It's scary, because CSAM (child sexual abuse material) is very, very broad, and quite vague in its definition¹. My three year old son stayed with my parents for a week, and he was being taught to swim in their swimming pool. Of course, I get sent pictures and clips of his progress by a proud grandma, and of course, him being a toddler, he felt swimming trunks to be completely optional (and of course, they are at his age in a private pool).
That's not CSAM right? But who knows how the AI will mark those happy pics? Some quirk in its programming and training leading to them being pushed way up whatever ranking is used? It's a nude child after all, and that is most likely one of the few things such an algorithm can detect quite reliably.
The automated filter won't care about the context though, and if any of the recent failures of algorithms ruining peoples lives are anything to go by (the Dutch Toeslagenaffaire comes to mind), being flagged by the CSAM filter is a high risk event — even if you can clear your name later by human intervention — because now you are on a list.
1: People tend to conjure up horrific images of underage children getting raped by adults when they hear 'CSAM' or 'child pornography', but when you read up on the legal definitions used it becomes very vague, quite fast. A seventeen year old boy sending a dick pic to his 18 year old lover is producing child pornography and can in many jurisdictions be sentenced as such, and nudism of any minor can be seen as CSAM if the pose they strike can be construed as 'erotic' — yet there is no clear definition of what this means, falling squarely into “I'll know it when I see it” territory.
Don't worry, as this is not about child sex abuse anyway.
The legislators know, from experience, that it's hard to argue against measures to protect children from predators, and so they are free to launch controversial and unacceptable measures. Once in place, it will be extended to other purposes.
> In the past, politicians promised to create a better world. They had different ways of achieving this, but their power and authority came from the optimistic visions they offered their people. Those dreams failed and today people have lost faith in ideologies. Increasingly, politicians are seen simply as managers of public life, but now they have discovered a new role that restores their power and authority. Instead of delivering dreams, politicians now promise to protect us: from nightmares. They say that they will rescue us from dreadful dangers that we cannot see and do not understand.
They had a great 20 year run on the terrorism narrative, but they need a new nightmare, and they’ve apparently settled on child predators.
I have watched 'All Watched Over by Machines of Loving Grace' by the same guy. If that stuff is anything to go by, Adam Curtis long on insinuation and clever cuts, and short on actual insight.
Beware of Gell-Mann Amnesia.
Btw, I suspect politicians always used the protection-from-nightmares just as much as promising utopia.
Urm clarify plz how one documentarian can hypernormalize? It's a collaborative work by many parties w overlapping interests. Over time. Using vast resources.
Same could be said for David Attenborough or Errol Morris, but that's not enough influence to be called "hypernormalization." Shining a light on how power functions is a gnatbite to, say, lawmakers banning abortion and homelessness, enforcing building codes, drafting a generation of males to war, engaging in armed combat against miners, etc. Even a documentarian with a mirrored ideology, say, Steve Bannon couldn't be said to be hypernormalizing- only communicating.
> citations
I re-watched some of "Century of Self" [0] to evaluate this statement. Much of it is primary sources: interviews.
David Attenborough does not make the same style of programming that Curtis does.
Curtis has a very specific world view, or world vibe, let's say whereas Attenborough does have views about the world but not much else beyond visual grandeur.
His earlier stuff is definitely better than his more recent work, but I refer specifically to the hypernormalization documentary because it's absolutely full of "Syria this", "Assad this", "[large country or company] decided to do [remarkably simple thing]". Maybe it's right, but the point is that it's structured and edited in a way where he wants to make you feel his argument that the world is being forced into a state of inaction, not convince you that his argument is correct.
In this specific documentary, he is undeniably flying extremely close to the sun in how he presents his argument versus what he is arguing against. He argument is all about the "theys" and the men in palaces, and obviously some decisions are, but some inference one makes in this mindset are simply the result of being fooled by randomness.
Don't get me wrong, I like listening to Adam Curtis docs while I'm working, I just think that he goes too far. When he is covering identifiable flaws he is absolutely brilliant, e.g. his piece on Nick Leeson is really nicely done, when he is kind of mumbling about some kind of incompetent conspiracy to do [something] he is often charismatic but shallow.
Also (a point about documentary filmmaking in general) the use of interviews is actually something I sort of disagree to an extent with unless it's a documentary like the fog of war where it's about a person in particular. It is extremely easy to manipulate interview.
This (https://youtu.be/BBwepkVurCI?t=90) is an extreme example demonstrated by Charlie Brooker, but you can be really subtle. And what if they're lying? What if you end up lying by accident? Trust but verify.
https://youtu.be/itqMwuB8gOk This is an interesting documentary about secret maps and information in Britain. I find it interesting, use my above writing as a barometer for whether that entices you or not.
I didn't put much emphasis on the first line of your comment and skipped to the paragraph right away, yet still read that paragraph with Adam Curtis' voice in my head.
Easy, then we'll just add additional tracking to everyone's personal devices that tells the government what is on your screen and for how long. For the children, of course! /s
Not gp, but I would recommend reading about the crypto wars[0] and related conflicts. While the arguments are slightly different the overall idea of needing every message to be scannable stayed the same.
8.3.4. "How will privacy and anonymity be attacked?"
...
- like so many other "computer hacker" items, as a tool for
the "Four Horsemen": drug-dealers, money-launderers,
terrorists, and pedophiles.
...
In Italy we had 67 different governments since 1946.
What can they do with CSAM data?
Government can't blackmail citizen, they can't use CSAM scans for other purposes, they can't even authorize a scan, because that's the justice system prerogative.
Do you really believe that in Europe governments are in control of everything like it happens in Russia or in North Korea?
> Government can't blackmail citizen, they can't use CSAM scans for other purposes, they can't even authorize a scan, because that's the justice system prerogative.
In the United States, legal blackmail is called a "plea bargain". You agree to admit you're guilty of a crime, even if you aren't, in return for the government not pursuing harsher charges against you. This occurs without trial, because of course the whole point of the plea bargain is to avoid going to trial.
Why would an innocent defendant want to avoid trial? Well, good lawyers are extremely expensive, and public defenders are extremely overworked. Also, police will often say whatever they need to say on the stand to get a conviction and justify their arrest. How many cops are ever jailed themselves for perjury?
> In this essay I shall address the modem American system of plea bargaining from a perspective that must appear bizarre, al though I hope to persuade you that it is illuminating. I am going to contrast plea bargaining with the medieval European law of torture.
> My thesis is that there are remarkable parallels in origin, in function, and even in specific points of doctrine, between the law of torture and the law of plea bargaining. I shall suggest that these parallels expose some important truths about how criminal justice systems respond when their trial procedures fall into deep disorder.
> In Italy we had 67 different governments since 1946.
Colloquially when Americans say “government” they are referring to the entire state, including not just elected officials but professional civil servants, police, courts, intelligence agencies, etc.
You have definitely not had 67 different governments since 1946 in the sense that I think was meant.
(Interestingly, you may often hear Americans speak of the Executive (what many call, a "Government") as 'Administration' - there where others call an Administration the collection of the actors and systems you just called a Government... And this confusion is in fact odd, if one notes that some call Ministers the heads of the Executive, and 'minister' and 'administration' are clearly twins.
This becomes beyond confusing, impressive, when you realize that 'Minister' is an expression for "servant" (cpr. "civil servant" etc.) as a derivation from 'minus' - 'Minister' is the opposite of 'Master' ('Ma[gi]ster')!)
> You have definitely not had 67 different governments
I've studied English, not American.
So government to me means means "the group of people who officially control a country", like in this BBC headline "Netanyahu out as new Israeli government approved".
Its definitely a complicated and messy idea. Many Americans would essentially only consider a complete change of constitution as a "new government", meanwhile in certain language in parliamentary structures there is a common phrase of "creating a new government" when an election takes place. Neither idea is really wrong, they're just coming from different perspectives.
If you're using the same kind of terminology, the federal US has had probably 117 governments, as this is the 117th Congress. However, we as Americans don't necessarily consider this a "new government", in that many of the institutions aren't radically different. We still have the Centers of Medicare and Medicaid Services, we still have the FBI, we still have the CIA, we still have the Social Security Administration, we still have the NTSB, we still have the FAA, etc. For Americans, the institutions are a massive part of the identity of "the Federal government", and unless all the institutions change its pretty much seen as a continuous government.
Its definitely a messy turn of phrase which means different things in different contexts. Either way, while Italy has had 67 cabinets/governments, I imagine a lot of institutions have stayed the same. The ability for abuse is based in the institutions, the will to abuse is often with the politicians. So its not like a "new government" woudl somehow wipe clean all the record collections and ability for the State to act on it, you just have different people telling people to pull the levers a little different every few years.
I know it can sound complicated, but I usually refer to what's written in our Constitution The Constitution establishes the Government of Italy as composed of the President of the Council (Prime Minister) and Ministers. The President of Italy appoints the Prime Minister and, on his proposal, the Ministers that form its cabinet.
So it's the combination of PM (Mario Draghi right now) and Ministers, appointed by the head of State (that is now Sergio Mattarella)
Regardless, if debating in good faith you should respond to what people clearly mean, not to what you feel the words they’re using should mean in “correct” English.
> Or 67 cabinets, if you prefer.
Absolutely nobody is disputing this. The Wikipedia link is unnecessary.
> Regardless, if debating in good faith you should respond to what people clearly mean, not to what you feel the words they’re using should mean in “correct” English.
you're wrong: I never said I was using the correct English, I said that in the English that I have studied it is called a government.
> You are engaging in bad-faith pedantry, and this discussion is now a waste of time.
I cut the irrelevant part, I always assume people say things that represent "what they understood or meant".
In that case the original post saying " you haven't had 67 governments in the way I mean" is completely useless, irrelevant, pedantic and in the end brought us to this conversation
Nobody cares what "government" means to an american when the context is not America.
Believe it or not, USA is only a tiny fraction of the World population and that tony fraction is in a good part not American too.
What Americans think, believe or mean is irrelevant to 95.75% of the Planet.
Every country I'm aware of people also use government as a loose reference to the whole monster of state, branches (judiciary, executive, etc), constitution, laws, etc etc.
> Colloquially when Americans say “government” they are referring to the entire state
Very consistently, when anyone (including Americans) talks about parliamentary systems, the number of governments or changes of government refer to the same thing as the number of administrations or change of administration when referring to the US system of government.
There are other contexts where there might be ambiguity, but this is one of them.
First of all, I really disagree — what you say is at most true for the minority of Americans who follow foreign news or have lived abroad. I honestly think if you told my dad “Italy’s government has collapsed” he would think there had been some kind of major catastrophe like a civil war.
Anyway, even if you’re right, it doesn’t matter. Nobody was talking about parliamentary systems or Italy specifically when the person who kicked off this thread warned about “the government” having too much power. It’s absolutely obvious to me that they meant “the state” and were misinterpreted by people who thought the word was being used in its parliamentary sense.
In English and particularly American English, “the government” is understood to encompass the justice system as well as Congress/parliament. People are taking about justice system abuses, not just some MP abusing his power. Law enforcement and courts control the country just as much as the parliament.
This isn’t some feature of American government either: in the US local law enforcement is often completely divorced from the state and federal political process and is run independently at a local level, with sheriffs and district attorneys even being elected positions in many jurisdictions. There is no national police - the closest thing is the FBI (though there are a few other national law enforcement agencies), but it can go after only crimes involving multi-states or interstate commerce, and at a high level it is run essentially like state law enforcement organizations in other countries, largely independent of the political process, although at the very top it is politically appointed, usually with a career official placed in charge.
> That's only because in USA the justice system depend on the elected president and elected representatives of the State.
That’s absolutely not true in the US. Almost all law enforcement has no connection to the President whatsoever. The FBI does have a connection, the director is appointed with legislative assent, but FBI employees cannot be fired at will by politician or even the director.
Further, the FBI didn’t even exist for most of American history, so that’s not why the term evolved the way it did.
Also, your country almost certainly operates similarly to US federal law enforcement. Or are you claiming there’s no democratic oversight of or input into the justice system at all?
Further, if you don’t consider the justice system part of the government, what is it?
>Law enforcement forces and justice system employees only have to obey to the laws, not to the politicians in power.
Frontex want's to have a word with you.....
And the Italian coastguard let people drown because it's law?....or maybe because it's a political thing? You cant separate the government and justice system completely.
> And your Italian coastguard let people drown because it's law?....
They actually don't.
Some politician (a Trump and Putin supporter, BTW!) tried to make them drawn for political gains and was beaten by a German young Captain Woman. [1]
many people in Europe protested against what Salvini was doing. [2] [3] [4]
France officially condemned what was happening.
Because you know, it's not a dictatorship here or a place where the police kills you if you're of the wrong color, the people still oppose to what Politicians and governments try to do.
Please, don't try to teach me how my country works...
You know that's why she got into troubles?...bringing drowning refugees to europa's coast.
>many people in Europe protested against what Salvini was doing.
So here you gave already proof that politicians can tell the coast guard what todo right?...because the sea-law is pretty clear..you have to help, no matter what.
> The EU is no longer rescuing drowning migrants and the number of refugees continues to fall.
In May 2022 already most than 10 thousand people reached the coasts of Italy via Mediterranean sea. [1]
Between 2013 and 2016, over 600 thousand people have landed here.
I think Italy is doing its share on that side.
How many of those immigrants went to Hungary, for example?
That's where EU is failing IMO, it should not be permitted to Orban to refuse redistribution of migrants.
Not on CSAM regulations. If governments wnat to know what people are up to, they have to simply open social networks and wait for the people to write it publicly.
No need to spy their conversations.
The reactions here are completely paranoia fueled.
On another note: if USA can please stop bombing African countries, maybe people shouldn't escape from the puppet regimes they install there...
> So here you gave already proof that politicians can tell the coast guard what todo right
They can try forcing the law.
What Salvini did was and still is unlawful.
His popularity dropped in a couple of years to a quarter of what it was.
you can also convince people to march armed against Capital Hill, doesn't mean that that's a President's prerogative, it only means that crazy people are everywhere.
At least we haven't built cages for immigrants' children.
> No, but I really believe European leaders are jealous of the authoritarian powers they lack, and are working to resolve that.
You can believe anything you want.
That wouldn't make you right.
national parliaments have to pass these legislation, EU is formed by 26 countries, all with very different ideas, traditions, political stances and objectives.
So, Orban?
Yeah he would love to be the sole leader of his country.
In my country?
those that tried have been destroyed by their same allies, out of fear of having to live in someone else's shadow.
If everyone wants to be the one and only leader, nobody will ever be.
Opposing forces always balance themselves.
Funny that all USA businesses lament that there is too much democracy in EU (like too much democracy is bad!), but now HN says that there is an imminent risk of totalitarianism...
The Dutch IRS ran a shadow profile system for over ten years, resulting in countless families in financial trouble, numerous divorces, suicides, and kids being removed from their parents and placed in foster care. Compensation/restitution for the affected families is finally coming, but its tragically slow progress is adding insult to injury.
And the government that stepped down over it, is still (again) in power. The very same prime minister that has presided over the country during the entire time this program ran was re-elected after his previous cabinet dissolved.
None of the people working at the IRS have even seen the inside of a courtroom, at least not as defendant. Such a roasting they got.
I really cant believe that you think the EU is so much better. But i see, the propaganda to implement that we are the good one's worked pretty well for you.
> Ah you think the government sends an official person and start to blackmailing you?
You mean governments are run by criminals that break the law?
If being blackmailed over alleged pedo pornography in that case is what concerns you the most, I think you have a pretty simplistic view of what's happening in the real World right now...
> I really cant believe that you think the EU is so much better.
I really can't believe you don't see it!
> But i see, the propaganda to implement that we are the good one's worked pretty well for you.
I don't really think you are making any sense.
You just posted propaganda links of a commercial email service and of European pirate party which is the most biased source of information about digital rights in Europe, they are so small (only 4 seats in the parliament, 3 from Czech Republic, one from Germany, zero from any other EU country) and and in need of funds that are constantly screaming "WE'RE ALL GONNA DIE" and have been for more than a decade now, for no reason.
I consider myself much more on the left side of things than the pirate party and have been participating on discussions about digital freedoms as a tech consultant for the EU commission, the pirate brought virtually nothing to the table.
But it's working for them, their MP salaries are still flowing in their pockets anyway.
Ask them why their HQ is in Luxembourg City (one of the richest cities in the World) and not in some more piratesque place...
Ah yeah...the old propaganda because you have to implement backdoors in your encrypted email-service...i don't know what you try to proof here, but it's kind of disgusting.
>You mean governments are run by criminals that break the law?
Ever heard of Berlusconi? Or maybe Nixon....or your King Juan Carlos ;)
I think the EU wants to go through easy to rummage through stuff like email, texts, instant messenger (all easy to go through if unencrypted). I think that's what their warning shot is. Eventually they would like to put spyware in every app/phone and keep tabs on what you're doing. It's the same in America as well. Politician and the police state have no shame when it comes to wanting to take away your privacy "to think of the children" and "what about terrorists?". There is a reason we have search warrants. It's a compromise that has worked for centuries, and I don't see why that has to go out the door with new technologies.
Seriously, if you start with "I think EU is turning into Sauron",you then can imply everything, you'll be mostly wrong though.
> I think that's what their warning shot is
These arguments have been in discussion for at least a decade.
Why do you think they want to read your email?
What purpose could it serve?
Do you really think France will accept to put the email of their citizens out in the clear if Germany refuses? (nations can still delay the implementation of regulations, technically forever)
> There is a reason we have search warrants
They are still required.
CSAM is only what Apple already does (and that's another reason why I don't buy Apple products).
I think kowtowing to ANY group wanting to rifle through texts/email/anything is a bad idea without some legal principle like a very specific warrant has been issued to do it. What these guys want means that all encryption has to have a backdoor so they can look through you private "papers" at will. Yeah, I don't like that, and no I'm not exaggerating. Otherwise, we wouldn't have agreements between countries like Five Eyes. I just don't understand why everyday people just roll over for government abuse of their privacy.
> It certainly feels, as if they are trying to do that.
Putin's been there for 22 years, Kim is there by rights of birth, in my country the PM has been there for 18 months and it looks like he's not going to last till the natural end of the legislature, in 2023.
His career as dictator 4 life looks pretty bleak from my POV.
Well I guess that’s where the idea of the “deep state” or “shadow Government” comes from. Obviously I don’t think it’s true to anywhere near the extent that many conspiratorially minded people do, but I think there could be some truth to it, in that there are bureaucrats (especially in intelligence) in many countries who probably do have too much power and too little scrutiny and accountability over what they do, who manage to keep their positions for long periods of time and abuse their positions for various ends and reasons.
I think they would like to be in control of everything and know/document everything they can about every person's life. I understand that makes their job easier, and maybe even they have the best of intentions. But just a couple of weeks a go a racist was running in France (Le Penn) and not too long ago the leader of the free world a known POS, likely criminal, and racist DJT was in office. I don't want any of those people to have free access to any and whatever information that they want. I am thinking of the children and of future generations of them. If we don't stand up for our freedom and privacy we are also not standing for theirs.
It's almost every politician since the invention of privacy. It's not a cabal, they just have common goals.
Edit: can't reply. The endgame is control over the population - taxing them, imprisoning them, etc. Why? I don't know, some people just like to be in (absolute) power.
This is the correct answer. People are lazy; politicians, police, your mail person, YOU. It's much easier to put on some coffee and start going through CSAM alerts from the emails and texts you AI sent you overnight and see what looks promising. Sure glad we got past those silly 4th amendment weirdos (or whatever the equivalent in your country is) who think privacy is less important than making my job easier. A decade down the line, a popular right/left wing nationalist with authoritarian tendencies wins. Now he sends down a request to comb through his opponent's messages to see what he can send him (or his relatives) to prison for daring to run against Him. A cop caught you flirting with his gf, let's just see what we can dig up on him on the CriminalSearch app...
The thing is, with current 'privacy-protecting scanner' designs, the scanner is running on every end users device, and it would be fairly simple for an expert to dump out the list of things being looked for.
That in turn makes such a system far less useful to intelligence services and authoritarian regimes. You don't want to tell your target that you're looking for them and which keywords not to use!
I wonder if this is part one, and then a later revision will require centralised scanning rather than on-device scanning.
>>and it would be fairly simple for an expert to dump out the list of things being looked for.
If you embed a neural net trained to detect "some" kind of images, I would love to know how one could "dump" the list of things the net is looking for. Basically it's not how it works - the neural net is more or less a black box, you can't tell what kind of things it's looking for by just looking at its contents. You give it an image, it says it is a match or not, based on some internal algorithm - but looking at that algorithm tells you nothing about what kind of images would produce positive matches.
The hashes are something like a 64x64 pixel representation that can apparently be recovered to a small, very blurry but still recognisable image (when the Apple thing blew up there was a researcher who’d done it with a reimplementation of PhotoDNA from the paper).
Sure, but if you read the article the proposed law by EU specifically mentions detecting brand new and not yet classified CSAM by using machine learning. So it's not just hashes we're talking about here.
I find it ironic that people often look at the EU as "privacy-focused", with things like the GDPR, while at the same time the EU wants encryption backdoors and photo scanning.
IMO, the politicians just want more authority and power. The GDPR gives them power to sue and fine large companies, ie, free money. I don't think it's about privacy any more than encryption backdoors are about fighting crime or photo scanning is about protecting children.
> and it would be fairly simple for an expert to dump out the list of things being looked for.
I think the Apple design used some fancy tricks to run the comparisons without ever decrypting the reference data and even if that wasn't possible almost every new device comes with some kind of "trusted" platform module that only "trusted" actors can access.
It's funny because in this regard, The Netherlands is actually trying to do better and change the laws to allow mutually consenting teens to do this stuff (still tentative) and punish blackmail, prostitution (edit: of minors), minor-adult sexual interaction etc.
Our general mentality also seems to be a lot more lax and supportive of kids being victims of their own mistakes rather than going "yeah, that's illegal, let's throw a fine on top". Almost as if we acknowledge teens are going to experiment.
It probably helps that we were complaining about and even making fun of[0] our government for using child pornography as an excuse for pushing through draconian populist laws a decade ago already. We may just happen to have a little head-start here basically.
Edit: for the non-Dutch, the link goes to an article by the Dutch equivalent of The Onion and the headline says "Opstelten [our minister of Security and Justice at the time] says new regulations are needed or else child pornography".
The Netherlands seems great as an outsider. I've been to Amsterdam, which was too touristy for me, but still beautiful. And we took a train to Utrecht and the surrounding areas which was great. Even struck up a conversation with a group of (local) software developers on the train.
Even with the lockdown protest issues it seems like it should be on the shortlist if you want to move to the EU as an American.
The Netherlands government has quite deep ties with the WEF, so expect The Netherlands to be at the forefront of pushing the WEF agenda. You can decide for yourself if that’s a good thing, but I’ve made my choice and am happy not living there anymore.
But I should add I left a couple of years before I even heard of the WEF. Me leaving The Netherlands was for other reasons.
Out of curiosity, did you live in other countries as well? I have the impression that in NL there certainly is a certain level of racism, but it's less systemic/endemic/widespread than in other countries (including parts of the US).
It's an opinion based on very limited data and personal observation, so take it with a grain of salt.
I think your racism meter is mis-calibrated. Sure, the Dutch are a bit funny about all the Turks in the country, but I find their racism against the Turks to be way lower than say a lot of Americans' racism against Hispanics.
I don't think we should tell someone who implies they have experienced racism first-hand that they haven't experienced racism. Especially if the counter-argument is "other ethnicity I belong to doesn't seem to be treated that badly compared to racism against yet another ethnicity I don't belong to in a different country."
You're right, but the poster above seemed to be talking for a whole population, which I then did too by talking about Americans as a counter-example. It's just that my experience of the Netherlands isn't that they are particularly racist, but if you haven't experienced other cultures then it is easy to lose calibration. Like how a lot of Americans tend to think of the country as number one in a lot of things (e.g. education), but when you visit other countries or explore other cultures you find out your views are miscalibrated.
This seems to imply normalizing scanning of private information between kids. All I see is getting them used to governmental privacy infringement early, so they won't complain about it later as adults. Very sneaky of them. Again it's "to save the children"
To clarify, the sexting part of the proposal[0] is only there to modernize. Loosely translated:
>For example, sexting is no longer punishable if this happens with consent. This is seen as sexual experimentation behavior among youth.
It has nothing to do with scanning private information. It only legalizes what would realistically never appear in court except for twisted revenge cases most of the Dutch shake their heads at (girl sends boyfriend nudes under mutual consent, they break up, now ex-boyfriend tries to accuse her of breaking the law which is technically true, but absurd).
To be clear upfront: mandatory scanning of private communication is a no go. And even child protection advocates, mostly do not demand this. So here really other interests might be leading the EC, which is bad
However, particular servers in the Netherlands have been hosting a lot of CSAM and revenge porn type of material. The EU is increasingly becoming a major host for illegal and dangerous material. This is a reality and a problem.
The problem IMHO is that it is really hard to have a reasonable discussion on how to tackle this. Reasonable voices are often the quietest.
In Germany we woke up to really bad experience with pedophiles actually loudly undermining political parties in the past (particularly the Greens). Just as a reminder: This is not all black and white.
I agree it is a problem, even more so in light of fake material looking more and more realistic, and the negative effects of social media on teens.
One of those other solutions is simply teaching teens the potential consequences of these actions. One sibling linked to an article 10 years ago. This was about the time schools in The Netherlands were filled with lectures regarding lover boys, sexual and emotional blackmail, and more. Despite that, many would still put themselves in a position a malicious person could take advantage of them, but at least you're arming teens with information on which to act autonomously.
I simply doubt the EU's proposed solution would really help prevent that many cases. It might even drive the more rebellious teens into sections of the internet where the consequences are far higher. Which makes giving up all that privacy a pretty hefty price, for both minors and adults.
My understanding of this technology was it was usually a hash or fingerprint of some form of the material, to be compared against a database of hashes of known-bad material. I doubt EU countries have the infrastructure or budget to run models across everything, no?
An article about this was posted yesterday, and the EU wants to take it further that detecting known CSAM content, using AI to detect new content too.
Of course, it's all a pretence for getting access to read all of your data. It might be a language thing, but the wording of the report was such that they were almost stating this explicitly.
Honestly, what.the.hell are these clowns thinking?!
The article says they already have technology that detects "grooming", whatever that means. That's seriously frightening, who knows what else they can detect? Maybe a few years from now we'll be reading articles about people getting arrested for expressing prohibited thoughts, subversive ideas, political opposition in what they thought was a private communications channel.
The problem with hashes is, that you cannot prove what the original image was without actually getting caught with csam.
So basically, a whistleblower takes photos of some very incriminating documents, someone gets accused of eg. money laundering, hashes of those images get added to the "csam" database, and you find the first person (via metadata) who had that image on their phone.
Also, in some more repressive countries, an image of a famous cartoon bear photoshopped to look like some president can be added, and all the people who look/have/download images (memes) like that, can get put on a "list".
But would the system not insist images are hashed by it? I mean; I would think it’s not a weird demand that if this is to protect children (which it is not, at least not only) that the image hashes are solely for that purpose or otherwise not valid and thrown out by at least an AI. I know it’s naive but it seems you want the image with the hash and if someone gets flagged and it’s some money laundering doc, then it should be dismissed before you get out on a list.
The hashes are likely provided by some outside agency who is fine with transferring the hashes, but would have qualms about transferring multi-petabytes of the matching CSAM images.
They are effectively low resolution hashes - obviously they would be completely useless if they fail to detect a re-encoded or slightly transformed or cropped image. In this sense it's a hash with a very high collision rate... probably even higher if you limit it to innocent but otherwise visually similar image of parents and grandparents sending pictures of their own toddlers as GP describes.
This is when it gets scary, demonising people based on a hash collision with no evidence or context.
Even with a database of hashes the risk remains. If someone gets off on nude children, then there is nothing stopping them from collecting innocent photographs from social media¹, reposting these on seedy or oniony websites, and have the hash ending up in the huge black box of CSAM hashes by an automated scraper. I am not under the impression that such a database is curated too closely.
1: This is not something I'm personally at risk of, because my parents are tech savvy enough not to post nude pics of a toddler anywhere but in a private chat with his parents (i.e., me and my wife).
That’s the implementation used by Apple for client-side scanning of iCloud uploads. NeuralHash or something. The EU may (and likely will) build an unrelated system, although it may share ideas with prior work.
Unless the exact algorithm and data used is described in the law you don't know what the implementation will look like (or what it will look like in ten years).
I almost think these efforts will need to succeed in become applied in a way too authoritarian way before there's a sufficient backlash. Unfortunately that means there's likely to be a lot of collateral damage.
At this point I would never send nor have nude photos with my kids (whom I don't have, but hypothetically speaking) on my phone or on any other electronic device, doing otherwise is just asking for trouble. Maybe it's not the perfect situation for parents who want to share said photos with the kid's grandparents thousands of kilometres away but it is what it is.
I personally know someone who spent 13 years in prison because at 18 his 16 year old girlfriend sent him a nude selfie. Her Mom was in her phone and saw that she had sent the photos, so she called the police on her daughter's boyfriend. They arrested him, seized his phone and found the photo.
You're probably not the first person to ask the question of "but what about parents taking pictures of their naked kids in a pool", I'm sure they plan on having some way of dealing with it if anything to lighten their workload. That doesn't mean it will be perfect but no matter how jaded we all are, nobody wants to start falsely accusing innocent people.
I don't see how it will be different this time. The past decade has seen a bunch of failed projects that used algorithms to do the heavy lifting, and justice and redress for those involved has not even been served in all cases.
The Dutch Toeslagenaffaire¹ was a massive failure of using discriminating algorithms to judge if tax payers were defrauding the state (most of those marked as fraudsters were innocent and many lost jobs, housing, and hundreds even had their children placed into foster care (!) due to the cascading effects caused by being on this list).
The British Post Office scandal² is another famous case that will be familiar to those from the UK.
To call Dutch Toeslagenaffaire a failure of discriminating algorithms, when the main criteria was: Manually identify innocents based if they were born outside the Netherlands or married to somebody born outside the Netherlands, or if they were born in the Netherlands, had Dutch nationality but grand parents born outside the Netherlands....Is a very strange characterization.
I think you may have misread my comment. The algorithms didn't fail; they did exactly what they were programmed to do. The failure lay in the use of these algorithms; i.e., such algorithms should never have been developed and subsequently used to put people on a blacklist.
Anything automated that has the potential to ruin people’s lives should first be checked by humans when flagged. That’s why this csam thing, if used, will cause crazy amounts of human work, and/or, after first ‘convicting’ a bunch of people and a lot of bad press, will then be toned down to only go after already suspected individuals but now their data can be scanned without a warrant.
> nobody wants to start falsely accusing innocent people
I mean this is just blatantly false. History has shown us this is false. Even if you think the current government is fully comprised of kind-hearted, magnanimous, good people, what makes you think that will be the case for the next 10, 50, 100 years?
A story - I have a google alert set up for my name. Someone in a different state with the same name was recently arrested. I've gotten 5-6 alerts every day for the last week from various local (to him) newspaper and television station websites announcing his arrest. Name, address, age, alleged offenses, etc. How many will I get if he's found innocent two years from now? My guess is, at most, 1 or 2. Why would we want AI, even with human verification (which is just them checking the hashes match, anyway, so not real "verification"), to trigger the cascade of events that would occur from someone getting arrested for CSAM based on this technology? It would ruin someone's life. Now if I'm being honest, if someone actually has CSAM, I couldn't care less if they end up homeless and their life is actually ruined. But taking a step back, and acknowledging that someone innocent will get caught by this, as it's just a matter of time at that point, it's not worth it. If we had a society where you could just say in a job interview "oh yeah that was a false positive, I can prove it" and that's that, then there's a bit more of an argument to be made. But that's not our society. Once your name pops up with this kind of thing, that's who you are for the rest of your life, guilty or not.
>>omeone in a different state with the same name was recently arrested. I've gotten 5-6 alerts every day for the last week from various local (to him) newspaper and television station websites announcing his arrest. Name, address, age, alleged offenses, etc. How many will I get if he's found innocent two years from now?
That sounds like a problem that's very unique to the weird justice system in US(and UK to an extent, unfortunately), where the law allows publishing the name and other details of an arrested person. In most(if not all?) EU countries that is strictly forbidden - until the trial is done, any arestee can only be reported on by their first name and with the face hidden. Avoids runining innocent lives like American media do.
For starters, you seem to giving anecdotes from the US. Privacy laws in the EU differ from country to country but in some places at least, names & faces of people arrested suspects aren't published. And afaik these gross miscarriages of justice that seem to be ubiquitous in the US are nowhere near as common the EU.
> But taking a step back, and acknowledging that someone innocent will get caught by this, as it's just a matter of time at that point, it's not worth it
Couldn't you extrapolate that to law enforcement in general?
It's not clear to me if you're saying that AI specifically will falsely flag people and / or if you're worried about being identified as someone else with the same name getting arrested for something. Either way both scenarios exist without any AI being involved.
Personally I was falsely flagged because someone driving a car with a number plate that belonged to me was caught over a dozen times driving ridiculous speeds and it took me the better part of a year to convince the justice system it wasn't me. All because they didn't know how to update some database records with the other guy's name and despite the fact that no human ever claimed I was driving that car (the other guy said it was him not me, the car leasing company said it wasn't me, plenty of paperwork was provided). Massive pain in the ass (and nowhere near as serious as CSAM) and it required lawyers and court appearances but I'm not advocating to abolish speed checks.
It always amazes me how anyone can be technologically literate and still think world governments should be given the benefit of the doubt when it comes to things like this. I agree OP, most people in government are probably not inherently evil or malicious but why should anyone trust that these initiatives won’t be poorly implemented and cause massive collateral damage to innocent lives?
It is not just the people in government today that you need to worry about. It is anyone in the potential future also that may abuse these initiatives.
This is the biggest danger. These technologies are a boon to the potential future populist dictators of Europe. It starts with Orban. Who knows where it might end?
> It always amazes me how anyone can be technologically literate and still think world governments should be given the benefit of the doubt when it comes to things like this
Yes I do think that. I'm very familiar with how the EU institutions work and I don't like it, so I'm no fan boy and certainly not trying to defend these kind of proposals.
I realize I'm preaching to a very cynical crowd here but I just don't see EU countries locking up innocent people accused of being pedophiles en masse by some garbage AI (different story entirely in the US or China).
Justice here massively leans toward giving people the benefit of the doubt, imposing light sentences etc. much to everyone's frustration.
> I realize I'm preaching to a very cynical crowd here but I just don't see EU countries locking up innocent people accused of being pedophiles en masse by some garbage AI
555 wrongful fraud convictions because of Second Sight, between 1996 and 2014, with a 2015 claim of no wrong doing and no system problems [0], in the UK.
Rubina Nami, jailed for a year. Seema Misra jailed for longer, whilst innocent and pregnant.
Noel Thomas jailed for twelve weeks at the age of 60 - the judge refusing to consider a flaw in the computer system to be possible, because of a report that concluded:
> If the Horizon system was flawed, I would expect to see issues raised by all 14,000 branches in the UK and not only a handful.
They locked up people over a garbage AI system over something much less sensitive than protecting children. Recently.
>nobody wants to start falsely accusing innocent people.
If anything, the 21st century has proven quite a few people are more than willing to do so when they deem the lack of true positives to be the greater evil. Or even just doing it for their own benefit.
Seeing as how things are going in China/Russia/N. Korea we should all learn to fight for our rights to freedom and privacy and not turn them over to the government. Western democracy is currently losing the cultural war and people aren't taking notice. US democracy was almost subverted by a phony bologna real estate scheister. I'm not sure why people think governments and rights can't change overnight unless we're diligent to push back against surveillance and other gross governmental overreach.
Can you give some EU specific examples that can be considered representative and not huge outliers?
Shit happens everywhere but where am I in Europe if anything there's a lack of law enforcement in the sense that prison terms always seem to be considered too low, people with sentences under X months don't actually go to jail because of overcrowding, police is constantly frustrated that people they pick off the street are immediately released again by judges etc.
The starting comment gave you an example to start off with. The Netherlands, Toeslagenaffaire.
You can't go telling "yeah we really care about innocent people" when you let an algorithm wreak havoc producing false positives and then take ages to fix it while the families are still dealing with the aftermath. That's the opposite, caring for true positives despite the potential false positives produced.
I'd also ask you to take a few trips down some ideologies. If you believe "EU is so nice it can do no wrong", you'll probably be cured of it soon when you realize extremists are spread all around the world, and have no qualms exercising their sense of justice even if it hurts innocent people.
And it happened in the Netherlands, which aren't exactly the cleanest of the countries (just check their ties with drug cartels money [1]), so it's Netherlanders that should be worried, not EU citizens.
It happens all the time, I don't know anymore how many wrongful tax bills I have received over the past 30 years, you just show the documents that prove you're in the right (if you are) and that's about it.
We pay accountants for a reason.
Lawyers are still free in my country if you can't afford one, event though it's very hard go to prison for tax evasion, at least not in all the European countries I know, even less likely for undue child benefits.
[1] Money laundering is a growing problem in the Netherlands, with estimates suggesting that around €16 billion in illegal funds is laundered there every year — money derived from a range of criminal activities, including drug trafficking, sexual exploitation and extortion
You're being pedantic and apologist for very little reason. There are still dozens of families who have yet to be reimbursed for this mistake, let alone the damage which was caused in the aftermath. Instead, we have a bunch of people still arguing what to do about the situation, all which are paid in tax money that could've been used to solve the issue already.
It's not about them being evil. It's about them feeling justified to use the algorithm in the way it was used, which then lead to pretty dire consequences for many families, followed by a lack of action and a general lazy attitude towards the entire situation. Along with a general lack of foresight when they implemented it.
This is a very clear example of what happens when you optimize for true positives at the cost of false positives. You can argue the costs and benefits, but you can't argue "people don't want to harm innocents" when they select to do so in a scenario where it very clear does harm innocents.
"Caring about not harming innocents" gets dropped the moment it feels inconvenient. That's something people need to be aware of instead of living in their idealist dream world.
Again, you're being pedantic in an attempt to dismiss people.
People could interpret the comment in question as "name examples in Europe", as if commenter was trying to imply "European countries aren't as crazy and totalitarian as the US / the remainder of the world". Several commenters gave examples close to home.
But somehow the EU, as in European Union, will be the exception, and we can't be skeptical of that. Get real.
> Again, you're being pedantic in an attempt to dismiss people.
No, I'm being correct.
Netherland problems that are not caused by EU regulations, are not EU problems.
Deal with that.
> But somehow the EU, as in European Union, will be the exception, and we can't be skeptical of that.
Fale premise.
I never said that EU is gonna be an exception, just that this particular problem happens everywhere, tax fraud are probably the most common case of fraud World wide.
So implying that's proof of some potential problem inside a new EU regulation that has nothing to do with tax fraud is naive at best, but let's get real, you're being not naive, you're simply being biased.
>nobody wants to start falsely accusing innocent people.
Do you have a source for that? First, by triggering the filter, there's an assumption of guilt. The filter wouldn't trigger if there wasn't something bad there, right? Second, someone, somewhere is being incentivized in their job to increase the number of "detections" so they can increase their arrest numbers. Why would they want to "lighten their workload"? They're the cops. They just ask for more resources and get them.
It's a waste of time for everyone. Prisons are overcrowded, court cases take years to get going, criminals being caught red handed are released before cops even get the paperwork done, there's plenty of rock star defense lawyers.
> They're the cops. They just ask for more resources and get them.
> Meanwhile France last year just dropped the age of consent to 15 and if you check Wikipedia you'll most EU countries have it set around the same age.
France's age of consent has been 15, since 1945 (1982, if you weren't straight). What they did last year was add a Romeo & Juliet clause that allows for below that age if you're within five years of your partner and not committing something that would otherwise be considered assault. So a 15 yro and a 12yro won't end up in a rape case for being partners.
They tightened overly loose definitions, basically. Not dropped - raised. (A lot to do with this [0] particular case that demonstrated just how damn loose the laws were.)
15 vs 12 is huge gap in relative age, development, and maturity. But it sounds worse from your description, like a 15yo can have sex with a 10yo and it's considered consensual??
It is _now_ that a 15yro and a 10yro _may_ be considered consensual if no other factors come into play, like authority. However, the court would have to examine it on a case-by-case basis.
Previously, it was _assumed_ that consent occurred. Such as in the case I pointed out - the court struggled to say there was not willing engagement between a 28 yro and an 11 yro.
Historically speaking, France has some of the loosest laws around consent in the world.
"Family goes through seven months of hell falsely accused of child porn charges after Spanish police misread US-style date in tip-off from American group"
And if this passes, we will have plenty of examples from the EU too. Here it was not as easy to crack down on people because we take privacy very seriously, but it will happen as soon as the state gets the power to do it.
See for example how we treat people who have few grams of weed on them. We protect innocent people, you say? Bullshit, we crack down on gardening shops if they're even just slightly connected to the weed culture!
> and nudism of any minor can be seen as CSAM if the pose they strike can be construed as 'erotic'
So we're now expected to teach our kids what erotic poses are so they know not to accidentally do that during family pics, lest daddy or mommy wind up in jail? The future is fucked up.
If you look at the history of litigation of nudism magazines in the 80s and 90s it is exactly that. Some magazines were allowed in, some were banned and the owners imprisoned because a judge said that some of the photos weren't candid or casual enough.
It would actually be great if iPhone/Android detected and offered to blur genitals with a click. As creepy as that may seem those of us with young children may only incidentally capture material that could be mistaken for CSAM and would be fine blurring out those details.
The biggest problem is that these images are CSAM. Or at least a bit-for-bit identical image is in a different context. If it is family members are sharing an image of their child having fun or even sending an image to your doctor then there is no problem here. But those exact images in a different context could be a problem.
Of course this is why they have human moderation before conviction. But I absolutely don't want my private images being reviewed because they may be CSAM. This is basically assuming that I have likely done something wrong and intruding my privacy because of that.
Those pictures will be seen by you and grandma, but also maybe by employees of whoever you use to backup the pictures, whatever security services have a need to view the images, whichever police forensics department may need to look through your or grandmas phone if it were to be confiscated, etc.
Those employees need a good work environment, and can't be expected to look at your naked three year old.
I'm sorry. The chance of someone needing to look at these pictures should be near 0. The backup company doesn't need to look at them. They should actually be end-to-end encrypted so that only me and grandma can see.
In exceptional cases the police may need to see them. But even in that case there is nothing wrong with these pictures. Pictures of gore and literal shits are legal and while I agree that it can make this job very taxing. But a child swimming naked is not the problem here.
Having an actual person see those pics is totally fine. No one in their right mind would see anything but normal child raising there, and the judicial process has checks to prevent abuse by any one actor. It's algorithms I'm concerned about.
We seem to have very different priorities. You are concerned about the welfare of employees of privacy-violating organisations. I'm concerned about citizens' privacy and say those organisations shouldn't exist.
> > 3. What makes you think #2 is true even today?
> Because I live in EU and everywhere else I look the situation is far worse.
"It's worse other places" doesn't answer the question. The EU's government isn't perfect and I don't see any safeguards in this proposal. It's ripe for abuse.
> Funny that guns are abused daily in US
Whataboutism nonsense, nobody is talking about guns except you.
> If the filter has to be used for CSAM content, it can't be used for anything else.
Utterly fanciful. Once this exists and is in place, it can and will be expanded to other things. Eventually a government you don't like will be elected in your country, and they'll be able to expand this.
This tool in the hands of an authoritarian government is as dangerous as any firearm because it would allow them to track dissent.
> Or it doesn't count since Germany is not a democracy?
you say that as a joke, but it's not completely false.
Half of Germany was still a dystopian 1984esque state 30 years ago. Those people are still alive, those kids are adults now. It doesn't surprise me at all that it can happen.
Anyway, it was one case in a small city where they tracked a witness of a crime, they didn't "destroy the privacy of all European citizenzs to create a surveillance state in EU"
Besides, WhatsApp and IG have the same (if not much more) metadata, given by the users while simply using the app, that are already being abused in any possible way. including selling them.
At least a tracing app is explicitly for tracing.
I never used a tracing app for COVID, problem solved.
But people (even my mom!) use WhatsApp, I can't escape that and can't escape Facebook knowing who I cal. when, for how long, even if the messages are encrypted, metadata is not.
I would very much prefer a call from the police to help them solve a crime than FB sending me unsolicited ads or worse.
The police can't drag you in jail and then in court, we are civilized people,they send a letter to you notifying you that they are investigating you and you have a right to the defense.
I mean that's cute and all, but why are your parents taking pictures of naked children and publishing them online? That's making assumptions about the channel used to send them and the phone itself being secure. Better to not risk it - not because of this legislation, but because of anyone else that might be listening in.
This is how free speech ends. If the parent doesn’t think the image is inappropriate or would damage the child, they should be free to share what they want. Full stop.
Sending pictures to me via WhatsApp is not 'publishing things online'. It is meant as a private communication channel. The current proposal wants to listen in on those channels.
And obviously, I personally, can instruct anyone handling my child to not do that when such laws come into effect, but that doesn't change the fact that for many people such actions are completely normal (as it should be).
I don't think this proposal is quite enough, we can do better to protect the children.
The homes of the people who champion this proposal should be thoroughly searched for child abuse materials every week. Naturally, their personal electronic devices should be taken for analysis. I understand this may cause them some inconvenience, but think of the children!
No need for the /s tag, that’s exactly how it works in a lot of places.
Here in the UK, the so-called “Snooper’s Charter” that was passed in 2016 allows bulk data collection and warrantless access to that data…unless you’re a member of parliament.
When we get spied it's for our own good and when they get spied it's an issue of national security. Because they make the nation and we're just resources they monitor.
Given the cost of child birth in the developed world it would be quite economical to send each child home from the hospital with a government video monitor which must be kept in the room with them, to enable random (and ML) surveillance, just to make sure they're not getting molested, you know.
This is a good idea. To be safe against AI misfires, a government agent could be assigned to watch each child 24x7 wherever they are, whatever they are doing: sleeping, eating, bathing, using the restroom, etc. That way there is no chance of missing any possibility they are abused.
The worst thing is that, while the EU proposes dubious stuff like this, the police doesn't actually try to remove such content from the internet or are at least really ineffective at doing so. There was a documentary[1] from the german public tv station NDR in which reporters / journalists managed to delete the majority of content from one such CSAM forum, by sending deletion requests to the hosters. The police just... did nothing about it? :/
It's mind boggling. It would be nice if only 50% of the energy put into laws with questionable results like this, would be used to give victims of sexual child abuse more help and support (or, in many cases, some at all) to continue living as much as possible despite the monsters in their own heads that such sexual abuse creates, wouldn't it? :/
This proves that none of these institutions and politicians pushing for more surveillance actually care about the problem (while the urgency of the problem is dubious to begin with).
It's all about power and funding. If the problem was eradicated, then they would lose their purpose and funding.
A lot of cybercrime is like that, the police are very incompetent at handling it. I've seen a criminal literally logged in with their personal account (with 2FA, home address etc.) and the case was dropped because they wouldn't/couldn't identify the person. I don't think they even attempted.
Botnets are annoying to dismantle even within the EU, it's not even illegal in some countries to not remove reported malware.
I view such legislation as an excuse to their general incompetence.
Yeah not like this. I will turn myself into a black hole as much as possible.
If they somehow ever come to suspect me of these things I will gladly do anything I can to support their investigations. They can come by with a warrant, look through my message history specifically and only for evidence related to their investigation, it will happen in my presence, and no copies of my data will be made and/or fed into the basilisk. You know, how it would normally go.
5:30am, loud knock at the door.
You open the door a crack to see who it is. Cops bust in.
You're immediately handcuffed and sat outside.
Cops take anything with a screen, usb plug, etc. All your media. All your computers. All your external hard drives.
Every one of these devices will be imaged, and archived prior to being searched. The data will be kept for years, to protect against inevitable appeals, etc.
That won’t happen here but sure, US type of police overreach makes a better soundbite with horribly vague proposals like this. And people should be scared so I guess it’s good; maybe they will protest (probably not though because the children the children).
Netherlands. I wonder if it is similar: I saw a few here and they were friendly, no cuffs, they had a list of IPs, made an appointment to collect the drives etc (and that was with enough proof to know for sure they would find what they were looking for). But sure I can see how it escalates but why would they if there are no guns (usually only with drugs at which points they will come with more force)? Shame about Germany but why don’t we hear these things more; they should be on the front page of HN I guess (and not in German or in any language outside english if it awareness needs to be built)? At least the outline. So which dutch articles did I miss I wonder then; I cannot find any of these kind of overreaches.
Also German lawyers seem to be far more trigger happy in a lot of cases than dutch like with copyright and not having your company info on your site etc; seems there is more litigation there like an industry looking for people to ‘sue’. Why aren’t people protesting or are they?
I accidentally (e.g. I didn't know) bought a stolen laptop some time ago. The police came at 05:00am, raided my home with guns drawn and took the laptop. So yes, it does happen in Europe as well.
All good, after the initial surprise and when they found out that I am neither armed nor a criminal they were quite friendly actually. Still wouldn't want to experience something like this ever again.
Don't forget the part where returning the original devices takes months or years, and of course you can't download a copy of the data if you lack a backup or the backup was also seized.
This is not how it works at least in Canada and the US. Until they can read the password out of our minds (or at least prove that we have it) we don't need to give up the key.
Technically correct however courts can hold you in contempt. There was one case where a suspect was arrested and refused to give up passwords to hard drives. The prosecution had reasonable evidence (allegedly) that those hard drives contained child pornography, however since the defendant failed to provide access the prosecution could never prove it.
Other good points were brought up - why not dismiss the hard drive as evidence and use other “proof” such as network logs, computer thumbnails caches from the defendants personal computer, etc?
Personally I’m not sure if those ideas were ever explored.
I can't speak for Canada, but in the US if a court issues a search warrant for data stored on one of your devices you are obligated to take whatever steps are necessary to turn over the data, including decrypting the data if applicable. This power is provided to the government by the 4th Amendment. What you are likely referring to is the 5th Amendment right that protects a person from being compelled to testify against themselves, which protects a person from being compelled to turn over a password if doing so would incriminate them, but this is only applicable in circumstances where turning over the password would incriminate you, not where the decryption of the data would incriminate you. This is applicable only in circumstances where it is uncertain whether you have access to the device in question, since compelling you to produce the password amounts to compelling you to admit that it is your device. Once a court is satisfied that it is beyond doubt that the device is yours and you know the password, a judge is free to compel you to provide the password.
There's a further consideration of whether you can refuse if the literal string of the password itself would incriminate you, but I don't believe that has been conclusively litigated.
I don't think that works in countries with a jury system. I don't have anything illegal on my computers, but I would never give up my passwords to anyone working for the government. I think the odds that at least one person who is like me (or can at least understand that mindset) will be on any given jury is pretty good.
And even then, weaknesses are built into encryption, long-term it may be broken with advances in computing (I mean who knows what the NSA and co are working on at the moment), etc.
It's better to not do or have anything illegal. Make it so you can say "I have nothing to hide", but don't give them access voluntarily because of that.
If NSA has a backdoor or has broken the encryption you are using, they will want to keep that secret for as long as possible to get the greatest possible use out of it. They will use it covertly (using parallel construction to keep it out of court cases) on important cases like (actual) national security, mafia or people running dark net marketplaces, spying on friendly and hostile governments etc.
But they won't risk it for someone with a CSAM match or anything similarly uninteresting, and local authorities won't even be aware that it's something their government can do.
Still, don't do anything illegal, but I think for most people it's legitimate to have a threat profile that assumes that encryption is effective.
France : "Loi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne, article 30 (Law #2001-1062 of 15 November 2001 on Community Safety) allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply incurs three years of jail time and a fine of €45,000; if the compliance would have prevented or mitigated a crime, the penalty increases to five years of jail time and €75,000.[21]"
If they can justify to legislators being able to spy on all network traffic, they can probably also convince those same legislators that encryption is a tool only bad guys use to prevent justice being served.
There's a constant push, at least in the US, for regulation on encryption. It's gotten consistently shot down thus far, thankfully. But it's a never-ending battle. And one day people will most likely become complacent enough to let go and feel the liberty melt away.
Just like the last couple generations have gotten increasingly soft on our right to bear arms. They've been conditioned to believe that it's dangerous, and boomer-like, and no longer important.
It's already illegal to not disclose passwords when ordered to do so in the UK.
Sure, the US freedom of speech amendment protects more powerfully than in most countries. But I wouldn't be so confident once the rest of the world has given up
No, that's not how you should be thinking. You say nothing, you give no access, and you demand a lawyer and a search warrant. You do not need to cooperate. You cannot trust any police or investigators. This isn't about whether you are guilty of anything or not, this is about basic human rights, the right to privacy, and due process of law.
That is exactly what I want. Not having committed any such crimes, and having been incredibly lucky to be born into the sort of life where I feel like I can trust the process being fair and just, I am not particularly worried about an investigation.
This is the precise inverse of how I feel about the general permanent monitor and analysis that is now being proposed. These systems are inaccurate, opaque, and uncontrollable. It makes me feel like cattle being driven towards the man with the rod.
Most (all?) restrictions where imposed by the governments. Can you give us more details or some example on that “total control” the European Commission actually exercised.
And the national government excuse usually is, that they do it according to EU rules, directive or whatever.
Denying responsibility at all levels at its finest.
There are rare examples of resistance, like the attempt of Czech government to resist the EU firearms directive by putting the right to self-defense with a gun into the constitution. But mostly they just fold over.
There was no such thing from the EU; travel restrictions were imposed by individual countries first and foremost.
You call it "fold over", but if you think of a positive thing, it's cooperation. Because we have open borders - which, if you look at Brexit, is a huge advantage for trade and the like - it doesn't make sense to allow firearms in one country but ban them in another. It's a give and take situation. The UK decided they didn't want any part in it and... it decimated their economy, their imports and exports, their properties owned abroad, and any companies operating under an .eu domain name; it's caused an economic shift in Ireland which may very well be on the way to unification now, and it may trigger Scotland to leave the Commonwealth and join the EU.
UK was never in Schengen; as an EU citizen, I had to go through ID check all the time. The only difference now is that I have to show passport, national ID is not enough anymore.
Guns were never allowed to circulate freely; even in Schengen countries, you need both export and import permit from both countries to bring it into another country. Fun when you attend competitive events ;). You could argue that you could do it lawlessly, without permit, but then, you could own gun lawlessly, without permit too; the criminals won't bother, only the lawful citizens, who is targeted by the regulation, will.
It would be "cooperation", if there was a consent of the governed. Now it is just diktat. This: https://www.youtube.com/watch?v=3lHVcvJdWIs is not so funny when you realize, how true it is.
Even closing of bars and restaurands was not imposed by the EU because it does not have the legal powers required to do that.
Please read up on competences of institutions before directing blame, everyone.
The EU has exclusive power in customs, openness of the internal market, monetary policy, internal commercial policy and some selected international treaties.
Member states are furthermore prevented from interfering from EU regulation - if it exists - in some areas of agriculture, environment and consumer protection, transport and energy and meta directives in legal fairness and security.
There is no competency for regulating health, that is solely member state responsibility.
Regulation of digital markets needs to attach to these powers, and so is derived mostly from a need to protect competition and internal markets.
When one set of government-imposed policies artificially inhibits travel, another set of government-imposed policies that artificially adds exceptions to that first set of policies shouldn't be seen as providing salvation.
"Travel within the EU" would have been "possible" and "pain free" if the various governments had just not imposed any travel restrictions in the first place.
I am old enough to remember passport controls when going skiing in Austria, which was 30 km away from my home. Hell, imagine to show documentation at nation borders! The audacity!
Even then it was national governments, not the EU, imposing those controls.
I’m not aware of any COVID measures that was bought in solely via powers the EU has. I assume that would take far too long, as every new directive from the EU needs to implemented by each member state separately.
There was a movie called Minority Report that had a similar premise. Basically they would detect murders before they happened and arrest people moments before the murder took place. At the time of the arrest the potential killer had motive and intent, so that’s how they justified it.
The problem with cops using AI is they seem to put far too much weight on what it discovers. I remember reading a story about how Clearview AI nabbed some random person and claimed that they were some other person. The story wen't on that the cops picked this guy up and bent over backwards to try to make sense of what their AI was telling them, because they thought the AI was infallible. Guy was telling the cops that he had nothing to do with what they were accusing him of and IIRC the cops kept coming back with "but why would the AI single you out"
And that's the root of the problem. We in tech know AI can do all these great things but that it also has a high error rate and to take results with a grain of salt. Folks outside of tech think that it's infallible and perfect 100% of the time.
Good to have brought up that movie, worth a watch (or to see again). Quite odd (or maybe not) that the EU wants to head in that direction, of setting up the near equivalent of their own "Precrime" program. The infallible "algorithm" will stand in for the "Precogs".
Incest is the massive child abuse elephant in the room, and listening to our communications won't help those millions of children who suffer. Almost 7 million in France (1).
I'm disgusted. I'm pretty sure when they say "one child in 5,6 or 7", it's really incest in 90-99% of cases, not some internet pedophile they claim to catch.
They won't protect children with that law, because it's not the right law to fight child abuse.
Basically 1 person out of ten? That's frightening. Statista says it's an estimation but all information about source and methodology is behind a paywall.
Could push for increasing surveillance be related to the recent adoption of digital social credit, CBDC (digital currency), and predictive policy systems in EU countries such as itlay, Netherlands, denmark, and the US?
You would need a continous stream of data for building those.
It makes a lot of sense if you look at it as countries trying to replicate success of Chinese growth and systems which are highly centralized and depend on the above factors.
A lot of this got accelerated through Covid policies, "never let a good crisis go to waste" as they saying goes. Many systems that were put in place, can be repurposed for other goals.
Isn't this an insanely stupid idea? Doesn't it open the door to a new type of ransomware - pay up, or we'll flood your devices with CSAM and submit a tip about it?
I keep posting this objection on every single one of these articles.
It is weird how supposedly techno-savvy people can't spot how easy this would be. But I'd think it would look more like an alternative to murder-for-hire when ruining someone else's life and throwing them in jail would be sufficient. Get someone else to pay reasonably big money to actually do it and not just threaten it.
This may have happened already and some middle aged dude caught with CSAM is crying about how he's been framed--only he really has been framed. But nobody believes him, because nobody believes a sex pervert.
It seems like a great way to me to put out a 'hit' on someone because it can be done from across the world without leaving any physical traces, with the actions taken across national borders, and much less likelihood of the cops being able to do anything about it, even if they do detect it and the person winds up going free.
Agencies like the CIA may also be able to exploit this against foreign politicians and public figures they don't like.
Well yes, that's what I though 20 years ago. But I've never seen a report of actual framing of someone via CSAM. gung-ho police mistaking innocent nude kid pics, yes. Criminalisation of sexting by teenagers, yes. But framing? Haven't seen it reported.
There are two reasons I guess. One is that pedophilia is the epitome of evil in our society and even career criminals would find handling CSAM off putting and risky.
The second is that if you can hack someone, there's easier ways of taking their money. Stealing their credit cards being the obvious one. Money motivated criminals always go by the easiest route.
That doesn't rule it out. If we get an uptick in cyberwarfare, I wouldn't be surprised to see this tried, because 'authority says its okay to do this' is an effective
Well some other people already posted that it has actually happened.
> There are two reasons I guess. One is that pedophilia is the epitome of evil in our society and even career criminals would find handling CSAM off putting and risky.
Every time I see this argument I find it hopelessly naive.
If I was sitting on a few million in cocaine or heroin I'd be sweating bullets, but other people deal in more than that all the time.
There are people out there willing to do murder for hire, which seems like total insanity to me (huge legal risks and you have to get up close and messy and be actually willing to kill someone). Yet sociopaths out there look at their skill set and decide the fact that they're completely okay with killing people is a profitable skill they can market. Sitting on a pile of CSAM and hacking into phones to frame other people seems relatively tame by comparison, and certainly prone to attracting people who are overly-smart technically and have the weakness that they think they're so smart they'll never get caught. Far from seeming implausible, it seems highly plausible.
This isn't a theoretical case. I had this happen with regularity, and I'm sure many others have too.
I ran an online business and one of my competitors hired someone to constantly email PayPal and tell them I was selling CSAM. PayPal has literally no option other than to instantly lock your account against all transactions. Luckily I was putting so much money through PayPal I had my own account manager, but they still have a script they have to work through where they have to go through every part of your web site to make sure the report is false before they can open your account back up, which takes 3-7 days on average.
The blackmailers would have to own the channel they transmit on, though, to hide their communication to you, and own the metadata on the network. It's not like file-encryption ransoms, they not only have to remain anonymous but also to hide all traces of network communications (which are already completely monitored on a message-metadata level). And the perps aren't just screwing around for money but are trading in practices that apparently get you murdered in prison.
Hey, that's an idea... we know who the sponsors for this are in the European Commission; maybe Anon or someone could take a stab at uploading something special to their devices.
CSAM is terrible but how common is it to justify invading all of our privacy. Cars can kill people. Should we ban those? We know alcohol is damaging, maybe we should ruin that fun for everyone too.
Once they know what you talk about with your acquaintances, they can just trigger your (on subscription) car to drive into a tree and rewrite the car's black box so that it will look like an accident.
Of course that would happen only if your social credit score is very very low.
I'm not sure if you meant it this way (I like to think you did) or not but the answers you will get to this question when asked on this website are going to providing a great example of how things like "scan everyone's phone" come to pass.
People with some extremist take on some issue that mostly nobody cares too much about, they get sympathetic politicians who become convinced it's worth the blowback. Repeat for hundreds of issues and you get 1984.
Why? It's the most efficient use of resources and allows for some great cultural and public infrastructure to exist that just doesn't make sense without density.
It’s disgusting, that’s why. People stacked on each other living in shared filth breathing each other’s farts and hearing noise all the time… not to mention the obvious problem of how diseases spread in tight quarters.
I might be already there. Why do you want to move in and spoil it for us, who are already there? Find some other place, where building human hives is more welcome.
Is efficiency for the sake of efficiency worth it though?
There's a second order effect I observed which I feel isn't discussed enough: when it's assumed that you can only walk/cycle or perhaps take the bus in an area, suddenly there's an additional premium imposed on space.
The net result is accelerated gentrification.
Anecdata: just about anyone I know from my generation was priced out of those walkable districts with access to public transportation they grew up in - simply because investors are aware of what is in demand, so they put all their money there and not into places you can only reliably access via car.
What follows is people buying not homes, but apartments built in the middle of buttfuck nowhere and driving to/from there, because that's what they can afford.
A net negative, but here we are.
I'm all for livable cities, but what good is it if the only ones who can afford it are the 1%?
That argument is ridiculous. So dense neighborhoods are popular, therefore prices are rising because more people want to live in a dense neighborhood.
The solution to that is not "let's build more undesirable neighborhoods so prices are not increasing" but to change zoning regulations so more dense neighborhoods can be build to satisfy demand!
Or are they living there for jobs? That’s what I always hear as excuse for people to live there, not that they like dense neighbourhoods. I am old though so my network and (news/social) reading habits might be different.
I like living in a dense city. I can walk almost everywhere, I don't need a car, there's nice parks, things are open later (although not late enough for my preferences sometimes), there's good variety of restaurants, entertainment, art, food, bars, dancing, sports, clubs for nerds, and so on. The outer walls of my condo are made of concrete, I hear less from my neighbors than when I lived in a house. The jobs situation is/was also convenient, but I now work remotely and still enjoy living in the city.
Of course, I'm sure there are plenty of people who live in a city and don't like it, and also plenty of people who would prefer to live in the city but cannot afford it or their circumstances keep them somewhere more remote.
If my circumstances change so that I do not enjoy it anymore, or if my material needs change, then I'll adapt appropriately, whether it's moving to a different neighborhood, to a beach town, to the mountains, or to the moon.
Yeah, think that's a healthy attitude. I never really liked living in cities, but I do like visiting them, especially mega ones that are open most of 24/7 (cities that close before 5 am I find utterly boring I noticed and I lived in a few; but people with kids like that or so I heard). Clubs for nerds sounds good; is that some kind of meatspace IRC?
>Clubs for nerds sounds good; is that some kind of meatspace IRC?
Pretty much, you get everything from board games to Linux meetups, and then like IRC channels, they usually collapse through drama or mismanagement and then a few more pop up lol
The point I'm making is different - cars give you range and thus leverage in situations where you would otherwise be forced to buy/rent real estate close to the place you work/shop at and have to compete over it with those who buy it purely for investment purposes.
Sure, this is suboptimal and those who opt to live further away and drive everywhere lose time and money but often they're not even eligible for a mortgage within city limits, so they don't have much of a choice anyway.
I said I want to ban density over a certain number. Or specifically: leave space for modes of personal transportation other than walking or cycling.
Such cities can still be walkable - I grew up in one so I should know.
But I also lived on the outskirts of a very dense (due to historic architecture) city and would never want to move any further inward, because that place was hell.
Bottom line is density is a bad target. Livability is a good one and density doesn't equal livability.
Actually, my whole point is that there exists a level of population density which is actually worse than detached housing.
I just think people who are spoiled by thousands of sqft properties with yards big enough for a small dwelling can’t relate to the idea that for many of us, where we sleep isn’t the same space we want to center our lives around. We don’t necessarily need to not ever see or hear other people either.
Nope, my city is 15k people per square kilometre. In fact if you don't count the periphery and uninhabited (industrial) areas we're at 28k. https://en.wikipedia.org/wiki/Barcelona
And I love living here :) I just don't get why it's a bad thing to live in a high-density city. Most dense cities are now reducing car traffic a lot, and they have amazing public transport to make up for it.
As with the UK internet filters, the next step will be "Oh, so we have all this infrastructure already, we should extend it to other forms of illegal content, like piracy, DRM circumvention, etc"
Was there so much crying about the UK ones or was everyone obsessed with covid? During covid the uk spent a lot on similar (and I think worse) tech? Maybe the uk will license it?
The biggest outcry over the UK one was people's need to contact their ISP to be added to a list to access legal porn, which may have overshadowed the rest of the points.
This was a while before covid and has largely moved to just being accepted to my understanding.
I don't think the actual purpose here is to protect children.
The actual purpose here to invade people's privacy, (ab)using a sensitive topic like children sexual abuse as a scapegoat as many people don't want to oppose to some protection on a sensitive topic and be marked as a potential criminal (or criminal ideology supporter).
So when I talked about these proposals few years ago, I was told I am a conspiracy theorist and the EU wouldn't have done such a thing.
People blindly believe that the EU is this source of universal greatness and there is nothing sinister going on behind the scenes.
Unfortunately this effort goes beyond the EU - other countries, mainly those ran by WEF people, develop similar changes.
How are they going to determine your social credit score, without knowing your thoughts and who you talk to?
What is interesting is that running such software on my systems would breach all the NDA I have with my customers. As a company, it would not be possible to work anymore from the EU.
The problem is they only need to win once. What we really need is an immutable section in the EU constitution that anyone who tries to take away basic privacy rights like this is immediately tried for crimes against humanity and sent to prison for the rest of their lives.
Privacy rights are in the Charter of Fundamental Rights of the European Union, which is indirectly part of the Treaty of Lisbon, the closest thing to an EU constitution.
The CJEU has stuck down laws affecting privacy multiple times.
There is always wiggle room of course, and vigilance has to be eternal.
They just change it slightly every time until it passes. But it won’t be very potent in the end; I cannot imagine blanket encryption backdoors etc will be voted in. But if it does I am gone, out of principle. As tech person I cannot stand the stupidity of this all. I hope I am dead before I run out of countries to go to.
Conversely, perhaps protection against this kind of dragnet can be enshrined in Constitutions / Bills of Rights / UN Charters to defend against these attacks more fundamentally.
Indeed, in the words of the previous President of the European Commission:
“We decide on something, leave it lying around and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back.” https://en.wikiquote.org/wiki/Jean-Claude_Juncker#1999
The current President of the European Commission has been a long time advocate for Internet control:
“However, in the digital community, her posturing for the EU’s top job has caused concern. In 2000 [sic, actually 2009], when Von Der Leyen was Families minister, she advocated for the mandatory blocking of child pornography online via a list of offending websites managed by police authorities. Germany’s Pirate Party claimed that the law would lead to censorship of the internet.”
“The outcry that resulted was dubbed the ‘Zensursula’ scandal, blending the German word for censorship (“Zensur”) and her name (“Ursula”). The move was eventually repealed after it being challenged broadly, including a petition that had garnered tens of thousands of signatures.”
https://www.euractiv.com/section/digital/news/digital-brief-...
Keep voting, per country, for the right people and capable digital people on the gov; the pendulum can swing the other way giving people the right to strong encryption. I like dreaming. Any country where that is a right by the way? So where an org like the nsa cannot exist with backdoors by law?
Ah, yes, children, the second rate people. What you wouldn't tolerate for a second they can always be forced to comply with. For Security, or just because some local school bureaucrats decided on something.
A giant security theater already exists in the form of rating systems, age verification prompts, legal agreements of popular services stating they prohibit underage users completely, etc. For decades every single kid has ignored it or learned to find another way if common one was blocked. It's the “responsible adults” who need such large scale stimulation to keep believing in some “naturally unspoiled children” who only need to be “protected”, and therefore can happily live without education and guidance (on topics that are not quite clear to most grown ups either, to be honest).
I think those of us who value our privacy are going to have to draw a line sooner or later.
Do we want to combat child sexual abuse? Yes, but not at any cost. Are there things more important than combating child sexual abuse? Yes, such as our digital privacy. Are we willing to make the job of the authorities more difficult in combating child abuse in the name of privacy? The answer is yes.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
These people couldn’t care less. The line should have already been drawn but people keep falling for this emotional trickery that all politicians use. Packaging up something that nobody agrees with, with a noble cause that nobody would disagree with on the surface.
If you oppose this then I guess you oppose child sexual abuse! You wouldn’t want to look like a bad person would you? </s>
Drawing such a line is unfortunately fundamentally incompatible with current western attitudes.
You need to be able to have adult discussions about death and harm that WILL happen at the scales we're talking about. These harms are often easy to calculate. The harms that come from surveillance dragnets are less immediate and harder to calculate. So in addition to be able to have a discussion that we're incapable of having, we also need to have the balls to say "this long term non-specific harm of the surveillance state is worse than a few kids getting abused". We're nowhere near being able to do either of those right now.
Freedom isn't free but the only people who will talk about the cost are extremists of various flavors.
> we also need to have the balls to say "this long term non-specific harm of the surveillance state is worse than a few kids getting abused".
There is a false assumption here that such a surveillance program would even be effective and not just a stepping stone to arguing for more invasive measures when it doesn't fix anything.
The better argument is "this long term non-specific harm of government surveillance is worse than the harm it would successfully prevent to children." And then you can go on to describe the specific harms that state surveillance and overreach has brought about or enabled...
>There is a false assumption here that such a surveillance program would even be effective and not just a stepping stone to arguing for more invasive measures when it doesn't fix anything.
It's a false assumption you're gonna have to argue against so get used to it. In the minds of people who want this crap the harm of a surveillance state is not a guaranteed thing. They think there will be "reasonable access controls" and other fantasy stuff like that.
If you /truly/ believe that this is about CSAM, you've got your head firmly entrenched up your own ass.
This is -yet another- power grab by The State; that's all this is.
Every human on earth should be firing the SoBs that suggest these things. Every single legislator that champions these types of privacy invasion should be fired; period.
Their names are on a big list now. Fire these assholes.
It’ll get worse when it becomes obvious that on device scanning is unenforceable without control of the device. Next up will be a ban on unsigned apps and independent app stores and/or an outright ban on encryption.
The EU is about to become as bad as China or perhaps even worse if this stuff goes forward.
So it seems that no one should use anymore any "digital", e.g. mobile, mail or whatever "over the wire" way of communication. I was always worried about communicating that has any surveillance. My own stuff should be my own things. We should use older way of communication between us on daily basis and just occasionally use the "over the digital media" communication for quick agreement on person to person or person to group meetings. Anyway, all this gone so far that we really do not need digital way of communication, sharing things. The things like Facebook are crap. The peoples are not digital, they are physical beings and the way we should interact is out of the "digital world".
My goto solution since Apple CSAM fiasco:
1. Manjaro on office computers.
2. MacOS Catalina with Little Snitch for designers.
3. Air-gapped MacOS Mojave for testing and designers.
4.Limited smartphone usage to banking apps and phone calls.
5. Using dedicated camera for photography, if uploaded - metadata cleaning.
6. Serious offline book, movies, articles archive.
7. No cloud services. NAS only.
8. Limited social media activity, 20 minutes of Twitter, similar usage for Hackernews.
9. No connections to internet without active VPN.
10. Using internet primary for work.
But certainly everyone who really wants will block it, so it will ONLY be used for surveillance of the innocent, probably to influence their political views, or punish the baddies?
Traditional detective work will always be the best way to uncover real crimes of this nature. Any mention of this in support of mass surveillance is just a ruse.
If you look into it, these things are lobbied by globalists like WEF. They also happen to run multiple governments around the world, so these things are being developed in parallel for 2030 Great Reset agenda.
It has different pace in different places due to cultural differences i.e. some countries wouldn't care about ban of E2EE while other would take it to the streets.
But they have a strategy for the latter scenario as well. They'll pretend to give up and then piggy back bits and pieces through other unrelated legislation until it is fully in place.
They can keep calling it a conspiracy, but at least from what I've seen, more people are becoming aware of the truth every day. It gives me a bit of hope; only a little bit.
seems like maybe a better approach might be to require software developers to give parents/guardians features that allow a comprehensive view into the online activities of their children.
although unclear, that creates more visibility than has ever existed and could cause problems for kids who have different views from their parents.
yeah. maybe parental controls so parents know who their kids are talking to paired with good old fashioned undercover detective work might be a preferable approach to eastern bloc style listening posts.
if you want to get fancy, maybe build undercover chat bots or sophisticated honey pots.
If anyone's read the full proposal, does it specify what types of communication they want to monitor? It seems unlikely that providers like Google and Meta are just going to turn off their E2E encryption and let the EU plug in their cable.
Anything else (like just monitoring national providers) will surely just be pointless.
> If anyone's read the full proposal, does it specify what types of communication they want to monitor? It seems unlikely that providers like Google and Meta are just going to turn off their E2E encryption and let the EU plug in their cable.
> Anything else (like just monitoring national providers) will surely just be pointless.
The proposal talk about keeping E2E encryption, but providees should still have a way to detect content.
From page 27:
> [...] this Regulation leaves to the provider concerned the choice of the technologies to be operated to comply effectively with detection orders and should not be understood as incentivising or disincentivising the use of any given technology, provided that the technologies and accompanying measures meet the requirements of this Regulation. That includes the use of end-to-end encryption technology, which is an important tool to guarantee the security and confidentiality of the communications of users, including those of children. When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation, nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users.
EU is a hidden and well thought dictatorship, disguised as a democracy with values where everybody who complains and says otherwise is marked as an enemy. An autocracy full of useless burocrats who live out of citizens taxes
Ironic that this is coming out of the tutanota people whose product disabled my newly opened account, based on unspecified suspicions, for 48 hours, during which mails sent to it bounced as undeliverable, and only notified me about this fact upon subsequent login.
Don't get me wrong, the EU never met a piece of snooping legislation they didn't like, but the fact that the top part of the page is trying to sell me some encrypted email address makes me wonder about the article's editorial integrity...
This will push "criminals" further away from the common applications and they'll start using their own (forks?) and setup their own servers. Then there is no control at all anymore.
Are they cooperating with the UK; seems there were a lot of requests for proposals from them during covid with millions attached to scan e2e connections and other csam measures.
What's the logic with this? So, everyone is a suspect, who must be under constant and continual surveillance. You are guilty, until you can prove that you are innocent.
They can't. They just want to make it illegal for you not to scan them if they decide you are a communication provider and they serve you with what they call a "detection order". If you receive such an order, you have to follow the scanning rules they have laid out.
Thanks. I think it will be a little hard to enforce. I believe tens of thousands of XMPP and Matrix servers are currently running, and they are proliferating. Matrix protocol management is centralized giving authorities a place to apply pressure, but people can still create their own implementations of the standard choosing to include this or not.
GDPR is aimed at local small and medium businesses. They will get destroyed by fines if they save the email address of their customers wrong according to some very complicated elaborated made up rules by the unelected EU commission. Big companies can afford the bureaucratic overhead and all state actors get huge exemptions and can basically collect as much data as they want. GDPR is a ruse.
There is no way to verify that a hash is actually checking for CSAM.
It can be used for anything by any future government good or bad.
E.g. an Austrian musician was recently imprisoned for 10 years for composing/producing pro-Nazi songs. A hash check could find anyone who listened to the music (even reporters curious to listen to what they are reporting on.)
CSAM is a useful vehicle to get this technology deployed since no one is pro CSAM.
I am not sure, honestly. I remember the Article 13/17 protests. To me it seemed like even though thousands of people went to protest, they simply did not care. And back then, it was about Copyright.
Now, a group of people would have to protest against a proposal that's supposed to "protect the children". I can already see what populists would do to any group.
In the end, it all boils down to education (raising awareness), protesting (and talking to those who want to understand) and electing officials who care about the people.
Anyone who thinks that this is really about protecting children should look into how the catholic church, who has a long long [0] history of abusing children in Europe, is treated. If governments wanted to fight child abuse they could easily start there.
The HN attitude on anything touching privacy with a ten foot pole is awkward at best. It's clearly a hard problem and increasingly so. Being dogmatic about privacy regulations without a solution for the abuse caused by those who are open to abusing others seems a little too internet-hippie to be taken seriously in 2022, and that's a little concerning when it's the echo chambers of those best qualified and responsible for coming up with workable solutions.
Edit: What a cacophony of indignation and polemic black/white responses. Absolutely shocking.
> The HN attitude on anything touching privacy with a ten foot pole is awkward.
Because the power it gives is basically limitless. Once these things are implemented there will be no going back. It only kind of works when the government acts in good faith, and even then not really.
France passed laws against violent demonstrations, they ended up arresting people 200-300km away from Paris because they were suspected to go to a demo and potentially cause problems (because they had swimming googles and yellow vests, which are mandatory, in their cars), even though they didn't commit any crimes at the time. They also passed laws against terrorism, which ended up using them against the yellow vest protesters. Once the pandora's box is open you're fucked, forever, laws will be misused and abused
What's the next step ? 24/7 video monitoring ? Microphones in every room of your house ? That would also prevent crimes, do we want to prevent crime at all cost though ? We could just preemptively all live in jails, that would solve all these problems
When we say that privacy rights can absolutely not be touched, we are, among other things, also saying, whatever criminals get best at abusing those increasingly powerful rights (given the relatively growing space covered by encryption and stuff that happens through or over the internet) get to be more criminal and that's just the price we will have to pay for our collective freedom.
This insanely childish and irresponsible way of looking at and reasoning about our world gives of strong NRA vibes. As soon as you say NO MATTER WHAT you are in deep shit. When we become so dogmatic, that we can't even think, let alone talk about a problem anymore (and a problem it is, but, of course, there's then also the subset of people that will even call that into question) it's an issue.
I am not against privacy. I get glimpses of the good the bad and the ugly that are attached to it. None of these things are boundless. Reasoning about the space is hard. Pretending a concept as fragile and young as privacy is beyond reproach is just weird.
Increasingly powerful privacy rights? Do you live in opposite world? Surveillance is growing rapidly, police and other entities have orders of magnitude more data on us than they could have dreamed of a few decades ago, but because there remains an extremely narrow category of data they can't collect in bulk (the content of encrypted communication, but not the metadata), you call this growing privacy?
The power that the same old rights afford is increasing, because you don't have to leave your house to do some very nefarious stuff and encrypted communication is now a commodity. Any right to privacy meant relatively less in a world where entering a stone building and bringing guns was considered the premiere way to obtain money illegally, because (and I guess it speaks volumes about this whole thread that I feel the need to spell it out) you had to give up a good amount of your privacy by executing anything in that plan. That's often no longer the case.
> When we say that privacy rights can absolutely not be touched, we are, among other things, also saying, whatever criminals get best at abusing those increasingly powerful rights (given the relatively growing space covered by encryption and stuff that happens through or over the internet) get to be more criminal and that's just the price we will have to pay for our collective freedom.
Who is "we"?
As I see it, the criticism isn't directed at the goal. I think nobody is opposed to protecting children. Sure, HN crowd is obviously a very privacy-focused crowd, though I'm convinced that civil discussion is possible if the trade-offs for such a proposal would be a little more nuanced.
In this instance though, there is no nuance. There is no trade off. It's just security.
Also, implementing a law that kills privacy for pretty much anyone to protect children, while ignoring the elephant in the room [0] seems disingenuous at best.
And the inquisitions, and nazi Germany, and... Even when we don't forget history we get cocky and think we know better, that it will be different this time.
Except that the people who actually know what they are talking about when it comes to child protection disagree with you and the politicians trying to force this through.
According to the DKSB (Deutscher Kinderschutzbund) [2], encryption barely plays a role when it comes to the distribution of CSAM [1]. DKSB is not in favour of this.
You can pretend as much as you want that this is about children, that doesn't make it true. This was never, at any moment, about protecting children. Authorities already lack the resources to even go after the cases they know about, adding a huge pile of crap data to work through is probably going to make this situation even worse.
How does surveillance solve the abuse problem?
The abuse happens in reality and only some of the results are shared over the internet.
This is Zensursula once again, actionism with serious consequences without a real solution.
Countries like China and Russia will gratefully adopt the EU's rationale for its surveillance measures
Fortunately, this is one of the cases where HN is right, and there is no "middle ground". Child Abuse is bad but mass surveillance to catch it is terrible and will only be (haha) abused.
Governments are making it very difficult to respond in a more nuanced way, because they keep sliding down slippery slopes with predictable regularity when it comes to surveillance.
Measures are introduced to fight "serious and organised crime". The next thing your read is how they are being used against fly-tipping, dog pooping, benefits fraud, and random drug offences.
> Being dogmatic about privacy regulations without a solution for the abuse
Should all homes come equipped with always-on cameras, streaming to a government office, to catch abuse? Remember, you don't want to be "dogmatic" about privacy, not unless you can offer a *"solution".
*One of course ignores all the measures currently in place to catch crime and abuse, such as the police, social services, mandatory public schools with teachers and staff children can turn to for help, and all the many methods of surveillance, such as phone tracking, communication metadata, license-plate readers, surveillance cameras, etc.. All of this ceases to exist, and law enforcement is in a world of darkness because encryption creates one tiny corner where they cannot peek - unless they plant a targeted bug.
Because the situation is far more complex than this, and it's typical of governmental institutes to throw a blanket solution at it to increase resistance when it isn't at all obvious whether they will abuse their knowledge and power later in time.
You can teach these kids to take precautions, but you can't prevent them making mistakes if they still want to. Now you're weighting privacy and autonomy against lifelines to keep the ones who don't heed warnings from going off the deep end.
I think the problem stems from the fact we don't see abusers being publicly judged routinely, which gives a feeling that those abusers are very rare, and can't justify massive surveillance mainly because it's inefficient against any behavior not widely spread into the population.
right, surely this is just a coincidence that it has become "an increasingly hard problem" now, at the time of civil unrest against increasingly authoritarian attitude of the ruling class
The EU is clearly becoming a dystopian surveillance state, not that much different from China. And we still think we live are somehow better than that, and we live in democracy and freedom?
That being said, what are the realistic alternatives? Self compiled Signal? Matrix running on own server? Something else, like these Sky app supposedly used by criminals and drug dealers?
That's not CSAM right? But who knows how the AI will mark those happy pics? Some quirk in its programming and training leading to them being pushed way up whatever ranking is used? It's a nude child after all, and that is most likely one of the few things such an algorithm can detect quite reliably.
The automated filter won't care about the context though, and if any of the recent failures of algorithms ruining peoples lives are anything to go by (the Dutch Toeslagenaffaire comes to mind), being flagged by the CSAM filter is a high risk event — even if you can clear your name later by human intervention — because now you are on a list.
1: People tend to conjure up horrific images of underage children getting raped by adults when they hear 'CSAM' or 'child pornography', but when you read up on the legal definitions used it becomes very vague, quite fast. A seventeen year old boy sending a dick pic to his 18 year old lover is producing child pornography and can in many jurisdictions be sentenced as such, and nudism of any minor can be seen as CSAM if the pose they strike can be construed as 'erotic' — yet there is no clear definition of what this means, falling squarely into “I'll know it when I see it” territory.