* Posts by plasticbrush

1 publicly visible post • joined 8 Sep 2023

UK admits 'spy clause' can't be used for scanning encrypted chat – it's not 'feasible'

plasticbrush

There are two main angles to this. The first is the breaking/backdooring encryption for the goodguys only, this is something which is very definitely not technically possible. The other is the client side scanning issue, this to me is more worrying.

Using CSS we can compare a hash to an existing blacklist already. What we cant do is check for minor changes such as altering one pixel. It is very likely that AI could be trained to flag high probability CSE material although it probably wouldn't be able to run on the client device. So now you have a situation where I want to send image X to someone, I attach it to WhatsApp (or another app) which goes on to compute a hash for said image and compare it to the online blacklist, it comes back as not matching any known CSE material, to make sure the image is then uploaded to some portal somewhere where an AI instance can scan it to determine if it might be dodgy. So removing the client-side bit from client side scanning.

Under this law the UK could concievably mandate that all communications software make use of the new UK AI assisted scanning system. It could even be reinforced with laws making it illegal to send electronic communications using non-(UK)compliant communications software.

There is a rabbit warren of holes in the above proposal, AI accuracy, Redress against false positives, Opensource software, Mission creep (CSE today, Homosexuality tomorrow), and finally the simple fact that there is no privacy with such a system.