seems to me this alone is a show-stopper besides all the other terrible implications:
“the best estimates show around a 10 percent false positive rate for client-side scanning – which could see a huge number of people accused of crimes they didn't commit.”
10% is massive regarless, but of what? 10% of messages being false positive flags would mean almost everyone getting flagged within a day.
Upsetting statistic for other reasons: Even if it's "10% of all flags are false, 90% are correct", if there's also no false negatives, then the 10% false positives alone gets you to about the current total incarceration rate — offenders are estimated to be a few % of the population, prison population is about 0.1% of the total population.
>If passed, the legislation would require encrypted app makers ... to find ways to enforce such scanning – something they have neither the ability nor the desire to do.
100% they could add client side scanning, why do they think its impossible?
>>"something they have neither the ability nor the desire to do."
>100% they could add client side scanning, why do they think its impossible?
I think you've misread that sentence. It's saying that they don't have the ability right now, as-in this is not a feature they've written in their software, and that further they do not wish to do so (in the same way that Apple did not want to write a backdoor for the FBI previously). Obviously as a matter of programming of course backdoors can be written and have been. But software developers don't want to be forced at gun point to do so like the EU proposes, which seems perfectly understandable.
And fwiw with open source software it actually would be arguable that they "don't have the ability" on a more technical level since that couldn't actually be enforced on the users and the EU's jurisdiction ends at its borders. Obviously many of the most popular messengers are proprietary, but not all. And even for the proprietary vendors that probably does factor into their arguments, as it'd put them at a commercial disadvantage.
Perhaps its more along the line of it being impossible to have privacy if privacy invading scanning is required. Its impossible to have secure encryption if there is a requirement to be not secure so that every message can be read by any government that wants to.
All you need to do to avoid it would be to encrypt outside the app, something most people would not bother to do, but criminals would be motivated to do.
1. Client-side scanning of the content that is externally encrypted is impossible. So if you are a criminal, you just don't share the photo, you share the encrypted file to circumvent this restriction.
2. Reliable client-side scanning of images is impossible (you cannot download illegal content to client devices for exact matches, so it will be only signatures and collisions are possible), so there will be false positives that will be reported, which will inevitably result in violation of privacy, possibly persecution etc.
1. Of course its possible, youd just get back encrypted data. This doesnt make it impossible
2. You mean "Reliable classification of client-side scanned images is impossible", although you dont actually define reliable. This is besides the point, Im not talking about the actually feasibility of this on a political level, Im asserting a specific technical point that client-side scanning is 100% possible for e2e apps
That specific technical point is trivial and is not worth discussing it. Of course you can „scan“ a data stream, but what’s the point if it doesn’t yield any meaningful results?
The only acceptable scanning process here is the one that produces only true positives, no collateral damage. This is what I call reliable.
1. If the client application is hashing ciphertext, its hash will not match any known offending hashes, even if the plaintext is a known file.
I don't understand why someone would go through the trouble of using WhatApp to pass around separately-encrypted files instead of using anything else, though.
2. It's also "technically possible" to do the scanning server-side, on the encrypted stream, and flag anything that by chance matches a known hash.
Wait until you get accussed of shit because of false positive. Happened in the story with Google and photo of boy to a doctor, Google refused to revoke it's automated crap even when false positive was proven.
They can't do it without false positives stochastically decrypting perfectly legal conversations without a warrant or any sort of due process. Of course, the EU elites don't care, but the leadership of Signal/etc obviously do.
I understand Brussels is the de facto capital of the EU in terms of the EU institutions located there. One random association that came up when I read this is that Brussels is where the Session team is located (Session is the P2P version of Signal) and I'm sure they have a stake in this. Just not sure if they're involved in lobbying against encryption backdoors or just watching it unfold like the rest of us.
I'm one of those people who over-share and never comfortable keeping secrets (other than login credentials) while also being paranoid that we are relying on a certificate authority based system that's supposed to protect us but is fundamentally designed to enable state surveillance - a suspicion I've always had despite certificate transparency, pinning, etc) - You can downvote me for having this suspicion, but it won't make me more trusting of the security theater business.
seems to me this alone is a show-stopper besides all the other terrible implications:
“the best estimates show around a 10 percent false positive rate for client-side scanning – which could see a huge number of people accused of crimes they didn't commit.”
10% is massive regarless, but of what? 10% of messages being false positive flags would mean almost everyone getting flagged within a day.
Upsetting statistic for other reasons: Even if it's "10% of all flags are false, 90% are correct", if there's also no false negatives, then the 10% false positives alone gets you to about the current total incarceration rate — offenders are estimated to be a few % of the population, prison population is about 0.1% of the total population.
10% of messages flagged, which ought to be a minuscule number given nothing other than the sheer volume of messages.
Related:
Germany is not supporting ChatControl – blocking minority secured
https://news.ycombinator.com/item?id=45209366
Chat Control Must Be Stopped
https://news.ycombinator.com/item?id=45173277
>If passed, the legislation would require encrypted app makers ... to find ways to enforce such scanning – something they have neither the ability nor the desire to do.
100% they could add client side scanning, why do they think its impossible?
>>"something they have neither the ability nor the desire to do."
>100% they could add client side scanning, why do they think its impossible?
I think you've misread that sentence. It's saying that they don't have the ability right now, as-in this is not a feature they've written in their software, and that further they do not wish to do so (in the same way that Apple did not want to write a backdoor for the FBI previously). Obviously as a matter of programming of course backdoors can be written and have been. But software developers don't want to be forced at gun point to do so like the EU proposes, which seems perfectly understandable.
And fwiw with open source software it actually would be arguable that they "don't have the ability" on a more technical level since that couldn't actually be enforced on the users and the EU's jurisdiction ends at its borders. Obviously many of the most popular messengers are proprietary, but not all. And even for the proprietary vendors that probably does factor into their arguments, as it'd put them at a commercial disadvantage.
Perhaps its more along the line of it being impossible to have privacy if privacy invading scanning is required. Its impossible to have secure encryption if there is a requirement to be not secure so that every message can be read by any government that wants to.
What apps can access can be restricted by the OS.
All you need to do to avoid it would be to encrypt outside the app, something most people would not bother to do, but criminals would be motivated to do.
whats that got to do with whatsapp scanning the photo youre about to send?
1. Client-side scanning of the content that is externally encrypted is impossible. So if you are a criminal, you just don't share the photo, you share the encrypted file to circumvent this restriction.
2. Reliable client-side scanning of images is impossible (you cannot download illegal content to client devices for exact matches, so it will be only signatures and collisions are possible), so there will be false positives that will be reported, which will inevitably result in violation of privacy, possibly persecution etc.
1. Of course its possible, youd just get back encrypted data. This doesnt make it impossible
2. You mean "Reliable classification of client-side scanned images is impossible", although you dont actually define reliable. This is besides the point, Im not talking about the actually feasibility of this on a political level, Im asserting a specific technical point that client-side scanning is 100% possible for e2e apps
That specific technical point is trivial and is not worth discussing it. Of course you can „scan“ a data stream, but what’s the point if it doesn’t yield any meaningful results?
The only acceptable scanning process here is the one that produces only true positives, no collateral damage. This is what I call reliable.
> The only acceptable scanning process here is the one that produces only true positives, no collateral damage. This is what I call reliable.
well then reliability is impossible, you must accept errors
> well then reliability is impossible, you must accept errors
Nobody should accept errors. Client-side scanning simply must not happen. It’s mathematically dumb idea.
1. If the client application is hashing ciphertext, its hash will not match any known offending hashes, even if the plaintext is a known file.
I don't understand why someone would go through the trouble of using WhatApp to pass around separately-encrypted files instead of using anything else, though.
2. It's also "technically possible" to do the scanning server-side, on the encrypted stream, and flag anything that by chance matches a known hash.
Cool are you happy to run a hash of all your files and if it matches a certain hash you're accused of a crime?
BTW the hash is a CRC32 one
Wait until you get accussed of shit because of false positive. Happened in the story with Google and photo of boy to a doctor, Google refused to revoke it's automated crap even when false positive was proven.
They can't do it without false positives stochastically decrypting perfectly legal conversations without a warrant or any sort of due process. Of course, the EU elites don't care, but the leadership of Signal/etc obviously do.
> Of course, the EU elites don't care
Oh they do. They are excempted.
Source or is that something you imagined?
https://circleid.com/posts/chat-control-proposal-advances-de...
https://fightchatcontrol.eu/
https://european-pirateparty.eu/chatcontrol-eu-ministers-wan...
Only that last link is relevant to the question, for those who want to read about the proposed exemptions.
EU taking a page out of China's playbook, after years of 'complaining' about what China was doing, is kind of wild. And sad.
It is a few lobbying entities and many non tech politicians. Who trust other companies to inform them who are in lobbyist pockets.
The same ideology runs both.
How so? Do you have sources or is this a matter of opinion?
Glad the EU regime can count on their useful idiots.
It's my opinion. Much like liberals and democrats consider trump's america to be a fascist state I consider myself to be living under a communist one.
I understand Brussels is the de facto capital of the EU in terms of the EU institutions located there. One random association that came up when I read this is that Brussels is where the Session team is located (Session is the P2P version of Signal) and I'm sure they have a stake in this. Just not sure if they're involved in lobbying against encryption backdoors or just watching it unfold like the rest of us.
I'm one of those people who over-share and never comfortable keeping secrets (other than login credentials) while also being paranoid that we are relying on a certificate authority based system that's supposed to protect us but is fundamentally designed to enable state surveillance - a suspicion I've always had despite certificate transparency, pinning, etc) - You can downvote me for having this suspicion, but it won't make me more trusting of the security theater business.
Over-sharing is compatible with privacy. Privacy means that you are in control of who knows what about you!
That's a defensible perspective.