Consider a scenario:
- you use whatsapp, end-to-end encrypted by an USA company
- someone, perhaps a random stranger, sends you an image in which there is a criticism to a ruling party in Dabujistan
- your whatsapp has turned on the feature to save images on your phone
- you happen to transfer via Dabujistan
With CSAM tech, and fingerprints managed by the governments, you might be subject to jail.
Not it's not. It's about "Why the fuck should I be under constant surveillance?"
Our computers are practically brain extensions at this point. I don't want anyone wiretapping my thoughts or coming close to it by wiretapping my private conversations with my family. Fuck off.
It's not possible to detect CSAM without breaking the security model of the system for everyone, if the system can make any kind of report of detected content to an outside entity. If the system scans messages client side and then sends anything to do with the message to authorities, that is breaking the end to end encryption.
This is either done by 'AI', which means huge numbers of false positives that are actually legal, private and probably intimate get sent to authorities (hence breaking the end-to-end security model for that legal content), or by a secret, un-auditable collection of hashes - which are still fuzzy matched, so there would definitely be false positives (again, breaking the security model for legal content), but potentially also Governments could start to add other, legal material to the database, such as certain political material to detect dissidents. Since it's un-auditable, there is no way to know whether it's actually just illegal material in the database.
So whether it's AI or PhotoDNA or whatever, there's no way to do it that doesn't break the security model and cause more danger to innocent people, including destroying the privacy of children as well as adult, law-abiding citizens.
Even if you enable iCloud backup E2EE, or disable iCloud entirely, iMessage is still not E2EE as your conversation partners are escrowing (to Apple) the keys from the other endpoint.
My point is that when politicians do something “to save the children”, it’s rarely about actually helping anyone but themselves.
[1] https://www.eldia.com/nota/2010-4-23-actriz-porno-salva-a-fa... [ES]
[2] anyone who still gets ID'd for alcohol despite being well over 18, and often over 25 too
No. It's not appropriate.
Whether you or I consider that "real" CSAM, is moot. What matters is that more and more girls are going to be deepfaked into content they didn't consent to (and in fact can't consent to due to their age.
The proliferation of that content will lead to new laws driven by parents and politicians eager to "think of the children". However impractical, I could see image generators being treated like drugs or firearms and being highly restricted or banned.
Obviously it is wrong to create child porn intentionally. But that's already illegal and people who do this are laughably bad at ITSEC. Like seriously, read the stories of CSAM making "studios" who got caught. Either law enforcement is so bad that any remotely shrewd criminal defeats them, either the criminals are just not all that technically savvy. Either way, the tools to catch actual child molesters are effective and adequate.
On car forums, you're cool if you're the first to do a particular mod. In pedo communities, I'd expect you to be "cool" if you violate a new, hitherto-unseen kid, or violate one in a new and creative way.
>But that's already illegal and people who do this are laughably bad at ITSEC. Like seriously, read the stories of CSAM making "studios" who got caught.
Separately, this doesn't follow. Catching criminals with laughably bad OPSEC doesn't exclude the existence of successful criminals with very good OPSEC.
Simple posession of videos of rape and murder is not illegal(in most places) and yet it would be hard to imagine anyone making an argument that it should be illegal because someone might get internet fame for producing them. Or rather - we know that people produce this kind of thing "on order" and we still don't think that banning the posession of this material is going to stop the actual crimes behind them being commited. Why is this any different?
You've pointed out exactly the kind of incoherences in law that I was hoping to bring to mind. Agreed, on the surface there is little difference between possession of snuff vs CSAM. I'm not sure what to do with that observation, though, because I have trouble assessing:
1. Is surface-level analysis is correct? Or is there something bigger at play?
2. What is the appropriate level of punishment vs rehabilitation?
To the first question, there are obvious differences between child abuse and murder, but I can't think of an example in which one of those differences would also lead to a different conclusion about the nature of the recording. Similarly, I don't think the act of recording the crime is significantly changed by any of the differences between child abuse and murder.
With that in mind, what do we do? Do we consider video-taping murder as bad as video-taping child abuse? My own gut-check reveals that I rationally think murder is worse than rape, but then again, rape somehow seems more taboo. If I consider the taboo element, I reach the opposite conclusion: that rape is worse than murder. Adding in the "child" element, I observe a main effect of making everything worse, but the interaction of "rape" getting disproportionately worse than "murder".
Again, this is just me, but I would like to understand where these conflicting feelings come from. My sense is that rape triggers us on a symbolic level... something about Man betraying Woman. I'm old-fashioned enough to think archetypes matter, so I'd like to get a bead on this before formulating any policy opinions.
Some studies have shown that availability of animated CSAM reduced recidivism among child molesters. That we treat these two categories of CSAM the same, along with the assumption that it encourages more harm, are some of those conversations that need to happen.
I am aware of the purported benefits of decriminalizing certain kinds of CSAM, but utilitarian arguments are suspiciously silent on the subject of costs.
Have you thought of any dangers in this approach, and how they can be avoided?
I mean this in the gentlest way possible. I'm really trying to think this through, and would appreciate your input.
I have doubts, that new measures will move the needle much.
Instead of debating smokescreens and planted arguments, we should be forcing the conversation to stay on the topic of fundamental privacy and avoid the entire gamut of CSAM/piracy/terrorism arguments typically employed.
I still don't agree with these laws, though. The good outweighs the bad.
Besides, I suspect that AI CSAM will probably be more interesting and more satisfying in the future to those that desire it, and that creates a whole separate conversation.
That's because you're reading about the dumb CP producers that got caught.... who by definition messed up with their ITSEC or in some other way.
(1) Removing the buyers has different macroscopic effects from imprisoning the producers. In a world where private circulation is legal but production is not, the expected result is less production (great!), high prices and incentives for the remaining content (uh-oh), and more creative, intelligent, risk-taking, impoverished (whatever differences make taking the new risks worth it) producers. That long tail is had to crack down on because the high incentives will almost certainly lure in some unsavory individuals. It's a lot like the global ivory trade.
(2) The truth of the following matter is murky to me (and as I understand it, to experts as well; I'd love for somebody else to chime in), but there's an argument that exposure to material at best doesn't help the addiction and is likely to make it worse. CSAM is a bit hard to study, but to the extent that it's comparable to other vices, proxies for murder and rape (movies, games, ...) there's some body of evidence that the substitute behaviors strengthen the addiction and make actual offenses more likely, rather than satiating a need and making real-world offenses less frequent (this is a bit different from the video_games->violence argument because the sample is different and small enough that you wouldn't have necessarily expected that deviant behavior to show up in macro-level stats for a society-wide study).
It's probably worth debating that sort of thing to ensure we're actually going to do some good in the world, but IMO it's a lot more damning that the majority of tech-related CSAM laws are unlikely to help in the manner described, are prone to increasing CSAM issues massively in their secondary effects, have significant other negative collateral, and appear only to be introduced as a Trojan horse for less savory motives. Even if stopping distribution is worthwhile (I think it probably is), the proposed laws are at best totally worthless for the stated goals.
Isn't this probably the biggest source of revenue for criminals? Money for bytes, which creates more incentives to commit more crimes?
If the goal of your company is to promote and get a wiretap on every single device and messenger app, IN SECRET, you should be concerned about your public image. I also suggest you should be also concerned human rights and your personal moral compass.
Time to drag out these bastards to the light.
What is going on here is the EU doesn't want to look like it consulted bastards and is coming up with arbitrary reasons to hide that.
Why do people steal of defraud? The potential individual enrichment is higher. Why engage in corrupt short-termerisms like accepting bribes? individual enrichment.
This is all the result of "greed is good" ^1 and its not sustainable.
1: https://www.theatlantic.com/business/archive/2014/04/greed-i...
For example, one might imagine that eIDAS 2 isn’t backed by a consortium of would-be spies but is more likely backed by a small consortium of crappy CAs that are sick of being forced to comply with CA/B Forum rules and want regulation to override the rules.
(The CA/B rules are very specific and extremely aggressively enforced. It’s not like the GDPR where you can apparently get away with messing around for quite a while. Multiple fairly large companies have had their CA operations effectively shut down by the CA/B Forum for noncompliance.)
If anything, I'd say the "conspiracy" — or at least, the tacit collusion — is on the other side of this battle.
What few demographic studies we've done on the prevalence of pedophilia, say that something like 10% of men express some level of attraction toward children. (With almost none of them ever acting on this attraction, or mentioning it to anyone other than a psychiatrist.)
So potentially 10% of men everywhere — scattered all throughout industry and government — have clear motivation to push back against the creation of laws that would see their proclivities discovered and persecuted.
Of course, such people wouldn't out themselves by just defending the "rights of pedophiles" in any direct way. But they would act on any opportunity to ensure that mechanisms for "complete privacy" exist; and they would also stand behind others when they see them doing the same; and they would also learn all the rhetoric used by privacy advocates, and use it.
(Yes, there are other people on the side of "no wiretaps" besides pedophiles. I'm not saying "we can ignore the people against wiretaps because they're all just pedophiles anyway." What I'm saying is more that, insofar as "10% of men" is an accurate measure, that's a big implicit voting interest bloc! Probably one larger than all the world's egalitarian "privacy advocates" put together! And so there has always — and will always — be this group with their thumb on the scale, tipping any democratic action in society away from panopticons, for that group's own protection.)
You know the EU digital regulator should have been an US citizen from Big Tech...
Have we already forgotten that a fair few countries rejected the EU constitution by referendum, only to have it shoved down their throats? Have we forgotten that Europe managed to produce some of the most brutal totalitarian states, and this within living memory? Are we really going to write this off as mere "maladministration"? Have we learned nothing?
I can already hear the objections. "But omginternets, this time the government is enforcing the right ideas!"
We're going to end up proving the Americans right. Let that sink in.
Now that lobbiests have more effectively gotten their teeth into the parliament, I am honestly pessimistic about EU governance.
Which makes it ironically the most corrupt and undemocratic part of the EU, despite being literally made of people elected through national elections. People who say member states are more democratic than the EU tend to have a problem with this one.
Trusting that NCMEC can't be compromised is a nonstarter. I would trust a system where Chinese, Russian, American, British, etc police agreed that the database only includes CSAM.
This isn't going to unite international rivals against it any more than an asteroid hurtling toward the planet. Only the western world gives a shit about it, which means it's easily weaponized by anybody outside of it.
Rather than backdooring every device on the planet, a more practical solution would be to just take away kids' phones and chain them to the radiator. To protect the children from CSAM, lock them up.
We don't like to admit it but face the facts: children are property as far as the State is concerned. Same as any other asset, livestock and firearms, they can be "taken" away from you and "given" to others for dividends (which, when you think about it, describes the act of trafficking itself).
You don't protect your home by unlocking everyone else's. That sort of "solution" makes you an actual menace to society.
Absolutely. Just the first part, seriously. No need for chains and radiators. Let's ban kids under 16 from access to phones and the open Internet. It would MASSIVELY improve just about everything about childhood and mental health of the young.
There are plenty of technologies emerging with the density of memory and GPT type compression (that's what neural networks really do... compression) to facilitate "curated education in a box", and small network (family and friends) communication.
The Louvre doesn't respond to people stealing paintings by disabling all the security cameras. Prisons don't protect the public by being free-range. Nuclear disarmament is too complex to go into here, but hypocrisy abounds. Barring that one incident, the Mint doesn't protect the money supply by storing it in the middle of a Walmart parking lot (predictably, it got stolen).
Every time we seek to secure anything, we make the coveted object more inaccessible to pursuers. That's how Protection works.
Anyone telling you lowering your guard and becoming vulnerable will somehow increase anyone's safety is one distraction away from slipping a roofie into your drink. It's the sort of gaslighting one expects from a pervert or voyeur.
Honestly it'd make the internet a lot better for adults too.
Everything else is quite explicitly window dressing.
Is it that Baseline seems overly bureaucratic and will be ineffective, or that people should not support any CSAM lists at all?
Does this meet your threshold?
The strict criteria ensure that the Baseline list refers only to images and videos which would be considered as illegal in any country.”
INTERPOL has a very large membership, including Russia and China. The baseline list is reviewed so only media that is illegal in every country INTERPOL operates in is included.
I’m not sure how a veto system as you’re suggesting would work practically, but this might be the closest thing.
Nope.
Commissioners are appointed by the member governments. Each government has an allocation of commissioners to appoint. They are usually failed politicians of the party of government (all political careers end in failure). They have to be signed off by the EU parliament (I think), but nobody in Europe knows the background of every political has-been in other EU countries.
The President is in theory selected by the Council (leaders of the member states), but in practice the whole process is secret so nobody knows how it happens. Certainly the Commission often ends up with extremely dubious Presidents where nobody can explain on what merits they gained that position.
And then the selection of both President and Commissioners is supposed to be ratified by the Parliament but last time they were given a vote with a single option on it. You could either support vdL or abstain. And it's not a real Parliament anyway so nobody with any political ambition actually runs for it, it's a joke chamber made up of yes-men and people who think their countries should leave the EU entirely. Even Juncker didn't take it seriously.
So nothing about the Commission relies on elections.
In the EU, most countries don't even have a government party, because most governments are coalitions, which may not have even existed before the elections.
So you don't even get to vote for the party of government, nor its leader. It's all very indirect.
It's like democracy except so indirect that it's total shit.
Can't trust the people to actually choose who to put in charge - have to leave that decision to the leaders selected by the other leaders who were voted by the other leaders.
You've had it with the EU bureaucrats? What a shame, CSAM has been detected on your phone. Prepare to be apprehended.
It shows what an absolute bureaucratic mess it all is.
Elon Musk is the opposite of a huge bureaucracy.
You make it sound like that's a positive achievement.
There are "Limits To Growth" [0]
Your typical country government is already too much but somehow they get away with it with a pinch of nationalism and tribe mentality, the EU is so over board that I think people will actually rebel / or people with a brain will migrate away eventually.
The EU has apparently enough checks and balances that it gets caught when there is an attempt like this. My national government does have them as well, but they are mostly not being acted upon even when they clearly detect misbehavior.
the exact same twisted logic that we use in this crusade surely it would apply to videos of people getting killed not just raped right?
or is there a unique puritanical weirdness that allows CSAM to get a pass to where states should be violating all of our devices
The term had me confused at first because I though it consisted of evidence of child sexual abuse, including things like medical records showing traces of abuse. But no, it is just child porn, stuff that gets pedophiles excited, which may include stuff where no real child abuse has taken place (ex: lolicon).
I'm reminded of the Trans-Pacific Partnership ("TPP") from ~8 years ago. Very few people were even allowed to see the text of the treat [1] yet the people's represntatives had to ratify this when their own constituents weren't allowed to see it? Wikileaks and others leaked drafts and it was as bad as people thought it was going to be.
Defenders argue that trade negotiations need to happen in secret so as to not worsen our negotiating position. This really translates to "we don't want to afford the public the opportunity to oppose it". The EU now is finding some BS rationale for operating in the shadows.
[1]: https://www.npr.org/sections/itsallpolitics/2015/05/14/40667...
> 26. Given the Commission’s failure to identify the list of experts despite the complainant’s clear interest in it, the Commission should register this now as a new request for public access to documents and handle it in accordance with Regulation 1049/2001.
I know the ombudsman doesn't really have power and can only provide recommendations but surely "and the people who initially denied the request should be fined/fired/imprisoned" or some such language would have been OK to add? Seems like 'we can ignore the law until someone jumps over the substantial hurdles to complain about us ignoring the law and then we can follow the law' is not good for democracy.
What is more disturbing is that there are very few European institutions and companies on this list.
