EU Delays Decision Over Scanning Encrypted Messages For CSAM

European Union officials have delayed talks over proposed legislation that could lead to messaging services having to scan photos and links to detect possible child sexual abuse material (CSAM). From a report: Were the proposal to become law, it may require the likes of WhatsApp, Messenger and Signal to scan all images that users upload -- which would essentially force them to break encryption. For the measure to pass, it would need to have the backing of at least 15 of the member states representing at least 65 percent of the bloc's entire population. However, countries including Germany, Austria, Poland, the Netherlands and the Czech Republic were expected to abstain from the vote or oppose the plan due to cybersecurity and privacy concerns, Politico reports. If EU members come to an agreement on a joint position, they'll have to hash out a final version of the law with the European Commission and European Parliament.

Simple solution

[PPH]

detecting CSAM and communications between minors and potential offenders

No kids on the Internet.

Or at least: Accounts of underaged users be required to route all commumications through an assigned guardian. "But..but..what about abuse by that guardian? How will they report it?" Trust me. If a kid is being diddled by someone whose bedroom is just down the hall, the Internet can't save them. Other measures [wikipedia.org] will have to be found.

Re:

[Anonymous Coward]

"We're just trying to protect children" is the #1 lie used by wanna-be dictators who want to control every aspect of your life.

Re:

[geekmux]

"We're just trying to protect children" is the #1 lie used by wanna-be dictators who want to control every aspect of your life.

Even worse when that bullshit excuse protects none of them.

Not sure what is worse For The Children these days; the “parent” today that isn’t, or the Government who demands to take their place, because “parenting”.

Re: Simple solution

[TigerPlish]

"We're just trying to protect children" is the #1 lie used by wanna-be dictators who want to control every aspect of your life.

Same can be said about "No Fossil Fuels!!" or Save the Planet or whatever the current protesters-du-jour are whinging about.

Believe any hysteria at your own risk. Historically such things have been used to prop authoritarians up and keep them in power.

Re:

[DrMrLordX]

The operating theory behind criminalizing CSAM is that it encourages abusers to produce more of it if they get attention/downloads and it encourages consumers to become abusers. These ideas date back to an age when teenage girls weren't producing pronography of themselves with cellphone cameras.

Even if you get kids off the Internet and take away their phones, you'll still have creeps producing hardcore shit in their basement studios with whatever victims they can groom for exploitation.

Re:

[Wonko the Sane]

I don't like CSAM distribution but what I really, really hate is CSAM production.

I want the people involved with that to be tracked down, drug out of their houses, and executed.

And no, I'm not talking about cases of teenagers sexting each other that's always brought up to muddy the issue. I mean adults preying on much younger, frequently prepubescent children.

If I was confident that governments would do that and only that upon receiving such a mandate then trying to bring about that mandate would be the onl

Re:

[DrMrLordX]

That's a fair assessment overall. There needs to be some legal distinction made based on the source of the offending material.

sounds like bullshit

[conorjh]

Were the proposal to become law, it may require the likes of WhatsApp, Messenger and Signal to scan all images that users upload -- which would essentially force them to break encryption

they currently scan all text for references to terrorism and report it police automatically... so the encryptions already "broken"

Re:

[Stolovaya]

Is there a source on this claim? Kind of scary if true.

Re:

[conorjh]

https://www.bbc.co.uk/news/wor... [bbc.co.uk]

Re:

[conorjh]

Mr Verma's message was picked up by the UK security services who flagged it to Spanish authorities while the easyJet plane was still in the air.

Re:

[Stolovaya]

I'm not sure that's a good example. In that story the program is SnapChat, which doesn't have end-to-end encryption for text messaging.

Re:

[conorjh]

it still doesnt stop the WhatsApp binary phoning home with your unencrypted chats though

Re:

[geekmux]

Is there a source on this claim? Kind of scary if true.

Reminds me of a story told by the creator of PGP.

Phil proposed a rather simplistic way to tell if his PGP got cracked; write a unique funny joke, tell no one, and then strongly encrypt it.

He figured if the joke ever came to light, well..

Re:

[NoWayNoShapeNoForm]

Sounds like a simple but effective approach to the question.

Re: sounds like bullshit

[Impy the Impiuos Imp]

That seems perilously close to being a functional arm of government, the relationship a little "too cozy". Government (in the US, anyway) cannot work around 4th amendment warrant requirements for search by having 3rd parties do the necessary.

If someone, a maid or a repair guy, sees something illegal, they can report it, no problem. But if they have a too cozy relationship with government, they cannot. Lawyers can talk about the dividing line, but an automated search-and-forward-to-government system might

Re:

[Khyber]

"Government (in the US, anyway) cannot work around 4th amendment warrant requirements for search by having 3rd parties do the necessary."

Yeeeaaaaaa, Five Eyes would like a word with you.

What's really going on

[CEC-P]

They're all liberal pedos anyway so let's get to what they're REALLY doing. "Well, while we're in there, we should probably check for terrorism stuff too. I mean, that's child safety too I guess. And you know what, the opposing political parties are kinda terroristy too so let's make a list of those and start disrupting them and discriminating against them and telling big tech to censor them and..."

Nothing to do with kids

[bradley13]

This is the usual: centralized government wanting warrantless access to private communications. This is at least the third attempt - they keep repackaging it, hoping that someday they will get it through. This time, they are dangerously close to success.

If we manage to defeat thus idiocy yet again, how do we keep them from yet another attempt? It's like a bad horror movie, where the zombie keeps rising from the dead.

Re:Nothing to do with kids

[gweihir]

Overall, including initiatives to outlaw encryption, this is more like attempt Number 10 or so. There is a type of defective person that cannot stand others to have secrets. These become politicians, go to the police or, traditionally, became priests and inquisitors.

Re:

[AmiMoJo]

It's pretty common for the EU. The EU is far more responsive to constituents than most governments.

Re:

[Stolovaya]

A law would have to be passed, something around privacy, and it would have to address communications through third parties. But most of the people in charge, at least in the US, just aren't interested in that.

You'd think the 4th Amendment would cover that, but the 4th Amendment is routinely disregarded for all kinds of reasons.

You Go First

[organgtool]

I'm really concerned about leaders who have CSAM on their devices. Since you're public servants, the public should have access to all of your communications so that we can make sure you're not misrepresenting your constituents or engaging in any unlawful or immoral behaviors. After you've done that, then I'll give you access to my communications.

Once again this got a lot of negative attention

[Nephilimi]

So of course let's shelve it for a couple months and bring it back under another name, again, and again...

Unintended consequences for the win.

[SvnLyrBrto]

Looks like the EU forgot that they've just spent a few years making up new laws to try to tear down the App Store and Play store and turn the mobile app market on both sides into the unrestricted free-for-all that was Cydia back in the jailbreaking days. That job is not complete yet, of course. But switching from the real App stores to side loading opens both mobile OSs up to free OSS messaging apps with E2EE that will not be the products of businesses the EU can regulate, but by everyday programmers outside their jurisdiction who will tell them to go pound sand.

Those independent OSS E2EE apps should, of course, have always been allowed on both the App and Play stores. But before sideloading, the EU could force Apple and Google to remove them so they could still spy on the public. Not so a hundred random GitHub contributors scattered across the world and outside their jurisdiction. If I could be a fly on the wall to watch the whinging and teeth-gnashing and facepalming when they realize what thy did; I would almost be rooting for them to actually pass this law.

Re: Unintended consequences for the win.

[guruevi]

The only reason theyâ(TM)re trying to break down the App Store and introduce rules like the gatekeeper shit is because those laws say that anyone labeled a monopolist has to hand over encryption keys to the government to make sure they can make it interoperable. That is why they want to force Apple to send E2EE messages with the known-broken unencrypted cell phone network protocols without alerting the user.

more like indefinitely suspended

[pitch2cv]

The vote on this controversial topic has been indefinitely suspended: https://stackdiary.com/eu-coun... [stackdiary.com]

Now, I'm looking forward /s how Hungary's presidency, starting 1st of July, will go about this.

President Orban of Hungary is a far-right reactionary populist who has already severely curbed the press for example, and is best friends with Putin. His slogan for their presidency? "Make Europe Great Again"

Ring any bells?

Re:

[thegarbz]

The presidency of the Council of the EU is largely irrelevant. Back in 2009 the function was changed to be mostly symbolic. The President of the Council of the European Union has no power over the Council itself (being made up of the 27 member states), and has no authority over the European Council or Parliament.

Nothing will change for Orban as the President of the Council of the EU. The EU will still pass laws the same way it always has, Orban will still have the same power in the EU he's always had, and t

Useful alternative

[Schoenlepel]

Tox [tox.chat] is a useful alternative to WhatsApp and Signal which is decentralized and completely anonymous. Good luck forcing these guys to break their encryption.

Re:

[test321]

Thanks for the tip. However, Tox would not be concerned by the proposed (now postponed) legislation. The legislation only applies to businesses offering communication services to the public. If you open such a service, then your business might receive injunctions to comply, and that means you couldn't legally use Tox as the technical basis for your service. However regular people installing FOSS software (such as Tox) to communicate with their friends (it's not a public service but a private means of commun

Protect democracy, please

[NotEmmanuelGoldstein]

... WhatsApp, Messenger and Signal ...

Their owners will have to choose between protecting democracy or protecting profits. To date, we've seen Apple suffer a hit to the bottom line, the only corporation to do so, for the sake of their customers (and their unique selling position).

It will be an interesting day in Europe, should Meta and Signal Technology Foundation switch-off their servers. Although, Meta can push their subscribers to private-access (unencrypted) Facebook posts.