What I've heard is that the only this is a proposal that child rights NGOs has been lobbying for, which I think we can both agree, are not expert in anything tech.
How often do communications done through a wide variety of channels that wouldn't satisfy a cypherpunk from email to Whatsapp show up on evidence before court, even if the people involved knew that they could end up in court? Weren't a bunch of criminals fooled by a literal FBI phone?
I am often dumbfound by the exsessive paper trail people leave for all kind of things...
It's far more difficult than that.
Most Linux contributions are made by multi-billions companies like IBM/Redhat. They would not risk to contravene to law. For example that it conforms to the law, look at WiFi drivers. There are many requirement by local laws on which band to use, what kind of traffic is authorized, etc. The WiFi drivers (most of them opaque binaries) conform to each country law.
To make Linux not lawful, you would have to create your own kernel with your own altered drivers, except you can't modify binaries.
Even then how could you make you system unidentifiable? How would you have control over booting your modified Linux in a commercial computer that uses UEFI? How would you know that the commercial CPU is not phoning home through the Intel Management Engine?
You would have use a FPGA CPU, your own designed hardware and a trusted OS but at the end you will always rely on the work of thousands people and hundred companies.
If literally every jurisdiction on Earth makes it a crime, then I guess this option would go away, but that seems unlikely to me.
The source code is published on the internet under the GPL. Anyone who doesn't like any of their contributions can take that one out and keep any of the others. Do you expect the Kali Linux people to include a backdoor?
> To make Linux not lawful, you would have to create your own kernel with your own altered drivers, except you can't modify binaries.
You can in fact modify binaries, it's just more work. For one person, once. Although that's fairly irrelevant because there exists hardware that doesn't require binary-only drivers.
> How would you know that the commercial CPU is not phoning home through the Intel Management Engine?
You install a firewall in front of it to detect or prevent this. Also, because it can be so easily detected and would be a scandal, it's very likely to be public knowledge if any commercial hardware in widespread use actually did this.
Remember, these are politicians. What they do doesn't have to make sense or be possible. All they have to do is pass laws. If it makes everyone a criminal that's good. The law just won't be enforced unless you rock the boat. Much like with the CFAA in the USA or GDPR in Europe.
eventually either nobody will use that, or they'll just jump the shark and outlaw such things
I know that for example in Canada, because taxes, ALL restaurants are (were?) FORCED to use a specific sets of devices else they're branded as tax-avoiders and dealt with accordingly
I've already had trouble using banking stuff under linux, I have had to cancel some cards because they became useless without a smartphone app (the real punchline is that I got a new card that's only works on a smartphone. but at least it was like this when I signed up; they didn't change how it works under my feet)
Either a Matrix Server or even NextCloud chat will do the job just fine. Then just sideload an APK which is rather trivial
But it might be a good way to attract the attention of law enforcement. People running PGP phone services have been arrested and prosecuted because their networks were primarily used by criminals. If you run a encrypted chat service to circumvent the law you might be held accountable for what users use your encrypted chat service for.
The thing is the Tech community doesn't have a clear and simple response to CSAM, although CSAM has proliferated with the growth of the internet. Nobody cares about the technical excuses; people care about the absence of any clear effort to reduce its availability and spread. Absent technical measures, people will continue to demand legislative ones.
The Automotive community doesn't have a clear and simple response to bank robbery. Nor are they expected to, because they are not a law enforcement agency.
Do you know if actual child abuse also proliferated?
Then you get the constant negligible sentences when "good" people are found to be pedophiles, the constant victim blaming in courts (apparently "well look how they were dressed", "they were drinking", etc are still real defenses in the US). Look at the abuse received by people who reported that "great" coach in the US, when suddenly sports was more important than child abuse. Then of course you have the constant church coverups that are routinely ruled legal, and then the victims get called scammers.
This is before you get to the abuse of children allowed by people who are trying to "stop their child being LGBT", which is literally torture, but again 100% ok because the people doing it are the conservatives who fight actual meaningful changes to protect children.
Instead what we get is police saying we need to have an unauditable system to report the content of people's phones with no warrant. Ignore the immense cost of false accusations, ignore the documented failures of these systems, ignore the incredible scope for abuse by other people (is it CSAM, or is just LGBT content? because plenty of US states and countries consider them equal). Is it reporting to parents? Plenty of child abusers will want to know if their children are looking at anything LGBT related so they have an excuse to abuse their children.
Or maybe it's protest pictures, or pro-democracy material - once you've shipped this for CSAM, plenty of countries will immediately say "now you can do that, also include this opaque database of criminal images".
Or it could be Iran saying "images of women without a hijab should be reported".
You need to understand, once you say "a persons device should report a specific kind of content on a device to any entity", the technology is in place, and the original "specific kind" becomes whatever the country says a legal requirement, and it's legally required to report to the government.
Of course CSAM is bad, shouldn’t we do everything in our power to prevent it? If you implement client-side scanning, you will catch some rookies. Some old pervs that don’t know how to use encryption manually, or use Matrix. They will use them to show how effective the system is…
with the exception that it doesn’t work against anyone who knows anything about computers. And I think the regulators know it, they aren’t dumb (imo). It’s, like I said earlier, an excuse to expand the scope of scanning later.
Europol wants unfettered, unfiltered access to all scanned data, regardless if there's a crime or not.
And they want to inject all of that into their Police AI (which they also want unregulated).
It's going to be awesome future.
So much for the transparency and accountability they’ll no doubt promise will be there for the process of accusations (not that this makes the idea any better, useful, or more palatable), which need not apply to themselves.
1. The meeting tool place after the commission made it's proposal, meaning that contrary to the way the article sets it up, the meeting couldn't have shaped the proposal. 2. The screenshot of a meeting report states that Europol wants access to the same info as Member States for specific cases, contrary to your summary it doesn't say anything about access to all data. 3. That police agencies want to include further areas into the legislation is not unusual. That doesn't guarantee it will happen, nor does the police body speak for the executive or legislators or represent the EU views as a whole.
I do think the proposals go a bit too far, on the other side the whole tech world assumption that anything has to stay lawless is just absurd. No one can deny there is a problem with pedophile material and to say to protect the purity of free speech all such issues have to stay unaddressed is just a position blind to reality.
I'm more concerned about the original abuse. The pictures are obviously an issue as they create a market _for_ abuse, but if you're not targeting the original crime, I don't think you stand a chance of actually improving the world by destroying rights.
by these two actions combined this anti-freedom garbage (further consolidating and centralizing powers) will work effectively
Are they thinking of the children when they raid dad's home because a picture of a kids genitals went to a physician for tele-medicine?
Are they thinking of the kids when they come for dad when dad really doesn't like his pictures scanned and self-hosts his infra and uses a Linux based phone?
That might be the best way to get authorities interested in you, once that shit starts going down.
"We ought to put this guy on a list for using encryption (HTTPS, Matrix) everywhere" ->
"We can't use dragnet surveillance because the people are on the list for evading dragnet surveillance" ->
"There's too many people to monitor, too many small servers to crack and backdoor, and the list is mostly just people running their own innocuos server anyways"
Subsequently, you may draw some attention at first, but if you spread attention thin enough it can effectively round to zero - especially if the activity drawing attention becomes moderately commonplace.
The EU legislator Martin Sonneborn, member of the German satirist party "Die Partei", is proven he was right when in beginning of the legislature he just enumerated all the criminal and semi-criminal acts of several members of the current EU commission. Led by von der Leyen who also has a horrible track record in German politics. "Europa nicht den Laien überlassen"
It's actually not funny anymore because those people are destroying everything.
From my understanding, Johansson is also the Commissioner who, after it coming to light that the Europol had had a little too much fun mass collecting data and gleefully violating EU citizens' privacy rights, stepped into action that resulted in an effort to pass a new law that retroactively made everything the Europol did legal.
any chance anyone can link or give some suggestions of search terms to try to find this?
It's the 1,5min speech where Sonneborn enumerated some cases, unfortunately in German. AFAIR when he held it, I researched a couple of names and issues he mentioned that didn't look too polemic. In general, he (and his team) is doing what I'd call "trustworthy research" packed up into satire.
Not that we should give law enforcement everything they want to do their jobs, but a voice coming from people with actual experience would help.
I get the sense that nearly everyone on both sides of this issue is entirely guessing.
That is the entire answer for "is there any interest in solving sex crimes". If the police do not have the time or the money to do the most basic work possible having already made rape victims sit through the incredibly invasive process of taking the rape kit, why should we think that anything that gives them access to the content of people's devices is going to be used for any kind of sex crime inquiry?
Police do not care about sex crimes. CSAM detection is just their new angle to get unfettered warrantless access to everyone's data. Europol representatives have already explicitly stated that that's what they want this for.
I would hope that people base their political positions on strong evidence and/or the voices of subject matter experts. Alas, political positions are more based on what people want to be true, rather than what is true.
This is the mentality that made Brexit happen. We can't let this Orwellian surveillance happen and then later try to fix the damage they've done.
I want to see some quick animation that shows each image sent being inspected for nudity, children, weapons, and a list of other things. I want to see the probability of each item shown to the user. I want the decision thresholds to be shown, and the animation showing the rest of what will happen to them if the threshold is exceeded (ie. "Report to police", "fired from job", "Judge", "Prison").
If whatsapp manage to manage to convey all that in a 3 second animation whenever an image is sent, I think users will baulk and the law will be removed.
Normal citizens on the other hand are presumed guilty unless proven otherwise...
But what if a friend of mine sends me a handmade meme with a child that is not recognized as safe by the AI?
Well, I guess that there will be thousands of parents under investigation and in the news before I pick my turn from the random distribution of the false positives. It's going to be interesting for the politicians in charge.
It's a "all devices need to scan all data and report if anything looks illegal". So yeah, if someone sent you malicious data you could end up being arrested and paraded through the press before silently being release with your life and google search forever tainted.
It's particularly stupid because the government is essentially saying "manufacturers must search your device, and then report the content, and that is probable cause to justify a search warrant", which is obviously absurd.
Me a father, hard working, tax paying, I just don’t want my messages scanned, are they going to put me in prison?
