[bscanlan]

> Under the EU Internet Forum, the Commission has launched an expert process with industry to map and preliminarily assess, by the end of 2020, possible technical solutions to detect and report child sexual abuse in end-to-end encrypted electronic communications, and to address regulatory and operational challenges and opportunities in the fight against these crimes.

It is a spectacular overreaction to equate this to "EU wants to ban encryption". This will never happen.

[vages]

If you search for the word “encrypt” in this document, you’ll see that they are against Facebook end-to-end encrypting messenger: https://ec.europa.eu/home-affairs/sites/default/files/what-w...

I don’t think this is an overreaction.

[hvdijk]

The bit about Facebook's planned end-to-end encryption ends with:

> One of the specific initiatives under the EU Internet Forum in 2020 is the creation of a technical expert process to map and assess possible solutions which could allow companies to detect and report child sexual abuse in end-to-end encrypted electronic communications, in full respect of fundamental rights and without creating new vulnerabilities criminals could exploit. Technical experts from academia, industry, public authorities and civil society organisations will examine possible solutions focused on the device, the server and the encryption protocol that could ensure the privacy and security of electronic communications and the protection of children from sexual abuse and sexual exploitation.

I read this as "Okay, fine, we can't ban end-to-end encryption and we cannot backdoor it. What can we do?" If that is what they mean, it seems a reasonable enough question to ask.

[matheusmoreira]

> possible solutions focused on the device, the server and the encryption protocol

Looks like they're going to find ways to read our messages before they are encrypted and sent. Why would anyone continue to use a communications application that's known to do this?

[AnssiH]

> Why would anyone continue to use a communications application that's known to do this?

Network effect. Most people are not using Whatsapp because it is E2EE, they are using it because all their friends are.

[nix23]

Not sure if terrorist and organized crime are influenced by the "Network effect"...and it's because of them right?

[kenmacd]

Even if true it seems it could still create a smaller haystack.

[fogihujy]

My guess: Client-side scan for certain keywords to identify grooming and some kind of signature-based identification of known child-porn media. Basically what I assume Messenger does today, but on the local devices instead.

The general public won't care until we're halfway down a slippery slope, and then people will just switch to whatever platform is perceived as more secure/popular at that particular moment in time.

[271828182846]

> Why would anyone continue to use a communications application that's known to do this?

Are you kidding? Almost nobody will care about that. This isn't even a new threat. It's common practice already.

[pradn]

What if hashes of known-bad content are stored locally on the device, and sending content that matches against those hashes is not allowed. Or, the user could appeal if they think there's a false positive. This can be used for CP but also for known-bad fake news or inflammatory content. Clearly, the content hash DB needs to be scope down, and what goes in there should be chosen with democratic principles, and stand scrutiny in the courts. If done thoughtfully, it seems like a feasible solution.

[ApolloFortyNine]

Changing a hash is incredibly easy, you could just change some Metadata and the hash would change. And any perceptual hashing algorithms would naturally lead to false positives.

Also this would likely be quickly commandeered for copyrighted work (honestly pretty surprised it hasn't happened already).

[ergl]

This is already done extensively: https://en.wikipedia.org/wiki/PhotoDNA and https://blog.cloudflare.com/the-csam-scanning-tool/

[estaseuropano]

They are not against it, they say it makes precenting child porn dissemination more difficult, which seems like a rather obvious truth. They say Industry and government need to work together SNF try and see what can be done about it without breaking privacy.

So total opposite of how you read it.

[tremon]

what can be done about it without breaking privacy

Well, the answer is: nothing. Let's take an analogy:

> Industry and government need to work together to try and see what can be done about me talking to my wife without breaking privacy.

If I want to speak to my wife in private, that's between me and my wife only. If industry and/or government want to have a say in that, they're going to need to control or monitor anything I say to my wife. The very act of desiring to control requires subverting privacy.

Of course, there are fruitful discussions to be had about the extent of privacy itself, the extent of private communication, and the extent of control that might be admissible. But to pretend that there is a perfect solution that doesn't affect privacy is either a foolish or deliberately malicious position to take.

[brokenmachine]

"The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia" - Australian ex-Prime Minister Malcolm Turnbull (while he was Prime Minister).

While the EU is at it, they should do one for free energy.

Get just the right panel of experts together, and hopefully they can handwave all those troublesome laws of physics away as well.

[AnssiH]

That is not my read at all:

> Last year, Facebook announced plans to implement end-to-end encryption by default in its instant messaging service. In the absence of accompanying measures, it is estimated that this could reduce the number of total reports of child sexual abuse in the EU (and globally) by more than half and as much as two-thirds, since the detection tools as currently used do not work on end-to-end encrypted communications.

Seems more like stating a fact.

[gonehome]

That's not even the proposal they're talking about, this is: https://digital-strategy.ec.europa.eu/en/library/interim-reg...

Also as the other comments said, even in the one you link they're discussing the true issues that exist and what to do in that context.

[IanCal]

Where do they say they are against it? Can you quote precisely what you are referring to?

They seem to just explain the problem it causes and calls for finding new approaches since current ones are made ineffective.

[nullserver]

End to end in chat? They blacklist articles in chat already.

So there is some level of man in the middle already.

[ineptech]

Do you imagine that this "expert process" will come up with a way to preserve message privacy while also flagging which messages are illegal? What else could the purpose of it be than to recommend requiring providers to MITM their customers' messages?

(Although I agree that the title should be changed to "ban end-to-end encryption"; certainly the suggestion that the EU would try to ban encryption generally is an exaggeration)

[IanCal]

I can think of a very obvious one, identify and refuse to send messages that the client app decides are child porn. No intrusion.

Or perhaps add a counter to the account when it's detected. Minimal intrusion, single flag defining the message.

You don't need to mitm things to implement _some_ mitigations.

Before the inevitable - a method that is not 100% reliable in stopping something is not useless. Otherwise we may as well make it as easy as possible to share child porn because it wouldn't make a difference.

[gonehome]

FB also already proposed one where users can report encrypted messages and send an unencrypted log to them from their client device.

Since most existing child abuse imagery is reported by users that see it somehow - this seems like a reasonably pro-privacy way to keep the same amount of reporting.

[DukeBaset]

Perhaps the app itself can use ml to detect flag and prevent known images from being sent...

[fogihujy]

"Why is Whatsapp using up my phone's battery?"

[brokenmachine]

I'm opposed to this on other grounds, but computing and checking a single hash for each image wouldn't be that big a burden.

[fogihujy]

Agreed. You mentioned ML though, and that's a different matter.

Checking hashes is definitely viable, but only works for known good examples.

[matheusmoreira]

Banning encryption, completely neutralizing and circumventing the encryption... The effect is the same: the government will be able to read the messages.