[hvdijk]

The bit about Facebook's planned end-to-end encryption ends with:

> One of the specific initiatives under the EU Internet Forum in 2020 is the creation of a technical expert process to map and assess possible solutions which could allow companies to detect and report child sexual abuse in end-to-end encrypted electronic communications, in full respect of fundamental rights and without creating new vulnerabilities criminals could exploit. Technical experts from academia, industry, public authorities and civil society organisations will examine possible solutions focused on the device, the server and the encryption protocol that could ensure the privacy and security of electronic communications and the protection of children from sexual abuse and sexual exploitation.

I read this as "Okay, fine, we can't ban end-to-end encryption and we cannot backdoor it. What can we do?" If that is what they mean, it seems a reasonable enough question to ask.

[matheusmoreira]

> possible solutions focused on the device, the server and the encryption protocol

Looks like they're going to find ways to read our messages before they are encrypted and sent. Why would anyone continue to use a communications application that's known to do this?

[AnssiH]

> Why would anyone continue to use a communications application that's known to do this?

Network effect. Most people are not using Whatsapp because it is E2EE, they are using it because all their friends are.

[nix23]

Not sure if terrorist and organized crime are influenced by the "Network effect"...and it's because of them right?

[kenmacd]

Even if true it seems it could still create a smaller haystack.

[nix23]

Of freedom activists or terrorists? Or is that a viewpoint thing?

[fogihujy]

My guess: Client-side scan for certain keywords to identify grooming and some kind of signature-based identification of known child-porn media. Basically what I assume Messenger does today, but on the local devices instead.

The general public won't care until we're halfway down a slippery slope, and then people will just switch to whatever platform is perceived as more secure/popular at that particular moment in time.

[271828182846]

> Why would anyone continue to use a communications application that's known to do this?

Are you kidding? Almost nobody will care about that. This isn't even a new threat. It's common practice already.

[pradn]

What if hashes of known-bad content are stored locally on the device, and sending content that matches against those hashes is not allowed. Or, the user could appeal if they think there's a false positive. This can be used for CP but also for known-bad fake news or inflammatory content. Clearly, the content hash DB needs to be scope down, and what goes in there should be chosen with democratic principles, and stand scrutiny in the courts. If done thoughtfully, it seems like a feasible solution.

[ApolloFortyNine]

Changing a hash is incredibly easy, you could just change some Metadata and the hash would change. And any perceptual hashing algorithms would naturally lead to false positives.

Also this would likely be quickly commandeered for copyrighted work (honestly pretty surprised it hasn't happened already).

[ergl]

This is already done extensively: https://en.wikipedia.org/wiki/PhotoDNA and https://blog.cloudflare.com/the-csam-scanning-tool/

[pradn]

Yes, it would have to be a perceptual hash. False positives will occur, so there needs to be a way to appeal or remediate the algorithmic decision. We already apply this approach in a bunch of places. I believe the major personal cloud storage providers (OneDrive, etc) already do such scanning.

[ApolloFortyNine]

>This can be used for CP but also for known-bad fake news or inflammatory content.

It worries me that anyone thinks it would be a good idea to have "fake news" and "inflammatory content" blocked at the device level. Obviously cloud providers can do whatever they want (though I doubt it catches any more than the lowest hanging fruit, encrypting then uploading would be uncatchable), but the idea that my device will have a list of disapproved content, and I'll have to appeal to the government to be allowed to view it in case of false positives? The day that becomes a reality freedom will truly be dead.