Tech world may face huge fines if it doesn't scrub CSAM from encrypted chats

Re: Nobody can sensibly deny that this is a moral imperative

"Moral Imperative" = "of highest importance"

Nobody can deny that preventing child (or indeed, any) sex abuse is a moral imperative.

Nobody can deny that allowing people to communicate privately is a moral imperative.

Home Secs job, like that of many politicians, is to balance dozens of moral imperatives against each other. That's why it's a hard job, and not one that should be assigned to fuckwits.

Incidentally, also...

Nobody can deny that children having a roof over their heads is a moral imperative

Nobody can deny that children having enough to eat is a moral imperative

etc

See if the current government gives a flying f**k about any of that

Re: Nobody can sensibly deny that this is a moral imperative

Another "problem" of minuscule size that requires a nuclear weapon dropped from orbit as if "it's the only way".

Re: Irrelevant really though, isn't it ?

Exactly how widely that will be adopted is a question, but it will certainly be the MO of kiddie porn flingers.

Re: Irrelevant really though, isn't it ?

"We, and other child safety and tech experts, believe that it is possible to implement end-to-end encryption in a way that preserves users' right to privacy ... "

Says Priti Patel BA Economics (University of Keele)

Re: If they can do why do they not tell us how?

Client side scanning prior to encryption is what she's talking about.

Re: If they can do why do they not tell us how?

>They believe this, but refuse to say what leads them to believe this.

Boxed ticked, parents can sleep whilst the children surf the web.

Which immediately identifies the flaw in this statement; the first part ie. end-to-end encryption, has any meaningful impact on children being safe online.

End-to-end encryption won't stop what happened at Disney's Club Penguin.

Re: If they can do why do they not tell us how?

It is trivial, you encrypt one copy of the E3E message with your private key and the recipients public key. And to comply with the law, you encrypt second copy of the E3E message with your private key and a personal GCHQ/CSAM/government public key, sending the a copy of the message (Which they would then get computers to automatically scan using neural networks trained with existing CSAM, and a human would only be allowed to access any messages with an actual court order issued by a judge). Of course this would only work if people had locked down devices that could only execute the government mandated E3E communication application(s) and had no ability to run any unsanctioned applications (no matter how trivial they may be to create - in case someone reading this post does exchange CSAM, I'm not going to explain how). The mentally damaged individuals who own and send CSAM to each other would obviously use the government mandated E3E communication application(s) because they are severely mentally damaged individuals ? Just like these people in the government who created the online safety bill.

Maybe the solution is to start simple, implement the application for governments to test first for say 50 years. If anyone in the government is caught not using the application, they can serve some jail time. And every message sent by everyone in government is decrypted and made publicly available after say 20 years.

Re: If they can do why do they not tell us how?

Ok, i'll bite.

There is already a child abuse image content list available which includes hashes of child porn images. To be compliant, all you'd have to do pn the client end when somebody attaches or receives an encrypted image is to check the image hash against a list of known child porn hashes, and if a match is found then flag it up to the police.

That would be totally compliant with this law, it could only inconvenience people attaching images on the child abuse image content list to encrypted messages and it leaves end to end encryption intact.

In fact the only possible potential this has for scope creep that I can see would be the police asking if they could keep a list of hashes attached to messages so after they've raided a paedophile and got an extra few hundred/thousand images to go on the list that they could retrospectively check to pick up anybody else sharing the same material. Even if this was done, a list of MD5 hashes presents quite a limited threat to privacy, or freedom of expression.

Re: If they can do why do they not tell us how?

believe that it is possible to implement end-to-end encryption in a way that preserves users' right to privacy

They are probably envisaging a "trusted third party" in the middle doing the scanning with end-to-end encryption connecting both ends to the middle. This is fine as long as it is a "trusted third party" that could be relied on to rigidly and securely perform the required task and no more. Unfortunately it can't be relied on to do anything like that. The required level of security to protect the users right to privacy would make the trusted third party resemble an opaque box. Mission creep would then secretly extend the monitoring criteria turning it into a "untrustable third party" at which point you might as well rename it CESG monitoring point.

Re: Testing

If we're lucky, that may lead them to conclude the "false-positive" rate is too high and scrap the whole idea.

Re: Way to go, Priti

The name on the door might change, the attitudes within do not.

When in power 'Think of the children', when in opposition 'Oppose Big Brother'.