I have helped a little with some ongoing research on the subject of client-side-scanning in a European research center. Only some low level stuff, but I possess a solid background in IT security and I can explain a little what the proposition made to the EU is. I am by no means condemning what is proposed here.I myself based on what experts have explained am against the whole idea because of the slippery slope it creates for authoritarian government and how easily it can be abused.
The idea is to use perceptual hashing to create a local or remote database of known abuse material (Basically creating an approximation of already known CP content and hashing it) and then comparing all images accessible to the messaging app against this database by using the same perceptual hashing process on them.
It’s called Client-Side-Scanning because of the fact that it’s simply circumventing the encryption process. Circumvention in this case means that the process happens outside of the communication protocol, either before or after the images, media, etc, are sent. It does not matter that you use end-to-end encryption if the scanning is happening on you data at rest on your device and not in transit. In this sense it wouldn’t directly have an adverse effect on end-to-end encryption.
Some of the most obvious issues with this idea, outside of the blatant privacy violation are:
- Performance: how big is the database going to get? Do we ever stop including stuff?
- Ethical: Who is responsible for including hashes in the database? Once a hash is in there it’s probably impossible to tell what it represent, this can obviously be abused by unscrupulous governments.
- Personal: There is heavy social stigma associated with CP and child abuse. Because of how they work, perceptual hashes are going to create false positives. How are these false positives going to be addressed by the authorities? Because when the police come knocking on your door looking for CP, your neighbors might not care or understand that it was a false positive.
- False positives: the false positive rate for single hashes is going to stay roughly the same but the bigger the database gets the more false positive there is going to be. This will quickly lead to problems managing false positive.
- Authorities: Local Authorities are generally stretcht thin and have limited resources. Who is going to deal with the influx of reports coming from this system?
This is a really nice summary of the practical issues surrounding this.
There is one more that I would like to call out: how does this client scanning code end up running in your phone? i.e. who pushes it there and keeps it up to date (and by consequence the database).
I can think of a few options:
- The messaging app owner includes this as part of their code, and for every msg/image/etc checks before send (/receive?)
- The phone OS vendor puts it there, bakes it as part of the image store/retrieval API - in a sense it works more on your gallery than your messaging app
- The phone vendor puts it there, just like they already do for their branded apps.
- Your mobile operator puts it there, just like they already do for their stuff
Each of these has its own problems/challenges. How to compel them to insert this (ahem “backdoor”), and the different risks with each of them.
I get the concept but this doesnt realy offer any advantages over just not encrypting anything at all. The database being checked againts can still just include a hash of somethibg the governemnt doesnt like and boom u have a complete tool for absolute cencoring of everything.
deleted by creator
Thanks for the explanation. Do you know how they’re planning to implement this client side scanning? Take an iPhone for example— where Apple has already ditched their plans to do the same device-wide. Is it planned for WhatsApp, Signal etc. to be updated to force perpetual scanning of the iPhone’s photo album? Because that can be turned off quite easily at the OS level.
The only way I could see them doing it is by scanning any image that is selectively chosen to be sent before the actual message itself is sent—i.e. after it’s selected but before the send button is pressed. Otherwise it’s breaking the E2E encryption.
Is that the plan?
Client-Side-Scanning is going to be implemented by the messaging app vendor. This means that it’s limited by OS or Browser sandboxing . Therefore it’s definitely limited to what the messaging app has access to. However, I’m not sure what the actual scope would be, meaning if all accessible images are going to be scanned or only the one being transmitted to someone.
deleted by creator
People in Reddit and sometimes here always praise the EU as some bastion of privacy, and I always got downvoted when I said that this isn’t always true. And now here we are. I hope people don’t forget this after a month, like they always do.
Maybe say this after this passes.
That’s the attitude I was talking about 😄
Yeah, no. What’s likely to happen is that you will remember this, completely miss the memo that the law didn’t pass and then go on spreading misinformation about the EU.
citizens have the right to private communication.
I sometimes wonder about this. I hugely value my private communication, and I grew up in a world with that ideal. But with the rise of more cleverly invasive apps and tracking, and ease of someone else putting a video of you online, and so on, I sometimes think about a world where non face-to-face communication isn’t private any more.
I don’t know what I think of that world.
After all, we haven’t always had private, at-a-distance communication, especially for all people
We always had. Many people wrote personal notes/letters in cryptic ways to prevent unwanted readers from deciphering it.
Imagine a word where we would teach children not to make their own cypher because this is illegal. What a distopian society.
Kind of, but written communication for everyone hasn’t even always been a thing. And cryptic letters perhaps aren’t reliable secrecy for ordinary people against trained spying. And anonymity… not without other layers to your communication. And all of that not for your ordinary postcard home: it’s something you do in special situations.
I don’t think the new law would outlaw encrypting messages to your friend with PGP; nor having a second phone that you leave at the library for anonymity.
Benjamin Franklin once said: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
This still applies.
But what liberty is essential? Proveably secret postcards to people on the other side of the world?
That’s also quite a harsh quote to bring in the context of the many hidden erosions of privacy - would you say the tick-tockers don’t deserve privacy or safety because they chose that social ability over a privacy they little understand?
Essential in the sense of privacy being central to our nature. We all deserve, and indeed, need our privacy. In the USA, the 4th Amendment guarantees “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…” without sufficient evidence of wrongdoing. Any reasonable modern interpretation of that amendment should include electronic documents and communication.
I’m not sure why you would think that I believe tick-tockers should not have privacy protection. Any app that invades the users 'privacy should be banned for the same reason that end-to-end encryption should not be banned. If Tick-Tock refuses to respect the privacy of people’s non-Tick Tock communication then the app should be banned.
Essential in the sense of privacy being central to our nature
Yeah, I’m on board with that. Really what I was thinking about was imagining a world where internet presence is not a place where there’s privacy - like if you meet a friend in public, and talk on a park bench, you can’t assume no one will see you. You know that, and accept that, and adapt accordingly.
I want a world where internet communications are private and their metadata are also private, and my internet use is private… But I’m contemplating the what ifs of a different world, and how best to live in it, and how to help my children and children’s children live in it. I do think fighting for better laws and protections is part of that and I’m incredibly grateful for people like the eff; but I think it’s also worth thinking about how we can find ways to live in a new environment, understanding that society’s rules around us don’t always work in the best ways.
(On that note: you’re quoting the US Constitution a matter of EU ruling…)
I’m not sure why you would think that I believe tick-tockers should not have privacy protection.
Just your quote, that says such people who give up some liberty don’t deserve any. I suppose you didn’t mean it that way but it seemed harsh.
Just your quote, that says such people who give up some liberty don’t deserve any. I suppose you didn’t mean it that way but it seemed harsh.
Fair. Old Ben meant it harshly, I’m sure.
As for the internet being a public space where privacy shouldn’t be assumed, I have to disagree. There is far too much activity on the net that would never be conducted in a place where there is no assumption of privacy. Clearly things like banking matters need to be private and secure, but I include in this things like romantic matters. If any government can access any data on the internet that they want they any oppressive government will do so. In addition, any opening for government will be exploited sooner or later by criminals as well.
Tangential, but Lemmy is filled with smart people so I’m going to ask: is it possible to legally make it impossible for wireless signals to work within your own home? That is, how would one dampen access to wireless networks? Would this require illegal use of signal jamming devices as I imagine a Faraday cage would be too difficult to make in a room.
Edit: where else on Lemmy could I ask this sort of question?
The FCC has a lot of regulations on it. From what I remember active jamming within the home is still wildly illegal. Depending on the size of your house/room, a far as at cage wouldn’t be too difficult, especially if you did it during construction. If you’re on a budget and don’t mind looking crazy you can line a closet with tinfoil and connect it to ground.
So for, here is what I can tell from specific countries:
On board with privacy destroying law:
Spain, Hungary, Cyprus
Mostly on board: (support on device scanning but not weakening E2EE)
Ireland, Denmark
Against:
Finland, Germany
Feel free to update this if you know more.
Source: https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law/
IIRC Netherlands change something in their laws that makes it impossible for them to support any proposals that go against end-to-end encryption technologies.
Very interesting. How likely is it to be approved though, given the opposition? Alao, what about the rest of the EU countries?
What is wrong with the eu? Why do they need to always ban end to end encryption?
5 eyes. Politicians are puppets.
Wait, you have a choice to vote for either puppet 1, puppet 2, or puppet 3. Your choice matters! … as long as the politicians podiums are provided by the rich we don’t have a real say.
This is almost definitely not going through the ECJ. If they pass this directive I’m gonna take my chances.
Thanks to the Matrix protocol there is no chance of getting rid of E2EE communication anyway. There is no feasible way to stop decentralized communication like that, no without killing the internet.
Just imagine the headline we’d see in the west if this was happening in China.
If apps would turn off e2e encryption, how would it be? Would it affect bordering regions? Users of VPNs inside EU?
My country proposed a ban on VPN software (targeting appstores providibg them), it can also target messengers. If I get a EU version of this app, or if I use a european VPN to connect via it, would I be less safe sending political memes?
I wonder if openPGP will ever gain popularity.
The only ones I have seen that even publish a key for me to use are a few famous internet individuals (people like Richard stallman, (I don’t know if he specifically uses it)), a few companies like mullvad, a few orgs like EFF, whistleblowers, and a few governmental organisations like the Financial Supervisory Authority in my country.
I wonder if projects like Signal could make a community run and certified hash database that could be included in Signal et al without threat of governments and self-interested actors putting malicious entries in. It definitely doesn’t solve every problem with the client side scanning, but it does solve some.
But… an open, verifiable database of CSAM hashes has its own serious problems :-S Maybe an open, audited AI tool that in turn makes the database? Perhaps there’s some clever trick to make it verifiable that all the hashes are for CSAM without requiring extra people to audit the CSAM itself.
Although some US corporations such as Meta are already scanning European messages for previously classified CSAM ‚only‘
This is news to me, does anyone have any more detail?
Can this be circumvented somehow? And how would apps with end to end encryption work if a person in a non-EU state spoke to someone inside the EU?
Lrf. (Rot. 13)
deleted by creator
If they can scan it, they can edit it.
Correct. Though signatures can help.
I like how patrick breyer makes a warning with all the logical points. Especially this: “Fourthly, scanning for known, thus old material does not help identify and rescue victims, or prevent child sexual abuse. It will actually make safeguarding victims more difficult by pushing criminals to secure, decentralised communication channels which are impossible to intercept even with a warrant.”
I am not sure what the people over there think, but the criminals will not just continue using these services.
Assume any encrypted system can be decrypted at some point anyway. The best encryption is at the source- your language and the way you present the message you want to keep hidden.
Of course, this does not apply to people who just want their general conversation encrypted. To you, I say you’re out of luck and I’m sorry.
I suspect you can easily relate to the frustration of being dragged into arguments on irrelevant details of a thing for which the actual concerns are fundamental in nature. That’s not nothing.
