[HN Gopher] EU "Chat Control" and Mandatory Client Side Scanning
___________________________________________________________________
EU "Chat Control" and Mandatory Client Side Scanning
Author : ahubert
Score : 211 points
Date : 2023-10-12 16:28 UTC (4 hours ago)
(HTM) web link (berthub.eu)
(TXT) w3m dump (berthub.eu)
| tmikaeld wrote:
| What's the point? Criminals will just use linux/custom devices,
| while normal people will have to face all of the false-positives
| of the scanning..
| mhitza wrote:
| The point is that the EU parliamentary members should vote no
| on this.
| 0dayz wrote:
| I'm almost 100% positive they will, there's a broad consensus
| among left and right that this proposal is bonkers.
|
| What I've heard is that the only this is a proposal that
| child rights NGOs has been lobbying for, which I think we can
| both agree, are not expert in anything tech.
| vestrigi wrote:
| Many children's rights NGOs also think that the proposal is
| a terrible idea. This article gives an overview (German)
| https://netzpolitik.org/2022/massenueberwachung-das-sagen-
| ki...
| hef19898 wrote:
| I am deeply sceptical of lobbying and special interest
| groups, and that includes the "think of the children"
| variety.
| c0balt wrote:
| To be honest I wouldn't expect Linux nor custom devices to even
| be necessary. It's not dark magic to host a private, e2ee chat
| service.
|
| Either a Matrix Server or even NextCloud chat will do the job
| just fine. Then just sideload an APK which is rather trivial
| theodric wrote:
| Assuming the OS has privileged access to everything that runs
| on it, the EU just has to tell the vendor to implement
| scanning and reporting at ring(app-1) and let the vendors
| scramble to figure out how to make that fever dream a
| reality, no? Hell, put it into the Intel Management
| Engine/analogue and compromise every device subsequently
| manufactured. The pervs (or the freedom fighters, or the
| tentacle hentai underground, or whatever) will just have to
| go back to passing hardcopy in dank backrooms of no-longer-
| smoky-because-they-banned-smoking-in-pubs...pubs
| superkuh wrote:
| In that case they'd just make linux and other dangerous
| unregulated software illegal. Much like in RMS's old and
| predictive, https://www.gnu.org/philosophy/right-to-
| read.en.html
|
| Remember, these are politicians. What they do doesn't have to
| make sense or be possible. All they have to do is pass laws. If
| it makes everyone a criminal that's good. The law just won't be
| enforced unless you rock the boat. Much like with the CFAA in
| the USA or GDPR in Europe.
| jowea wrote:
| Sometimes I wonder if criminals aren't as lazy and prone to
| just using what's popular as the rest of us.
|
| How often do communications done through a wide variety of
| channels that wouldn't satisfy a cypherpunk from email to
| Whatsapp show up on evidence before court, even if the people
| involved knew that they could end up in court? Weren't a bunch
| of criminals fooled by a literal FBI phone?
| dylan604 wrote:
| It depends on the level of criminal. The larger criminal
| organizations had their own phone networks. But even then,
| it's still suffers the same issues as any other organization
| in that at some point some of its members are going to be top
| notch and great at what they do, others will be the types to
| do the least possible or even ignore procedures.
| lawlessone wrote:
| If i open kik in my location there's whole bunch of people
| openly dealing drugs. Maybe some are lazy. But it's a two way
| street. They probably are capable of using more secure means
| but that means far less customers.
| hef19898 wrote:
| To paraphrase a criminal mastermind and philosopher: "Are
| fucking taking notes on a fucking conapiracy?"
|
| I am often dumbfound by the exsessive paper trail people
| leave for all kind of things...
| bboygravity wrote:
| The point is to create a totalitarian EU. Obviously.
| garba_dlm wrote:
| but you are missing out that the solution is to keep making it
| inconvenient to let people use linux and other kinds of custom
| devices
|
| eventually either nobody will use that, or they'll just jump
| the shark and outlaw such things
|
| I know that for example in Canada, because taxes, ALL
| restaurants are (were?) FORCED to use a specific sets of
| devices else they're branded as tax-avoiders and dealt with
| accordingly
|
| I've already had trouble using banking stuff under linux, I
| have had to cancel some cards because they became useless
| without a smartphone app (the real punchline is that I got a
| new card that's only works on a smartphone. but at least it was
| like this when I signed up; they didn't change how it works
| under my feet)
| JPLeRouzic wrote:
| > _Criminals will just use linux_
|
| It's far more difficult than that.
|
| Most Linux contributions are made by multi-billions companies
| like IBM/Redhat. They would not risk to contravene to law. For
| example that it conforms to the law, look at WiFi drivers.
| There are many requirement by local laws on which band to use,
| what kind of traffic is authorized, etc. The WiFi drivers (most
| of them opaque binaries) conform to each country law.
|
| To make Linux not lawful, you would have to create your own
| kernel with your own altered drivers, except you can't modify
| binaries.
|
| Even then how could you make you system unidentifiable? How
| would you have control over booting your modified Linux in a
| commercial computer that uses UEFI? How would you know that the
| commercial CPU is not phoning home through the Intel Management
| Engine?
|
| You would have use a FPGA CPU, your own designed hardware and a
| trusted OS but at the end you will always rely on the work of
| thousands people and hundred companies.
| ElevenLathe wrote:
| Mainline WiFi drivers will easily let you break the law by
| just pretending to be in a place with different regulations.
| Assuming this ever gets implemented in Linux, there's no
| reason to believe you won't be able to just pretend to be in
| Uzbekistan or whatever where this EU law doesn't apply.
|
| If literally every jurisdiction on Earth makes it a crime,
| then I guess this option would go away, but that seems
| unlikely to me.
| AnthonyMouse wrote:
| > Most Linux contributions are made by multi-billions
| companies like IBM/Redhat.
|
| The source code is published on the internet under the GPL.
| Anyone who doesn't like any of their contributions can take
| that one out and keep any of the others. Do you expect the
| Kali Linux people to include a backdoor?
|
| > To make Linux not lawful, you would have to create your own
| kernel with your own altered drivers, except you can't modify
| binaries.
|
| You can in fact modify binaries, it's just more work. For one
| person, once. Although that's fairly irrelevant because there
| exists hardware that doesn't require binary-only drivers.
|
| > How would you know that the commercial CPU is not phoning
| home through the Intel Management Engine?
|
| You install a firewall in front of it to detect or prevent
| this. Also, because it can be so easily detected and would be
| a scandal, it's very likely to be public knowledge if any
| commercial hardware in widespread use actually did this.
| wmf wrote:
| 99% of criminals use regular phones with apps from the app
| store. 1% are using backdoored crimephones like Anom.
| londons_explore wrote:
| I want to see a mockup of the UI that Whatsapp will show for
| this...
|
| I want to see some quick animation that shows each image sent
| being inspected for nudity, children, weapons, and a list of
| other things. I want to see the probability of each item shown to
| the user. I want the decision thresholds to be shown, and the
| animation showing the rest of what will happen to them if the
| threshold is exceeded (ie. "Report to police", "fired from job",
| "Judge", "Prison").
|
| If whatsapp manage to manage to convey all that in a 3 second
| animation whenever an image is sent, I think users will baulk and
| the law will be removed.
| orangepurple wrote:
| In the future sending a WhatsApp text message such as "I stand
| with Palestine" will have the police knocking at your door with
| an arrest warrant in hand. I think Germany or the UK will be
| the first places to implement it. The spirit of the Gestapo and
| Stasi lives on.
| JoshGlazebrook wrote:
| Not specific to this, but can we just rename the "European Union"
| to "Big Government" at this point? It feels like every month
| there is something else the EU is trying to be a nanny for and it
| is starting to feel like they're moving towards becoming
| something in the vein of what China does to their citizens and
| internet.
| sigmoid10 wrote:
| The EU is nothing like China. China is basically a
| dictatorship, run by a single party, with a single guy on top
| who can make far reaching decisions. The EU is a huge
| collection of institutions and political parties. Even if they
| agree on something in the parliament and the commission, they
| still need all the heads of government - from every single
| member country - to agree before it becomes law. And even if
| they manage to do that, political activists can and have
| brought down laws using the European court of justice. These
| spy laws under the guise of protecting children from sexual
| abuse from zealot parties have come and gone for many years
| now, but functioning democracies like the EU have never seen
| them come to fruition.
| anigbrowl wrote:
| This is a fallacy of composition. A hearing to evaluate one
| proposal in one country is not 'The EU is doing a thing', any
| more than a hearing in a US state legislature or even in
| Congress is equivalent to a law being passed.
|
| The thing is the Tech community doesn't have a clear and simple
| response to CSAM, although CSAM has proliferated with the
| growth of the internet. _Nobody cares_ about the technical
| excuses; people care about the absence of any clear effort to
| reduce its availability and spread. Absent technical measures,
| people will continue to demand legislative ones.
| jenadine wrote:
| > although CSAM has proliferated with the growth of the
| internet
|
| Do you know if actual child abuse also proliferated?
| nforgerit wrote:
| That's another absurd point about our public debates: No
| one cares to share some facts. It feels like it's all based
| on gut feeling and emotions.
|
| As far as I know, we don't have official numbers (at least
| not shared as part of the discussion). But what we know is,
| those scanners have a significantly high error rate and
| will overwhelm law enforcement with false-positives. What
| we also know is that law enforcement is simply not
| competent enough, there was a case in Germany where they
| just removed links in a Forum forgetting to sweep the
| according link targets to file hosters.
| anigbrowl wrote:
| That's a different question, isn't it? Maybe you should
| explore it on its own rather than letting it distract from
| the issue under discussion.
| AnthonyMouse wrote:
| It is the issue under discussion. The justification for
| prohibiting the material is that its production requires
| child abuse. But copying doesn't require additional
| production. It may have even gone down if dissemination
| of existing images competes with new production, or wider
| dissemination makes it easier for law enforcement to
| obtain the images and use them to track down the
| producers. Whether or not the amount of abuse increased
| is then quite relevant.
| tick_tock_tick wrote:
| The difference is ridiculous laws in the EU actually get
| passed and implemented.
| AnthonyMouse wrote:
| > The thing is the Tech community doesn't have a clear and
| simple response to CSAM
|
| The Automotive community doesn't have a clear and simple
| response to bank robbery. Nor are they expected to, because
| they are not a law enforcement agency.
| f33d5173 wrote:
| > The Automotive community doesn't have a clear and simple
| response to bank robbery. Nor are they expected to, because
| they are not a law enforcement agency.
|
| Measures against auto theft are well established to have
| brought down incidence of robbery, because it makes it
| harder to get a getaway car. And the auto industry has
| absolutely been given the responsibility of overseeing
| that.
| ok_dad wrote:
| Maybe every car should have a tracker, camera, and audio
| mic feeding back to the police, just in case someone in
| some car somewhere is driving drunk and talking about it.
| Then we can immediately dispatch an officer. Also, it'll
| be easy to track stolen cars right? You might even catch
| other crimes, so it's like a win-win-win, right?
|
| Does that seem reasonable? If not, then phone scanning
| probably is not reasonable either.
| AnthonyMouse wrote:
| > Measures against auto theft are well established to
| have brought down incidence of robbery, because it makes
| it harder to get a getaway car.
|
| Measures against theft are driven by the market because
| car buyers don't want their cars to be stolen. Some
| incidental effect on getaway cars is nothing they had an
| obligation to provide.
|
| And it's questionable whether that is even true, because
| anyone could just steal an older car or different make
| with no such anti-theft features, or use their own car
| and steal someone else's license plate.
| tick_tock_tick wrote:
| The EU is speed running totalitarianism with good PR. What
| happened to the free market only and the absolutely swearing up
| and down it would stay that.
| sbszllr wrote:
| "Think of the children" is, as usual, just to get the foot in the
| door. They use it as a justification, because it works.
|
| Of course CSAM is bad, shouldn't we do everything in our power to
| prevent it? If you implement client-side scanning, you will catch
| some rookies. Some old pervs that don't know how to use
| encryption manually, or use Matrix. They will use them to show
| how effective the system is...
|
| with the exception that it doesn't work against anyone who knows
| anything about computers. And I think the regulators know it,
| they aren't dumb (imo). It's, like I said earlier, an excuse to
| expand the scope of scanning later.
| SgtBaker wrote:
| Yes, it's already begun, even though the directive isn't even
| ratified yet: https://balkaninsight.com/2023/09/29/europol-
| sought-unlimite...
|
| Europol wants unfettered, unfiltered access to all scanned
| data, regardless if there's a crime or not.
|
| And they want to inject all of that into their Police AI (which
| they also want unregulated).
|
| It's going to be awesome future.
| nullfield wrote:
| And of course in the released minutes the details of which
| idiot made which claim are redacted.
|
| So much for the transparency and accountability they'll no
| doubt promise will be there for the process of accusations
| (not that this makes the idea any better, useful, or more
| palatable), which need not apply to themselves.
| lock-the-spock wrote:
| This is standard acces to document request protocol across
| Europe. You are not going to make your staff targets of the
| internet mob (see Trump and the names of jurors). You can
| deduce these were likely actually low level staff (contrary
| to what the article claims) as names of actual high level
| staff would normally not be blacked out, although I don't
| know Europol, as a police body they might have different
| safety protocols.
| lock-the-spock wrote:
| Sorry this is not quality journalism and you misunderstood
| the message further.
|
| 1. The meeting tool place after the commission made it's
| proposal, meaning that contrary to the way the article sets
| it up, the meeting couldn't have shaped the proposal. 2. The
| screenshot of a meeting report states that Europol wants
| access to the same info as Member States for specific cases,
| contrary to your summary it doesn't say anything about access
| to _all_ data. 3. That police agencies want to include
| further areas into the legislation is not unusual. That doesn
| 't guarantee it will happen, nor does the police body speak
| for the executive or legislators or represent the EU views as
| a whole.
|
| I do think the proposals go a bit too far, on the other side
| the whole tech world assumption that anything has to stay
| lawless is just absurd. No one can deny there is a problem
| with pedophile material and to say to protect the purity of
| free speech all such issues have to stay unaddressed is just
| a position blind to reality.
| robertlagrant wrote:
| > on the other side the whole tech world assumption that
| anything has to stay lawless is just absurd
|
| This is not the whole tech world's position. Why make up an
| equally bad opposing position instead of just saying "this
| regulation is going too far"?
| garba_dlm wrote:
| the solution, regrettably, already in motion, is (obviously) to
| make sure less people know anything about computers.
|
| by these two actions combined this anti-freedom garbage
| (further consolidating and centralizing powers) will work
| effectively
| cudder wrote:
| It's so disheartening to follow these. Time after another we
| hear about some insane Orwellian plot to exploit our deepest
| secrets. All spun so that the masses will think it's for some
| noble cause like protecting the children when really it's
| anything but. And it never stops! Tackle one and it's back a
| year later in some even more devious form like a fucking Hydra.
| I'm just so tired I wanna move into a cottage in the woods.
| akira2501 wrote:
| > shouldn't we do everything in our power to prevent it?
|
| I'm more concerned about the original abuse. The pictures are
| obviously an issue as they create a market _for_ abuse, but if
| you're not targeting the original crime, I don't think you
| stand a chance of actually improving the world by destroying
| rights.
| 0dayz wrote:
| This law or proposal is so fundamentally absurd, instead of the
| EU or member states coming up with a proposal like Frontex but
| for hosting a centralized CSAM + other horrible potentially
| illegal images/links/videos hash/identifiers, where anyone with a
| website can pay lets say 20EUR a month to access the API to scan
| images/links/videos instead it has to be the most dumbest
| "private market will regulate it" which effectively means,
| everything and anyone has to be scanned.
| aaa_aaa wrote:
| How is this "private market will regulate it" when this is
| enforced by EU?
| filoleg wrote:
| "Private market will regulate it" in this context doesn't
| mean "no rules, they will sort it out on their own", but "we
| don't care and don't know how they will comply with that law,
| and we won't assist them in any way either, they will figure
| it out on their own."
| aaa_aaa wrote:
| Then it is a wrong use of terms.
| filoleg wrote:
| This is more about paying attention to the context in
| which the phrase was said. A lot of things get confusing
| or might mean a total opposite of what you think they do,
| when the relevant context isn't taken into the account.
|
| "Private market will regulate itself" isn't some
| technical term with a precise meaning that can be
| misused. It can "regulate itself" by not having any
| restrictions imposed on it, but i can also be said to
| "regulate itself" by exploring different solutions to
| challenges presented by legal requirements with no clear
| solution path.
|
| However, I see your point here, because most of the time
| when people just say "private market will regulate
| itself", they talk about heavily unregulated market
| situations.
| dragonelite wrote:
| How else can you sponsor you nephew cyber security company....
| Or get some nice job/deals once they rotate you out of
| Brussels.
| jchw wrote:
| As an American, all I want to know how to do is to avoid it.
| Should I pre-emptively start running my own Matrix server? I'm
| genuinely curious.
| hanniabu wrote:
| Farcaster or Lens
| layer8 wrote:
| > Should I pre-emptively start running my own Matrix server?
|
| That might be the best way to get authorities interested in
| you, once that shit starts going down.
| jchw wrote:
| To be frank, I'm more than willing to take that risk.
| xethos wrote:
| That just makes it essentially the same as using HTTPS in
| 2012 or so. It may draw attention briefly, but then you get
| to have a conversation that might go something like:
|
| "We ought to put this guy on a list for using encryption
| (HTTPS, Matrix) everywhere" ->
|
| "We can't use dragnet surveillance because the people are on
| the list for _evading_ dragnet surveillance " ->
|
| "There's too many people to monitor, too many small servers
| to crack and backdoor, and the list is mostly just people
| running their own innocuos server anyways"
|
| Subsequently, you may draw some attention at first, but if
| you spread attention thin enough it can effectively round to
| zero - especially if the activity drawing attention becomes
| moderately commonplace.
| colechristensen wrote:
| I would like to see an open discussion include the people who
| actually investigate CSAM crimes to talk about the tools they
| have and their limitations etc. to give people real context about
| what they might need for new laws.
|
| Not that we should give law enforcement everything they want to
| do their jobs, but a voice coming from people with actual
| experience would help.
|
| I get the sense that nearly everyone on both sides of this issue
| is entirely guessing.
| nforgerit wrote:
| Still flabbergasted how effective the lobbying circles around
| Thorn have been in recent years. I wish no less than this law
| getting sent to Spam and Ylva Johansson, the accountable EU
| commissioner, to be forced to step back.
|
| The EU legislator Martin Sonneborn, member of the German satirist
| party "Die Partei", is proven he was right when in beginning of
| the legislature he just enumerated all the criminal and semi-
| criminal acts of several members of the current EU commission.
| Led by von der Leyen who also has a horrible track record in
| German politics. "Europa nicht den Laien uberlassen"
|
| It's actually not funny anymore because those people are
| destroying everything.
| anfogoat wrote:
| Now now, millionaires need hobbies too. They can't swing for
| the outer edges of the atmosphere so decimating privacy on the
| Internet will have to do I guess. Ashton's urge to protect the
| children apparently trumps the privacy of 450 million EU
| citizens and you would think he'd be able to extend some of
| that zeal to adult victims of abuse as well but going by his
| letter to the jury on behalf of Danny Masterson, you'd be
| wrong.
|
| From my understanding, Johansson is also the Commissioner who,
| after it coming to light that the Europol had had a little too
| much fun mass collecting data and gleefully violating EU
| citizens' privacy rights, stepped into action that resulted in
| an effort to pass a new law that retroactively made everything
| the Europol did legal.
| rngname22 wrote:
| > enumerated all the criminal and semi-criminal acts of several
| members of the current EU commission
|
| any chance anyone can link or give some suggestions of search
| terms to try to find this?
| nforgerit wrote:
| That's all I can give you right now:
| https://www.youtube.com/watch?v=cc-elFcs96Y
|
| It's the 1,5min speech where Sonneborn enumerated some cases,
| unfortunately in German. AFAIR when he held it, I researched
| a couple of names and issues he mentioned that didn't look
| too polemic. In general, he (and his team) is doing what I'd
| call "trustworthy research" packed up into satire.
| pmontra wrote:
| I think I'll end up applying a sliding cap to the cameras of my
| phone, to be sure I count up to ten before taking a picture. God
| forbids sharing it online.
|
| But what if a friend of mine sends me a handmade meme with a
| child that is not recognized as safe by the AI?
|
| Well, I guess that there will be thousands of parents under
| investigation and in the news before I pick my turn from the
| random distribution of the false positives. It's going to be
| interesting for the politicians in charge.
| theodric wrote:
| All this will do is imperil the freedom of hundreds of millions
| of Europeans and drive the kiddy fiddlers to services that won't
| comply with EU surveillance: it is therefore a foregone
| conclusion that it's going to happen.
| teekert wrote:
| I wonder what will happen if I just refuse. Get rid of apps or
| phones that scan. What are they going to do, really? I mean
| really? Am I going to jail? And for how long?
|
| Me a father, hard working, tax paying, I just don't want my
| messages scanned, are they going to put me in prison?
| yuptheyfkedu wrote:
| Having a private conversation in our societies is becoming a rare
| occurrence. That is a tragedy.
| rurban wrote:
| This will not pass constitutional courts
| alphanullmeric wrote:
| Never trust a government that claims it supports privacy. Maybe
| it supports some privacy regulations, just like it supports anti-
| privacy regulations here or with financial privacy. The thing the
| EU really supports is regulation and not privacy.
___________________________________________________________________
(page generated 2023-10-12 21:01 UTC)