back to article Europe proposes tackling child abuse by killing privacy, strong encryption

Proposed European regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts. A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps …

  1. Anonymous Coward
    Anonymous Coward

    Scunthorpe

    but more importantly how will they read my messages without my keys ? Becuase (obviously) I ain't using no "EU" approved service. I will PGP anything before it goes anywhere.

    1. tip pc Silver badge

      Re: Scunthorpe

      Those encrochat users thought they where safe too…..

      https://www.bbc.co.uk/news/uk-england-manchester-61400174

      Ultimately whomever you chat with has to unencrypt your filthy messages so they either get you or they get them, either way they already know who your talking with.

      Who’s to say your encrypted messages don’t contain the filth the authorities say they do? After all it’s in an unnecessarily secret code etc etc etc.

      Ultimately, given the end to end nature of comms, governments know historically who connected to who.

      its incredibly difficult to convince a jury, without the shadow of doubt, that something scrambled contains the nasties the authorities think it does even when they can prove connectivity took place and nasties are present on 1 side.

      Removing encryption is all about removing that doubt.

      Of course what they will find is that crims will use different tactics or use customised encryption.

      Customised encryption will stick out and draw attention as only those peddling csam would use unauthorised encryption.

      This incessant nudging needs to be stopped before other harms are introduced.

      1. ThatOne Silver badge
        Devil

        Re: Scunthorpe

        > its incredibly difficult to convince a jury, without the shadow of doubt, that something scrambled contains the nasties the authorities think it does

        Actually, its incredibly difficult to convince a jury, without the shadow of doubt, that something scrambled does not contain the nasties the authorities say it must contain... After all you prevented legal decryption, which means that you clearly have something to hide. You islamist drug dealing perv, you!

        1. Agamemnon

          Re: Scunthorpe

          A friend of mine and I have been using PHP (GnuPG, whatever) for a very long time. Went to Uni together and later worked at a magazine with shiny paper and vibrant ink. We remember Phill getting drilled.

          That being said, way long before Snowden we used to trade chili and bread recipes because poking bears with sticks is funny.

          We agree with your statement.

          1. ThatOne Silver badge
            Happy

            Re: Scunthorpe

            > because poking bears with sticks is funny

            Until they decide to poke back...

    2. Anonymous Coward
      Anonymous Coward

      Re: Scunthorpe

      Very clever! I bet when they spot something they can't decrypt they'll ignore it and carry on looking at the stuff they can decrypt.

      There's absolutely no way that they would think that your PGP message contained child porn, singling you out for extra attention. Not a chance.

      1. Fonant

        Re: Scunthorpe

        Hmmm... if you use the World Wide Web, you should perhaps be aware that the vast majority of sites now use HTTPS, which provides End-to-End Encryption between you and the server. Most internet traffic is encrypted already.

        1. grizewald

          Re: Scunthorpe

          I'm quite sure that TLS is no problem for most of the Five Eyes to decrypt already, given the key harvesting that they have been engaged in for the last decade at least. Add the fact that most FE countries also hoover up the vast majority of data flowing on the Internet already, regardless of whether they can currently decrypt it or not and you begin to get an idea of the scale of the mass surveillance system which is already in place.

          Given that they also have willing allies in even non FE countries like Sweden who happily provide data collection facilities to feed the data mines with raw feeds from links which are not located in FE countries, the penetration of the existing mass surveillance system is pretty much total.

          The existence of these informal data sharing alliances also gives these countries the ability to spy on their own citizens, even when that is specifically illegal, by asking one of the other allies to do it for them. Add all the data which private companies collect about people through their pervasive surveillance systems to the pot and you end up with the ability to build a comprehensive profile of anyone's daily life and social network already.

          The fact that the FE countries and their allies are attempting to remove the last vestiges of privacy from the day-to-day lives of the population will make anyone who uses illegal encryption systems (as they will become) stick out like a sore thumb in the data flows that are absorbed into the data mines.

          We are already screwed. This proposal is just further proof (as if any was needed) of the contempt with which the ruling class treats the plebs these days.

        2. tip pc Silver badge

          Re: Scunthorpe

          Hmmm... if you use the World Wide Web, you should perhaps be aware that the vast majority of sites now use HTTPS, which provides End-to-End Encryption between you and the server. Most internet traffic is encrypted already.

          The thing about end to end is which ends your talking about.

          Encryption between my browser and that thing in the middle which checks what I’m doing and spawns a new connection to my original destination. So we now have 2 valid end to end encrypted connections but something in the middle is still able to see everything I do and I am non the wiser.

          I find it hilarious when people think a vpn to some company on the internet adds some kind of enhanced security.

          Your paying someone to handle your traffic and have no idea if they are breaking it too.

          https://www.thesslstore.com/blog/ssl-inspection/

          If you go through a corporate proxy, especially a cloud one then your traffic is being inspected, it’s often obvious when you check the cert chain on the padlock

          I can’t find it now but I’m sure there was a recent issue with root ca’s that needed to be reissued.

          Another blog entry on blindly trusting the certificate system

          https://blog.malwarebytes.com/security-world/technology/2017/11/when-you-shouldnt-trust-a-trusted-root-certificate/

          1. Anonymous Coward
            Anonymous Coward

            Re: Scunthorpe

            I'm only speculating here but I'd say the usual agencies would be incompetent if they didn't have a copy of their major CA's private keys and were able to reissue certificates at will.

            X509 authentication relies on some "authority" you've never met making trust decisions for you. Web of trust has its shortcomings too but it's the better choice in many common scenarios.

            1. Strahd Ivarius Silver badge

              Re: Scunthorpe

              3-letters agencies don't need the key, the CA are always willing to help...

      2. KittenHuffer Silver badge

        Re: Scunthorpe

        In that case write a software robot that writes random data to a file, encrypts it, then emails it randomly to an address from a large list. Have this timed so that they are sent out randomly. Then publish the source so that other like minded geeks can also get into poisoning their system.

        1. Doctor Syntax Silver badge

          Re: Scunthorpe

          then emails it randomly to an address from a large list of legislators and other supporters of banning E2E encryption. And then tells the police about it.

          FTFY

          1. Paul Kinsler Silver badge

            Re: Scunthorpe

            Didn't someone try this sort of thing on Jack Straw, back in the day?

            And did it make any difference?

            1. Yet Another Anonymous coward Silver badge

              Re: Scunthorpe

              >And did it make any difference?

              Yes the sender went on "a list"

      3. Version 1.0 Silver badge

        Re: Scunthorpe

        And what happens when they decrypt your Blind Faith album cover, or see your QAnon posts about Hillary Clinton porn videos? I agree that porn is bad but I think that everyone's attitude to the fact that we are all naked under out clothes is much worse...

        If we charge down this road without thinking about the consequences then maybe we will simply ban all artists. In college I was taught to draw and paint pictures of people, you started with a naked body (drawing a naked civil servant) and then we drew and painted clothes on it ... it always looked realistic, I was in the top five of the class and now when I see people walking around, I always know just what they all look like naked. Clothes are irrelevant to me although I wear them everywhere.

    3. VoiceOfTruth

      Re: Scunthorpe

      In the UK you will get 2 years in prison for not handing over your keys. There is no need for reasonable suspicion in the UK, it is at the whim of a pig in uniform. Britain has always had this fascism in its DNA.

      1. Yet Another Anonymous coward Silver badge

        Re: Scunthorpe

        When the law was introduced a nice man from the Home Office came to talk to our computer dept.

        We asked what happened to data files from simulations that were random and so couldn't be proved not to be encrypted data.

        Essentially we were told not to worry our pretty little heads about it since the law was only for use against terrorists and/or international drug dealers

    4. Anonymous Coward
      Anonymous Coward

      Re: Scunthorpe

      > how will they read my messages without my keys ?

      Same way as is currently done: by intercepting it on-device either before encryption or after description.

      This was, after all, explicitly provided for in one of the drafts I saw a few months ago.

  2. Pascal Monett Silver badge

    What was the proportion of kiddie fiddlers again ?

    If I'm not mistaken, I seem to recall recently reading in these hallowed pages (this article) someone stating that kiddie porn was 0.2% of all cases, the proportion being relatively stable for the past decade.

    Now, far be it from me to declare that the children being abused is negligeable, it is a horrible thing, but I don't see why I should give up my privacy for this.

    Get the police to do their jobs and that will solve the problem.

    1. hoola Silver badge

      Re: What was the proportion of kiddie fiddlers again ?

      Whilst I understand your sentiment, just stating "Get the police to do their jobs and that will solve the problem." when part of the problem is that so much is digital now, if they cannot read it, how can they do their job?

      There is no easy answer but as encryption in transit and at rest combined with increased end-point security increase and becomes more complex, exactly how can they improve what they are doing?

      1. Flocke Kroes Silver badge

        Re: how can they do their job?

        How about listening to children? Giving children clear opportunities to speak? Explaining that is not their fault?

        They can take away https, ssh and gnupg when:

        Using their own personal money they research and implement defective encryption. They use this defective encryption to protect all their money. When the money is taken they have no legal come-back on the thief and their the defective encryption is not mandated.

        1. Doctor Syntax Silver badge

          Re: how can they do their job?

          I'd go further than that. Any legislator planning to vote for this should publish all their online credentials, banking, email, trading etc. and then postpone the vote for a year.

        2. Cav

          Re: how can they do their job?

          "How about listening to children? Giving children clear opportunities to speak? Explaining that is not their fault?"

          Which is done already and for some of those suggestions is not the role of the police.

          Again, "Just do their jobs" is not simple. It is often used by those who refuse to help the police, refuse to talk to the police, don't like "grasses" but then expect the police to just "do their job".

          1. tip pc Silver badge

            Re: how can they do their job?

            how did the police do these things before the internet?

            those same techniques should be used again now.

        3. hoola Silver badge

          Re: how can they do their job?

          To all those downvoting I am not agreeing that the proposals are correct. Backdoors to anything invariably end up being abused but as it stands if the endpoint is encrypted as well and the suspects don't give up the access what do the police do?

          "If you know the information required and refuse to provide it, you can be sentenced to a maximum of 2 years

          imprisonment or 5 years imprisonment for an offence involving national security or child indecency. If you genuinely do not know the information you can put this forward as a defence to the offence."

          You can prosecute for withholding the password but in this context you need to also prove "child indecency" as well. There may be sufficient evidence and ground to go with the latter but as we have seen repeatedly it is seemingly very difficult to get prosecutions in this area. Smart lawyers and interest groups are making it very difficult for the police to "do their job" as they are buried under inefficiency, endless meaningless protocols and decreasing budgets. If the solution is that the police have to spend inordinate amounts of staffing and resources on physical surveillance then it will simply get "bumped" down the list.

          That brings us back full circle, as more information and evidence becomes digital and the methods of protecting it more sophisticated, what can be done to help? Not that many years ago a warrant to search and seize documents and equipment could often provide the required evidence. If all the evidence is now encrypted and the penalties for not providing access are less than the the alleged crime it is rather a win-win for the criminals.

          I repeat that I am not stating the proposals are the way forward and El Reg readers are very clear that anything to do with breaking or providing backdoors for encryption is wrong, so we need to look at what the solutions are. If that is throwing more budget at the police then fine however in recent years the trend has been to removed "feet on the streets" and replace them with a smaller number of keyboard users.

      2. ThatOne Silver badge
        Devil

        Re: What was the proportion of kiddie fiddlers again ?

        > part of the problem is that so much is digital now, if they cannot read it, how can they do their job?

        Easy: Ban Internet altogether! Make it one way, so people can still watch ads, but prevent them from sending out anything to anybody else.

        What? Makes just as much sense.

        1. iron Silver badge

          Re: What was the proportion of kiddie fiddlers again ?

          Genius invention, what should we call it? How about Television?

        2. CountCadaver

          Re: What was the proportion of kiddie fiddlers again ?

          So essentially build "Britnet" -= all family friendly, child safe, govt approved content, no foreign rubbish or filth"

          *shudder*

          1. Yet Another Anonymous coward Silver badge

            Re: What was the proportion of kiddie fiddlers again ?

            >So essentially build "Britnet" -= all family friendly, child safe, govt approved content, no foreign rubbish or filth"

            It should be Royal Britnet, with some Princely Royal in charge. Somebody not next in line to be king with a nice uniform and no other job

            1. Anonymous Coward
              Anonymous Coward

              Re: What was the proportion of kiddie fiddlers again ?

              "Royal Britnet" - do you get a free meal at Pizza Express when you sign up get forcibly signed up?

              1. Strahd Ivarius Silver badge

                Re: What was the proportion of kiddie fiddlers again ?

                no, only fish & chips

      3. codejunky Silver badge

        Re: What was the proportion of kiddie fiddlers again ?

        @hoola

        " when part of the problem is that so much is digital now, if they cannot read it, how can they do their job?"

        When it isnt digital and is reported they struggle to do anything due to 'certain protected groups'. Maybe if they can do the basics we might trust them with a bit more?

        1. Anonymous Coward
          Anonymous Coward

          Re: What was the proportion of kiddie fiddlers again ?

          Including Madeleine McCann's parents.

          Protection at the highest levels in the Police against child neglect prosecution for leaving the young children alone in a strange place at night.

      4. Anonymous Coward
        Anonymous Coward

        Re: What was the proportion of kiddie fiddlers again ?

        I wonder how crimes were solved before the internet?

        /sarc

        Remember when people used to meet in private, and there was no possible dragnet of conversations?

        The fact is, electronic communications made their jobs so much easier (to hell with privacy) that they got lazy. They want to ban encryption so they can remain lazy.

        As the original poster said "Get the police to do their jobs." - there are many many avenues to pursue that don't rely on listening in to actual conversations.

        1. Yet Another Anonymous coward Silver badge

          Re: What was the proportion of kiddie fiddlers again ?

          >I wonder how crimes were solved before the internet?

          Arresting the nearest Catholic / Jewish / Black / Irish man (delete by appropriate century)

        2. Cav

          Re: What was the proportion of kiddie fiddlers again ?

          Garbage. Many crimes just went unsolved.

      5. Strahd Ivarius Silver badge
        Trollface

        Re: What was the proportion of kiddie fiddlers again ?

        policemen are not supposed to read, only to follow orders

    2. katrinab Silver badge
      Megaphone

      Re: What was the proportion of kiddie fiddlers again ?

      Children being abused is not a negligible thing. Abusers exchanging photographic evidence of it with other random people is negligible.

      1. Eclectic Man Silver badge
        Unhappy

        Re: What was the proportion of kiddie fiddlers again ?

        One of the most appalling incidents (to my mind, at least) was when the UK Security Service knew of serious child abuse at the Kincora Boys Home but instead of saving the children used it for blackmail.

        https://en.wikipedia.org/wiki/Kincora_Boys%27_Home

        I thought that surely this was something that should have caused resignations, at least, and even prosecutions of the UK officials involved. But then the scandals of the Roman Catholic Church and Church of England covering up child sexual abuse came to light, and the Rotherham sex scandal, and others. So I'm guessing that the Security Services reckoned that the abuse was 'par for the course'. (Not sure which particular circle in hell is reserved for them.)

        For the avoidance of any doubt, there is no such thing as a "child prostitute". Children are by definition unable legally to consent to sexual activity with anyone. There are sexually abused children, there are sex slave children, there are groomed and coerced and deceived children, but they are not prostitutes, whatever anyone says.

        I reckon that any bill to remove E2E encryption on the basis of protecting children from abuse should include a clause that says any organ of government that becomes aware of child abuse and decides not to do anything to protect the children and bring the offenders to justice must have authority to proceed in that way signed by both the Home Secretary and the Justice Secretary, detailing the abuse which is to be 'allowed'.

    3. martinusher Silver badge

      Re: What was the proportion of kiddie fiddlers again ?

      Kiddie porn exists for one and only one reason -- its the ultimate thin end of the wedge. Before it became a 'thing' I didn't even know it existed (it must have in one form or another since humans are both diverse and inventive) so I've always thought it became an 'issue' primarily as a tool to push anti-privacy legislation. Its perfect for the job because if you oppose it then its obviously because you're one of "them" and its so easy to tar you if you start being too much of a nuisance ("if you know what I mean").

      1. Cav

        Re: What was the proportion of kiddie fiddlers again ?

        "so I've always thought it became an 'issue' primarily as a tool to push anti-privacy legislation" then you're a deluded conspiracy theory devotee.

        1. Anonymous Coward
          Anonymous Coward

          Re: What was the proportion of kiddie fiddlers again ?

          @Cav

          You are Priti Patel and I claim my five pounds.

          You're nothing more than a police apologist.

  3. ShadowSystems Silver badge

    How to kill the proposal...

    Intercept, decode, print out, & publish in a global media outlet all the communications from all the politicians proposing the law. If they don't like it, tough shite, because that's the reality of what they're trying to make into law. Don't want your stuff open for everyone to read? Then don't pass the fekkin' law.

    1. tip pc Silver badge

      Re: How to kill the proposal...

      Intercept, decode, print out, & publish in a global media outlet all the communications from all the politicians proposing the law.

      Do let us know a global media outlet that will be willing to and support the publication of these politicians communications….

      Now Musk is buying Twitter that might be the only place that would publish such things, I doubt other outlets would be inclined to do so especially once they are convinced it’s all a good thing and thinking of the kids will increase sales or keep them on the good side of their regulators.

      1. Fonant

        Re: How to kill the proposal...

        Russia Today would probably be happy to publish private communications of UK government ministers. Or perhaps Al Jazeera. Or WikiLeaks (is that still a Thing?). Or any one of millions of anti-UK internet forums. Or somewhere on the Dark Web, leaked to "baddies" around the world.

        1. Anonymous Coward
          Anonymous Coward

          Russia Today

          Then maybe it would be simpler just to label the proposal as an attempt to "give Russia access to ..." at this time when EU member states are all feeling awkward about needing to prove they're not in Vladimir's boudoir?

        2. Doctor Syntax Silver badge

          Re: How to kill the proposal...

          Distributed Denial of Secrets

          https://en.wikipedia.org/wiki/Distributed_Denial_of_Secrets

      2. iron Silver badge

        Re: How to kill the proposal...

        The Guardian has had no problem publishing leaks that embarass politicians in the past.

        I see no reason why they or another proper newspaper would not do so again.

        1. Roland6 Silver badge

          Re: How to kill the proposal...

          >The Guardian has had no problem publishing leaks that embarass politicians in the past.

          Suggest you watch the 2019 film Official Secrets to appreciate how (Thatcher/Conservatives) changed the OfficialSecrets Act in the government (ie. their) favour.

          We need the laws that govern the openness of government to become as entrenched as the Magna Carta - before successive governments in recent times managed to effectively do away with it.

          1. Anonymous Coward
            Anonymous Coward

            Re: How to kill the proposal...

            @Roland6

            Magna Carta was for the benefit of the barons, not the peasants.

        2. Anonymous Coward
          Anonymous Coward

          Re: How to kill the proposal...

          That was then. The Guardian is now part of the problem:

          https://thedissenter.org/very-british-form-of-press-censorship

      3. Graham Cobb Silver badge

        Re: How to kill the proposal...

        I am sure The Intercept would publish it.

    2. hoola Silver badge

      Re: How to kill the proposal...

      I don't think the proposals are about publishing everything into the public domain.

      Just going from one extreme to the other invariably makes things worse.

      1. Jimmy2Cows Silver badge
        Holmes

        Re: How to kill the proposal...

        I feel like maybe you missed ShadowSystems point.

      2. Doctor Syntax Silver badge

        Re: How to kill the proposal...

        "I don't think the proposals are about publishing everything into the public domain."

        Not intentionally. OTOH how would you feel about your online banking becoming insecure? They don't intend it but nevertheless it's what the proposals are about. You can facilitate surveillance or you can have secure online business: choose one.

    3. Tim 11

      Re: How to kill the proposal...

      That's a non-starter because obviously the law wouldn't apply to politicians - haven't you watched the news in the last couple of months?

      1. ThatOne Silver badge
        Thumb Up

        Re: How to kill the proposal...

        Indeed. Those laws are for the plebs, the rich and influential can afford much better ones.

    4. Anonymous Coward
      Anonymous Coward

      Re: How to kill the proposal...

      Well, last week MEPs voted against having their attendance checked by biometric means (fingerprints in this case).

      1. Anonymous Coward
        Anonymous Coward

        Re: How to kill the proposal...

        You can't have them show up for their jobs now can you.

        Now they are elected they have much more important things to do than to sit there and listen to the rubbish their colleagues are spouting.

        1. Anonymous Coward
          Anonymous Coward

          Re: How to kill the proposal...

          …or to answer email from their constituents.

  4. KittenHuffer Silver badge
    Black Helicopters

    So what they're really asking for ....

    .... is for every communication service to implement a MITM attack on every comminucation.

    I think that we'd see a sudden explosion of the internet's version of book cyphers. It's the one where there is a large library of files that appear to contain random bits. You XOR your document with one (or more) of the documents in this library, then send it out. And only those that know which document(s) to use can get back to the original document ..... which (of course) is encrypted as well.

    Or you just publish your XORed document to the library (making the library even bigger) and let whomever know which documents need to be used.

    1. b0llchit Silver badge
      Facepalm

      Re: So what they're really asking for ....

      Except for their own communication, which must be and stay private and secure. There are two sets of rules: Us and the rest. The rest is subject to Us.

      Sounds familiar?

      1. Anonymous Coward
        Anonymous Coward

        Re: So what they're really asking for ....

        Honestly, even the press releases from the EU these days sound *exactly* like the old Soviet propaganda. I read them with an Eastern European accent just for the fun.

        And if you are masochistic enough to watch the commission's press briefings (if you know where to find them in the first place) the only way to tell them apart from the Russian foreign ministry briefings is because the sarcasm is far less witty.

        --- This is not going well

        (Captain Obvious)

    2. tip pc Silver badge

      Re: So what they're really asking for ....

      How do you let the other side know which docs to use?

      Over that government approved encrypted connection?

      1. Fonant

        Re: So what they're really asking for ....

        Ideas:

        a) Send them a plain-text email containing your Book Club's latest reading list?

        b) Send them a plain-text email containing the first book, phone them and tell them the second book by voice, send an SMS with the name of the third book, send a letter in the post with the fourth book, etc.

        c) Communicate via a non-government approved connection, tunnelled over SSH or HTTPS. Are they going to try to make TLS illegal?

        1. Doctor Syntax Silver badge

          Re: So what they're really asking for ....

          "Are they going to try to make TLS illegal?"

          Yes, they'd need to if they are to achieve what they want.

      2. Eclectic Man Silver badge
        Boffin

        Re: So what they're really asking for ....

        Wasn't it Martin Hellman who wrote his thesis on secure communication over insecure channels? If I recall correctly, he suggested sending your correspondent large number of puzzles, each one reasonably solvable, but the whole lot very difficult. The correspondent selects and solves one puzzle, which determines the key for communication, and returns to you a message encrypted under that key. You only have to check which key is used and send out the actual message encrypted under that key. An interceptor has to be lucky, or use a great deal of effort in solving a hole load of difficult puzzles.

        https://techcrunch.com/2016/03/24/turing-award-winner-martin-hellman-cryptography/

    3. ShadowSystems Silver badge

      At Kitten...

      Can we make it incredibly annoying & use something like "Fifty Shades of Grey", "War & Peace", 4Chan FanFic, or Vogon poetry as the books to encode against, so that any attempts to decode our secret messages must be run through such delightful tomes?

      Even better, can we use *all* of those in a randomly (& recorded elsewhere) order so that we can send the intended recipient a numerical sequence like 314159 to indicate which books in which order to use to decode our secret message?

      Or, and this is just monkies flinging poop at the wall to see what artistic style they can create, can we use the combined compiled ramblings from A Man From Mars 1 so that they will probably suffer a mental breakdown if any sentient being tries to read the file, & an AI/DL/ML algorithm implodes from all the concentrated insanity?

      *Hands you an extra large tankard*

      Drink up, it's extra potent Caffeinated MindBleach mixed with a Pan Galactic GargleBlaster to help you recover. =-)p

      1. Eclectic Man Silver badge
        Joke

        Re: At Kitten...

        > "Fifty Shades of Grey", "War & Peace", 4Chan FanFic, or Vogon poetry

        May I humbly suggest including James Joyce's 'Ulysses' and 'Finnegan's Wake', Hermann Melville's 'Moby Dick' and, of course, the novel against which all other novels are rated: Proust's 'In Search of Lost Time? The latter's volume 'Sodom and Gomorrah' really lives up to its title and should amuse the eavesdroppers.*

        Sadly I suspect that the classic 'Where the Wild Things are' is too short. :o(

        *Sorry, I really have read it, in English translation, so I'm a smug git, (someone's got to do it).

        1. Yet Another Anonymous coward Silver badge

          Re: At Kitten...

          >May I humbly suggest including James Joyce's 'Ulysses' and 'Finnegan's Wake',

          IIRC the 'hand over all your encryption keys' law also required you to reveal the hidden meaning of any apparently unencrypted messages.

          Picturing Special Branch breaking into your house, seizing your copy of Gravity's Rainbow and demanding to know what the author meant by it

          1. Eclectic Man Silver badge
            Joke

            Re: At Kitten...

            "Picturing Special Branch breaking into your house, seizing your copy of Gravity's Rainbow and demanding to know what the author meant by it"

            As long as they don't ask me what Nietzsche's 'Beyond Good and Evil" or "Also Sprach Zarathustra" mean I might have a chance.

      2. M.V. Lipvig

        Re: At Kitten...

        To make it even better, flood the net with heavily encrypted pictures of monkeys flinging poop. And, everyone use the same picture. They spend however long decrypting, and all they get for the effort is monkey butts making ammo.

    4. Strahd Ivarius Silver badge
      Devil

      Re: So what they're really asking for ....

      I ran your post against one of my book cypher, and the decrypted was so filthy that I had to refer you to the authorities

  5. jmch Silver badge

    the way we're going...

    so politicians are (again) pushing for full access to everyone else'e commuication.... while in th emeantime there is a growing tendency for some government officials to use private email/messaging instead of their official government ones because they don't want the public to ever know what they're up to and FOI requests can't get at their private comms

    1. Ken Hagan Gold badge

      Re: the way we're going...

      Yes. Both UK and US politicians are regularly criticised by their own civil servants and security experts for hiding policy discussions in secure channels where historians won't be able to read them, in contravention of existing laws. They are already breaking the law and now they want to pass more draconian ones for the rest of us.

      (No idea if any other country has problems with this. I expect they do.)

  6. Anonymous Coward
    Anonymous Coward

    Are Elected Politicians going to be exposed to the same level of Scrutiny?

    Or will they claim 'Parliamentary Privilege' ?

    1. El Bard

      Re: Are Elected Politicians going to be exposed to the same level of Scrutiny?

      Note to self:

      “... a rhetorical question. It has a question mark at the end, but you are not meant to answer it because the person who is asking it already knows the answer.” ― Mark Haddon, The Curious Incident of the Dog in the Night-Time

  7. Fonant

    Impossible

    It's impossible to prevent people from encrypting messages to each other. Even if you make mathematics illegal.

    Yes, you can force the most popular private messaging apps to remove their privacy, but that just forces people to a wider variety of privacy solutions. Much harder to track baddies, then.

    What about internet banking? Online shopping?

    Don't shoot the messenger!

    1. ThatOne Silver badge
      Unhappy

      Re: Impossible

      > It's impossible to prevent people from encrypting messages to each other.

      But you can throw them in the slammer if they do. That's easy.

      Remember, if it's illegal, it's illegal, no matter if what you sent were birthday wishes or the plan to assassinate the president. You are going to prison (fines, all that), and next time you'll think twice before doing it. That's how it works, so all the bravado about how you all are above this is futile and ridiculous. You'll realize it when the police bashes in your door at 6am...

      The only way to avoid that is to prevent this from being voted. At least for the time being (it's like a bad penny, clearly all governments worldwide are hell-bent on getting encryption outlawed).

      1. Marty McFly Silver badge
        FAIL

        Re: Impossible

        > it's illegal, no matter if what you sent were birthday wishes

        So let me get this straight.... I fire up PGP and encrypt a birthday email to you. Not that you have or even know what PGP is. The cops bust down your door for using encryption.

        You claim to not know what your keys are...and the cops believe you?

        1. ThatOne Silver badge
          Unhappy

          Re: Impossible

          Well, you'll have to ask somebody living in the UK, since apparently they are already there.

    2. Ken Hagan Gold badge

      Re: Impossible

      It's also worth noting that, historically, it has always been beyond the capacity of governments to snoop on the conversations of private citizens, even if it was legal. Despite that, they've been trying for centuries and the result is an accumulation of legal (and in some cases constitutional) protection of such conversations.

      Proposals like this are NOT an attempt to "fix a problem that has arison recently, with technology". They are an attempt to create a more over-bearing government than has ever existed in human history. We have no prior experience to inform us of how badly this might turn out. The East German experience is one clue. Modern China is another. I find neither encouraging.

      1. Anonymous Coward
        Anonymous Coward

        Re: Impossible

        Well said. A point that most people don't seem to realise.

        Electronic comms gave them unprecedented access that as you said, lead to legal protections.

        When it became obvious they were ignoring the rules, encryption (https , messenger e2ee etc.) became much more commonplace.

        Now they are just wanting to restore the access they never should have had in the first place.

    3. Graham Cobb Silver badge

      Re: Impossible

      Yes. The criminals will use illegal strong encryption (coupled with needle-in-a-haystack services such as IPFS).

      The rest of us, including professionals such as doctors, financial advisors, lawyers, politicians, charities and journalists, as well as activists and campaigners, will lose our privacy.

      1. Agamemnon

        Re: Impossible

        Um...

        I have never seen a Doctor or Lawyer use crypto, not even my patent attorney in Seattle a few years back.

        And don't get me started about my girlfriend's daughter's medical records being sent in the clear.

        The professions that should be using cryptography do not. As much as I want to blame them somehow, I realize that it is because it is their Customers that Can Not.

      2. Strahd Ivarius Silver badge
        Devil

        Re: Impossible

        I'm sorry, but politicians are by definition part of the criminal class, as are the lawyers.

    4. Strahd Ivarius Silver badge
      Pirate

      Re: Impossible

      Time to go back to the classics: messages sent using the BBC to the terrorists in France in WW II

      Conservatoire collaboratif des messages personnels diffusés sur BBC pendant la guerre de 39-45

  8. Anonymous Coward
    Anonymous Coward

    1 in 5?

    "At least one in five children falls victim to sexual violence during childhood"

    I wonder where that 1 in 5 comes from. I see the citation is the EU own campaign, "1 in 5 Campaign", so I click that link and read that page:

    "About 1 in 5 children falls vicitim to violence including sexual abuse. "

    Wait, its gone from AT LEAST 1 in 5 fall victim to *SEXUAL* VIOLENCE, and now in one click its changed to "*about* 1 in 5" and "violence *including* sexual abuse".

    Again no supporting evidence.

    Next paragraph is "Raise your hand against smacking"... "Corporal punishment is the MOST WIDESPREAD form of violence against children. It is any punishment in which physical force is used and intended to cause some degree of pain or discomfort. It is a violation of children‘s rights to respect for human dignity and physical integrity. The Council of Europe calls for a legal prohibition of corporal punishment of children in law and in practice. Corporal punishment conveys the wrong message to children and can cause serious physical and psychological harm to a child. "

    OK, now we're two paragraphs down, and its 1 in 5 kids get smacked for being naughty. The EU is declaring punishment like smacking as the violence which is then redefines as sexual violence, which it then redefines as "sexual exploitation" of kids, or sexual abuse.

    How do you *cyber* smack children BTW? Is there some sort of Apple "iSmack" I don't know about?

    Oh FFS. Are you literally saying that 1 in 5 kids get smacked as punishment, and that therefore 1 in 5 are sexually abused because smacking = sexual abuse and offering no supporting evidence for any of that.

    Such a game of misdirection and lying.

    All to open a giant can of worms, and break end to end encryption, the thing protecting us from Russian hackers. Remember Russia? The soldiers that slit the throats of children in front of their mothers for shock value? Those hackers working to break end to end encryption and you trying to break end to end encryption, and you cannot see any danger in your lies?

    What about terrorism? You could scan for extremism and flag that too, again since you're scanning it, those potential fiddlers might also be terrorists. It's no more of a privacy violation since they're already being scanned.

    What about insighting speech like Holocaust denial? I assume everyone is one board, nobody likes Nazis, better scan for that too.

    Why not copyright infringement, you're scanning it anyway, so why not also for copyright infringment?

    What about plotting crimes, all crimes, any crimes, anything that might indicate pre-crime. Think of all the crimes you could prevent by watching everyone all the time.

    "Roe vs Wade"... think of all those poor Republican victims you see on Fox News, don't they deserve protection from that hateful speech? I see they're saying protesting is a federal crime, and you do have that US EU cooperation treaty.

    Basically, you're saying "there is no privacy right", attempting to justify it with "for the children" lies and offering options, none of which are "we have no justification for this therefore we assert something we know to be a lie, that 1 in 5 kids are victims of sexual abuse, and it is genuinely a very bad idea that undermines our core security".

    1. IanRS

      Re: 1 in 5?

      Reminds me of a similar mis-use of statistics I came across a while ago. Apparently some very high proportion of women (1 in 2? 1 in 3? or thereabouts) claims to have suffered sexual abuse according to the report highlight. Then you read the details:

      Sexual abuse includes sexual harassment. Sexual harassment includes being looked at, while in public, by somebody who you don't want to look at you.

      I am certainly not defending real abuse, but if the publishers of these kinds of reports were honest then something might be done to protect the 0.5% that really do suffer instead of everything being dismissed because 50% 'obviously' are not suffering.

      1. Anonymous Coward
        Anonymous Coward

        Re: 1 in 5?

        I think its 0.00004% suspected.

        i.e. 12k reports of suspected molestation a year in 2020. I assume that's US focussed reports, so lets say 100 unique photos a year taken each by 300 million people, 12k/30 billion. suspected.

    2. Da Weezil

      Re: 1 in 5?

      It's the same sort of statistic fudging that the road safety mob use in the "killed or seriously injured" stats they use in thier apparent quest to restore the red flag act for cars - or at least reduce our progress to that of an arthritic snail.

      As ever, " There are lies, dammed lies and statistics"

      1. Anonymous Coward
        Anonymous Coward

        Re: 1 in 5?

        By coincidence I was listening to one of Tim Harford's Cautionary Tales podcasts last night and Darrell Huff's name was mentioned. It appears that after his bestseller, he blotted his copybook by siding with the tobacco industry...

        "Huff was later funded by the tobacco industry to publish a follow-up to his book on statistics: 'How to Lie with Smoking Statistics'." (Wiki)

      2. Yet Another Anonymous coward Silver badge

        Re: 1 in 5?

        It's always a fun one to include in Pi charts

        50% of server failures caused by Veloceraptor attack or PSU fail

        30% caused by cooling fail

        20% etc

      3. Strahd Ivarius Silver badge
        Coat

        Re: 1 in 5?

        after the Brexit, wouldn't the flag be blue instead?

    3. Teejay

      Re: 1 in 5?

      Thank you, some sense here. Someone who actually reads the BS that the EU dishes out to manipulate parliamentarians, journalists and citizens.

    4. heyrick Silver badge

      Re: 1 in 5?

      "I wonder where that 1 in 5 comes from."

      Daddy.

      You don't need to bugger up everybody else's communications on the pretext of kiddie abuse, just, you know, try actually listening to what the children are saying.

      It's a bit like the number of times we're told that it's necessary to weaken secure comms "because terrorists" and when some bad shit goes down, it turns out those responsible "were known to the authorities".

      This is just another fishing expedition by the data fetishists.

    5. Anonymous Coward
      Anonymous Coward

      Re: 1 in 5?

      To add to your analysis, they seem to think that this abuse is solely down to the internet. As we know, most sexual abuse is done by family members and friends. Even catching 100% of internet paedophiles won't stop paedophilia, so how can they justify using those stats to attack the internet?

    6. Cryptomuseum

      Re: 1 in 5?

      Anonimous Coward,

      I have red the EU proposal as well and I came to *exactly* the same conclusion. So we may conclude that if this 1 on 5 report is the basis of this all, then something is very very very much *not okay* with the EU legislation process. This is not an opinion, but a bitter hard fact.

      Numerous times we have had contact with special units of our police force. Here is what they said in 2018:

      " We do not need more laws or more rights to do things, we need more people ! "

      The conclusion of our talks with these good folks was that they *exactly* know the villains, and what they do and where and how they operate. But our police simply does not have not enough manpower to solve these issues.

  9. Teejay

    The calculated nudging of EU parliamentarians

    I would advise anyone to download the relevant PDF. The main, not so long PDF mentions *nothing* of encryption, but mentions the word 'children' hundreds of times. In note '32' there is a reference to the relevant addendum. That, however, is the one text not directly linked. In that very long addendum, in basically one place only, the actual decryption is mentioned, and that a 'EU Centre' for whatever will offer the necessary software for free, i.e. basically server spyware.

    It's COM (2022) 209 final 2022/0155 (COD) and COM (2022) 212 final.

  10. Anonymous Coward
    Anonymous Coward

    Kids are most at risk from their own family members. Putting cameras in every parent and every child's bedroom would be more effective to actually protect kids.

    1. Jimmy2Cows Silver badge

      Please stop giving them more ideas.

    2. Alumoi Silver badge

      Does Alexa counts? Or Siri? Or Google?

      1. Strahd Ivarius Silver badge
        Big Brother

        unless they are upgrade with a camera, no

  11. gitignore

    Book Ciphers

    The trouble with book ciphers is that the interceptor can look at your encrypted text and come up with a custom 'book' as the key to claim that you sent whatever it is they want to pin on you.

  12. Anonymous Coward
    Anonymous Coward

    Steg

    I can see a boom in live video streams being used as carriers for steganography or similar, by those with sufficient motivation. What's to say that live streamed trading rodent last year wasn't hiding something disgusting, like D Trump's tax returns ?

  13. Anonymous Coward
    Anonymous Coward

    Great Reset

    “You Will Own Nothing and You Will Be Happy” – WEF The Great Reset / Agenda 2030.

    What they didn’t mention is that in owning nothing, it will include our data and privacy.

    I’ve given you 7+ years warning. You’re welcome.

  14. naive

    Slowly the EU slides into a CCP like dictatorship

    Obligatory tracking boxes in new cars.

    Proposed "internet off" buttons.

    Proposed prohibition of encryption.

    Censorship on Russian news sites to prevent "misinformation".

    EU funds get allocated to support EU friendly candidates during elections in member states.

    There are no checks and balances in place to limit EU commission overreach.

    The EU applauding machine (parliament) is not accountable to its voters.

    Non-elected EU central commitee apparatchiks attack, with the support of Big-Tech to implement censorship and suppression of alternative views, the freedom our (great) grandparents gave their lives for in WW2.

    1. ThatOne Silver badge

      Re: Slowly the EU slides into a CCP like dictatorship

      Come on, it's not like this is an European problem. Wherever you live, it's exactly the same trend. It's just that today it's about the EU, tomorrow we'll have a similar if not identical article about the USA, Australia, or the UK (other countries available).

      Governments worldwide are rushing to get a grip on their populations, with similar goals and similar means (the good old loaded "somebody think of the children already").

      (Didn't downvote you though.)

    2. Anonymous Coward
      Anonymous Coward

      Re: Slowly the EU slides into a CCP like dictatorship

      Your post may have been taken seriously if it didn't rant about the EU being non-accountable and non-elected.

      You know that in the UK, we have "non-elected" parliament staff too? They are called civil-servants.

      Incidentally: Number of "unelected bureaucrats" :

      EU: 33,000

      UK: 400,000

      Yes, the little UK has over 12 times as many as the EU.

      from the London School of Economics: https://blogs.lse.ac.uk/lseupr/2019/02/19/is-the-european-union-governed-by-unelected-bureaucrats/

      http://www.democraticaudit.com/2016/06/23/is-the-eu-really-run-by-unelected-bureaucrats/

      https://www.bbc.co.uk/news/uk-politics-eu-referendum-36429482

      https://www.richardcorbett.org.uk/european-laws-are-made-by-unelected-bureaucrats/

      https://www.washingtonpost.com/news/monkey-cage/wp/2018/09/26/people-think-that-the-e-u-is-run-by-unelected-technocrats-theyre-wrong/

    3. eionmac

      Re: Slowly the EU slides into a CCP like dictatorship

      I correspond with P R China.

      Always encrypted.

  15. El Bard

    I m feeling optimistic this morning (a dreadful feeling by the way) and chose to go with Mr. Hanlon on this one:

    "never attribute to malice that which is adequately explained by stupidity."

    With the corollary: "Incompetence is a valid substitute of stupidity".

    I might be wrong, but if you look at the background (see below), it looks like they know they are somehow part of the problem but also have no clue what they are talking about. Which is extremely dangerous, as the path to hell is indeed paved with good intentions.

    On the other hand, I do read things like these: https://en.wikipedia.org/wiki/Catholic_Church_sexual_abuse_cases_in_Europe

    Try to Ctrl+F "five years" to have a taste of how many times an actual child rapist got away with just 5 years in prison. If you are still feeling like having lunch, take a look at this (from way back in 2021): https://www.euronews.com/my-europe/2021/03/18/german-church-faces-moment-of-truth-with-abuse-report-due-for-release

    So, if they actually wanted to DO something, they'd have their hands full with things that _might_ be closer to their comfort zone.

    __

    This is from April 28th 2020, European Commission:

    https://ec.europa.eu/home-affairs/news/increased-amount-child-sexual-abuse-material-detected-europe-2020-04-28_en

    The Internet Watch Foundation 2019 report highlights concerning trends around the increase of child sexual abuse imagery hosted in Europe.

    The Internet Watch Foundation (IWF) has just released its 2019 Annual Report. Unfortunately, the report shows some alarming trends:

    In 2019, almost 9 in 10 (89%) known URLs containing child sexual abuse material were hosted in Europe. This compares to 8 in 10 (79%) in 2018.

    This is followed by North America, which hosted 9% of all known child sexual abuse URLs in 2019, a fall from 18% in 2018.

    The Netherlands hosts 71% of the child sexual abuse content found by the IWF. This equates to 93,962 URLs. This is an increase from 2018 when the Netherlands was found to be hosting 47% of all known child sexual abuse material.

    The relative amount of Child Sexual Abuse Material that detected in the Netherlands has almost doubled, from 47% of the total that they detected globally in 2018, to 71% in 2019.

    This is due to a pervasive business model of “bulletproof hosting”, which takes advantage of the more permissive legal system and excellent technical infrastructure that The Netherlands provide.

    1. Ken Hagan Gold badge

      It would seem to me, then, that targetting the (relatively small number of) bullet-proof hosts and making them legally liable for their content would be more effective than trying to target the (relatively large number of) law-abiding internet users who just happen to have a valid reason to encrypt their personal finances and private communications.

      Funnily enough, this is almost the same as the solution to the problem of "anti-social media". You make the internet companies legally liable for what they publish on their site. If they want to be exempt, they need to say who the original author is and produce credible evidence that they can stop that person from using the service in future under either the same or a different identity.

      Right now, so much of the internet is just making cash out of facilitating ... "something, don't know what, don't care, as long as it keeps generating cash for me".

  16. Eclectic Man Silver badge
    Unhappy

    Motive?

    Is this really about actually finding child abusers and preventing child abuse, or politicians trying to show that they are actually doing something about child abuse?

    I would look at how much effort the proposers of this are actually putting into social services and child protection agencies to protect children (tragically far too many references to put here, but look up "Baby Peter", "Victoria Climbie", "Rotherham child sex scandal" and lots of others).

  17. heyrick Silver badge

    So the EU that wants to protect our privacy wants to remove it?

    Typical oversized organisation, one hand has no idea what the other hand is doing.

  18. codejunky Silver badge

    Good news

    At least we left the EU. In the UK they propose such, they try to enforce such (see ID cards) and they get voted out or another party makes large enough waves to abandon the idea. No such representation in the EU

    1. Anonymous Coward
      Anonymous Coward

      Re: Good news

      The idiots in Whitehall are just as capable of stupidity without European help... like ID cards for pron, same old 'encryption is bad' arguments, Partygate (50 more 'invitations' from the police announced today), handing refugees over to Rwanda, meals for 30p, customs and other IT project chaos, procuring any kind of services from Crapita, HS2...

    2. Missing Semicolon Silver badge

      Re: Good news

      True, we get to actually vote out our lizards. But, then the other lizards get in.

      When all parties have the same policy, we are little better off.

      1. codejunky Silver badge

        Re: Good news

        @Missing Semicolon

        "When all parties have the same policy, we are little better off."

        Well said. It took a fringe party taking a large portion of the votes to get brexit in this exact situation. Can you imagine trying to effect such change in the EU?

        1. Anonymous Coward
          Anonymous Coward

          Re: Good news

          the Tories are a fringe party?

    3. Anonymous Coward
      Anonymous Coward

      Re: Good news

      Now now, junky, you're just trolling here. Are you training to work for one of the tabloids? They spew stuff they know are lies just because they know their base will lap it up.

      from the London School of Economics: https://blogs.lse.ac.uk/lseupr/2019/02/19/is-the-european-union-governed-by-unelected-bureaucrats/

      http://www.democraticaudit.com/2016/06/23/is-the-eu-really-run-by-unelected-bureaucrats/

      https://www.bbc.co.uk/news/uk-politics-eu-referendum-36429482

      https://www.richardcorbett.org.uk/european-laws-are-made-by-unelected-bureaucrats/

      https://www.washingtonpost.com/news/monkey-cage/wp/2018/09/26/people-think-that-the-e-u-is-run-by-unelected-technocrats-theyre-wrong/

  19. Anonymous Coward
    Anonymous Coward

    Goodbye online scams

    If there is no more encryption, then there will be no more electronic financial transactions, which I am fine with.

    I'll find the part I want on newegg, call them and place the order, which won't be secure either,,,, buggers.

    Hey, I got an idea, what if we made hardware currency, we could call the small ones coins and the big ones bills (because you pay bills with the big ones) and if you wanted to sell something you used a store!

    whatever, lets bring commerce back to the 1930's. At least that way if someone robs you, they are right there and you can fight them.

    1. Strahd Ivarius Silver badge
      Joke

      Re: Goodbye online scams

      Are you aware that each coin is now fitted with a 5G+GPS chip, thanks to the advance in miniaturization when working on their inclusion in the COVID "vaccine"?

  20. Anonymous Coward
    Anonymous Coward

    law enforcement to be given the right to decrypt

    I have an idea !!!

    Why not give law enforcement exclusive abilities to decrypt all encrypted communications ? Problem solved !

    I am so bright, I should be a European MP.

    Ok, I'm out :)

  21. Andy Non Silver badge
    Coat

    But MPs won't want people knowing

    they look at tractor porn!

  22. Anonymous Coward
    Anonymous Coward

    Misdirection....Political Theatre.....Why Am I Not Surprised?

    Quote: "...essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption..."

    1. WHO IS CONNECTED?

    @tip_pc: "... end to end nature of comms, governments know historically who connected to who...."

    Well...have a look at mail.com....anyone can set up an anonymous email address....absolutely no account required....absolutely no authentication to establish exactly who is setting up the email address. And this is a "throw away" deal......next week anyone doing this can be using another anonymous email address!

    So..."governments only know who connected to who"......when the correspondents ALLOW GOVERNMENTS TO KNOW!

    2. PRIVATE ENCRYPTION, KEYS, AND SO ON

    @VoiceOfTruth: "...In the UK you will get 2 years in prison for not handing over your keys...."

    (2A) Well....maybe some reading and research might help. Start with a Googe search on "Diffie/Hellman". Software using this protocol uses a random secret key which is CALCULATED....the sender and the recipient share two tokens, but the secret key is never published. This random secret key is different for EVERY MESSAGE. This random secret key is destroyed by the sender software after send time, and it is destroyed by the recipient software after decrypt. There is NO KEY KNOWN TO USERS. So....users can go to jail for something they simply do not (and cannot) know. Wonderful result in a democratic society!

    (2B) Note that these agencies may not know who is sending or who is receiving (see item #1 above). So who does PC Plod get to ask about keys? And if simply owning and using encryption software becomes a crime, the same point applies....who does PC Plod get to arrest when the email addresses are anonymous?....and the IP addresses are in another country?

    (2C) Note that anyone with some tools (say...gcc, gdb, gmp) can implement Diffie/Hellman on their own. If they do this, if they use Diffie/Hellman to encrypt all their messaging BEFORE MESSAGES ENTER ANY PUBLIC SERVICE (e.g. Proton, Telegram...), then the fact that various agencies can break E2EE is COMPLETELY MOOT.....these agencies will break the E2EE encryption....and all they will find is more encryption.

    3. TO GET TO THE POINT......

    All this proposed legislation "...tackling child abuse by killing privacy, strong encryption..." is simply POLITICAL THEATRE. Posturing using mass media in front of millions of voters.....to convince those voters that their government is "doing somthing"!!!! I suppose that attacking FB, Proton, Telegraph......for E2EE might be politically popular too.

    ......and all the while, anyone with the skill and resources is:

    -- implementing PRIVATE ENCRYPTION using 8192 bit keys (or bigger), using protocols like D/H, and other useful tools

    -- sheltering behind anonymous identities (email, IP, and so on)

    -- and getting on with their own business, whether legal and ethical....or not!!

  23. Roland6 Silver badge

    >"If signed into law, this regulation would likely require service providers to use AI to read entire text messages to figure out if a user is "grooming" children for sexual abuse" Matthew Green, a cryptography professor at Johns Hopkins University

    I think he doesn't actually understand the problem, the AI just like a human would have to read several conversations to figure out if grooming might be occurring and thus further background checks need to be performed.

  24. eionmac

    physical closeness

    Most child sexual abuse is done by persons with close proximity to child, (family or family members).

    Remote sexual abuse, such as a UK person paying a family in some remote country to show sexual abuse of a child, is fairly common, streamed abuse, but unless recorded or intercepted in live time , this is difficult to prove.

    Connection to Connection can be proved. Cash trail can be proved.

    But actual incident is very difficult to prove. See various reports from Philippines on this.

    They try to raid during actual streaming as that is how they get proof.

  25. Anonymous Coward
    Anonymous Coward

    Unbelievable naivity in most of this thread

    This proposal is nothing to do with child abuse or making things better for potential victims.

  26. Anonymous Coward
    Anonymous Coward

    Private Encryption -- An example

    So...for those here who have a taste for real examples of private encryption.....and who might like the challenge, here's something short and sweet to chew on.

    This is the sort of message which can be passed between correspondents who use Diffie/Hellman techniques to COMPLETELY AVOID the publication of ANY keys, not even public keys. This example:

    (1) Uses chaca20

    (2) Three encipher passes

    (3) Randomly generated keys for each pass (but known to sender and recipient thanks to D/H)

    ****

    IDpJsH3Qv/5YWaCz6TTrypGwTUJVu6/eAmsCdnvik5rlO0P2EWMz62gRyt+EwEtKXqyg7XDWSUBN

    3GtA2MxF0inxvPxb+tNom6u8H+wF1DwFLEJ8cj9tLeAa2n6HLlblMBx9HQnQHVoBkSnBG0UtBmfA

    pvJf13NOTG0psDp74VMS7eGTlzQseafAk1z82D3v9sxCl29taI4k85xBrV/SzpcTSKbnrc4tktmZ

    2pJEFLw0e1sfnF9APycqlkV/mRtj8f4T89haGWMaZalDYdnqOpuEeQOe1RscBiuOWAXHmkeFq9GN

    AvijcOlfcAK3oWYJhM+2BTcXAjpW5bXXVcmwU3ez6gf6IgbwAQ8Om5WW5ZqjsJNSVPYExuc0YWLQ

    W5jgcPJWIVYP+iRFcYMcxdZAiwBlviYyC4tvx4fAqvjcN5P4FsdlkJf2X3DOOuoU45pKtOtRjklO

    keuV/R3fRbCevH5Lw7bxu6j7cRcYUx3ZERVJ62ZOBkf5DFOfjO3gGwdPVjmZr8fI36TFfOU835gh

    GUW4s2NvWCWM4dhSK+pVTYFuzrFd7MpU2gbzXtR5jKYN3KFzComS4mG+SVp2Nj0ve5P7LDlNDPpA

    6yBZxt0ZBlTrfpANAZ4A89yeXMnr/Ose7WxQSXRAc6UZyp1pDCJz1mZo37MGxYE2GT03iM7O7ktA

    PsI+blcB1a+m6NeRTRTmQPoUVrKHTCY5qDzlERfhFMPSIOQs5iD2XoZSGe+nCmFYlGo4bM8k+2KG

    0Uz7VgdrD2ZSSsIJsx9+wSMkOInTsrkLvkaW+ee4yixOJBlX4ce+J7EKN5UH53wzXbTRMIdKphzm

    l3OQzsXvezTYvoD9Vz++RSyBQptN8Tg5cLDdnAG+ykKR82+WujR/PhJcCTLL34lrbwg2KSBsqtJU

    agldcoraUArtv6ZfakTjxfikyroIJP2jQ+lGohgTNPDuvyv3+7pu2YSDjeEHpRBOeijFv0JcuMuJ

    sCXTPn6mbmFP0U0+AIRFyLl9NLVeyL2Qhe8b4Ip1KpQcyVg0JIXBmrQIJK3HreTFdSxIavMrjOOV

    yT/mEJ6oyT1BWXPkLhwZygjcSWQWcgBkxLhdSBDowtaBn18p9yfyX7ioY1FvVfwNeS//9wD2kWgZ

    CMoyLazTiR1UiF4z7toJuRO5KbOJ2Xidw+zc5Twg4JjecBBukjdIAyZu9j5N6U5qi1maLfLi6DXQ

    6QEsY/bxV95vTccSdbzlqvVfVYhtOPDP5F7efyleO1MaXO42PUht6c7JSBnlAo3JUT8cVo1efvFb

    AXTKXPuabDVmPfCPCD3/ICFjjx6Y+1FWqNqmIv3PHshzzRzW5dfXqxmr8vL6lAcfkz0BB3jwlrAY

    JyLciPzRaI9VUUPk6m1q+K6uNwqcAxyKtZ781IRDSzD7UTFoD9nItZG8SiDm4z/ZuI/9tbORg/kr

    IjEAYzbY4t9m8t3TX2NxPkpzNDlT2Pu8RWjPX5j0uEAcZxfRN8m3qkTV6OKF1ZSFWrO3pgKVKBmo

    42f+EH4x3ZWnkL11pCcyqPoiEPSe4U6dheNl4gP20FwehBC9ioPZkDuOhEsE3TKKAoopa1ESmp37

    /27zrPJ219nzyLwZH8nMjk/Ukv/6gEPqjPFomHzRnWjHIjjVjhzJtLczQO0o6gtF8gf1/5Zn8ub4

    5OG9yPylKWr7y64qZUOWsDZBrKyfz6oP8SUJwDREGAfijKL6iUG4Go864xaXG2Tim6kq4md/bGOJ

    qpABG+Nsi/f9vEjmADdM/cyTmILJEUSDo0IT+92lXIgfxR/3ODh1AAKx2HRe54pk2pt6qn53H1an

    +eEyYXj9Sg==

    ****

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022