back to article EU lawmakers scolded for concealing identities of privacy-busting content-scanning 'experts'

Europe's government watchdog has found that the European Commission's refusal to disclose which experts it consulted on the proposal to scan encrypted communication for child sexual abuse material amounted to maladministration. The decision by the European ombudsman, made last month and published this week, stems from a …

  1. b0llchit Silver badge
    FAIL

    Stupid see, stupid do

    In this country, math will obey the laws of the land!

    /s

    and the earth is flat too, only 6000 years old and a man-in-the-sky in controlling every our step. Sigh.

    1. FrogsAndChips Silver badge

      Re: Stupid see, stupid do

      "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia"

      Malcolm Turnbull, former Australian Prime Minister.

      1. JimC

        Re: Stupid see, stupid do

        And technically he's right. You don't get prosecuted in Australia (or anywhere else) for breaking the laws of maths or physics.

        1. Fred Daggy Silver badge
          Pint

          Re: Stupid see, stupid do

          No, but you do get a Nobel prize.

          1. FrogsAndChips Silver badge
            Headmaster

            Re: Stupid see, stupid do

            Or a Fields medal.

            1. Claptrap314 Silver badge

              Re: Stupid see, stupid do

              Or, and this is farm or likely, a Darwin.

              1. sabroni Silver badge
                Headmaster

                Re: farm or likely

                I think it's far more likely that you meant a different turn of phrase.

    2. tatatata
      Joke

      Re: Stupid see, stupid do

      Everybody knows that the earth is round. Like a pizza.

  2. Anonymous Coward
    Anonymous Coward

    Stanford Internet Observatory (limited hangout)

    Stanford Internet Observatory: A program of the Cyber Policy Center

    “Addressing Viral Medical Rumors and False or Misleading Information”

    “Threatening Encryption, Senate Democrats Aid GOP War on Abortion”

    “Confronting the evolution and expansion of anti-vaccine activism in the USA in the COVID-19 era”

    ‘"Hey Beautiful"; Race and Gender on Tinder’

    “A Front for Influence: An Analysis of a Pro-Kremlin Network Promoting Narratives on COVID-19 and Ukraine”

    “Effectiveness of vaccination mandates in improving uptake of COVID-19 vaccines in the USA”

    “Seven tips for spotting disinformation related to the Russia-Ukraine conflict”

  3. Anonymous Coward
    Anonymous Coward

    Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

    From Follow The Money: How Ashton Kutcher’s ‘non-profit start-up’ makes millions from the EU’s fight against child abuse on the net

    1. Anonymous Coward
      Anonymous Coward

      Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

      https://12ft.io/ to remove the paywall

      1. Anonymous Coward
        Anonymous Coward

        Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

        well, https://12ft.io/

        Firefox:

        Secure Connection Failed

        An error occurred during a connection to 12ft.io. Cannot communicate securely with peer: no common encryption algorithm(s).

        Error code: SSL_ERROR_NO_CYPHER_OVERLAP

        Chrome:

        This site can’t provide a secure connection12ft.io uses an unsupported protocol.

        ERR_SSL_VERSION_OR_CIPHER_MISMATCH

        Edge:

        The connection for this site is not secure12ft.io uses an unsupported protocol.

        ERR_SSL_VERSION_OR_CIPHER_MISMATCH

        ...

        (Opera via proxy and tor - work)

        1. Alumoi Silver badge

          Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

          Funny, no such messages on FF or Edge.

          1. Anonymous Coward
            Anonymous Coward

            Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

            yes, it's interesting, certain pages have refused to load some time back (including tor project) page. My long-term shot: it's plusnet (aha!) who have messed something up. But as I can access those sites in other ways, and since plusnet don't give a flying money (and I'm leaving soon anyway), it's only a minor, temporary hindrance.

        2. Mark #255
          Facepalm

          Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

          This seems like it's your ISP's "all the naughty bits of the internet" content filtering, which would redirect an http:// URL to a block-page, but croaks on an https:// one.

          Certainly, BT's acts in this way (it's not like https URLs have been ubiquitous for several years, or anything like that)

        3. Mr. Flibble

          Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

          Well, the service did have hosting 'problems', but it seems to be working right now.

      2. Belperite
        Thumb Up

        Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

        Or https://gitlab.com/magnolia1234/bypass-paywalls-clean-filters for uBlock. This worked for me.

      3. Anonymous Coward
        Anonymous Coward

        Re: Aston Kutcher's startup Thorn has its finger prints all over this push for client side scanning

        https://12ft.io/ to add the clicky-clicky

  4. Doctor Syntax Silver badge

    There's a very simple answer to this. Their experts should provide a proof of concept implementation and then let everyone else pick it apart.

    The criteria for success would be:

    - It should not present a risk to that vast majority of internet users who are going about their lawful business

    - It should not present a risk to those living under a repressive regime

    - It should not present a risk to those, including but not limited t, children, living in abusive relationships seeking help

    - It should not present a risk to whistleblowers seeking to draw attention to some illegal activity

    - It should not present a risk to journalists working in hostile environments, including those working undercover

    - It should not be open to abuse by unauthorised use or access by authorised users, including, but not limited to, Cheshire police intelligence (sic) analysts

    If these experts can provide a robust practice demonstration of this they will have made their point, otherwise they, like the rest of us, should think of the children public at large.

    1. Catkin Silver badge

      I do wonder if the people who blindly support these proposals (to break encryption, not yours) are more like the 'communists' who've never experienced communism and imagine that they'll be getting to do the oppression or if their thoughts are simply so air conditioned that they cannot perceive or imagine oppressive government.

      1. tiggity Silver badge

        @Catkin

        Oppressive governments can be of any type - regardless of what ideology they claim* to be, too many people in politics tend to be various combinations of power crazed, narcissistic, immoral and corrupt.

        UK govt is

        *IMHO no country had had a genuinely Marxist govt (based on writings of Marx & Engels) - plenty of governments have claimed to be Marxist though.

        Similarly many govts promote "capitalism" but it's essentially impossible to have a pure capitalist economy as need a few checks and balances (unless you particularly want just a few monopolies shafting people massively).

        1. Catkin Silver badge

          I wasn't saying that communism (in name) is the only form of oppressive government or even that the people envisioning being the oppressors are necessarily communists. I more refer to the standard western 'communist' being exactly the sort of person who, during typical revolutions ends up against the wall as a "counter-revolutionary". Obviously, there's wide latitude here but I think it holds true as a general concept.

    2. Zippy´s Sausage Factory
      Devil

      Whereas the cynical might suspect that the experts they picked probably were told what conclusion they wanted them to come to and were asked how much that would cost. Or even that the experts might have turn out to be as factual as Mr M Mouse, Mr D Duck and Ms O Oyl.

      But I'm sure none of us here is cynical enough to believe that.

      1. Doctor Syntax Silver badge

        Maybe you are being a little too cynical - or maybe not enough. I'd see it as self-selection by the experts; there's an opportunity so why not take it. The fact remains, of course, that whatever the selection mechanism none of them has put forward a proof of concept implementation.

  5. Anonymous Coward
    Anonymous Coward

    What about more heavy lifting for the experts?

    Quote: "...fundamentally incompatible with end-to-end encrypted messaging..."

    ....but citizens have a perfectly legal option for increased privacy......just do three-pass private encryption BEFORE a message enters the interweb!

    So....you ask....why "three-pass encryption"? Well....the experts who decipher the interweb-provided E2EE will then have three more passes to decipher!

    ......and of course, if each of the three passes uses a different random key then there's some REALLY heavy lifting for the experts to do!

    I wonder.....do the politicians know anything about encryption.....or only what their "experts" tell them?

    1. John Robson Silver badge

      Re: What about more heavy lifting for the experts?

      ROT13 three times eh?

      1. G Watty What?
        Coat

        Re: What about more heavy lifting for the experts?

        3 times? Amateurs!

        I do it 13 times for extra security.

        1. Jamie Jones Silver badge

          Re: What about more heavy lifting for the experts?

          Once more for luck!

      2. Anonymous Coward
        Anonymous Coward

        Re: What about more heavy lifting for the experts?

        jul qb lbh abg shpx bss naq naabl fbzrbar ryfr

        1. Boris the Cockroach Silver badge

          Re: What about more heavy lifting for the experts?

          One more pass and you'll summon Cthulu with that.

          On the good side, he'd be more honest with us than our current 'leaders'

  6. Anonymous Coward
    Anonymous Coward

    We can “show” you the magic black box

    But we definitely can’t open it up or share its schematics.

  7. Anonymous Coward
    Anonymous Coward

    To be strictly accurate, it is perfectly possible for telecoms providers to decrypt your messages and comply with the law.

    There are a finite number of keys and they just have to try every one until they find it. It may take several thousand years per message, but it's definitely not impossible.

    I wonder if there is a time limit specified in the legislation?

    1. Anonymous Coward
      Anonymous Coward

      Numbers.......and bigger numbers!

      @AC

      Quote: "...perfectly possible..."

      So...256 bit keys represent a choice of approximately 10 to the power 77 possibilities.....so that's the "finite number of values" for a single 256 bit key.

      With the possibility of multiple pass encryption....the number of keys to try gets a bit bigger!

      Did I mention "bigger"?

      1. John H Woods

        Re: Numbers.......and bigger numbers!

        Indeed, not even enough space in the universe to store them all digitally.

  8. Eclectic Man Silver badge

    NGO?

    Lots of the experts were listed as their organisation being "NGO", which I have previously understood to mean "non-governmental organisation". Does it mean something else now, or is it just that these people do not want their employers to be known?

    I do seem to be out of the loop on current cryptography experts, because I did not recognise any of the names on the list from the authors of international standards on cryptographic algorithms and protocols that I worked on ages ago. Anyone else know what they have done to earn the "cryptography expert" appellation?

    1. Anonymous Coward
      Anonymous Coward

      Re: NGO?

      even in capitalist countries, commercial entities are non governmental organisations...

    2. FrogsAndChips Silver badge

      Re: NGO?

      IANAL, but I think 'expert' is not an official title, so anyone can call themselves an expert in any field.

  9. Long John Silver
    Pirate

    Piecemeal planning

    Two considerations come to mind: the Internet's role in facilitating 'abuse' of the vulnerable, particularly children, AND the power of emotional appeal for protecting children to cover nefarious intent, or at least overreach, by governments and their agencies.

    For the sake of argument, assume protection of the vulnerable is the only motivation. Then bear in mind that as regards direct physical/sexual abuse of vulnerable individuals the main, but not exclusive, role of the Internet is supporting voyeurism. The remainder wherein children are inveigled into 'performing' for particular adults, and into coming into physical contact with adults, is much the more serious matter because attention is directed at perpetrators. Adding considerable fog to the issue is a documented tendency for adolescent children to share unseemly images among themselves.

    A realistic stance entails acceptance that blanket screening of Internet correspondence and transmitted images would throw up so many false positives with respect to protecting identifiable children from further direct harm that police would be overwhelmed. As at now, there would be temptation to seek easy convictions, and browny points, on 'possession' instead of the footwork entailed in identifying harmed children and their tormentors.

    Powers already exist for placing named suspects under surveillance. Their patterns of Internet use can be monitored even though the content is encrypted. Suspicion of direct physical/sexual abuse by an individual should lead to a low threshold for triggering raids on premises etc.

    Put thusly, there are no grounds for treating the Internet aspect of crimes against children differently from the Internet aspects of preventing/investigating banking fraud, money laundering, and a host of other illegal activities.

    1. Anonymous Coward
      Anonymous Coward

      Re: Piecemeal planning

      @Long_John_Silver

      Quote: "...suspects under surveillance...patterns of Internet use can be monitored even though the content is encrypted..."

      "suspects"

      "patterns"

      "even though"

      "...innocent until proved guilty..."

      Yup....STASI at work here!

  10. JavaJester
    Stop

    Almost as Dumb as Commanding the Tide Not to Rise

    Did we learn anything from GSM's A5/1 debacle? You can either have strong confidentiality or interception capabilities. Much like unicorns, both simultaneously do not exist.

  11. mpi

    Why am I not in the least surprised?

    > In September, a report from Balkan Insight – an investigative non-governmental organization – traced how the European CASM proposal has been supported by organizations that stand to benefit by providing content-scanning software.

    > The list of consultants includes five individuals from an organization providing CSAM scanning tools.

  12. heyrick Silver badge

    Huh?

    NCMEC? Stanford? Google? Australian cops?

    What the heck are all these non-Europeans doing involved this much with the EU lawmaking process?

    1. Anonymous Coward
      Anonymous Coward

      Re: Huh?

      Simple, the out come has already been decided. These "experts" will just reinforce what the lawmakers were already thinking, mass surveillance.

      It's seems to always be terrorism or kiddie porn as the excuses for rolling out the police state.

  13. Tron Silver badge

    Brexit means Brexit.

    Re: Investigatory Powers Bill amendments act.

    It doesn't have to be possible to do stuff. The law is simply there to scare everyone off. The internet equivalent of a 'Beware of the dog' sign, even if you haven't got a dog.

    Brexit is only complete when none of that nasty foreign software can be used in the UK, and no foreign websites can be accessed from the UK. Borders sealed, online and offline. Tribe protected. All UK web content appearing under state license. No fake news via web 2.0 or social media. Just official news from the BBC, telling you what happened yesterday, what is happening today, and what will be happening tomorrow. It worked in China, so surely it will work in the UK too. The EU will then follow suit, keeping their rather larger tribe secure from bad words and other triggers. One unhappy 14 year old is one too many, as I'm sure you will all agree (unless you are an enemy of the people).

    1. Roland6 Silver badge

      Re: Brexit means Brexit.

      > Re: Investigatory Powers Bill amendments act.

      What is perhaps a little surprising is that the Conservatives haven’t created the UK version of wire fraud catch all.

    2. heyrick Silver badge

      Re: Brexit means Brexit.

      "No fake news via web 2.0"

      The Daily Express has a website...

  14. DS999 Silver badge

    Even if they were able to get everything they want

    And reached their wet dream of breakable encryption and they had the infrastructure to scan everything, they still have to:

    1) identify CSAM

    2) have a human verify it is CSAM (worst job imaginable, and risks attracting exactly the people you are trying to stop)

    3) track them down to a specific location

    4) verify the perpetrator is there (e.g. not using someone else's wifi)

    Each step has its own problems, so many that even if they had "key escrow" or encryption became illegal I'm not sure they'd be able to catch any more pedos than they do currently. The smart ones will find ways to evade the cops, as they always have, and the dumb ones will get caught, as they always have.

  15. johnrobyclayton

    How to hunt predators

    Ask any hunter and they will tell you.

    You hunt predators by stalking the prey. Not by looking at predators.

    Predators are hiding from the prey and hiding from each other.

    Wait at the watering hole.

    Wait on the game trail.

    Look for big herds of prey.

    Hang around them until the predator shows up.

    If you want to protect children from predators,

    sit next to them while they play on line,

    hang out with them when they play in the playground,

    converse with them when they are talking,

    shop with them when they are at the mall,

    be with them every day.

    In other words, be a good parent/guardian for every child you want to protect.

    1. Evil Scot Bronze badge

      Re: How to hunt predators

      Do you trust your father in law when he offers to give you a break and look after your kids?

    2. DS999 Silver badge

      Re: How to hunt predators

      So your recommendation is to give children zero independence by being with them all the time, which requires being pretty well off since most families can't make it on a single income. While being with them all the time would definitely work, I don't think it would prepare them very well for becoming adults.

  16. Tubz Silver badge
    FAIL

    So the EU fukwitz and big Corp tried to cover up the fact their evidence proving it was feasible was shit and this is the bunch we are supposed to trust with intercepting secure traffic without abusing it?

  17. Cincinnataroo

    Well, subject to them providing irrefutable evidence otherwise, we know the names of some of our enemies now.

  18. Caver_Dave Silver badge
    Joke

    The names of the experts

    The names cannot be provided for the participants in a conversation half-overheard in a Brussels Bar.

  19. tatatata

    Unfortunately, techniques like LOCKS already exist. LOCKS (Locally Operated Cooperative Key Sharing) shares the session keys with a "trusted agent" via a modified NSS library. It is feasible that that "trusted agent" would be your favorite governmental body.

    I can see different approaches how to subvert this system, from sending encrypted files to posing as trusted agent. But the fact that this is actively being developed worries me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like