[tolmasky]

I think the slightly more sophisticated position is that, regardless of the operational security that is currently employed, if you were to implement something like this, then criminals would quickly adapt to improve their operational security accordingly. Especially because "operational security" in this case is doing a lot of heavy lifting to obscure how easy it would be: just use a good E2E messenger.

This is not some wild hypothetical, the recent explosion in VPN use by every country that has implemented an age restriction law should be sufficient to display this effect in place. In a world without weird country restrictions (whether that be intellectual property restrictions or content restrictions), VPNs would be a niche technology for business. Instead unbelievably large amounts of the general population are now not only using it, but paying for it.

I think the assumption that criminals would not learn how to use one of the many free E2E encrypted messengers is the deluded and naive position.

[loeg]

Criminals aren't very smart and don't think about their actions or the consequences very much.

[bccdee]

That's not true. You're stereotyping criminals. People who commit assault, petty robbery, public indecency, etc. are probably on the whole not brilliant. But how about fraud, embezzlement, or parking infractions?

Given that we're talking about cybercrime here, what are the odds that the criminals in question are too dumb to Google "how can i get around whatsapp image scanning"?

[loeg]

It's a general statement; there is always individual variation. It is also generally true of fraudsters and cybercriminals.

[izzydata]

I hear this a lot, but I wonder if that is just because the only criminals you hear about are the not very smart ones doing crime on unencrypted monitored services. This sounds like a survivor bias situation. How can we know how many criminals there are if we only know about the ones we know about?

[IshKebab]

> you were to implement something like this, then criminals would quickly adapt to improve their operational security accordingly

This just isn't the case. Many criminals use non-encrypted phone calls, leave voice mails, etc. all the time. For example this recent theft of a gold toilet:

https://www.bbc.co.uk/news/articles/cgeg39vr3j3o

> A photograph found by police on his phone showed a carrier bag stuffed with cash, which was sent on WhatsApp with the message "520,000 ha ha ha".

The only reason that was E2E encrypted is because everyone in the UK uses WhatsApp and they enable E2E encryption by default.

> I think the assumption that criminals would not learn how to use one of the many free E2E encrypted messengers is the deluded and naive position.

It absolutely isn't. Some would, but the vast majority of criminals are not security experts.

It's still a dumb law. Also the criminals that it claims to target (paedophiles) are probably the least likely to get caught because they're already used to lots of electronic scanning things. Though even there it's not like they're all criminal masterminds. I can't find it now but there was recently a story about a someone who tried to hide child porn just in a deep folder structure like .../secret/do_not_open/i_warned_you/...

Dumb law, but lets use real reasons to argue that.