Europe proposes tackling child abuse by killing privacy, strong encryption Proposed European regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts. A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps …
Those encrochat users thought they where safe too…..
https://www.bbc.co.uk/news/uk-england-manchester-61400174
Ultimately whomever you chat with has to unencrypt your filthy messages so they either get you or they get them, either way they already know who your talking with.
Who’s to say your encrypted messages don’t contain the filth the authorities say they do? After all it’s in an unnecessarily secret code etc etc etc.
Ultimately, given the end to end nature of comms, governments know historically who connected to who.
its incredibly difficult to convince a jury, without the shadow of doubt, that something scrambled contains the nasties the authorities think it does even when they can prove connectivity took place and nasties are present on 1 side.
Removing encryption is all about removing that doubt.
Of course what they will find is that crims will use different tactics or use customised encryption.
Customised encryption will stick out and draw attention as only those peddling csam would use unauthorised encryption.
This incessant nudging needs to be stopped before other harms are introduced.
> its incredibly difficult to convince a jury, without the shadow of doubt, that something scrambled contains the nasties the authorities think it does
Actually, its incredibly difficult to convince a jury, without the shadow of doubt, that something scrambled does not contain the nasties the authorities say it must contain... After all you prevented legal decryption, which means that you clearly have something to hide. You islamist drug dealing perv, you!
A friend of mine and I have been using PHP (GnuPG, whatever) for a very long time. Went to Uni together and later worked at a magazine with shiny paper and vibrant ink. We remember Phill getting drilled.
That being said, way long before Snowden we used to trade chili and bread recipes because poking bears with sticks is funny.
We agree with your statement.
Very clever! I bet when they spot something they can't decrypt they'll ignore it and carry on looking at the stuff they can decrypt.
There's absolutely no way that they would think that your PGP message contained child porn, singling you out for extra attention. Not a chance.
I'm quite sure that TLS is no problem for most of the Five Eyes to decrypt already, given the key harvesting that they have been engaged in for the last decade at least. Add the fact that most FE countries also hoover up the vast majority of data flowing on the Internet already, regardless of whether they can currently decrypt it or not and you begin to get an idea of the scale of the mass surveillance system which is already in place.
Given that they also have willing allies in even non FE countries like Sweden who happily provide data collection facilities to feed the data mines with raw feeds from links which are not located in FE countries, the penetration of the existing mass surveillance system is pretty much total.
The existence of these informal data sharing alliances also gives these countries the ability to spy on their own citizens, even when that is specifically illegal, by asking one of the other allies to do it for them. Add all the data which private companies collect about people through their pervasive surveillance systems to the pot and you end up with the ability to build a comprehensive profile of anyone's daily life and social network already.
The fact that the FE countries and their allies are attempting to remove the last vestiges of privacy from the day-to-day lives of the population will make anyone who uses illegal encryption systems (as they will become) stick out like a sore thumb in the data flows that are absorbed into the data mines.
We are already screwed. This proposal is just further proof (as if any was needed) of the contempt with which the ruling class treats the plebs these days.
Hmmm... if you use the World Wide Web, you should perhaps be aware that the vast majority of sites now use HTTPS, which provides End-to-End Encryption between you and the server. Most internet traffic is encrypted already.
The thing about end to end is which ends your talking about.
Encryption between my browser and that thing in the middle which checks what I’m doing and spawns a new connection to my original destination. So we now have 2 valid end to end encrypted connections but something in the middle is still able to see everything I do and I am non the wiser.
I find it hilarious when people think a vpn to some company on the internet adds some kind of enhanced security.
Your paying someone to handle your traffic and have no idea if they are breaking it too.
https://www.thesslstore.com/blog/ssl-inspection/
If you go through a corporate proxy, especially a cloud one then your traffic is being inspected, it’s often obvious when you check the cert chain on the padlock
I can’t find it now but I’m sure there was a recent issue with root ca’s that needed to be reissued.
Another blog entry on blindly trusting the certificate system
https://blog.malwarebytes.com/security-world/technology/2017/11/when-you-shouldnt-trust-a-trusted-root-certificate/
I'm only speculating here but I'd say the usual agencies would be incompetent if they didn't have a copy of their major CA's private keys and were able to reissue certificates at will.
X509 authentication relies on some "authority" you've never met making trust decisions for you. Web of trust has its shortcomings too but it's the better choice in many common scenarios.
In that case write a software robot that writes random data to a file, encrypts it, then emails it randomly to an address from a large list. Have this timed so that they are sent out randomly. Then publish the source so that other like minded geeks can also get into poisoning their system.
And what happens when they decrypt your Blind Faith album cover, or see your QAnon posts about Hillary Clinton porn videos? I agree that porn is bad but I think that everyone's attitude to the fact that we are all naked under out clothes is much worse...
If we charge down this road without thinking about the consequences then maybe we will simply ban all artists. In college I was taught to draw and paint pictures of people, you started with a naked body (drawing a naked civil servant) and then we drew and painted clothes on it ... it always looked realistic, I was in the top five of the class and now when I see people walking around, I always know just what they all look like naked. Clothes are irrelevant to me although I wear them everywhere.
When the law was introduced a nice man from the Home Office came to talk to our computer dept.
We asked what happened to data files from simulations that were random and so couldn't be proved not to be encrypted data.
Essentially we were told not to worry our pretty little heads about it since the law was only for use against terrorists and/or international drug dealers
If I'm not mistaken, I seem to recall recently reading in these hallowed pages (this article) someone stating that kiddie porn was 0.2% of all cases, the proportion being relatively stable for the past decade.
Now, far be it from me to declare that the children being abused is negligeable, it is a horrible thing, but I don't see why I should give up my privacy for this.
Get the police to do their jobs and that will solve the problem.
Whilst I understand your sentiment, just stating "Get the police to do their jobs and that will solve the problem." when part of the problem is that so much is digital now, if they cannot read it, how can they do their job?
There is no easy answer but as encryption in transit and at rest combined with increased end-point security increase and becomes more complex, exactly how can they improve what they are doing?
How about listening to children? Giving children clear opportunities to speak? Explaining that is not their fault?
They can take away https, ssh and gnupg when:
Using their own personal money they research and implement defective encryption. They use this defective encryption to protect all their money. When the money is taken they have no legal come-back on the thief and their the defective encryption is not mandated.
"How about listening to children? Giving children clear opportunities to speak? Explaining that is not their fault?"
Which is done already and for some of those suggestions is not the role of the police.
Again, "Just do their jobs" is not simple. It is often used by those who refuse to help the police, refuse to talk to the police, don't like "grasses" but then expect the police to just "do their job".
To all those downvoting I am not agreeing that the proposals are correct. Backdoors to anything invariably end up being abused but as it stands if the endpoint is encrypted as well and the suspects don't give up the access what do the police do?
"If you know the information required and refuse to provide it, you can be sentenced to a maximum of 2 years
imprisonment or 5 years imprisonment for an offence involving national security or child indecency. If you genuinely do not know the information you can put this forward as a defence to the offence."
You can prosecute for withholding the password but in this context you need to also prove "child indecency" as well. There may be sufficient evidence and ground to go with the latter but as we have seen repeatedly it is seemingly very difficult to get prosecutions in this area. Smart lawyers and interest groups are making it very difficult for the police to "do their job" as they are buried under inefficiency, endless meaningless protocols and decreasing budgets. If the solution is that the police have to spend inordinate amounts of staffing and resources on physical surveillance then it will simply get "bumped" down the list.
That brings us back full circle, as more information and evidence becomes digital and the methods of protecting it more sophisticated, what can be done to help? Not that many years ago a warrant to search and seize documents and equipment could often provide the required evidence. If all the evidence is now encrypted and the penalties for not providing access are less than the the alleged crime it is rather a win-win for the criminals.
I repeat that I am not stating the proposals are the way forward and El Reg readers are very clear that anything to do with breaking or providing backdoors for encryption is wrong, so we need to look at what the solutions are. If that is throwing more budget at the police then fine however in recent years the trend has been to removed "feet on the streets" and replace them with a smaller number of keyboard users.
> part of the problem is that so much is digital now, if they cannot read it, how can they do their job?
Easy: Ban Internet altogether! Make it one way, so people can still watch ads, but prevent them from sending out anything to anybody else.
What? Makes just as much sense.
>So essentially build "Britnet" -= all family friendly, child safe, govt approved content, no foreign rubbish or filth"
It should be Royal Britnet, with some Princely Royal in charge. Somebody not next in line to be king with a nice uniform and no other job
@hoola
" when part of the problem is that so much is digital now, if they cannot read it, how can they do their job?"
When it isnt digital and is reported they struggle to do anything due to 'certain protected groups'. Maybe if they can do the basics we might trust them with a bit more?
I wonder how crimes were solved before the internet?
/sarc
Remember when people used to meet in private, and there was no possible dragnet of conversations?
The fact is, electronic communications made their jobs so much easier (to hell with privacy) that they got lazy. They want to ban encryption so they can remain lazy.
As the original poster said "Get the police to do their jobs." - there are many many avenues to pursue that don't rely on listening in to actual conversations.
One of the most appalling incidents (to my mind, at least) was when the UK Security Service knew of serious child abuse at the Kincora Boys Home but instead of saving the children used it for blackmail.
https://en.wikipedia.org/wiki/Kincora_Boys%27_Home
I thought that surely this was something that should have caused resignations, at least, and even prosecutions of the UK officials involved. But then the scandals of the Roman Catholic Church and Church of England covering up child sexual abuse came to light, and the Rotherham sex scandal, and others. So I'm guessing that the Security Services reckoned that the abuse was 'par for the course'. (Not sure which particular circle in hell is reserved for them.)
For the avoidance of any doubt, there is no such thing as a "child prostitute". Children are by definition unable legally to consent to sexual activity with anyone. There are sexually abused children, there are sex slave children, there are groomed and coerced and deceived children, but they are not prostitutes, whatever anyone says.
I reckon that any bill to remove E2E encryption on the basis of protecting children from abuse should include a clause that says any organ of government that becomes aware of child abuse and decides not to do anything to protect the children and bring the offenders to justice must have authority to proceed in that way signed by both the Home Secretary and the Justice Secretary, detailing the abuse which is to be 'allowed'.
Kiddie porn exists for one and only one reason -- its the ultimate thin end of the wedge. Before it became a 'thing' I didn't even know it existed (it must have in one form or another since humans are both diverse and inventive) so I've always thought it became an 'issue' primarily as a tool to push anti-privacy legislation. Its perfect for the job because if you oppose it then its obviously because you're one of "them" and its so easy to tar you if you start being too much of a nuisance ("if you know what I mean").
Intercept, decode, print out, & publish in a global media outlet all the communications from all the politicians proposing the law. If they don't like it, tough shite, because that's the reality of what they're trying to make into law. Don't want your stuff open for everyone to read? Then don't pass the fekkin' law.
Intercept, decode, print out, & publish in a global media outlet all the communications from all the politicians proposing the law.
Do let us know a global media outlet that will be willing to and support the publication of these politicians communications….
Now Musk is buying Twitter that might be the only place that would publish such things, I doubt other outlets would be inclined to do so especially once they are convinced it’s all a good thing and thinking of the kids will increase sales or keep them on the good side of their regulators.
Russia Today would probably be happy to publish private communications of UK government ministers. Or perhaps Al Jazeera. Or WikiLeaks (is that still a Thing?). Or any one of millions of anti-UK internet forums. Or somewhere on the Dark Web, leaked to "baddies" around the world.
>The Guardian has had no problem publishing leaks that embarass politicians in the past.
Suggest you watch the 2019 film Official Secrets to appreciate how (Thatcher/Conservatives) changed the OfficialSecrets Act in the government (ie. their) favour.
We need the laws that govern the openness of government to become as entrenched as the Magna Carta - before successive governments in recent times managed to effectively do away with it.
That was then. The Guardian is now part of the problem:
https://thedissenter.org/very-british-form-of-press-censorship
"I don't think the proposals are about publishing everything into the public domain."
Not intentionally. OTOH how would you feel about your online banking becoming insecure? They don't intend it but nevertheless it's what the proposals are about. You can facilitate surveillance or you can have secure online business: choose one.
.... is for every communication service to implement a MITM attack on every comminucation.
I think that we'd see a sudden explosion of the internet's version of book cyphers. It's the one where there is a large library of files that appear to contain random bits. You XOR your document with one (or more) of the documents in this library, then send it out. And only those that know which document(s) to use can get back to the original document ..... which (of course) is encrypted as well.
Or you just publish your XORed document to the library (making the library even bigger) and let whomever know which documents need to be used.
Honestly, even the press releases from the EU these days sound *exactly* like the old Soviet propaganda. I read them with an Eastern European accent just for the fun.
And if you are masochistic enough to watch the commission's press briefings (if you know where to find them in the first place) the only way to tell them apart from the Russian foreign ministry briefings is because the sarcasm is far less witty.
--- This is not going well
(Captain Obvious)
Ideas:
a) Send them a plain-text email containing your Book Club's latest reading list?
b) Send them a plain-text email containing the first book, phone them and tell them the second book by voice, send an SMS with the name of the third book, send a letter in the post with the fourth book, etc.
c) Communicate via a non-government approved connection, tunnelled over SSH or HTTPS. Are they going to try to make TLS illegal?
Wasn't it Martin Hellman who wrote his thesis on secure communication over insecure channels? If I recall correctly, he suggested sending your correspondent large number of puzzles, each one reasonably solvable, but the whole lot very difficult. The correspondent selects and solves one puzzle, which determines the key for communication, and returns to you a message encrypted under that key. You only have to check which key is used and send out the actual message encrypted under that key. An interceptor has to be lucky, or use a great deal of effort in solving a hole load of difficult puzzles.
https://techcrunch.com/2016/03/24/turing-award-winner-martin-hellman-cryptography/
Can we make it incredibly annoying & use something like "Fifty Shades of Grey", "War & Peace", 4Chan FanFic, or Vogon poetry as the books to encode against, so that any attempts to decode our secret messages must be run through such delightful tomes?
Even better, can we use *all* of those in a randomly (& recorded elsewhere) order so that we can send the intended recipient a numerical sequence like 314159 to indicate which books in which order to use to decode our secret message?
Or, and this is just monkies flinging poop at the wall to see what artistic style they can create, can we use the combined compiled ramblings from A Man From Mars 1 so that they will probably suffer a mental breakdown if any sentient being tries to read the file, & an AI/DL/ML algorithm implodes from all the concentrated insanity?
*Hands you an extra large tankard*
Drink up, it's extra potent Caffeinated MindBleach mixed with a Pan Galactic GargleBlaster to help you recover. =-)p
> "Fifty Shades of Grey", "War & Peace", 4Chan FanFic, or Vogon poetry
May I humbly suggest including James Joyce's 'Ulysses' and 'Finnegan's Wake', Hermann Melville's 'Moby Dick' and, of course, the novel against which all other novels are rated: Proust's 'In Search of Lost Time? The latter's volume 'Sodom and Gomorrah' really lives up to its title and should amuse the eavesdroppers.*
Sadly I suspect that the classic 'Where the Wild Things are' is too short. :o(
*Sorry, I really have read it, in English translation, so I'm a smug git, (someone's got to do it).
>May I humbly suggest including James Joyce's 'Ulysses' and 'Finnegan's Wake',
IIRC the 'hand over all your encryption keys' law also required you to reveal the hidden meaning of any apparently unencrypted messages.
Picturing Special Branch breaking into your house, seizing your copy of Gravity's Rainbow and demanding to know what the author meant by it
so politicians are (again) pushing for full access to everyone else'e commuication.... while in th emeantime there is a growing tendency for some government officials to use private email/messaging instead of their official government ones because they don't want the public to ever know what they're up to and FOI requests can't get at their private comms
Yes. Both UK and US politicians are regularly criticised by their own civil servants and security experts for hiding policy discussions in secure channels where historians won't be able to read them, in contravention of existing laws. They are already breaking the law and now they want to pass more draconian ones for the rest of us.
(No idea if any other country has problems with this. I expect they do.)
Note to self:
“... a rhetorical question. It has a question mark at the end, but you are not meant to answer it because the person who is asking it already knows the answer.” ― Mark Haddon, The Curious Incident of the Dog in the Night-Time
It's impossible to prevent people from encrypting messages to each other. Even if you make mathematics illegal.
Yes, you can force the most popular private messaging apps to remove their privacy, but that just forces people to a wider variety of privacy solutions. Much harder to track baddies, then.
What about internet banking? Online shopping?
Don't shoot the messenger!
> It's impossible to prevent people from encrypting messages to each other.
But you can throw them in the slammer if they do. That's easy.
Remember, if it's illegal, it's illegal, no matter if what you sent were birthday wishes or the plan to assassinate the president. You are going to prison (fines, all that), and next time you'll think twice before doing it. That's how it works, so all the bravado about how you all are above this is futile and ridiculous. You'll realize it when the police bashes in your door at 6am...
The only way to avoid that is to prevent this from being voted. At least for the time being (it's like a bad penny, clearly all governments worldwide are hell-bent on getting encryption outlawed).
> it's illegal, no matter if what you sent were birthday wishes
So let me get this straight.... I fire up PGP and encrypt a birthday email to you. Not that you have or even know what PGP is. The cops bust down your door for using encryption.
You claim to not know what your keys are...and the cops believe you?
It's also worth noting that, historically, it has always been beyond the capacity of governments to snoop on the conversations of private citizens, even if it was legal. Despite that, they've been trying for centuries and the result is an accumulation of legal (and in some cases constitutional) protection of such conversations.
Proposals like this are NOT an attempt to "fix a problem that has arison recently, with technology". They are an attempt to create a more over-bearing government than has ever existed in human history. We have no prior experience to inform us of how badly this might turn out. The East German experience is one clue. Modern China is another. I find neither encouraging.
Well said. A point that most people don't seem to realise.
Electronic comms gave them unprecedented access that as you said, lead to legal protections.
When it became obvious they were ignoring the rules, encryption (https , messenger e2ee etc.) became much more commonplace.
Now they are just wanting to restore the access they never should have had in the first place.
Yes. The criminals will use illegal strong encryption (coupled with needle-in-a-haystack services such as IPFS).
The rest of us, including professionals such as doctors, financial advisors, lawyers, politicians, charities and journalists, as well as activists and campaigners, will lose our privacy.
Um...
I have never seen a Doctor or Lawyer use crypto, not even my patent attorney in Seattle a few years back.
And don't get me started about my girlfriend's daughter's medical records being sent in the clear.
The professions that should be using cryptography do not. As much as I want to blame them somehow, I realize that it is because it is their Customers that Can Not.
Time to go back to the classics: messages sent using the BBC to the terrorists in France in WW II
Conservatoire collaboratif des messages personnels diffusés sur BBC pendant la guerre de 39-45
"At least one in five children falls victim to sexual violence during childhood"
I wonder where that 1 in 5 comes from. I see the citation is the EU own campaign, "1 in 5 Campaign", so I click that link and read that page:
"About 1 in 5 children falls vicitim to violence including sexual abuse. "
Wait, its gone from AT LEAST 1 in 5 fall victim to *SEXUAL* VIOLENCE, and now in one click its changed to "*about* 1 in 5" and "violence *including* sexual abuse".
Again no supporting evidence.
Next paragraph is "Raise your hand against smacking"... "Corporal punishment is the MOST WIDESPREAD form of violence against children. It is any punishment in which physical force is used and intended to cause some degree of pain or discomfort. It is a violation of children‘s rights to respect for human dignity and physical integrity. The Council of Europe calls for a legal prohibition of corporal punishment of children in law and in practice. Corporal punishment conveys the wrong message to children and can cause serious physical and psychological harm to a child. "
OK, now we're two paragraphs down, and its 1 in 5 kids get smacked for being naughty. The EU is declaring punishment like smacking as the violence which is then redefines as sexual violence, which it then redefines as "sexual exploitation" of kids, or sexual abuse.
How do you *cyber* smack children BTW? Is there some sort of Apple "iSmack" I don't know about?
Oh FFS. Are you literally saying that 1 in 5 kids get smacked as punishment, and that therefore 1 in 5 are sexually abused because smacking = sexual abuse and offering no supporting evidence for any of that.
Such a game of misdirection and lying.
All to open a giant can of worms, and break end to end encryption, the thing protecting us from Russian hackers. Remember Russia? The soldiers that slit the throats of children in front of their mothers for shock value? Those hackers working to break end to end encryption and you trying to break end to end encryption, and you cannot see any danger in your lies?
What about terrorism? You could scan for extremism and flag that too, again since you're scanning it, those potential fiddlers might also be terrorists. It's no more of a privacy violation since they're already being scanned.
What about insighting speech like Holocaust denial? I assume everyone is one board, nobody likes Nazis, better scan for that too.
Why not copyright infringement, you're scanning it anyway, so why not also for copyright infringment?
What about plotting crimes, all crimes, any crimes, anything that might indicate pre-crime. Think of all the crimes you could prevent by watching everyone all the time.
"Roe vs Wade"... think of all those poor Republican victims you see on Fox News, don't they deserve protection from that hateful speech? I see they're saying protesting is a federal crime, and you do have that US EU cooperation treaty.
Basically, you're saying "there is no privacy right", attempting to justify it with "for the children" lies and offering options, none of which are "we have no justification for this therefore we assert something we know to be a lie, that 1 in 5 kids are victims of sexual abuse, and it is genuinely a very bad idea that undermines our core security".
Reminds me of a similar mis-use of statistics I came across a while ago. Apparently some very high proportion of women (1 in 2? 1 in 3? or thereabouts) claims to have suffered sexual abuse according to the report highlight. Then you read the details:
Sexual abuse includes sexual harassment. Sexual harassment includes being looked at, while in public, by somebody who you don't want to look at you.
I am certainly not defending real abuse, but if the publishers of these kinds of reports were honest then something might be done to protect the 0.5% that really do suffer instead of everything being dismissed because 50% 'obviously' are not suffering.
It's the same sort of statistic fudging that the road safety mob use in the "killed or seriously injured" stats they use in thier apparent quest to restore the red flag act for cars - or at least reduce our progress to that of an arthritic snail.
As ever, " There are lies, dammed lies and statistics"
By coincidence I was listening to one of Tim Harford's Cautionary Tales podcasts last night and Darrell Huff's name was mentioned. It appears that after his bestseller, he blotted his copybook by siding with the tobacco industry...
"Huff was later funded by the tobacco industry to publish a follow-up to his book on statistics: 'How to Lie with Smoking Statistics'." (Wiki)
"I wonder where that 1 in 5 comes from."
Daddy.
You don't need to bugger up everybody else's communications on the pretext of kiddie abuse, just, you know, try actually listening to what the children are saying.
It's a bit like the number of times we're told that it's necessary to weaken secure comms "because terrorists" and when some bad shit goes down, it turns out those responsible "were known to the authorities".
This is just another fishing expedition by the data fetishists.
To add to your analysis, they seem to think that this abuse is solely down to the internet. As we know, most sexual abuse is done by family members and friends. Even catching 100% of internet paedophiles won't stop paedophilia, so how can they justify using those stats to attack the internet?
Anonimous Coward,
I have red the EU proposal as well and I came to *exactly* the same conclusion. So we may conclude that if this 1 on 5 report is the basis of this all, then something is very very very much *not okay* with the EU legislation process. This is not an opinion, but a bitter hard fact.
Numerous times we have had contact with special units of our police force. Here is what they said in 2018:
" We do not need more laws or more rights to do things, we need more people ! "
The conclusion of our talks with these good folks was that they *exactly* know the villains, and what they do and where and how they operate. But our police simply does not have not enough manpower to solve these issues.
I would advise anyone to download the relevant PDF. The main, not so long PDF mentions *nothing* of encryption, but mentions the word 'children' hundreds of times. In note '32' there is a reference to the relevant addendum. That, however, is the one text not directly linked. In that very long addendum, in basically one place only, the actual decryption is mentioned, and that a 'EU Centre' for whatever will offer the necessary software for free, i.e. basically server spyware.
It's COM (2022) 209 final 2022/0155 (COD) and COM (2022) 212 final.
Obligatory tracking boxes in new cars.
Proposed "internet off" buttons.
Proposed prohibition of encryption.
Censorship on Russian news sites to prevent "misinformation".
EU funds get allocated to support EU friendly candidates during elections in member states.
There are no checks and balances in place to limit EU commission overreach.
The EU applauding machine (parliament) is not accountable to its voters.
Non-elected EU central commitee apparatchiks attack, with the support of Big-Tech to implement censorship and suppression of alternative views, the freedom our (great) grandparents gave their lives for in WW2.
Come on, it's not like this is an European problem. Wherever you live, it's exactly the same trend. It's just that today it's about the EU, tomorrow we'll have a similar if not identical article about the USA, Australia, or the UK (other countries available).
Governments worldwide are rushing to get a grip on their populations, with similar goals and similar means (the good old loaded "somebody think of the children already").
(Didn't downvote you though.)
Your post may have been taken seriously if it didn't rant about the EU being non-accountable and non-elected.
You know that in the UK, we have "non-elected" parliament staff too? They are called civil-servants.
Incidentally: Number of "unelected bureaucrats" :
EU: 33,000
UK: 400,000
Yes, the little UK has over 12 times as many as the EU.
from the London School of Economics: https://blogs.lse.ac.uk/lseupr/2019/02/19/is-the-european-union-governed-by-unelected-bureaucrats/
http://www.democraticaudit.com/2016/06/23/is-the-eu-really-run-by-unelected-bureaucrats/
https://www.bbc.co.uk/news/uk-politics-eu-referendum-36429482
https://www.richardcorbett.org.uk/european-laws-are-made-by-unelected-bureaucrats/
https://www.washingtonpost.com/news/monkey-cage/wp/2018/09/26/people-think-that-the-e-u-is-run-by-unelected-technocrats-theyre-wrong/
I m feeling optimistic this morning (a dreadful feeling by the way) and chose to go with Mr. Hanlon on this one:
"never attribute to malice that which is adequately explained by stupidity."
With the corollary: "Incompetence is a valid substitute of stupidity".
I might be wrong, but if you look at the background (see below), it looks like they know they are somehow part of the problem but also have no clue what they are talking about. Which is extremely dangerous, as the path to hell is indeed paved with good intentions.
On the other hand, I do read things like these: https://en.wikipedia.org/wiki/Catholic_Church_sexual_abuse_cases_in_Europe
Try to Ctrl+F "five years" to have a taste of how many times an actual child rapist got away with just 5 years in prison. If you are still feeling like having lunch, take a look at this (from way back in 2021): https://www.euronews.com/my-europe/2021/03/18/german-church-faces-moment-of-truth-with-abuse-report-due-for-release
So, if they actually wanted to DO something, they'd have their hands full with things that _might_ be closer to their comfort zone.
__
This is from April 28th 2020, European Commission:
https://ec.europa.eu/home-affairs/news/increased-amount-child-sexual-abuse-material-detected-europe-2020-04-28_en
The Internet Watch Foundation 2019 report highlights concerning trends around the increase of child sexual abuse imagery hosted in Europe.
The Internet Watch Foundation (IWF) has just released its 2019 Annual Report. Unfortunately, the report shows some alarming trends:
In 2019, almost 9 in 10 (89%) known URLs containing child sexual abuse material were hosted in Europe. This compares to 8 in 10 (79%) in 2018.
This is followed by North America, which hosted 9% of all known child sexual abuse URLs in 2019, a fall from 18% in 2018.
The Netherlands hosts 71% of the child sexual abuse content found by the IWF. This equates to 93,962 URLs. This is an increase from 2018 when the Netherlands was found to be hosting 47% of all known child sexual abuse material.
The relative amount of Child Sexual Abuse Material that detected in the Netherlands has almost doubled, from 47% of the total that they detected globally in 2018, to 71% in 2019.
This is due to a pervasive business model of “bulletproof hosting”, which takes advantage of the more permissive legal system and excellent technical infrastructure that The Netherlands provide.
It would seem to me, then, that targetting the (relatively small number of) bullet-proof hosts and making them legally liable for their content would be more effective than trying to target the (relatively large number of) law-abiding internet users who just happen to have a valid reason to encrypt their personal finances and private communications.
Funnily enough, this is almost the same as the solution to the problem of "anti-social media". You make the internet companies legally liable for what they publish on their site. If they want to be exempt, they need to say who the original author is and produce credible evidence that they can stop that person from using the service in future under either the same or a different identity.
Right now, so much of the internet is just making cash out of facilitating ... "something, don't know what, don't care, as long as it keeps generating cash for me".
Is this really about actually finding child abusers and preventing child abuse, or politicians trying to show that they are actually doing something about child abuse?
I would look at how much effort the proposers of this are actually putting into social services and child protection agencies to protect children (tragically far too many references to put here, but look up "Baby Peter", "Victoria Climbie", "Rotherham child sex scandal" and lots of others).
The idiots in Whitehall are just as capable of stupidity without European help... like ID cards for pron, same old 'encryption is bad' arguments, Partygate (50 more 'invitations' from the police announced today), handing refugees over to Rwanda, meals for 30p, customs and other IT project chaos, procuring any kind of services from Crapita, HS2...
Now now, junky, you're just trolling here. Are you training to work for one of the tabloids? They spew stuff they know are lies just because they know their base will lap it up.
from the London School of Economics: https://blogs.lse.ac.uk/lseupr/2019/02/19/is-the-european-union-governed-by-unelected-bureaucrats/
http://www.democraticaudit.com/2016/06/23/is-the-eu-really-run-by-unelected-bureaucrats/
https://www.bbc.co.uk/news/uk-politics-eu-referendum-36429482
https://www.richardcorbett.org.uk/european-laws-are-made-by-unelected-bureaucrats/
https://www.washingtonpost.com/news/monkey-cage/wp/2018/09/26/people-think-that-the-e-u-is-run-by-unelected-technocrats-theyre-wrong/
If there is no more encryption, then there will be no more electronic financial transactions, which I am fine with.
I'll find the part I want on newegg, call them and place the order, which won't be secure either,,,, buggers.
Hey, I got an idea, what if we made hardware currency, we could call the small ones coins and the big ones bills (because you pay bills with the big ones) and if you wanted to sell something you used a store!
whatever, lets bring commerce back to the 1930's. At least that way if someone robs you, they are right there and you can fight them.
Quote: "...essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption..."
1. WHO IS CONNECTED?
@tip_pc: "... end to end nature of comms, governments know historically who connected to who...."
Well...have a look at mail.com....anyone can set up an anonymous email address....absolutely no account required....absolutely no authentication to establish exactly who is setting up the email address. And this is a "throw away" deal......next week anyone doing this can be using another anonymous email address!
So..."governments only know who connected to who"......when the correspondents ALLOW GOVERNMENTS TO KNOW!
2. PRIVATE ENCRYPTION, KEYS, AND SO ON
@VoiceOfTruth: "...In the UK you will get 2 years in prison for not handing over your keys...."
(2A) Well....maybe some reading and research might help. Start with a Googe search on "Diffie/Hellman". Software using this protocol uses a random secret key which is CALCULATED....the sender and the recipient share two tokens, but the secret key is never published. This random secret key is different for EVERY MESSAGE. This random secret key is destroyed by the sender software after send time, and it is destroyed by the recipient software after decrypt. There is NO KEY KNOWN TO USERS. So....users can go to jail for something they simply do not (and cannot) know. Wonderful result in a democratic society!
(2B) Note that these agencies may not know who is sending or who is receiving (see item #1 above). So who does PC Plod get to ask about keys? And if simply owning and using encryption software becomes a crime, the same point applies....who does PC Plod get to arrest when the email addresses are anonymous?....and the IP addresses are in another country?
(2C) Note that anyone with some tools (say...gcc, gdb, gmp) can implement Diffie/Hellman on their own. If they do this, if they use Diffie/Hellman to encrypt all their messaging BEFORE MESSAGES ENTER ANY PUBLIC SERVICE (e.g. Proton, Telegram...), then the fact that various agencies can break E2EE is COMPLETELY MOOT.....these agencies will break the E2EE encryption....and all they will find is more encryption.
3. TO GET TO THE POINT......
All this proposed legislation "...tackling child abuse by killing privacy, strong encryption..." is simply POLITICAL THEATRE. Posturing using mass media in front of millions of voters.....to convince those voters that their government is "doing somthing"!!!! I suppose that attacking FB, Proton, Telegraph......for E2EE might be politically popular too.
......and all the while, anyone with the skill and resources is:
-- implementing PRIVATE ENCRYPTION using 8192 bit keys (or bigger), using protocols like D/H, and other useful tools
-- sheltering behind anonymous identities (email, IP, and so on)
-- and getting on with their own business, whether legal and ethical....or not!!
>"If signed into law, this regulation would likely require service providers to use AI to read entire text messages to figure out if a user is "grooming" children for sexual abuse" Matthew Green, a cryptography professor at Johns Hopkins University
I think he doesn't actually understand the problem, the AI just like a human would have to read several conversations to figure out if grooming might be occurring and thus further background checks need to be performed.
Most child sexual abuse is done by persons with close proximity to child, (family or family members).
Remote sexual abuse, such as a UK person paying a family in some remote country to show sexual abuse of a child, is fairly common, streamed abuse, but unless recorded or intercepted in live time , this is difficult to prove.
Connection to Connection can be proved. Cash trail can be proved.
But actual incident is very difficult to prove. See various reports from Philippines on this.
They try to raid during actual streaming as that is how they get proof.
So...for those here who have a taste for real examples of private encryption.....and who might like the challenge, here's something short and sweet to chew on.
This is the sort of message which can be passed between correspondents who use Diffie/Hellman techniques to COMPLETELY AVOID the publication of ANY keys, not even public keys. This example:
(1) Uses chaca20
(2) Three encipher passes
(3) Randomly generated keys for each pass (but known to sender and recipient thanks to D/H)
****
IDpJsH3Qv/5YWaCz6TTrypGwTUJVu6/eAmsCdnvik5rlO0P2EWMz62gRyt+EwEtKXqyg7XDWSUBN
3GtA2MxF0inxvPxb+tNom6u8H+wF1DwFLEJ8cj9tLeAa2n6HLlblMBx9HQnQHVoBkSnBG0UtBmfA
pvJf13NOTG0psDp74VMS7eGTlzQseafAk1z82D3v9sxCl29taI4k85xBrV/SzpcTSKbnrc4tktmZ
2pJEFLw0e1sfnF9APycqlkV/mRtj8f4T89haGWMaZalDYdnqOpuEeQOe1RscBiuOWAXHmkeFq9GN
AvijcOlfcAK3oWYJhM+2BTcXAjpW5bXXVcmwU3ez6gf6IgbwAQ8Om5WW5ZqjsJNSVPYExuc0YWLQ
W5jgcPJWIVYP+iRFcYMcxdZAiwBlviYyC4tvx4fAqvjcN5P4FsdlkJf2X3DOOuoU45pKtOtRjklO
keuV/R3fRbCevH5Lw7bxu6j7cRcYUx3ZERVJ62ZOBkf5DFOfjO3gGwdPVjmZr8fI36TFfOU835gh
GUW4s2NvWCWM4dhSK+pVTYFuzrFd7MpU2gbzXtR5jKYN3KFzComS4mG+SVp2Nj0ve5P7LDlNDPpA
6yBZxt0ZBlTrfpANAZ4A89yeXMnr/Ose7WxQSXRAc6UZyp1pDCJz1mZo37MGxYE2GT03iM7O7ktA
PsI+blcB1a+m6NeRTRTmQPoUVrKHTCY5qDzlERfhFMPSIOQs5iD2XoZSGe+nCmFYlGo4bM8k+2KG
0Uz7VgdrD2ZSSsIJsx9+wSMkOInTsrkLvkaW+ee4yixOJBlX4ce+J7EKN5UH53wzXbTRMIdKphzm
l3OQzsXvezTYvoD9Vz++RSyBQptN8Tg5cLDdnAG+ykKR82+WujR/PhJcCTLL34lrbwg2KSBsqtJU
agldcoraUArtv6ZfakTjxfikyroIJP2jQ+lGohgTNPDuvyv3+7pu2YSDjeEHpRBOeijFv0JcuMuJ
sCXTPn6mbmFP0U0+AIRFyLl9NLVeyL2Qhe8b4Ip1KpQcyVg0JIXBmrQIJK3HreTFdSxIavMrjOOV
yT/mEJ6oyT1BWXPkLhwZygjcSWQWcgBkxLhdSBDowtaBn18p9yfyX7ioY1FvVfwNeS//9wD2kWgZ
CMoyLazTiR1UiF4z7toJuRO5KbOJ2Xidw+zc5Twg4JjecBBukjdIAyZu9j5N6U5qi1maLfLi6DXQ
6QEsY/bxV95vTccSdbzlqvVfVYhtOPDP5F7efyleO1MaXO42PUht6c7JSBnlAo3JUT8cVo1efvFb
AXTKXPuabDVmPfCPCD3/ICFjjx6Y+1FWqNqmIv3PHshzzRzW5dfXqxmr8vL6lAcfkz0BB3jwlrAY
JyLciPzRaI9VUUPk6m1q+K6uNwqcAxyKtZ781IRDSzD7UTFoD9nItZG8SiDm4z/ZuI/9tbORg/kr
IjEAYzbY4t9m8t3TX2NxPkpzNDlT2Pu8RWjPX5j0uEAcZxfRN8m3qkTV6OKF1ZSFWrO3pgKVKBmo
42f+EH4x3ZWnkL11pCcyqPoiEPSe4U6dheNl4gP20FwehBC9ioPZkDuOhEsE3TKKAoopa1ESmp37
/27zrPJ219nzyLwZH8nMjk/Ukv/6gEPqjPFomHzRnWjHIjjVjhzJtLczQO0o6gtF8gf1/5Zn8ub4
5OG9yPylKWr7y64qZUOWsDZBrKyfz6oP8SUJwDREGAfijKL6iUG4Go864xaXG2Tim6kq4md/bGOJ
qpABG+Nsi/f9vEjmADdM/cyTmILJEUSDo0IT+92lXIgfxR/3ODh1AAKx2HRe54pk2pt6qn53H1an
+eEyYXj9Sg==
****
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
