[HN Gopher] EU "Chat Control" and Mandatory Client Side Scanning ___________________________________________________________________ EU "Chat Control" and Mandatory Client Side Scanning Author : ahubert Score : 211 points Date : 2023-10-12 16:28 UTC (4 hours ago) (HTM) web link (berthub.eu) (TXT) w3m dump (berthub.eu) | tmikaeld wrote: | What's the point? Criminals will just use linux/custom devices, | while normal people will have to face all of the false-positives | of the scanning.. | mhitza wrote: | The point is that the EU parliamentary members should vote no | on this. | 0dayz wrote: | I'm almost 100% positive they will, there's a broad consensus | among left and right that this proposal is bonkers. | | What I've heard is that the only this is a proposal that | child rights NGOs has been lobbying for, which I think we can | both agree, are not expert in anything tech. | vestrigi wrote: | Many children's rights NGOs also think that the proposal is | a terrible idea. This article gives an overview (German) | https://netzpolitik.org/2022/massenueberwachung-das-sagen- | ki... | hef19898 wrote: | I am deeply sceptical of lobbying and special interest | groups, and that includes the "think of the children" | variety. | c0balt wrote: | To be honest I wouldn't expect Linux nor custom devices to even | be necessary. It's not dark magic to host a private, e2ee chat | service. | | Either a Matrix Server or even NextCloud chat will do the job | just fine. Then just sideload an APK which is rather trivial | theodric wrote: | Assuming the OS has privileged access to everything that runs | on it, the EU just has to tell the vendor to implement | scanning and reporting at ring(app-1) and let the vendors | scramble to figure out how to make that fever dream a | reality, no? Hell, put it into the Intel Management | Engine/analogue and compromise every device subsequently | manufactured. The pervs (or the freedom fighters, or the | tentacle hentai underground, or whatever) will just have to | go back to passing hardcopy in dank backrooms of no-longer- | smoky-because-they-banned-smoking-in-pubs...pubs | superkuh wrote: | In that case they'd just make linux and other dangerous | unregulated software illegal. Much like in RMS's old and | predictive, https://www.gnu.org/philosophy/right-to- | read.en.html | | Remember, these are politicians. What they do doesn't have to | make sense or be possible. All they have to do is pass laws. If | it makes everyone a criminal that's good. The law just won't be | enforced unless you rock the boat. Much like with the CFAA in | the USA or GDPR in Europe. | jowea wrote: | Sometimes I wonder if criminals aren't as lazy and prone to | just using what's popular as the rest of us. | | How often do communications done through a wide variety of | channels that wouldn't satisfy a cypherpunk from email to | Whatsapp show up on evidence before court, even if the people | involved knew that they could end up in court? Weren't a bunch | of criminals fooled by a literal FBI phone? | dylan604 wrote: | It depends on the level of criminal. The larger criminal | organizations had their own phone networks. But even then, | it's still suffers the same issues as any other organization | in that at some point some of its members are going to be top | notch and great at what they do, others will be the types to | do the least possible or even ignore procedures. | lawlessone wrote: | If i open kik in my location there's whole bunch of people | openly dealing drugs. Maybe some are lazy. But it's a two way | street. They probably are capable of using more secure means | but that means far less customers. | hef19898 wrote: | To paraphrase a criminal mastermind and philosopher: "Are | fucking taking notes on a fucking conapiracy?" | | I am often dumbfound by the exsessive paper trail people | leave for all kind of things... | bboygravity wrote: | The point is to create a totalitarian EU. Obviously. | garba_dlm wrote: | but you are missing out that the solution is to keep making it | inconvenient to let people use linux and other kinds of custom | devices | | eventually either nobody will use that, or they'll just jump | the shark and outlaw such things | | I know that for example in Canada, because taxes, ALL | restaurants are (were?) FORCED to use a specific sets of | devices else they're branded as tax-avoiders and dealt with | accordingly | | I've already had trouble using banking stuff under linux, I | have had to cancel some cards because they became useless | without a smartphone app (the real punchline is that I got a | new card that's only works on a smartphone. but at least it was | like this when I signed up; they didn't change how it works | under my feet) | JPLeRouzic wrote: | > _Criminals will just use linux_ | | It's far more difficult than that. | | Most Linux contributions are made by multi-billions companies | like IBM/Redhat. They would not risk to contravene to law. For | example that it conforms to the law, look at WiFi drivers. | There are many requirement by local laws on which band to use, | what kind of traffic is authorized, etc. The WiFi drivers (most | of them opaque binaries) conform to each country law. | | To make Linux not lawful, you would have to create your own | kernel with your own altered drivers, except you can't modify | binaries. | | Even then how could you make you system unidentifiable? How | would you have control over booting your modified Linux in a | commercial computer that uses UEFI? How would you know that the | commercial CPU is not phoning home through the Intel Management | Engine? | | You would have use a FPGA CPU, your own designed hardware and a | trusted OS but at the end you will always rely on the work of | thousands people and hundred companies. | ElevenLathe wrote: | Mainline WiFi drivers will easily let you break the law by | just pretending to be in a place with different regulations. | Assuming this ever gets implemented in Linux, there's no | reason to believe you won't be able to just pretend to be in | Uzbekistan or whatever where this EU law doesn't apply. | | If literally every jurisdiction on Earth makes it a crime, | then I guess this option would go away, but that seems | unlikely to me. | AnthonyMouse wrote: | > Most Linux contributions are made by multi-billions | companies like IBM/Redhat. | | The source code is published on the internet under the GPL. | Anyone who doesn't like any of their contributions can take | that one out and keep any of the others. Do you expect the | Kali Linux people to include a backdoor? | | > To make Linux not lawful, you would have to create your own | kernel with your own altered drivers, except you can't modify | binaries. | | You can in fact modify binaries, it's just more work. For one | person, once. Although that's fairly irrelevant because there | exists hardware that doesn't require binary-only drivers. | | > How would you know that the commercial CPU is not phoning | home through the Intel Management Engine? | | You install a firewall in front of it to detect or prevent | this. Also, because it can be so easily detected and would be | a scandal, it's very likely to be public knowledge if any | commercial hardware in widespread use actually did this. | wmf wrote: | 99% of criminals use regular phones with apps from the app | store. 1% are using backdoored crimephones like Anom. | londons_explore wrote: | I want to see a mockup of the UI that Whatsapp will show for | this... | | I want to see some quick animation that shows each image sent | being inspected for nudity, children, weapons, and a list of | other things. I want to see the probability of each item shown to | the user. I want the decision thresholds to be shown, and the | animation showing the rest of what will happen to them if the | threshold is exceeded (ie. "Report to police", "fired from job", | "Judge", "Prison"). | | If whatsapp manage to manage to convey all that in a 3 second | animation whenever an image is sent, I think users will baulk and | the law will be removed. | orangepurple wrote: | In the future sending a WhatsApp text message such as "I stand | with Palestine" will have the police knocking at your door with | an arrest warrant in hand. I think Germany or the UK will be | the first places to implement it. The spirit of the Gestapo and | Stasi lives on. | JoshGlazebrook wrote: | Not specific to this, but can we just rename the "European Union" | to "Big Government" at this point? It feels like every month | there is something else the EU is trying to be a nanny for and it | is starting to feel like they're moving towards becoming | something in the vein of what China does to their citizens and | internet. | sigmoid10 wrote: | The EU is nothing like China. China is basically a | dictatorship, run by a single party, with a single guy on top | who can make far reaching decisions. The EU is a huge | collection of institutions and political parties. Even if they | agree on something in the parliament and the commission, they | still need all the heads of government - from every single | member country - to agree before it becomes law. And even if | they manage to do that, political activists can and have | brought down laws using the European court of justice. These | spy laws under the guise of protecting children from sexual | abuse from zealot parties have come and gone for many years | now, but functioning democracies like the EU have never seen | them come to fruition. | anigbrowl wrote: | This is a fallacy of composition. A hearing to evaluate one | proposal in one country is not 'The EU is doing a thing', any | more than a hearing in a US state legislature or even in | Congress is equivalent to a law being passed. | | The thing is the Tech community doesn't have a clear and simple | response to CSAM, although CSAM has proliferated with the | growth of the internet. _Nobody cares_ about the technical | excuses; people care about the absence of any clear effort to | reduce its availability and spread. Absent technical measures, | people will continue to demand legislative ones. | jenadine wrote: | > although CSAM has proliferated with the growth of the | internet | | Do you know if actual child abuse also proliferated? | nforgerit wrote: | That's another absurd point about our public debates: No | one cares to share some facts. It feels like it's all based | on gut feeling and emotions. | | As far as I know, we don't have official numbers (at least | not shared as part of the discussion). But what we know is, | those scanners have a significantly high error rate and | will overwhelm law enforcement with false-positives. What | we also know is that law enforcement is simply not | competent enough, there was a case in Germany where they | just removed links in a Forum forgetting to sweep the | according link targets to file hosters. | anigbrowl wrote: | That's a different question, isn't it? Maybe you should | explore it on its own rather than letting it distract from | the issue under discussion. | AnthonyMouse wrote: | It is the issue under discussion. The justification for | prohibiting the material is that its production requires | child abuse. But copying doesn't require additional | production. It may have even gone down if dissemination | of existing images competes with new production, or wider | dissemination makes it easier for law enforcement to | obtain the images and use them to track down the | producers. Whether or not the amount of abuse increased | is then quite relevant. | tick_tock_tick wrote: | The difference is ridiculous laws in the EU actually get | passed and implemented. | AnthonyMouse wrote: | > The thing is the Tech community doesn't have a clear and | simple response to CSAM | | The Automotive community doesn't have a clear and simple | response to bank robbery. Nor are they expected to, because | they are not a law enforcement agency. | f33d5173 wrote: | > The Automotive community doesn't have a clear and simple | response to bank robbery. Nor are they expected to, because | they are not a law enforcement agency. | | Measures against auto theft are well established to have | brought down incidence of robbery, because it makes it | harder to get a getaway car. And the auto industry has | absolutely been given the responsibility of overseeing | that. | ok_dad wrote: | Maybe every car should have a tracker, camera, and audio | mic feeding back to the police, just in case someone in | some car somewhere is driving drunk and talking about it. | Then we can immediately dispatch an officer. Also, it'll | be easy to track stolen cars right? You might even catch | other crimes, so it's like a win-win-win, right? | | Does that seem reasonable? If not, then phone scanning | probably is not reasonable either. | AnthonyMouse wrote: | > Measures against auto theft are well established to | have brought down incidence of robbery, because it makes | it harder to get a getaway car. | | Measures against theft are driven by the market because | car buyers don't want their cars to be stolen. Some | incidental effect on getaway cars is nothing they had an | obligation to provide. | | And it's questionable whether that is even true, because | anyone could just steal an older car or different make | with no such anti-theft features, or use their own car | and steal someone else's license plate. | tick_tock_tick wrote: | The EU is speed running totalitarianism with good PR. What | happened to the free market only and the absolutely swearing up | and down it would stay that. | sbszllr wrote: | "Think of the children" is, as usual, just to get the foot in the | door. They use it as a justification, because it works. | | Of course CSAM is bad, shouldn't we do everything in our power to | prevent it? If you implement client-side scanning, you will catch | some rookies. Some old pervs that don't know how to use | encryption manually, or use Matrix. They will use them to show | how effective the system is... | | with the exception that it doesn't work against anyone who knows | anything about computers. And I think the regulators know it, | they aren't dumb (imo). It's, like I said earlier, an excuse to | expand the scope of scanning later. | SgtBaker wrote: | Yes, it's already begun, even though the directive isn't even | ratified yet: https://balkaninsight.com/2023/09/29/europol- | sought-unlimite... | | Europol wants unfettered, unfiltered access to all scanned | data, regardless if there's a crime or not. | | And they want to inject all of that into their Police AI (which | they also want unregulated). | | It's going to be awesome future. | nullfield wrote: | And of course in the released minutes the details of which | idiot made which claim are redacted. | | So much for the transparency and accountability they'll no | doubt promise will be there for the process of accusations | (not that this makes the idea any better, useful, or more | palatable), which need not apply to themselves. | lock-the-spock wrote: | This is standard acces to document request protocol across | Europe. You are not going to make your staff targets of the | internet mob (see Trump and the names of jurors). You can | deduce these were likely actually low level staff (contrary | to what the article claims) as names of actual high level | staff would normally not be blacked out, although I don't | know Europol, as a police body they might have different | safety protocols. | lock-the-spock wrote: | Sorry this is not quality journalism and you misunderstood | the message further. | | 1. The meeting tool place after the commission made it's | proposal, meaning that contrary to the way the article sets | it up, the meeting couldn't have shaped the proposal. 2. The | screenshot of a meeting report states that Europol wants | access to the same info as Member States for specific cases, | contrary to your summary it doesn't say anything about access | to _all_ data. 3. That police agencies want to include | further areas into the legislation is not unusual. That doesn | 't guarantee it will happen, nor does the police body speak | for the executive or legislators or represent the EU views as | a whole. | | I do think the proposals go a bit too far, on the other side | the whole tech world assumption that anything has to stay | lawless is just absurd. No one can deny there is a problem | with pedophile material and to say to protect the purity of | free speech all such issues have to stay unaddressed is just | a position blind to reality. | robertlagrant wrote: | > on the other side the whole tech world assumption that | anything has to stay lawless is just absurd | | This is not the whole tech world's position. Why make up an | equally bad opposing position instead of just saying "this | regulation is going too far"? | garba_dlm wrote: | the solution, regrettably, already in motion, is (obviously) to | make sure less people know anything about computers. | | by these two actions combined this anti-freedom garbage | (further consolidating and centralizing powers) will work | effectively | cudder wrote: | It's so disheartening to follow these. Time after another we | hear about some insane Orwellian plot to exploit our deepest | secrets. All spun so that the masses will think it's for some | noble cause like protecting the children when really it's | anything but. And it never stops! Tackle one and it's back a | year later in some even more devious form like a fucking Hydra. | I'm just so tired I wanna move into a cottage in the woods. | akira2501 wrote: | > shouldn't we do everything in our power to prevent it? | | I'm more concerned about the original abuse. The pictures are | obviously an issue as they create a market _for_ abuse, but if | you're not targeting the original crime, I don't think you | stand a chance of actually improving the world by destroying | rights. | 0dayz wrote: | This law or proposal is so fundamentally absurd, instead of the | EU or member states coming up with a proposal like Frontex but | for hosting a centralized CSAM + other horrible potentially | illegal images/links/videos hash/identifiers, where anyone with a | website can pay lets say 20EUR a month to access the API to scan | images/links/videos instead it has to be the most dumbest | "private market will regulate it" which effectively means, | everything and anyone has to be scanned. | aaa_aaa wrote: | How is this "private market will regulate it" when this is | enforced by EU? | filoleg wrote: | "Private market will regulate it" in this context doesn't | mean "no rules, they will sort it out on their own", but "we | don't care and don't know how they will comply with that law, | and we won't assist them in any way either, they will figure | it out on their own." | aaa_aaa wrote: | Then it is a wrong use of terms. | filoleg wrote: | This is more about paying attention to the context in | which the phrase was said. A lot of things get confusing | or might mean a total opposite of what you think they do, | when the relevant context isn't taken into the account. | | "Private market will regulate itself" isn't some | technical term with a precise meaning that can be | misused. It can "regulate itself" by not having any | restrictions imposed on it, but i can also be said to | "regulate itself" by exploring different solutions to | challenges presented by legal requirements with no clear | solution path. | | However, I see your point here, because most of the time | when people just say "private market will regulate | itself", they talk about heavily unregulated market | situations. | dragonelite wrote: | How else can you sponsor you nephew cyber security company.... | Or get some nice job/deals once they rotate you out of | Brussels. | jchw wrote: | As an American, all I want to know how to do is to avoid it. | Should I pre-emptively start running my own Matrix server? I'm | genuinely curious. | hanniabu wrote: | Farcaster or Lens | layer8 wrote: | > Should I pre-emptively start running my own Matrix server? | | That might be the best way to get authorities interested in | you, once that shit starts going down. | jchw wrote: | To be frank, I'm more than willing to take that risk. | xethos wrote: | That just makes it essentially the same as using HTTPS in | 2012 or so. It may draw attention briefly, but then you get | to have a conversation that might go something like: | | "We ought to put this guy on a list for using encryption | (HTTPS, Matrix) everywhere" -> | | "We can't use dragnet surveillance because the people are on | the list for _evading_ dragnet surveillance " -> | | "There's too many people to monitor, too many small servers | to crack and backdoor, and the list is mostly just people | running their own innocuos server anyways" | | Subsequently, you may draw some attention at first, but if | you spread attention thin enough it can effectively round to | zero - especially if the activity drawing attention becomes | moderately commonplace. | colechristensen wrote: | I would like to see an open discussion include the people who | actually investigate CSAM crimes to talk about the tools they | have and their limitations etc. to give people real context about | what they might need for new laws. | | Not that we should give law enforcement everything they want to | do their jobs, but a voice coming from people with actual | experience would help. | | I get the sense that nearly everyone on both sides of this issue | is entirely guessing. | nforgerit wrote: | Still flabbergasted how effective the lobbying circles around | Thorn have been in recent years. I wish no less than this law | getting sent to Spam and Ylva Johansson, the accountable EU | commissioner, to be forced to step back. | | The EU legislator Martin Sonneborn, member of the German satirist | party "Die Partei", is proven he was right when in beginning of | the legislature he just enumerated all the criminal and semi- | criminal acts of several members of the current EU commission. | Led by von der Leyen who also has a horrible track record in | German politics. "Europa nicht den Laien uberlassen" | | It's actually not funny anymore because those people are | destroying everything. | anfogoat wrote: | Now now, millionaires need hobbies too. They can't swing for | the outer edges of the atmosphere so decimating privacy on the | Internet will have to do I guess. Ashton's urge to protect the | children apparently trumps the privacy of 450 million EU | citizens and you would think he'd be able to extend some of | that zeal to adult victims of abuse as well but going by his | letter to the jury on behalf of Danny Masterson, you'd be | wrong. | | From my understanding, Johansson is also the Commissioner who, | after it coming to light that the Europol had had a little too | much fun mass collecting data and gleefully violating EU | citizens' privacy rights, stepped into action that resulted in | an effort to pass a new law that retroactively made everything | the Europol did legal. | rngname22 wrote: | > enumerated all the criminal and semi-criminal acts of several | members of the current EU commission | | any chance anyone can link or give some suggestions of search | terms to try to find this? | nforgerit wrote: | That's all I can give you right now: | https://www.youtube.com/watch?v=cc-elFcs96Y | | It's the 1,5min speech where Sonneborn enumerated some cases, | unfortunately in German. AFAIR when he held it, I researched | a couple of names and issues he mentioned that didn't look | too polemic. In general, he (and his team) is doing what I'd | call "trustworthy research" packed up into satire. | pmontra wrote: | I think I'll end up applying a sliding cap to the cameras of my | phone, to be sure I count up to ten before taking a picture. God | forbids sharing it online. | | But what if a friend of mine sends me a handmade meme with a | child that is not recognized as safe by the AI? | | Well, I guess that there will be thousands of parents under | investigation and in the news before I pick my turn from the | random distribution of the false positives. It's going to be | interesting for the politicians in charge. | theodric wrote: | All this will do is imperil the freedom of hundreds of millions | of Europeans and drive the kiddy fiddlers to services that won't | comply with EU surveillance: it is therefore a foregone | conclusion that it's going to happen. | teekert wrote: | I wonder what will happen if I just refuse. Get rid of apps or | phones that scan. What are they going to do, really? I mean | really? Am I going to jail? And for how long? | | Me a father, hard working, tax paying, I just don't want my | messages scanned, are they going to put me in prison? | yuptheyfkedu wrote: | Having a private conversation in our societies is becoming a rare | occurrence. That is a tragedy. | rurban wrote: | This will not pass constitutional courts | alphanullmeric wrote: | Never trust a government that claims it supports privacy. Maybe | it supports some privacy regulations, just like it supports anti- | privacy regulations here or with financial privacy. The thing the | EU really supports is regulation and not privacy. ___________________________________________________________________ (page generated 2023-10-12 21:01 UTC)