Anything that includes client side scanning is a slippery slope to fully controlling your device. Will it be illegal to somehow disable the client side scanning? If so then how long until you are breaking the law when you turn off the government scanner — or are caught “installing a new hard drive” in your computer.. etc..
Is the problem that people can send encrypted things back and forth to each other? Requiring that companies put snooping software on their device is basically the thought police. Not hyperbole but the actual thought police. Today it’s saving the children, tomorrow it’s basically any problem the governments of many nations want to try to solve.
> Will it be illegal to somehow disable the client side scanning? If so then how long until you are breaking the law when you turn off the government scanner
And once they've normalized "your computer will spy and inform on you", is there any reason to think that won't expand to things which aren't colloquially "computers" but in fact are now computers?
What about "smart houses"? All your IoT toys are computers. Once phones, laptops and PCs as mandatory reporters has been normalized, is there any reason to think all the other microphones and cameras already in people's houses won't become mandatory reporters too? If they make it illegal to disable client-side scanning on computers, might they also make it illegal to remove the crime-detecting cameras in your own home?
Modern cars already narc on people, logging and uploading GPS traces that can be fed into police dragnets, just like phones. Cops can ask for a log of who's been inside a 'geofence' and where does that data come from? Phones and cars reporting on their owners, generally without their owners knowing anything about it. The 'slippery slope' isn't actually a fallacy if you have enough datapoints to legitimately draw a trend line. And I think we certainly do.
The only client-side scanning proposal we’ve ever seen (Apple and NCMEC’s 2021 photo scanning proposal) didn’t even address encrypted messaging. It worked on private photo libraries on your phone. I think it’s very important to reiterate that the targets here aren’t communications between criminals: it’s your private data.
> Today it’s saving the children, tomorrow it’s basically any problem
This is how most rights get taken away, not just encryption. Also, we're talking about countries that already have pretty restricted speech. Encryption has to consistently remain popular to survive there, and there are plenty of ways to undermine that.
How will it work on computers? Will browsers do the client-side scanning? Will Apple and Microsoft implement it in their OS'es? What about Linux, will Linux be forbidden? (let's not get in the discussion that Linux is the kernel, you know what I mean).
Did some minor research, apparently it's for all providers of email, chat and messaging apps.
edit: How will it work in practice? Say I make some Open Source messaging app. Now I need to add some/the government approved algorithm to detect malicious content and then feed this to some government instance. I guess the government will provide me some key/certificate to ensure that my reports of malicious content are legit. But how will this work if this is public, the signing stuff can be abused to file false reports. I have no clue how this will work in practice. The death of Open Source email, chat and messaging apps?
Governments have access to what is precluded to normal citizens and hackers. All they need to do is telling the phone/router/CPU/chipsets/NIC manufacturers: "if you want to have business here, from now on you put into your firmware this small blob that will help us to catch pedophiles and terrorists", and see how quick they will comply. Open Source in software would be tolerated because hardware runs at high privileges, and if you tamper with that at production level to insert backdoors, no Open Source operating system and software can prevent them from working.
It's a sad joke that child protection is the driving argument for surveillance. The actual numbers are _horrifying_, but almost nothing is done about it even in "developed countries". None of the organizations looking into actual violence against children is advocating for such measures. It is a completely fake and bullshit argument.
> Indiscriminate messaging and chat control wrongfully incriminates hundreds of users every day. According the Swiss Federal Police, 80% of machine-reported content is not illegal, for example harmless holiday photos showing nude children playing at a beach. Similarly in Ireland only 20% of NCMEC reports received in 2020 were confirmed as actual “child abuse material”.
All machine flagged reports must be checked by a human. Somebody will check your photos.
I’m a bit confused, is the German government formally opposing client-side scanning requirements or not? The article is about civil society groups voicing their concerns at a parliamentary hearing and notes that the parliament doesn’t have a say in EU legislation. But it specifically says the government wants client-side scanning removed without any specifics on that part.
Yeah, reads like clickbait that is intentionally confusing "Germany, the country" with "Germany, as represented by these six people who were heard by a parliamentary committee yesterday".
It's bad enough with the amount of private data already scraped legally by websites, without sanctioning the removal of privacy.
Honestly the "for the kids" we know is BS, they say it's for the kids, even if they parade a group of well meaning people around bringing an awareness there's a problem (IMO, honestly double or treble the amount of police or IT entity around the world to penetrate the vile pedo groups) - but instead such actions proposed are almost always for other more powerful interests who see a fraction of the web as a major problem for some perceived idea they lose money to this fraction's activities.
The reality is any group up to no good will simply migrate to a protocol that permits sending a file from a usb or other external source, but such file will be encrypted unlike any previous known encryption. Then the same process as the good work done presently will save the kids, agencies will slowly penetrate such groups, discover the encryption and member contacts ...
At the end of day like many here have already said, it's a slippery slope. Some people are happy to use devices they really don't own the content to do as they please, they put up with google running their phone apps ... when I couldn't clear my cheap android phone's disk space of the junk which left no room for anything else, without having to reset, that was the point I gave up on smart phones - it now exists only to take texts and calls and create a wifi hotspot.
As demonstrated by iOS, the technical means to effectively frustrate the installation and use of Free Software already exists. We (the tech industry) have already built the walls of our own prison. All that remains now is for politicians to herd us in and slam the gates shut.
> I really need to be able to control which software runs on MY devices
Well if you're running an Intel powered device, there is the Intel Management Engine[0], which is a minus ring zero backdoor with unfettered access to everything. It even runs MINIX! It's not really your computer.
I hope that one day germany will gain some influence in the european union, to counter the influence of great britain and protect end-to-end encryption.
> to counter the influence of great britain and protect end-to-end encryption.
In 2016, a voting majority of the UK population decided to give up their
valued influence in the EU, and we miss them dearly (not sarcasm - they
were a much-needed voice for common sense). This event is commonly referred
to as "Brexit" or Britain's exit from the European Union, and eventually from
the European Council, which it once was a founding member of.
They never wanted to ban memes. In fact, the so-called "meme ban" and accompanying "link tax" has already been approved in 2019, and implemented in several countries, including Germany. By now it must be clear that this directive does not in fact ban memes or tax links, and that that was always an exaggerated reading by internet zealots.
I don't use Tutanota anymore (main reason: no bridge to other clients), but I'm not mad about having paid up-front for another year. Thanks for keeping this topic visible.
If the image doesn’t leave the device and only the hash does… What is stopping one from uploading existing public images, banning a whole lot of innocent people?
I don’t understand these laws. What if I don’t want client side scanning? I’ll just get a Librem or PinePhone or a pixel 6 with GrapheneOS. How are they going to stop me? Think about it really, how are they going to stop me? The implications are pretty insane if you ask me.
It's funny that I was saying the EU is going to implement this like 10 years ago and people were calling me crazy conspiracy theorist, that the EU would never have done anything like that and that EU is totally not evil.
Look how Overton windows is moving.
Today it's a thing and nobody calls it conspiracy theory anymore and suddenly people no longer talk about good EU.
Tomorrow you'll have these scanners on you device.
From then your life will be micromanaged by bureaucrats and you'll become a slave.
As ideology EU is built upon is slavery.
I've seen at least half a dozen cases in the US for people arrested for child abuse material where all of them came up to be because of Google scanning their messages (not just emails). There was even a case where it was a photo sent to the child's Dr because the child had a rash, and Google's algorithms identified it and that was enough for the police to get a warrant for ALL of the user's Google account.
[+] [-] xt00|3 years ago|reply
Is the problem that people can send encrypted things back and forth to each other? Requiring that companies put snooping software on their device is basically the thought police. Not hyperbole but the actual thought police. Today it’s saving the children, tomorrow it’s basically any problem the governments of many nations want to try to solve.
[+] [-] slackdog|3 years ago|reply
And once they've normalized "your computer will spy and inform on you", is there any reason to think that won't expand to things which aren't colloquially "computers" but in fact are now computers?
What about "smart houses"? All your IoT toys are computers. Once phones, laptops and PCs as mandatory reporters has been normalized, is there any reason to think all the other microphones and cameras already in people's houses won't become mandatory reporters too? If they make it illegal to disable client-side scanning on computers, might they also make it illegal to remove the crime-detecting cameras in your own home?
Modern cars already narc on people, logging and uploading GPS traces that can be fed into police dragnets, just like phones. Cops can ask for a log of who's been inside a 'geofence' and where does that data come from? Phones and cars reporting on their owners, generally without their owners knowing anything about it. The 'slippery slope' isn't actually a fallacy if you have enough datapoints to legitimately draw a trend line. And I think we certainly do.
[+] [-] matthewdgreen|3 years ago|reply
[+] [-] hot_gril|3 years ago|reply
This is how most rights get taken away, not just encryption. Also, we're talking about countries that already have pretty restricted speech. Encryption has to consistently remain popular to survive there, and there are plenty of ways to undermine that.
[+] [-] zirgs|3 years ago|reply
Also what if some hackers put something on my phone to intentionally trigger this in order to blackmail me or ruin my reputation?
[+] [-] hasseldahoff|3 years ago|reply
I think this is the case, except it’s a feature not a bug. The predictable characters will shoehorn in the concern angle[1].
[1]: https://en.m.wikipedia.org/wiki/Four_Horsemen_of_the_Infocal...
[+] [-] bboygravity|3 years ago|reply
There is already snooping software on most company devices: Microsoft software and Google software and the Western internet.
It's already snooping on everybody for the government (through at the very least NSA).
It already makes sure the traffic is (hopefully/maybe) only encrypted for everybody else.
This goes for the EU as well. Most Western countries legalized and extended what Snowden revealed about government surveillance.
It's already being used in a dragnet surveillance thought police type of way for decades. At least no doubt in my mind. Call me paranoid, don't care.
[+] [-] dunham|3 years ago|reply
[+] [-] lifeinthevoid|3 years ago|reply
[+] [-] lifeinthevoid|3 years ago|reply
edit: How will it work in practice? Say I make some Open Source messaging app. Now I need to add some/the government approved algorithm to detect malicious content and then feed this to some government instance. I guess the government will provide me some key/certificate to ensure that my reports of malicious content are legit. But how will this work if this is public, the signing stuff can be abused to file false reports. I have no clue how this will work in practice. The death of Open Source email, chat and messaging apps?
[+] [-] squarefoot|3 years ago|reply
[+] [-] miohtama|3 years ago|reply
More here
https://mullvad.net/en/blog/2023/2/1/eu-chat-control-law-wil...
[+] [-] rendx|3 years ago|reply
* About 1 in 4 girls and 1 in 13 boys in the United States experience child sexual abuse.
* Someone known and trusted by the child or child’s family members, perpetrates 91% of child sexual abuse.
https://www.cdc.gov/violenceprevention/childsexualabuse/fast...
WHO:
"1 in 2 children aged 2-17 years suffered violence in the past year"
https://www.who.int/health-topics/violence-against-children
It's a sad joke that child protection is the driving argument for surveillance. The actual numbers are _horrifying_, but almost nothing is done about it even in "developed countries". None of the organizations looking into actual violence against children is advocating for such measures. It is a completely fake and bullshit argument.
[+] [-] miohtama|3 years ago|reply
> Indiscriminate messaging and chat control wrongfully incriminates hundreds of users every day. According the Swiss Federal Police, 80% of machine-reported content is not illegal, for example harmless holiday photos showing nude children playing at a beach. Similarly in Ireland only 20% of NCMEC reports received in 2020 were confirmed as actual “child abuse material”.
All machine flagged reports must be checked by a human. Somebody will check your photos.
https://www.patrick-breyer.de/en/posts/chat-control/
[+] [-] auggierose|3 years ago|reply
[+] [-] belter|3 years ago|reply
"European Security Officials Double Down on Automated Moderation and Client-Side Scanning" - https://www.lawfareblog.com/european-security-officials-doub...
[+] [-] 0xDEF|3 years ago|reply
I am not kidding. Ashton Kutcher and Demi Moore are involved.
[+] [-] lock-the-spock|3 years ago|reply
Here the proposal , scroll down to 'Article 1' for content.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A20...
[+] [-] wazoox|3 years ago|reply
https://www.nextinpact.com/article/71087/le-senat-propose-re...
[+] [-] resfirestar|3 years ago|reply
[+] [-] timgo|3 years ago|reply
https://www.tagesschau.de/inland/innenpolitik/chatkontrolle-...
[+] [-] luckylion|3 years ago|reply
[+] [-] anenefan|3 years ago|reply
Honestly the "for the kids" we know is BS, they say it's for the kids, even if they parade a group of well meaning people around bringing an awareness there's a problem (IMO, honestly double or treble the amount of police or IT entity around the world to penetrate the vile pedo groups) - but instead such actions proposed are almost always for other more powerful interests who see a fraction of the web as a major problem for some perceived idea they lose money to this fraction's activities.
The reality is any group up to no good will simply migrate to a protocol that permits sending a file from a usb or other external source, but such file will be encrypted unlike any previous known encryption. Then the same process as the good work done presently will save the kids, agencies will slowly penetrate such groups, discover the encryption and member contacts ...
At the end of day like many here have already said, it's a slippery slope. Some people are happy to use devices they really don't own the content to do as they please, they put up with google running their phone apps ... when I couldn't clear my cheap android phone's disk space of the junk which left no room for anything else, without having to reset, that was the point I gave up on smart phones - it now exists only to take texts and calls and create a wifi hotspot.
[+] [-] marcodiego|3 years ago|reply
The other half of my brain says: "Indeed... I really need to be able to control which software runs on MY devices."
[+] [-] slackdog|3 years ago|reply
[+] [-] legrande|3 years ago|reply
Well if you're running an Intel powered device, there is the Intel Management Engine[0], which is a minus ring zero backdoor with unfettered access to everything. It even runs MINIX! It's not really your computer.
[0] https://en.wikipedia.org/wiki/Intel_Management_Engine
[+] [-] amadeuspagel|3 years ago|reply
[+] [-] jll29|3 years ago|reply
In 2016, a voting majority of the UK population decided to give up their valued influence in the EU, and we miss them dearly (not sarcasm - they were a much-needed voice for common sense). This event is commonly referred to as "Brexit" or Britain's exit from the European Union, and eventually from the European Council, which it once was a founding member of.
[+] [-] ttctciyf|3 years ago|reply
[+] [-] orcajerk|3 years ago|reply
[+] [-] JW_00000|3 years ago|reply
More information at https://en.wikipedia.org/wiki/Directive_on_Copyright_in_the_...
[+] [-] sjaak|3 years ago|reply
[+] [-] solarkraft|3 years ago|reply
[+] [-] germandiago|3 years ago|reply
[+] [-] LinuxBender|3 years ago|reply
[1] - https://www.diyphotography.net/meta-wants-teens-nudes-to-sto...
[+] [-] hermanb|3 years ago|reply
[+] [-] teekert|3 years ago|reply
[+] [-] brokenmachine|3 years ago|reply
[+] [-] greatgib|3 years ago|reply
This is crazy when you think that it used to be a core value and people fought for this.
[+] [-] varispeed|3 years ago|reply
[+] [-] sn_master|3 years ago|reply
[+] [-] fleddr|3 years ago|reply
[+] [-] brokenmachine|3 years ago|reply
[+] [-] gavinhoward|3 years ago|reply
https://everyoneneedsencryption.gavinhoward.com/
Comments and feedback welcome. I'd like to make these arguments irrefutable.