The bit about Facebook's planned end-to-end encryption ends with:
> One of the specific initiatives under the EU Internet Forum in 2020 is the creation of a technical expert process to map and assess possible solutions which could allow companies to detect and report child sexual abuse in end-to-end encrypted electronic communications, in full respect of fundamental rights and without creating new vulnerabilities criminals could exploit. Technical experts from academia, industry, public authorities and civil society organisations will examine possible solutions focused on the device, the server and the encryption protocol that could ensure the privacy and security of electronic communications and the protection of children from sexual abuse and sexual exploitation.
I read this as "Okay, fine, we can't ban end-to-end encryption and we cannot backdoor it. What can we do?" If that is what they mean, it seems a reasonable enough question to ask.
> possible solutions focused on the device, the server and the encryption protocol
Looks like they're going to find ways to read our messages before they are encrypted and sent. Why would anyone continue to use a communications application that's known to do this?
My guess: Client-side scan for certain keywords to identify grooming and some kind of signature-based identification of known child-porn media. Basically what I assume Messenger does today, but on the local devices instead.
The general public won't care until we're halfway down a slippery slope, and then people will just switch to whatever platform is perceived as more secure/popular at that particular moment in time.
What if hashes of known-bad content are stored locally on the device, and sending content that matches against those hashes is not allowed. Or, the user could appeal if they think there's a false positive. This can be used for CP but also for known-bad fake news or inflammatory content. Clearly, the content hash DB needs to be scope down, and what goes in there should be chosen with democratic principles, and stand scrutiny in the courts. If done thoughtfully, it seems like a feasible solution.
Changing a hash is incredibly easy, you could just change some Metadata and the hash would change. And any perceptual hashing algorithms would naturally lead to false positives.
Also this would likely be quickly commandeered for copyrighted work (honestly pretty surprised it hasn't happened already).
Yes, it would have to be a perceptual hash. False positives will occur, so there needs to be a way to appeal or remediate the algorithmic decision. We already apply this approach in a bunch of places. I believe the major personal cloud storage providers (OneDrive, etc) already do such scanning.
They are not against it, they say it makes precenting child porn dissemination more difficult, which seems like a rather obvious truth. They say Industry and government need to work together SNF try and see what can be done about it without breaking privacy.
what can be done about it without breaking privacy
Well, the answer is: nothing. Let's take an analogy:
> Industry and government need to work together to try and see what can be done about me talking to my wife without breaking privacy.
If I want to speak to my wife in private, that's between me and my wife only. If industry and/or government want to have a say in that, they're going to need to control or monitor anything I say to my wife. The very act of desiring to control requires subverting privacy.
Of course, there are fruitful discussions to be had about the extent of privacy itself, the extent of private communication, and the extent of control that might be admissible. But to pretend that there is a perfect solution that doesn't affect privacy is either a foolish or deliberately malicious position to take.
"The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia" - Australian ex-Prime Minister Malcolm Turnbull (while he was Prime Minister).
While the EU is at it, they should do one for free energy.
Get just the right panel of experts together, and hopefully they can handwave all those troublesome laws of physics away as well.
> Last year, Facebook announced plans to implement end-to-end encryption by default in its
instant messaging service. In the absence of accompanying measures, it is estimated that this
could reduce the number of total reports of child sexual abuse in the EU (and globally) by
more than half and as much as two-thirds, since the detection tools as currently used do
not work on end-to-end encrypted communications.
> One of the specific initiatives under the EU Internet Forum in 2020 is the creation of a technical expert process to map and assess possible solutions which could allow companies to detect and report child sexual abuse in end-to-end encrypted electronic communications, in full respect of fundamental rights and without creating new vulnerabilities criminals could exploit. Technical experts from academia, industry, public authorities and civil society organisations will examine possible solutions focused on the device, the server and the encryption protocol that could ensure the privacy and security of electronic communications and the protection of children from sexual abuse and sexual exploitation.
I read this as "Okay, fine, we can't ban end-to-end encryption and we cannot backdoor it. What can we do?" If that is what they mean, it seems a reasonable enough question to ask.