.5 ms ] story [ 51.7 ms ] thread
I wonder what the results would be if it was worded instead as "mandatory submission of all private communication to government agents"? Because that's what the vaguely-phrased "Commission proposal to fight child sexual abuse" entails.

Edit: The exact phrasing in the survey [1] was:

To what extent would you support or oppose the following? Service providers detecting child sexual abuse material and grooming in messages using end-to-end encryption* in case of a significant risk of child sexual abuse on a specific platform (*end-to-end encryption prevents material or conversations from being viewed by anyone other than the sender and recipient)

Do lay people realize this means e2ee is prohibited, opening all their communication to covert monitoring?

But then we know what the EU approach to democracy is - when voters answer how they like, they pretend to listen. When they don't, they ask again until they get the answer they want: https://www.telegraph.co.uk/comment/3707704/Undemocratic-EU-...

[1] https://webgate.ec.europa.eu/ebsm/api/public/deliverable/dow...

Messages are by definition not end-to-end encrypted if anyone other than the participants can surmise anything about the content of the messages.

So the question does not even make sense as asked.

But I guess we all know the whole point is not about making sense, it's about justifying an agenda.

If there was a "CSAM oracle" that could run on-device and prevent E2EE transmission of CSAM without phoning home, wouldn't that satisfy the EU's proposal without informing anyone other than the participants about the content of the message? I don't know that such a thing is feasible today (Apple tried and infamously failed), but given rapid improvements in ML and on-device TPU's I'm hesitant to rule it out in the near future.
> Apple tried and infamously failed

Didn't they infamously reject the idea after attempting to build it?

...Yes?
Saying "failed" implies they weren't able to do it. It's my understanding they had it all figured out and was about to roll it out when they decided not to.
I describe it as failed because once they went public with it they were faced with how easily it could be abused and -- quite reasonably in my opinion -- decided to abandon it.
>without phoning home

Then how do the "Service providers" find out about it?

They wouldn't.

This would be more like "your own device won't let you do x" because it has detected x, and software is designed to prevent x.

There's a few problems though:

If software including such 'feature' were open source, wouldn't you simply remove that feature? I know I would.

If closed source, which party would be trusted to develop that 'feature'? App developer? OS vendor? Government? Network provider? Note there's good & bad ones among each of those.

So how would you know it doesn't phone home? You wouldn't.

And thus... back to square 1.

Which (imho) makes that E2EE and "think of the children" are mutually exclusive. Either messages are truly private (and bad things may happen), or they're not (and bad things may happen anyway, or even worse things when citizen-hostile governments get involved).