Eu revives chat control, ways to navigate it if this happens?

argante

TrustExecutor Yes, and these are the hallmarks of a government that seeks to maintain power by gradually restricting freedom.

Salami slicing tactics, also known as salami slicing, salami tactics, the salami-slice strategy, or salami attacks, is the practice of using a series of many small actions to produce a much larger action or result that would be difficult or unlawful to perform all at once.

Salami tactics are used extensively in geopolitics and war games as a method of achieving goals gradually without provoking significant escalation.

Divby0

TrustExecutor

I think it's much simpler: follow the money. It's been the driving force all along in recent years. (None the less very sad and very dangerous ...)

https://borncity.com/win/2023/09/27/european-union-which-lobby-organizations-are-behind-the-plans-for-chat-control/

Eumenia

n3t_admin That 100% depends on the implementation. As of right now, I am not aware of the technical implementation planned for chat control. If implemented at the OS level (by Apple and Google), which I find WAY more likely than trying to pressure a bazillion different developers into this, it won't really matter which app you use. Every app can just go on a list and be scanned on the OS level, just like a rootkit.

If they do it on a OS level, it could be forked out off open source systems lime Android or Linux.
They would need to put the backdoor in the bootloader or boardloader.

argante

Eumenia And this poses a risk of locking the bootloader. For this type of restriction to be enforced, it must be ensured that it cannot be disabled by, for example, installing GOS etc.

de0u

Graphene1 The reality is you don't know, I don't know.

If we both don't know, then the way to knowledge is evidence.

Speculative videos without evidence are not a way to knowledge.

Videos that speculate about things we are already speculating about can deepen our suspicion (and provide a good income to the authors).

But deepening our suspicion is not the same thing as deepening our knowledge.

de0u

Graphene1 Ultimately the tools are in place to conduct this level of surveillance and governments are chomping at the bit to take away people's privacy and freedom.

If the UK can ban encrypted iCloud backups at the click of a finger [...]

I think this example proves the opposite of the claim made in that video.

The UK told Apple to put a back door in iCloud encryption and Apple publicly refused and insread disabled iCloud encryption in the UK.

The author of that video claimed that governments wanted Apple to put secret AI scanning into iPhone 16s and claimed (again, without a shred of evidence) that it's already there.

Graphene1

de0u let's hope your right.

ryrona

I have read the new draft for Chat Control, and it is very similar to the original one. We all knew they would make at least one more attempt at Chat Control, but I think most of us expected it to be an even more weakened version than the last one that failed to get majority, so it is a bit puzzling they are essentially trying the original proposal again. Even more so, since EU recently published directives to us operating websites in the EU on how to protect minors from grooming and other harms, and those directive took a very different approach, pretty much the opposite of Chat Control, and one that is well aligned with children's rights and broadly respects the privacy of everyone. So I don't know what they are doing honestly.

I am going to try to clarify some concerns raised in this thread:

OS level scanning has never been part of Chat Control, and is not part of this version either as far as I could tell. What is talked about in this new proposal is that apps that allow upload, sending or streaming of image data (including photos, attachments and video calls), are forced to scan said image data prior to sending it using an EU government approved AI and image hash based online CSAM scanning tool. The user will be asked for consent before scanning, and if they refuse, the sending of the image must be blocked by the app instead. (This last sentence appears new in this draft, so probably why they try this new proposal.)
They have added a new addition that the implemented solution must not compromise the security of end-to-end encryption, nor discourage apps from implementing end-to-end encryption. However, since the client side scanning is mandatory unless you disable all image, video and file sending functionality, this new addition does not mean anything at all in practice. But it is definitely to kind of writing I would expect them to do to maliciously attempt to push the same thing one more time.
In previous drafts, open source projects have been excluded from having to implement this scanning, as the proposal only applied to companies making revenue. I couldn't find that specific writing this time around, but that also means it wasn't highlighted as a removal, so it is probably still there somewhere in that huge document. So what that means is that WhatsApp would be forced to implement this, but your average open source Matrix compatible messenger app wouldn't have to. Situation with Signal is less clear to me, as it is owned by a non-profit organization.
The provisions that forbid individuals below the age of 16 from using messengers and any other social media does not appear to be in this new proposal. Nor does age verification.
This new proposal still grossly violate children's rights, as a child can no longer send private sexual pictures with a peer without said picture now being sent to a to-the-child unknown adult for visual inspection. This proposal still does the exactly opposite of what it claims. Instead of protecting children from having their private pictures spread on the internet, it makes such spreading of their private pictures mandatory by law.
At least in the original prosposal, the law does not apply to citizens, only to companies. We are still allowed by law to use end-to-end encryption without their scanning by means of open source softwares, peer-to-peer networks, and darknets, just as today. Companies (at least profit making ones) are not allowed to make it available to us, but even just a few years ago there were no end-to-end encryption in commercial messenging apps, that is a new trend. We used to rely on open-source and peer-to-peer networks or darknets for that. So at worst, this is a set back of about 10 years, meaning, your average unknowing citizen will use effectively unencrypted and monitored chats, like how it used to be.
The law will be close to 100% ineffective at lowering the rampant spread of CSAM on internet, since the means it is spread is largely excluded anyway. Yet they keep pushing this instead of actual known effective solutions at prevention such as 1) changing the populations opinions about child porn by talking about attraction to children and healthy coping mechanisms, eg talking about it in sex ed; research shows most who start watching child porn does it before the age of 25, most common onset is in the teens, yet topic is not talked about, 2) anonymous online therapy to help break child porn addiction; effective therapy exists and research shows about 45% of everyone who watch child porn wants to stop, but no funding this far, and 3) providing reasonable alternatives to child porn for those attracted to children, instead of illegalizing all alternatives too which is largely unhelpful.

kihygrdb

ryrona so all this alarmism about this law is baseless?

Eumenia

ryrona OS level scanning has never been part of Chat Control, and is not part of this version either as far as I could tell. What is talked about in this new proposal is that apps that allow upload, sending or streaming of image data (including photos, attachments and video calls), are forced to scan said image data prior to sending it using an EU government approved AI and image hash based online CSAM scanning tool. The user will be asked for consent before scanning, and if they refuse, the sending of the image must be blocked by the app instead. (This last sentence appears new in this draft, so probably why they try this new proposal.)

Is this AI open source?
So someone independent could verify anything?

de0u

DeletedUser410 Would the scanning be on device meaning that EU would want manufacturer to install some sort of scanning software on the devices?

I believe that question was already addressed earlier in this thread (ryrona).

Xtreix

These absurd laws proposals do not apply to mathematics; nothing changes : https://archive.is/EcWmt

ryrona

I want to clarify a bit about Apple too, since I am kind of knowledgeable on the topic.

Apple is scanning all unencrypted files stored in iCloud for CSAM using AI based CSAM scanning tool. This tool does false detections that have led to false arrests by police. This has been covered extensively in reputable news sources.
Apple has at no point had any client side scanning.
Apple did plan to add scanning to the OS, to detect both CSAM and grooming attempts. They announced this ahead of time of the release that would include the OS level scanning. It would be a local AI tool, and nothing would be reported or communicated online unless that AI tool had detected more than 20 instances of CSAM or grooming. The population revolted against these plans, calling for boycotting Apple, which lead to a noticeable decline in sales of new iPhones. In response to this, Apple initially said they would postpone shipping the scanning for one year while talking to privacy organizations and children rights organizations. A year later they announced they would not ship the mandatory scanning, since it would violate children's rights. Instead they would ship it as an optional feature as part of parental control, which children or their parents can enable, and instead of reporting, the AI tool will instead just block viewing or sending of image and give a link telling the child about the dangers of sending nudes online and how to get help. I believe this was implemented and shipped.
Since then, Apple has implemented end-to-end encryption for iCloud, rendering their scanning they do there ineffective, except for countries like the UK where they do not ship the end-to-end encryption due to local laws.
I haven't heard anything new since then.

Franckienogotobollywood

ryrona I understand that the CSAM can pose some problems for privacy but there has been so much abuse on minors that I am rather for. Apple's solution was not bad and it was transparent.

grayway2

ryrona Apple is scanning all unencrypted files stored in iCloud for CSAM using AI based CSAM scanning tool ?

I might be wrong but the scanning of CSAM on iCloud or iPhone was abandoned and never applied.

They can technically scan medias on iCloud without advanced protection but I don't remember them admitting to do it publicly.

ryrona

Franckienogotobollywood I understand that the CSAM can pose some problems for privacy but there has been so much abuse on minors that I am rather for. Apple's solution was not bad and it was transparent.

It is a bit unclear to me what you tried to say. I also don't really feel like drifting in a political direction since that is forbidden on these forums, so I try to only answer objectively. Is Child Sexual Abuse Material (CSAM) a privacy issue? Yeah definitely, to the depicted child it is a gross privacy issue. Is CSAM scanners a privacy issue? I would say it depends on how it is implemented. Should we try to stop the spread of CSAM? I believe it is a widely held opinion that we should, and why this is talked about at governmental level right now, with high approval rate. Should we try to do it with AI based and image hash based CSAM scanners? I don't necessarily think the idea in itself is bad, but it depends on how it is implemented.

To be clear, the issue with client side scanning was never that it tries to detect CSAM or even tries to block its sending or retrieval. At worst you might scream "censorship!" about that, but I don't think screaming that has much merit unless it is the child depicted in the image that is screaming that. Either way, mandatory blocking is not a privacy issue, and is not what caused people to revolt against Apple's proposal and now Chat Control. The issue has always been the automatic reporting, or the leaking of private photos to remote server unencrypted, at the whim of an unreliable AI tool which does not understand context. If all they did was mandatory blocking, there would only be privacy benefits with it, no privacy drawbacks.

Franckienogotobollywood

ryrona People who have CSAM content have no place in society.

ryrona

kihygrdb so all this alarmism about this law is baseless?

No, absolutely not. We should be alarmed and should stop it. Even if the law won't affect us in the privacy community much, this law if passed would erode privacy for your average user, and especially for children. We should increase privacy for the average user, and especially for children. This law is so grossly misdirected it looks malicious.

Eirikr70

kihygrdb so all this alarmism about this law is baseless?

That's what it seems to me.

kihygrdb

ryrona im also against this, but it's still better than i originally thought

ryrona

grayway2 I might be wrong but the scanning of CSAM on iCloud or iPhone was abandoned and never applied.

The plan for on-device scanning (client-side scanning) on iOS (iPhones and iPads) was abandoned. Unencrypted content uploaded to iCloud, regardless of how it was uploaded, has been scanned long before the plans for on-device scanning. I doubt they have stopped doing that. They don't want CSAM on their servers, and might have legal liability to not have it.

Eumenia Is this AI open source?

It doesn't sound like that is what they are planning. It sounds like they are planning for an EU provided online service that does the scanning. I know existing such online scanners specifically do not release their data, since they feel that would make it easier for people to avoid getting caught by the scanner. I don't know how the people behind Chat Control are reasoning, but since they at least originally was more interested in automatic reporting and arrests than they were in blocking the spread of CSAM, I suppose they too want to keep the data secret, and won't release it.

Eumenia So someone independent could verify anything?

If it is a local image hash database plus local AI scanning model that is loaded on device, it would be trivial to audit that it is effective in detecting and blocking all kinds of CSAM, while not falsely triggering on and blocking things that might look like CSAM but isn't intended to be blocked (like vacation photos with naked children, legal porn with young actors, age play porn, loli/shota, etc).

I personally doubt we will be allowed to audit that, unless they suddenly come to their senses and realize that the only way they can get mandatory blocking accepted is if they preserve peoples privacy.

(One can at least hope they publish information about how they trained the AI model, so not they are doing something illegal like they possessing CSAM images.)

avaluedcustomer

Franckienogotobollywood The problem is that today it might just about child abuse. Tomorrow that same infrastructure will be used to report and track down people criticizing the government. When that infrastructure is in place, it will be used for global mass surveillance.

DeletedUser433

grayway2

Don't worry. Even if the law is adopted, Whatsapp or Telegram will shut down its services for Europeans.

People without WhatsApp or Viber will become very angry and in the end the law will be cancelled.

I'm not sure Whatsapp would shut down its services. Meta has never been particularly concerned about privacy. Is there a disadvantage for Meta itself in continuing to provide services under this new policy? In my area at least, people use multiple apps like Whatsapp, Instagram, Discord which all include messaging functionality. They probably would not put up serious resistance towards changing apps.

grayway2 Correct me if I'm wrong, but Apple seems to be rather compliant in China even at the expense of certain liberties. I don't know much about this so I'd be grateful if someone more knowledgeable than me would drop in and shed some light on the issue, preferably in layman's terms

The suggestions to simply encrypt .txt files seem reasonable enough. Speculating is nice and all but it simply makes it a pain to read through the entire thread since a lot of the posts are practically fluff

Franckienogotobollywood CSAM is known to exist on the clear net, yet governments never seem to mention it. I rarely see news or reports on what the government is doing to restrict the dissemination of such material on the clear net

Eirikr70

avaluedcustomer If this was a target, why would they have been waiting so long? Don't get me wrong, we must beware of that tendency of the State to reduce the liberties, but not be paranoid about that. Fighting CSAM is definitely a legitimate goal for a government.

Franckienogotobollywood

avaluedcustomer Yes, but that's another problem.

Franckienogotobollywood

avaluedcustomer And mass surveillance already exists

grayway2

Eirikr70 they don't want to fight CSAM, they want to have access to everyone's private communication.

« Previous Page Next Page »