As an EU citizen I didn't know exactly what that Chat Control thing was, so I web searched it:
> The EU wants to oblige providers to search all private chats, messages, and emails automatically for suspicious content – generally and indiscriminately. The stated aim: To prosecute child pornography. [1]
Yeah, that will go down well, a central government checking our private conversations for "suspicious content". Of course they would use the "think of the children" trope, they could also have gone with the "think of the bad terrorists" trope, but that would have been too American, too cowboy-ish, we need to feel special, we're Europeans, after all.
Minus some street protests I don't think we can actually stop this, and, even then, I have my very big doubts. It so happens that I live in the EU periphery (I still need to present my ID card if I want to travel to Budapest or West from there), and it sickens me to see that my privacy depends on countries and electorates on which I have no say (like Germany, with all due respect to the Germans who still care about their privacy). Why should my privacy be made fun of because of decisions taken by some people from half way around the continent with which I have no direct connection and no shared past? Did they have a Securitate-like thing? Many of them didn't, and even those that did (like the same Germans), it looks like it doesn't matter at this point, they're all too happy to see their private political conversations be scrutinised 24/7.
F. that, the only viable solution I see for my country is an exit from the EU, but the money (still) coming in from Bruxelles is too good to leave aside for pesky political principles, so of course that no serious politician from around these parts puts the problem that way.
> and it sickens me to see that my privacy depends on countries and electorates on which I have no say
The problem isn't "foreign rule".
The Swiss, famously independent, have one of the worst surveillance laws.
Doesn't chat control require unanimity in the EU council? If yes, if it happens, it will be because of 'your own' politicians.
Also, the EU parliament votes on this, and small countries have more power than large ones there, more votes per citizen
Lots of these laws are being independently adopted all around the world.
I will believe this is a foreign rule issue once you can show me one democratic country that consistently opposes internet surveillance and defends privacy and rejects 4-horseman based bogeyman politics. And where big countries pressure it to change that.
All countries are susceptible to this brand of demagoguery.
I will grant that the size of the EU enables it to pass surveillance laws that would otherwise not happen - any single EU member state would not be able to suggest change to global law the way the EU can. But then theres China, the US.
I always find it funny those "leave the EU" posts because it's usually based on 1) thinking the EU is something apart from the constituent states 2) Naively thinking their countries have nothing to do with the latest EU Commission proposals. And of course the ignorance on the process helps those who want to pass more controversial proposals
(as an example see the latest UK "proposals" for the internet)
> didn't know exactly what that Chat Control
Interesting, several discussions about ChatControl were posted semi-recently (just a minor observation)
> like Germany, with all due respect to the Germans who still care about their privacy
What are you talking about? The german speaking world cares (maybe a bit too much) about privacy. This is why google street view sucks in Germany. NOYB - European Center for Digital Rights is headquartered in Vienna.
> but the money (still) coming in from Bruxelles is too good to leave aside for pesky political principles
This is a myth. The money Bruxelles “sends” are money lost by customs duties no longer levied by individual states. There are no new money “spent” as such.
As for leaving the eu, speak for yourself. Romania has by and large a favourable view of the eu. Those who usually dislike it are either corrupt politicians or really really dumb people (conspiracy types).
Germany has many faults for the current state of the eu, but as in any democracy, you can vote better representatives for the eu parliament, instead of the bunch Romania sends at the moment. That way your view will be better supported in their debates against mps from that country.
You don't need to leave Europe. You can use an open platform like Linux and relevant tools, and also educate your close ones what is going on. My experience is they're using spying tools such as WhatsApp or Messenger out of inertia, but when they learn about privacy concerns, they are willing to use an alternative solution, and this is something that spreads around.
When we put in place stuff like this to "think of the children", we tend to neglect what those children will inherit from this legislation. Every year the future for the next generation looks more and more bleak. No wonder depression and anxiety is such a huge problem.
> F. that, the only viable solution I see for my country is an exit from the EU, but the money (still) coming in from Bruxelles is too good to leave aside for pesky political principles, so of course that no serious politician from around these parts puts the problem that way.
Without any shadow of a doubt, the EU is trying to create a super state. In its original scope it was a trade union, but it has clearly exceeded its mandate. They now actively look towards creating an army and will be soon forced to start significantly increasing taxes (for complex reasons).
Your sovereignty is worth the cost in the long run. You get a large EU tax, and then Brussels decides that it knows how to spend your money better than your own government.
Maybe (maybe) you receive an excess amount from Brussels, but there are also hidden costs. One is a slower and more complex political system with many more actors. Another is uncontrolled migration which the EU is currently plagued with. Another is that you are forced to engage in ideological investments your Country may not be aligned with.
> the only viable solution I see for my country is an exit from the EU
The UK thought so too, now they're frontrunning the EU on scraping privacy. I honestly don't even understand one could think an EU exit would address those problems in any way - corporate lobbying is inherent to politics, just look at your national government (whichever that currently is). And realistically speaking, the smaller the entity, the less likely they are of placing meaningful restrictions on US tech firms (like the EU did with GDPR).
The only "good" thing is that the current German government is very skeptical about this and two of the current governing parties (the Greens and the liberal party) have also long been opposed to more surveillance.
This was different with the previous government where the "law & order" mentality was much more entrenched, and which did nothing to prevent e.g. upload filters (despite promising to do so).
So I try to maintain some hope that at least Germany as a member state could tank this awful bill.
> 4. Does the COM share the view that recital 26 indicating that the use of end-to-end-encryption technology is an important tool to guarantee the security and confidentiality of the communications of users means that technologies used to detect child abuse shall not undermine end-to-end-encryption?
> 5. Could the COM please describe in detail on technology that does not break end-to-end-encryption, protect the terminal equipment and can still detect CSAM? Are there any technical or legal boundaries (existing or future) for using technologies to detect online child sexual abuse?
Mathematically speaking, they could have stopped at that point, but they went on.
Are you sure they’re not part of the group who wrote the law, only to pretend lobbying against it with, you can admit that, surface arguments which won’t rollback the idea of total control on private communications?
It doesn't matter how low the error rate is. The fact that the European Commission wants to have a third (robotic) participant listening in on every digital communication is absolutely ridiculous.
Saying that this is about child protection is a blatant lie. This serves only as a stepping stone to introduce other screening criteria later. And with opaque ML models it will be very tedious to determine what the model is supposed to find.
> "Saying that this is about child protection is a blatant lie."
Why do you think this? What evidence would convince you that they are sincerely trying to protect children?
Helen Lovejoy wasn't lying, she was sincerely (but irrationally) concerned for the children.
HNers believe this conspiracy theory about their own governments (that they are deliberately secretly plotting to be despotic, and using the cover of trying to protect children) with no actual evidence, just a lot of winks and eyebrow wiggling. Complete abdication of rational thinking.
I think there are some important questions that need to be answered before such a dangerous decision should be made.
How big is the risk of a child being groomed through these electronic means? Is it comparable to being struck by lightning? What is worse weighted by probability: being sexually assaulted as a child or being suspected and having your life turned upside down for years by these algorithms. We already see these things happen with relatively minor things like having your google account closed by an algorithmic mishap.
How was this 10% number of false positives determined? Is this only an expectation of false positives or an actual statistic.
What does 10% mean in the context of mass surveillance?
It might well be that millions of children are groomed and assaulted every year through chats. I don't have the data so i cannot say. I was under the impression that most sexual assault cases happen in the family and not by strangers.
What's worrying though is that these decisions are taken behind closed doors without any oversight, on the hope that they might save a child and possibly putting our lives in the hands of algorithmic justice.
These are the type of questions that need to be presented to the public. This type of attack on encryption hasnt changed in 30 years, except now governments are going hard on the CSAM aspect as opposed to the other 3 horsemen[1]. It makes sense too since its the type of argument which invokes the most emotion in people, how could anyone be against protecting the children.
99% of people are simply not capable of making or even comprehending the relevance of probability-weighted utility calculations. This has predictable and deeply unfortunate effects on the political process.
I have such a strong reaction to news like this, it's hard for me to not think that it's appropriate for every member state to consider leaving the EU now. They've succeeded in shifting me to a very anti-EU stance in one proposed measure - brilliant! It wouldn't surprise me if the leaders of most states are quite keen on such surveillance though.
I kinda get it, but it doesn't make sense to blame it on the EU when you own government would likely impose the exact same (if not harsher) rules. Thats at least what I tell myself. I'm under no illusion that my own government is any better.
EU is not a foreign entity, it's made up of the governments of the members(some elected some appointed by the locally elected). So when you leave EU, you end up to live with the entity that tried to introduce it in first place.
If they didn't wanted that, they could have blocked it. However, leaving EU might actually help the government to have a better localised excuse. For example, maybe child abuse is not a big thing in your country but immigration is a hot topic? Then you can have "break the encryption to stop the human smugglers" campaign.
I'm very critical of the EU, i do think it is poorly designed and not a desirable project regardless.
That being said, things like this would happen at the national level for sure, the EU has nothing to do with it. It's systemic to "modern democracies ".
No comment on the policy etc, but I think the presentation of the numbers is a bit misleading.
That 10% is the percent of flagged images which are actually OK. Whether this represents a large fraction of all legal content depends on how much illegal content there is. It would be better if they quoted the false positive rate and false negative rate as a fraction of legal/illegal images respectively.
e.g. if 1/100,000,000 legal images are flagged incorrectly, and 100% of illegal images are flagged correctly, then a corpus of 100,000,000 legal images + 9 illegal images would result in the stats in the headline. That seems like a pretty good system (ignoring any principled objections to the scanning in the first place).
Due to the volume of messages and the endless need to maximise profits, companies will accept 10% flagged content may be false positives but act against all 100% of flagged content, meaning that the default will be innocent people having action taken against them but with no real recourse to clear their name.
I also didn't find anything in there about expectations for reducing numbers of false negatives (where automation fails to flag suspicious activity). Content control is basically just PR if it ignores the majority of activity it is designed to police.
Disgusting. Wonder if people working on these commissions ever consider the thought that they are "the baddies". In any case, the gestapo would have _loved_ this service.
Important to note that this is not 10% of all messages being falsely flagged (= 10% false positive rate), but 10% of flagged messages being false positives (= 90% precision). As someone who works with these types of classification problems in a different context, 90% precision is actually quite good - especially assuming there is some sort of manual review process to take care of the 10%.
Whether that makes this whole plan a good idea or not is obviously a very different question, but I think it's important to be clear about what this number actually means.
How many EU beaureaucrats got their training in East Germany, I wonder?
Or is it rather that they are too young and do not know about/remember what constant surveillance does to trust in a society?
With 90% accuracy, and assuming the incidence of true grooming in random conversation is way smaller, they are setting themselves up for the base rate fallacy.
I think what makes false positives scary in this context is that accusation is guilt for most practical purposes. There needs to be a tremendous ammount of openness around systems like this so that people understand the meaning of it's outputs.
This whole debacle reeks of stupidity. The only thing that will happen is that the criminals they are (allegedly) trying to catch will simply move their comms to different channels. What's stopping a sophisticated crime syndicate form simply creating their own app which will have a small enough footprint such that it will fly under the radar?
From the perspective of tech companies, they are being put between a rock and a hard place by simultaneously being asked for more privacy, and also less privacy.
Is there any estimate for what percentage of chat communication happening within the EU is done by "perpetrators/criminals"? The average crime rate is 40 incidences per 100000 people per year, which would mean 0.0004% of the population is considered a criminal every year. What % of that tiny margin are going to be using online chat to commit their crimes? is it really worth abandoning the privacy of 450mil other people in the hopes that you might stop a criminal?
It is so tiring to see the constant efforts to erode our rights.
Even if they succeed in creating a surveillance state, do they think that it will not blow up in their face one day? It will make violence and revolutions against the surveilling institutions innevitable, or maybe it is just wishful thinking...
It kinda gets me into the stance: every member of EU parliament and EU commission should make their bank accounts fully transparent so populi can check whether they are committing some act of corruption.
[+] [-] paganel|3 years ago|reply
> The EU wants to oblige providers to search all private chats, messages, and emails automatically for suspicious content – generally and indiscriminately. The stated aim: To prosecute child pornography. [1]
Yeah, that will go down well, a central government checking our private conversations for "suspicious content". Of course they would use the "think of the children" trope, they could also have gone with the "think of the bad terrorists" trope, but that would have been too American, too cowboy-ish, we need to feel special, we're Europeans, after all.
Minus some street protests I don't think we can actually stop this, and, even then, I have my very big doubts. It so happens that I live in the EU periphery (I still need to present my ID card if I want to travel to Budapest or West from there), and it sickens me to see that my privacy depends on countries and electorates on which I have no say (like Germany, with all due respect to the Germans who still care about their privacy). Why should my privacy be made fun of because of decisions taken by some people from half way around the continent with which I have no direct connection and no shared past? Did they have a Securitate-like thing? Many of them didn't, and even those that did (like the same Germans), it looks like it doesn't matter at this point, they're all too happy to see their private political conversations be scrutinised 24/7.
F. that, the only viable solution I see for my country is an exit from the EU, but the money (still) coming in from Bruxelles is too good to leave aside for pesky political principles, so of course that no serious politician from around these parts puts the problem that way.
[1] https://www.patrick-breyer.de/en/posts/messaging-and-chat-co...
[+] [-] hedgedoops2|3 years ago|reply
The problem isn't "foreign rule".
The Swiss, famously independent, have one of the worst surveillance laws.
Doesn't chat control require unanimity in the EU council? If yes, if it happens, it will be because of 'your own' politicians.
Also, the EU parliament votes on this, and small countries have more power than large ones there, more votes per citizen
Lots of these laws are being independently adopted all around the world.
I will believe this is a foreign rule issue once you can show me one democratic country that consistently opposes internet surveillance and defends privacy and rejects 4-horseman based bogeyman politics. And where big countries pressure it to change that.
All countries are susceptible to this brand of demagoguery.
I will grant that the size of the EU enables it to pass surveillance laws that would otherwise not happen - any single EU member state would not be able to suggest change to global law the way the EU can. But then theres China, the US.
[+] [-] raverbashing|3 years ago|reply
(as an example see the latest UK "proposals" for the internet)
> didn't know exactly what that Chat Control
Interesting, several discussions about ChatControl were posted semi-recently (just a minor observation)
[+] [-] tcptomato|3 years ago|reply
What are you talking about? The german speaking world cares (maybe a bit too much) about privacy. This is why google street view sucks in Germany. NOYB - European Center for Digital Rights is headquartered in Vienna.
[+] [-] spaetzleesser|3 years ago|reply
I suspect the privacy situation is much worse in most countries outside the EU.
[+] [-] rpastuszak|3 years ago|reply
Genuine, not loaded question: and then what? What do you expect to happen?
[+] [-] yrgulation|3 years ago|reply
This is a myth. The money Bruxelles “sends” are money lost by customs duties no longer levied by individual states. There are no new money “spent” as such.
As for leaving the eu, speak for yourself. Romania has by and large a favourable view of the eu. Those who usually dislike it are either corrupt politicians or really really dumb people (conspiracy types).
Germany has many faults for the current state of the eu, but as in any democracy, you can vote better representatives for the eu parliament, instead of the bunch Romania sends at the moment. That way your view will be better supported in their debates against mps from that country.
[+] [-] dvfjsdhgfv|3 years ago|reply
[+] [-] monkeynotes|3 years ago|reply
[+] [-] jacooper|3 years ago|reply
Deutsch: https://netzpolitik.org/2022/chatkontrolle-bundesregierung-l...
Translation: https://www.reddit.com/r/privacy/comments/vitir0/germany_ask...
[+] [-] bArray|3 years ago|reply
Without any shadow of a doubt, the EU is trying to create a super state. In its original scope it was a trade union, but it has clearly exceeded its mandate. They now actively look towards creating an army and will be soon forced to start significantly increasing taxes (for complex reasons).
Your sovereignty is worth the cost in the long run. You get a large EU tax, and then Brussels decides that it knows how to spend your money better than your own government.
Maybe (maybe) you receive an excess amount from Brussels, but there are also hidden costs. One is a slower and more complex political system with many more actors. Another is uncontrolled migration which the EU is currently plagued with. Another is that you are forced to engage in ideological investments your Country may not be aligned with.
[+] [-] t_mann|3 years ago|reply
The UK thought so too, now they're frontrunning the EU on scraping privacy. I honestly don't even understand one could think an EU exit would address those problems in any way - corporate lobbying is inherent to politics, just look at your national government (whichever that currently is). And realistically speaking, the smaller the entity, the less likely they are of placing meaningful restrictions on US tech firms (like the EU did with GDPR).
[+] [-] thayne|3 years ago|reply
[+] [-] aaaaaaaaaaab|3 years ago|reply
I don't think non-EU Eastern European countries have such a stellar track record with respect to privacy...
[+] [-] shreyshnaccount|3 years ago|reply
[+] [-] easytiger|3 years ago|reply
[deleted]
[+] [-] Tainnor|3 years ago|reply
This was different with the previous government where the "law & order" mentality was much more entrenched, and which did nothing to prevent e.g. upload filters (despite promising to do so).
So I try to maintain some hope that at least Germany as a member state could tank this awful bill.
edit:
Here's the list of 61 questions that the German government sent to the EU concerning the bill (at the end of the article, in English): https://netzpolitik.org/2022/chatkontrolle-bundesregierung-l...
From a cursory reading, it reads to me like the diplomatic equivalent of "what you're proposing doesn't make any sense".
[+] [-] allendoerfer|3 years ago|reply
> 4. Does the COM share the view that recital 26 indicating that the use of end-to-end-encryption technology is an important tool to guarantee the security and confidentiality of the communications of users means that technologies used to detect child abuse shall not undermine end-to-end-encryption?
> 5. Could the COM please describe in detail on technology that does not break end-to-end-encryption, protect the terminal equipment and can still detect CSAM? Are there any technical or legal boundaries (existing or future) for using technologies to detect online child sexual abuse?
Mathematically speaking, they could have stopped at that point, but they went on.
[+] [-] norswap|3 years ago|reply
[+] [-] easytiger|3 years ago|reply
[deleted]
[+] [-] eastbound|3 years ago|reply
[+] [-] vaylian|3 years ago|reply
Saying that this is about child protection is a blatant lie. This serves only as a stepping stone to introduce other screening criteria later. And with opaque ML models it will be very tedious to determine what the model is supposed to find.
[+] [-] kurupt213|3 years ago|reply
[+] [-] ChrisKnott|3 years ago|reply
Why do you think this? What evidence would convince you that they are sincerely trying to protect children?
Helen Lovejoy wasn't lying, she was sincerely (but irrationally) concerned for the children.
HNers believe this conspiracy theory about their own governments (that they are deliberately secretly plotting to be despotic, and using the cover of trying to protect children) with no actual evidence, just a lot of winks and eyebrow wiggling. Complete abdication of rational thinking.
[+] [-] chucklenorris|3 years ago|reply
How big is the risk of a child being groomed through these electronic means? Is it comparable to being struck by lightning? What is worse weighted by probability: being sexually assaulted as a child or being suspected and having your life turned upside down for years by these algorithms. We already see these things happen with relatively minor things like having your google account closed by an algorithmic mishap.
How was this 10% number of false positives determined? Is this only an expectation of false positives or an actual statistic. What does 10% mean in the context of mass surveillance?
It might well be that millions of children are groomed and assaulted every year through chats. I don't have the data so i cannot say. I was under the impression that most sexual assault cases happen in the family and not by strangers.
What's worrying though is that these decisions are taken behind closed doors without any oversight, on the hope that they might save a child and possibly putting our lives in the hands of algorithmic justice.
[+] [-] dylkil|3 years ago|reply
[1]https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
[+] [-] wyager|3 years ago|reply
[+] [-] zmgsabst|3 years ago|reply
I’m not going to debate a disingenuous excuse from the people who just locked us in our homes for a year seeking yet more power and control.
[+] [-] hnhg|3 years ago|reply
[+] [-] delusional|3 years ago|reply
[+] [-] mrtksn|3 years ago|reply
If they didn't wanted that, they could have blocked it. However, leaving EU might actually help the government to have a better localised excuse. For example, maybe child abuse is not a big thing in your country but immigration is a hot topic? Then you can have "break the encryption to stop the human smugglers" campaign.
[+] [-] handelaar|3 years ago|reply
Over in the UK, the EU can't stop the new Kakistocracy from actually doing it. I know where I'd rather live.
[+] [-] benhurmarcel|3 years ago|reply
[+] [-] dudul|3 years ago|reply
That being said, things like this would happen at the national level for sure, the EU has nothing to do with it. It's systemic to "modern democracies ".
[+] [-] cuteboy19|3 years ago|reply
[+] [-] sparsely|3 years ago|reply
That 10% is the percent of flagged images which are actually OK. Whether this represents a large fraction of all legal content depends on how much illegal content there is. It would be better if they quoted the false positive rate and false negative rate as a fraction of legal/illegal images respectively.
e.g. if 1/100,000,000 legal images are flagged incorrectly, and 100% of illegal images are flagged correctly, then a corpus of 100,000,000 legal images + 9 illegal images would result in the stats in the headline. That seems like a pretty good system (ignoring any principled objections to the scanning in the first place).
[+] [-] altacc|3 years ago|reply
I also didn't find anything in there about expectations for reducing numbers of false negatives (where automation fails to flag suspicious activity). Content control is basically just PR if it ignores the majority of activity it is designed to police.
[+] [-] seper8|3 years ago|reply
[+] [-] DangerousPie|3 years ago|reply
Whether that makes this whole plan a good idea or not is obviously a very different question, but I think it's important to be clear about what this number actually means.
[+] [-] uvesten|3 years ago|reply
[+] [-] isaacfrond|3 years ago|reply
https://en.wikipedia.org/wiki/Base_rate_fallacy
[+] [-] Neil44|3 years ago|reply
[+] [-] tomekn|3 years ago|reply
From the perspective of tech companies, they are being put between a rock and a hard place by simultaneously being asked for more privacy, and also less privacy.
[+] [-] dylkil|3 years ago|reply
[+] [-] shakaijin|3 years ago|reply
[+] [-] jernejzen|3 years ago|reply
[+] [-] mnd999|3 years ago|reply
[+] [-] throwaway22032|3 years ago|reply
Is Signal subject to this? Telegram? Do we need something "less mainstream"?
[+] [-] charlieyu1|3 years ago|reply
[+] [-] diziet|3 years ago|reply