Any anti-encryption push by politicians where they mention child exploitation as a reason is easily argued against by merely asking them what their funding plans are for actual, real world, child protection services.
There is a thing called "mandatory reporting" where teachers have to report suspected cases of even low levels of abuse. The organisations that do the investigations are so under funded and under staffed that the only issues they are able to investigate are those where the child's life is in immediate danger. Anything less just falls off the radar.
That's how much governments really, actually care about protecting children.
When they want to scan electronic communications, it ain't for reasons of protecting children from harm.
Exhibit B is Jeffrey Epstein and his friends, real life incarnations of the child exploiting boogeymen that we supposedly must sacrifice our rights to catch. Except they were committing these crimes in the open, no encryption needed, and were let off the hook at every level of law enforcement, up to and including the FBI, DOJ, and court system. His friends continue to be let off the hook.
> "The organisations that do the investigations are so under funded and under staffed that the only issues they are able to investigate are those where the child's life is in immediate danger. Anything less just falls off the radar."
This is complete nonsense
-----
Ridiculous that this was downvoted. You understand OP is saying crimes likes rape and kidnap are not being investigated?
I dont understand all the fuss. If I want to send encrypted email I will send it. By pasting encrypted data, adding them to attachment, use stenography... Whatever. The "terrorists", "pedophiles", "drug lords", "whoever is the latest excuse for breaking privacy" could communicate like that since forever. On irc networks, mails, whatever chat program or in-game chat. There is literally nothing you can do against that you couldn't do regardless of end-to-end encryption. And if those are high profile targets they have $$$ to pay security expert for consulting.
This war against end-to-end encryption is a complete nonsense and is meant as a control for general public as anyone who doesnt want to be spied on can and will take actions against.
The big difference is ease of use. You can basically round the number of people using email encryption to zero. Additionally, email encryption is fraught with operational issues making it easy to screw up. On the other hand, a billion people use WhatsApp and don’t think about it.
That’s a big shift in who uses encryption and how easy it is to passively surveil them.
Any intervention by government that picks our locks only works with platforms that choose or can be forced to participate. People with something to hide will always be able to find a place to communicate beyond the reaches of such surveillance.
This makes government backdoors not only an unwelcome intrusion, but also entirely pointless.
I agree completely. These efforts to "break" end-to-end encryption seem entirely ineffectual so long as open source alternatives exist - they are plenty and well proliferated. Banning the use of unapproved software is impractical, like asking everyone to turn in guns. So what's really their end game?
1.) Simple alteration (change a pixel in MS paint) or encryption of content bypasses the filter
2.) Patching out the filtering routine bypasses the filter
3.) Blocking the phone-home address (pihole, router firewall, etc) bypasses any reporting
4.) Any vulnerability in the future that allows an attacker to report arbitrary clients (disclosure of client IDs, weakness in app, weakness in server) renders evidence gathered by the system unreliable.
At best clientside filtering allows you to draw relationship maps of technically incompetent perverts who might possibly be sharing CP. What harm reduction are they trying to get out of that?? Why not just refocus efforts on catching the small minority of individuals who are actually producing this content??
But hey, if these garbage clientside filtering of image uploads is enough security theatre to keep governments satisfied, I say let them have it.
> But hey, if these garbage clientside filtering of image uploads is enough security theatre to keep governments satisfied, I say let them have it.
The thing to be wary of is that they may be intended to be useless. Their purpose is not to work, but to establish the precedent / principle that invasion of privacy is warranted / justified / accepted / needed. This then sets the stage for later saying "we now want to outlaw encryption completely because the previous methods that are already [accepted / justified / needed] are not working". So for the ultimate aims of their proponents, it's better if they don't work than if they do.
If you want to see it in action you can look to Australia where it is exactly this argument being employed: ie - police have always had surveillence capability for telephone calls, so new powers that inject interception capability into the OS layer of phones are just re-establishing something already accepted, not introducing something new.
I recently learned about Microsoft PhotoDNA[1]. Very interesting (and cool) technology. My understanding is that a decade or so ago a Microsoft engineer stumbled upon a law enforcement guy giving a talk about the challenges of combating child pornography with the rise of the internet, etc. The Microsoft engineer and the LEO started talking and came up with a concept of a platform where known abuse material is hashed, and automated scanning tools can be deployed in the field when suspects are detained. The net result was it saved law enforcement officers from having to view the same material again and again, and instead could determine with the certainty of a SHA1/2 hash that it is indeed abuse-related material, justifying further review/inspection.
That said, I'm not sure from a privacy perspective that I like communication apps playing the referee. Sure, its terrorism or child porno now. What about when it is political content regarding 'X' that is prohibited?
I am rather skeptical about PhotoDNA. If it is an effectively method for video filtering then why is youtube using very expensive machine learning, which has a high maintaince and operation costs, compared to just simply hashing the video frames.
There is also similar problem with spam where spammers send email with images in order to fool the spam filter. If the algorithms in PhotoDNA would be effective then the problem of spam images would be a fairly solved problems, but what I keep hearing is that the only effective tool is machine learning.
>The simplest possible way to implement this: local hash matching. In this situation, there’s a full CEI hash database inside every client device. The image that’s about to be sent is hashed using the same algorithm that hashed the known CEI images, then the client checks to see if that hash is inside this database. If the hash is in the database, the client will refuse to send the message (or forward it to law enforcement authorities).
The image could be scanned when it's received, and not when it's sent. That way you can't use hacked clients to send forbidden images.
But then you just use a modified client to receive them. I’ve no idea how often the recipient isn’t wanting to receive the message in this context, but I’d expect it’s not often.
[+] [-] BLKNSLVR|6 years ago|reply
There is a thing called "mandatory reporting" where teachers have to report suspected cases of even low levels of abuse. The organisations that do the investigations are so under funded and under staffed that the only issues they are able to investigate are those where the child's life is in immediate danger. Anything less just falls off the radar.
That's how much governments really, actually care about protecting children.
When they want to scan electronic communications, it ain't for reasons of protecting children from harm.
[+] [-] danenania|6 years ago|reply
[+] [-] JoeSmithson|6 years ago|reply
This is complete nonsense
-----
Ridiculous that this was downvoted. You understand OP is saying crimes likes rape and kidnap are not being investigated?
[+] [-] stiray|6 years ago|reply
This war against end-to-end encryption is a complete nonsense and is meant as a control for general public as anyone who doesnt want to be spied on can and will take actions against.
[+] [-] likpok|6 years ago|reply
That’s a big shift in who uses encryption and how easy it is to passively surveil them.
[+] [-] dontchooseanick|6 years ago|reply
It looks like even for the non techie GPG-literate person, encryption is available, simple, non stoppable.
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] ttul|6 years ago|reply
This makes government backdoors not only an unwelcome intrusion, but also entirely pointless.
[+] [-] oil25|6 years ago|reply
[+] [-] mc3|6 years ago|reply
[+] [-] olliej|6 years ago|reply
Instead it’s just a lock the reports who visits your house and can choose not to allow some people in.
[+] [-] hectorr1|6 years ago|reply
[+] [-] dredmorbius|6 years ago|reply
[+] [-] mirimir|6 years ago|reply
Given that, it's reassuring when the evil don't get pwned. Because they're canaries. If they're safe, you're safe.
[+] [-] skybrian|6 years ago|reply
[+] [-] nyxxie|6 years ago|reply
1.) Simple alteration (change a pixel in MS paint) or encryption of content bypasses the filter 2.) Patching out the filtering routine bypasses the filter 3.) Blocking the phone-home address (pihole, router firewall, etc) bypasses any reporting 4.) Any vulnerability in the future that allows an attacker to report arbitrary clients (disclosure of client IDs, weakness in app, weakness in server) renders evidence gathered by the system unreliable.
At best clientside filtering allows you to draw relationship maps of technically incompetent perverts who might possibly be sharing CP. What harm reduction are they trying to get out of that?? Why not just refocus efforts on catching the small minority of individuals who are actually producing this content??
But hey, if these garbage clientside filtering of image uploads is enough security theatre to keep governments satisfied, I say let them have it.
[+] [-] zmmmmm|6 years ago|reply
The thing to be wary of is that they may be intended to be useless. Their purpose is not to work, but to establish the precedent / principle that invasion of privacy is warranted / justified / accepted / needed. This then sets the stage for later saying "we now want to outlaw encryption completely because the previous methods that are already [accepted / justified / needed] are not working". So for the ultimate aims of their proponents, it's better if they don't work than if they do.
If you want to see it in action you can look to Australia where it is exactly this argument being employed: ie - police have always had surveillence capability for telephone calls, so new powers that inject interception capability into the OS layer of phones are just re-establishing something already accepted, not introducing something new.
[+] [-] bonoboTP|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] dependenttypes|6 years ago|reply
[+] [-] chii|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] GhettoMaestro|6 years ago|reply
That said, I'm not sure from a privacy perspective that I like communication apps playing the referee. Sure, its terrorism or child porno now. What about when it is political content regarding 'X' that is prohibited?
[1] https://www.microsoft.com/en-us/photodna
[+] [-] belorn|6 years ago|reply
There is also similar problem with spam where spammers send email with images in order to fool the spam filter. If the algorithms in PhotoDNA would be effective then the problem of spam images would be a fairly solved problems, but what I keep hearing is that the only effective tool is machine learning.
[+] [-] vwuon|6 years ago|reply
The image could be scanned when it's received, and not when it's sent. That way you can't use hacked clients to send forbidden images.
[+] [-] amarshall|6 years ago|reply