The scary thing about this is that many people have images that look like child porn at home: Family photos of naked grandchildren playing at the sea or in the mud, as well as sexting between consenting teenagers. There is no way automatic classification can distinguish these from real child porn, because they look almost identical and thus many private pictures will be shared with the government. This not only infringes the privacy of those people in the most drastic way possible, but might also lead to lawsuits that can tear families apart (think your father being accused of having CP only for it to turn out months later it was an old picture of yourself). The article mentions that 40% of CP investigations in Germany are started against minors (implied: through sexting), which shows that this concern is not purely theoretical at all.
This was not an issue with the old approach of comparing checksums against public CP images, but it will increasingly be if we use more AI algorithms for this.
EDIT: Probably Apples neural hashes that are currently in the news won't be vulnerable to this since they trained specifically to only detect changes in color/cropping/rotation. But we can't know for sure since the white paper is not that detailed and "naked kid on beach" photos all look really similar usually.
"Child porn" is a smokescreen. It's what every privacy advocate saw coming: find the worst, most repugnant thing possible and use it to backdoor encryption.
It's not a dream, and it's really happening, right now.
Yeah. Children are the perfect political weapon. You can use children to justify anything and destroy the reputation of anyone who opposes you. It's reasonable to assume anyone using children as argument is acting in bad faith.
I seriously doubt governments actually care about children. They probably care a great deal more about maintaining their own power and control over their subjects. We see countries like Russia and China using the tools of surveillance and law enforcement to silence political opposition and dissent.
Yes, given all the burgeoning authoritarian states where phones are sold it's clearly population control.
Regardless of country, scanning for material critical of PRC, Lukashenko or Erdoğan is the exact same tech you might want to scan for copyright violations, union organizing, political party opposition, cryptocurrency, or any other dissent your local burgeoning authoritarian wants to pay for.
Both phone OS vendors have over and over proven eager to satisfy every authoritarian, no matter the human impact. We're screwed.
CSAM is still problematic, though. The consensus is that creates a market that incentivizes the abuse of children, because you cannot produce CSAM without CSA. It seems to be the one of the few classes of data that is an exception to the standard of privacy that is applied to almost all other data, to the point that Apple took action against it. Dozens of other countries besides the US also agree, and outlaw that class of data as well. Finding actual CSAM (and not just any kind of pornography involving minors, hence the shift in terminology) is supposedly directly tied to finding child abusers, thus preventing future child abuse from taking place.
There appear to be few to no studies that give statistical evidence for the market hypothesis or that the spread of CSAM causes CSA. But even if they existed, I still think the argument would ultimately become "letting one more child abuser get away because we preserved our privacy instead." How can such an argument be challenged, given that the prevention of CSA is a legitimate problem on a global scale? Even so much as mentioning an argument that takes into consideration the nature of CSA appears to be taboo - and for good reason, as it carries a risk of being labeled many kinds of terrible things oneself. That seems to be why a lot of threads here are reducing the issue to "think of the children" or lambasting the potential slippery slope of authoritarian surveillance, instead of discussing why CSAM is outlawed to begin with, and thus the reasons why Apple came to this decision in the first place.
Another thing that nobody seems to talk about is that Apple doesn't want to be held liable for CSAM stored on their servers, either. Within that context, this change is Apple's way of addressing that issue, which also happens to erode individual privacy. Apple's values appear to dictate that the tradeoff is worth it in the end. About the only people that have pushed back on this change come from technology or privacy-conscious circles. Nobody else seems to care. That is the status quo, and I'm not sure how it's going to change with general public sentiment the way it is surrounding CSA.
> Finding actual CSAM (and not just any kind of pornography involving minors, hence the shift in terminology) is supposedly directly tied to finding child abusers, thus preventing future child abuse from taking place.
NCMEC and similar groups call all pornography involving minors CSAM.[1] And this system can't detect new CSAM.
> Another thing that nobody seems to talk about is that Apple doesn't want to be held liable for CSAM stored on their servers, either.
Many people said they would prefer server side scanning. Other people argued E2E encryption would shield Apple from liability.
Since the system can't detect new CSAM, doesn't it actually incentivize the production of new material? This mechanism could then actually increase the amount of abuse going on.
That's just one more argument to the fire: the intent here is not to protect children. The intent is to scan everybody for things "to be determined", and not subject to public scrutiny.
Europe is not immune to this. Jose Manuel Barrosso, the ex-EU-commission-president used to be a member of a communist revolutionary student group ... that has murdered people. He was present at at least three such killings, and it is not clear if "present" is where it stops, but obviously he was never convicted of murder (he was, of other things). When he came to office, there was a witch hunt for material and articles telling this story. And obviously plenty of lower ranking officials wanted to take care of some of their own dirty laundry. This is the real source of the "right to forget" privacy legislation. Makes you all warm and fuzzy inside, doesn't it.
EVEN when it comes to child abuse, the top politicians in Europe just brazenly ignore the rules. Emmanuel Macron's wife ... has publicly confessed to being a pedophile, and having sexually abused at least one child (yes, mr. Macron: she was his French teacher. She blames him, incidentally, as if that matters). Macron has publicly confirmed this (and taken "the blame", which of course doesn't matter: he was a minor). For anyone in France, it is clear: this is a despicable crime, and she would be harshly punished ... but any action against him might bring Le Pen to power, or even tip the balance in the EU parliament to anti-EU parties if we are really unlucky. I bet he has said as much to the public prosecutor.
A child defending a pedophile happens often, by the way, especially to stay out of the hands of child services, and is of course never accepted as an excuse ... except ... when it applies to even pretty low-level government officials.
I was gonna write a whole thing, but mostly I just wanted to say we'll be able to deepfake CSAM inside of 10 years, no question, so this whole thing is moot.
I think this is a massively important point that needs further consideration.
If a person can generate images on demand any system based on recognising known images is immediately bypassed.
AI image classification will be your only option but the false positive volumes have the potential to be massive, swamping any follow up investigation.
> The article mentions that 40% of CP investigations in Germany are started against minors (implied: through sexting), which shows that this concern is not purely theoretical at all.
I've read news about this. Teenager sends nude photos to her boyfriend, calls the cops after the break up and they proceed to nearly ruin his life by threatening lifetime sex offender registration. The implication that the girl produced and distributed child pornography of herself is never even mentioned.
Not only that, but child porn seems to mean a different thing in every place. The Netherlands and other European countries define the age of consent at 16, meaning some things that are perfectly legal there will be a ticket to prison in many countries. Now you don't just have an engineering problem, you will also have to spend a bunch of money to have some lawyers review your spec.
I believe porn involving 16 year olds is still legal in the Netherlands. Which doesn't mean it is being commercially produced anymore, for obvious reasons. Maybe a Dutch reader can provide more insight into this.
It even includes people that "appear to be under 18" even if they turn out not to be. ("[...] afbeelding – van een seksuele gedraging, waarbij iemand die kennelijk de leeftijd van achttien jaar nog niet heeft bereikt, is betrokken of schijnbaar is betrokken, [...]")
What I also found interesting is:
> Het voorontwerp Wet seksuele misdrijven stelt niet langer strafbaar degene die een visuele weergave van een seksuele gedraging of een gegevensdrager bevattende een visuele weergave van een seksuele gedraging, waarbij hijzelf of een andere persoon die de leeftijd van achttien jaren nog niet heeft bereikt is betrokken, in het kader van een gelijkwaardige situatie tussen leeftijdsgenoten uitsluitend voor privégebruik vervaardigt, in bezit heeft of met die ander deelt.
Short translation: sending or owning pictures of sexual acts involving an <18yo is not illegal if it concerns private use between persons of similar age in an 'equality situation' (I interpret this as meaning/implying 'consensual').
The problem is when you analyze what this means in practice. In Belgium consensual sex is legal IF
1) both parties are < 18, and the age difference is less than 5 years OR one party is > 18 and the age difference is less than 2 years
2) both parties are both older than 14 years (used to be 16)
3) there is no "power relationship" between them (this requirement actually drops when one, not both, turns 18)
Unfortunately ... now apply these rules to a sexual relationship between a 14 and a 17 year old.
a) 1st year: legal, any images are not CSAM
b) 2nd-5th year: illegal, any images are CSAM
c) 5th year onwards: legal, images not CSAM
Law sucks. It used to be worse, this is an actual improvement over the previous situation, but ...
What is absolutely not clear to me: does (a) mean sexual images of a 14 year old are now legal in Belgium in that case? The law does not seem to require that the owner of the pictures has to be one of the participants ... but I find it hard to believe this is the actual intent.
And to make matters even more bad, this is not the only way to punish kids. You see while this will prevent criminal prosecution, you DO NOT need a criminal conviction to lock up a minor (and they're trying to extend this). Youth services can and does, without any proof (and in practice by getting 1 social worker to say something like "it is an unhealthy relationship". They can shop around until they find one, btw, and often the one they find has never seen either kid) and in the above example lock up both partners, the younger for up to 7 years and the older up to 4. In practice they will punish the younger kid, almost always the girl.
The fun thing is when a kid is locked up for criminal reasons (bad enough so that he actually goes to prison) schooling CANNOT (and is not in practice) denied to the kid. When youth services locks kids up, they can (and are in practice) denied schooling. But of course the previous point means the police will try to use child services, not criminal prosecutions, if at all possible.
So sadly, if you want a kid's situation to improve over time and they do not want to end the relationship, your course of action is clear: you should let the abuse continue and even (help) hide it. However, if you want to hurt the kid(s) (whether or not such a relationship is actually abusive), you should report them. So here too the net result of the law is: very easy to "abuse" the law to hurt children (esp. if you are a social worker), very hard to use the law to protect children against abuse (or actually help them)
The age of consent goes low as 14 in Europe but that doesn't change the definition of CP. Probably they won't prosecute when both parties are underage and such so heavily but consent age doesn't change the fact that nudity is 18+.
Nudity is 18+ in extremist countries like the Emirates or the USA.
Sorry but in France, 30 years ago before american culture started to dictate where money come from, you would see genitals from all genders and ages in movies.
Nobody found it offensive, because we didn't have a catholic puritan morality to impose its sick twisted vision of the human body on us.
Meanwhile we sold car by showing cars, not hot girls. But this apparently is ok because money.
It's also perfectly alright to show kids image of people killing each others in mass. Because this is sane, unlike nipples.
Indeed. But it strikes me that the places with the most rigorous enforcement of theological dominance also have the worst child abuse problems. Or, as an AI would decide, men in robes can't be trusted.
Well if you tell people they are sinners for being humans (having body parts), you get frustrated humans.
I have been in very rigid religous countries. The men in the internet shops were all whatching hardcore porn, and my female friends were harassed in the street.
So it's not men in robes, you can be deeply religious and have a and loving view of the world.
But puritanism, and sexually frustrated people ashamed of even existing, are bound to generate unhappiness.
> the places with the most rigorous enforcement of theological dominance also have the worst child abuse problems.
Citation needed. The data doesn't back up that claim, contrary to the media's narrative.
A report which Christian Ministry Resources (CMR) released in 2002 stated that contrary to popular opinion, there are more allegations of child sexual abuse in Protestant congregations than there are in Catholic ones, and that sexual violence is most often committed by volunteers rather than by priests.
Catholic clergy aren't more likely to abuse children than other clergy or men in general. The 4 percent figure appears lower than school teachers during the same time frame, and certainly less than offenders in the general population of men.
You mean like in movies, those "can't see boobies before you're 18" labels? Because capturing a nude 13-year-olds is perfectly legal, just not in a pornographic manner. E.g. my Dutch biology book had nude ~6 and ~11 year old girls depicted (as well as an adult) for educating different stages of development.
Not a lawyer, but my understanding is that in the States, sending naked pictures of teens is illegal, even if it's a picture of yourself. If you send naked selfies to someone, you could be charged with distribution of child pornography if you are a teenager.
I'm also fairly sure I heard that even possessing naked selfies is considered illegal, at least in some states, e.g. this article about a teenager facing 10 years in prison for having pictures of himself naked at 16 years old on his phone:
https://www.rollingstone.com/culture/culture-news/teenager-p...
> A Fayetteville, North Carolina teenager has reached a plea deal to avoid being charged with multiple sexual exploitation counts after his cell phone was found to contain nude selfies of himself. Seventeen-year-old Cormega Copening, who took the photos of himself when he was 16, agreed to the deal in order to avoid possible jail time and being registered as a sex offender. As part of the plea, the teen agreed to random police searches without warrant for one year as well as other penalties, Fusion reports. The teenager was listed as both the victim and the perpetrator on the sexual exploitation charges.
This is quite possibly the most kafkaesque "justice" story I have ever heard coming out of America and that really says something.
The law and morality are often fundamentally opposed. Saudi Arabia punishes homosexuality with the death penalty, and Apple happily removed the encrypted communications from their phones so they could continue selling in that country.
Illegal or not, comparing two teens that sent naked selfies to each other is not even remotely similar to involuntary child abuse from an adult.
>this article about a teenager facing 10 years in prison for having pictures of himself naked at 16 years old on his phone
That anyone would even consider spending taxpayer money to lock up a 16 year old for his own picture shows a colossal failure of government on every level Legislative, judicial, and executive. The DA stacked 5 charges and saddled them with up to a decade so the kids would be afraid to even go to court. In any sane judicial system that case would be laughed out of the courtroom and it's telling that they were presumably advised by a lawyer to take the plea bargain.
I mean technically that already happens in the UK - you can have sex legally at 16, but you can't take any pictures of you doing so until you are 18.
So 2 consenting 17 year old teenagers cannot send indecent images of themselves to each other.
I seem to remember a case from a few years back, about a girl who got herself on the register for sending her boyfriend a picture of her naked or something.
Although it seems that the Protection of Children Act [1] I think (I'm not sure, it's hard to actually read with all the brackets ...) let's you do it if you are married (which you can also do at 16)
Any sane person would know that teenagers do what teenagers do ... having someone potentially going through those photos is such a strange and wrong approach
It might also turn into a good teachable moment for teens about privacy, sharing, and technology. I don’t take a picture on a smartphone of anything that I wouldn’t want to make public, and I surely wouldn’t share or post it anywhere. If it leaves your device, it’s effectively public, regardless of whether whoever you sent it to tells you they’ll keep it “private”.
Even this is naïve with Apple's new plan. How long do you really think they'll wait before a software update makes it apply to even things that don't leave your device?
This would be a much bigger step though, and any brand doing it, even Apple, would face very negative market effect.
It couldn't be legislated in the US because it would be unconstitutional to do so, almost impossible in the EU, possible in the UK/AU, even Canada (with the help of some creative rights busting from the Supreme Court, as they recently demonstrated).
AFAIK, ML image classification is used for checking user-generated content on social networks, forums, etc. Cloud storage, email and IM providers will continue using hashes (either exact or perceptual) to lower false positives.
In Apple's defense here, there seems to be a reason they're using the longer acronym CSAM. It means not just pictures of people without clothes on, but actual images/video of children being abused. Stuff that would likely provoke you or me or other normal people into acts of extreme violence against the perpetrators if we ever got the chance.
The real danger with Apple's system is that there's zero accountability in the list of "bad" hashes. So there's no way to know whether it's really all CSAM, or if it also includes rare Pepes, Bernie memes, or pictures of politicians doing embarrassing things.
> It means not just pictures of people without clothes on, but actual images/video of children being abused.
Who said that?
They're the same legally. People have said NCMEC's database includes entirely legal images. And groups like NCMEC have tried to rename child pornography for years.
But the point is there’s an existing database. Either you have a photo in that database, or you don’t. So your kids naked photos don’t get triggered. And even if that photo is legal, not only is there human verification and minimum quantities required, it would be very strange for you to have in your iCloud photos that were part of CP collection sets regardless of content.
Their point was CSAM means especially bad CP. Your points were different.
It's a perceptual hash. Matches don't have to be exact. And people have engineered collisions for other perceptual hash algorithms. What a computer sees and what a person sees can be very different.
People have said the human verification just involves the visual derivative of the suspect image. Apple didn't explain what that is really. And human verification doesn't reassure people who object to anyone viewing their private photos without their consent for any reason.
People have said any images collected during an investigation go in the database. Do you think people who collect explicit photos of 17 year olds don't collect explicit photos of 18 year olds?
Sorry. Either the posts got updated or I got the thread confused as others were trying to say that (re: hash versus classifier).
Re hashing, Apple claims 1:1 trillion likelihood of a collision. These kinds of systems are not rolled out lightly, and even if that number is wrong, it’s feels unlikely to me that it’s too far off. If it is and it has too many false positives, this will get noticed and the system pulled until it’s fixed and at the required false positive rate.
Ultimately beyond Apple if you’re getting arrested and confront a judge, you’d expect humans at that point to look at the evidence. In fact, I’d expect the DA or whomever to similarly look at the photos at that point. You can’t be sentenced without evidence in the US legally (how all of this works in another country is another matter).
If there is legit porn that’s 18+ mixed in this database, and someone ends up being charged because of it, fights, and wins, I’d expect a number of counter lawsuits to follow. To me it seems incredibly unlikely that non-CP is not only going to be a significant part of that database (including 17 year olds versus the more likely 7 year olds), but you’ll be saving it to your iCloud photo roll. There’s so much legal porn out there, in such vast quantities, this hypothetical situation you describe I’m not sure will ever actually occur.
Apple's claim is unverifiable. It counts for nothing. And people with relevant experience have called it bullshit.[1]
Even just arresting someone means separating them from their children. Preventing them from working if their job involves children. Seizing all their electronics for months. Violating the privacy of their files and belongings. Legal costs. Possibly media reports. Putting innocent people through this because a secret algorithm said a secret database matched a secret number of times is unacceptable.
Several people have claimed false positives are in the database. Including someone who verifiably worked with it.[1]
US prosecutors have absolute immunity. Any civil suit would be dismissed swiftly.
People don't collect random subsets of all pornography ever made. Some is much more popular. People have specific tastes. Photo sets exist.
> 40% of CP investigations in Germany are started against minors
This in particular seems like such a silly outcome of over-regulation and bureaucracy. Amazing. Research suggests most child sexual abuse does not have much of a long-term effect at all:
This (of course!) does not mean it is good or should be done, but it suggests this is not an urgent issue, certainly not one that can justify abolishing privacy, especially when these measures only catch the small fish, not the large trafficking rings who will probably switch to different means of communication once theirs gets compromised.
You're arguing that child sexual abuse is "no that bad" by citing a guy whose "research papers" include gems like
* The left-liberal skew of Western media
* What Happened to Brussels? The Big Decline and Muslim Immigration
* Mental illness and the left
* Human Biodiversity for Beginners: A Review of Charles Murray's Human Diversity
* Race Differences: A Very Brief Review
* Racial and ethnic group differences in the heritability of intelligence: A systematic review and meta-analysis
* Global Ancestry and Cognitive Ability
* Sex Distribution, Life Expectancy and Educational Attainment of Comedians
* Immigrant crime in Germany 2012-2015
* Country of origin and use of social benefits: A large, preregistered study of stereotype accuracy in Denmark
* Inequality in the United States: Ethnicity, Racial Admixtureand Environmental Causes
* Increasing inequality in general intelligence and socioeconomic status as a result of immigration in Denmark 1980-2014
* Criminality and fertility among Danish immigrant populations
He boasts 24 publications in Mankind Quarterly and 20 in OpenPsych, both of which he seems to run himself. Mankind Quarterly according to Wikipedia 'has been described as a "cornerstone of the scientific racism establishment", a "white supremacist journal", an "infamous racist journal", and "scientific racism's keepers of the flame"'.
There are excellent cases to be made why privacy and encryption should not be compromised in the name of hot button issues like "protecting children" but citing a study by a "scientific racist" and eugenicist, who is a known advocate for legalizing child pornography, to trivialize child sexual abuse is not it.
You don't need to be a "left liberal" not to cite Emil Kirkegaard. Being a decent human being or having any appreciation of actual science would suffice.
I want to cry if is see such dangerous things.
Most European parties send unknown politicians to Strasbourg and let them vote on important topics with low media coverage. Later the local politicians - which act mostly in Bruessels - claim that they have no way but follow Strasbourgs/Bruessels decisions and write even worse state laws upon it.
I think we need a new Europe state with a actual parliament in charge, which means the people there are accountable and in power. Without the Commission, Council and Presidency of Council[1]. Instead one actual parliament and one actual government. The Europeans state are integrated part of it, like elsewhere. Next the stuff can be fixed: We just need one army. And one social-security system with one economic policy. And one state department (foreign politics).
Most politicians still think of Europe as a economy council but we people expect a sovereign country/state. The former "economy council" could solve economy related issues within Europe in the 1950s. But I think we have much bigger things to do.
[1] I don't know how somebody can seriously use something like a rolling presidency. You can do that with a mediator position or referee.
Privacy is something that people usually only care about on a theoretical level. Practically speaking, they're often happy to not care so much at all if they get something more tangible in return.
---
Company: Excuse me, would you mind us profiling you through an accurate survey of most of your everyday purchases?
Customer: Heck no!
Company: What if we let you collect "points" that will maybe someday safe you a little bit of money on one of these purchases?
Customer: Sign me up!
---
Company: Excuse me, would you mind us recording everywhere you go all day every day and store that information for at least six months?
Customer: Heck no!
Company: What if you get a pocket computer with fast mobile internet connection in return, the corner stone of modern life?
I would definitely trade my privacy with the government for any tax discount (and I think I'll have the longer stick, I'm no Indiana Jones) but whether I have an alternative or not is important.
A better question would be: would I move to a country where encryption is illegal if it had 0% tax?
No, I would shop for another country.
For a similar reason, I don't live in Dubai (0% tax but policies I don't approve of).
> Privacy is something that people usually only care about on a theoretical level. Practically speaking, they're often happy to not care so much at all if they get something more tangible in return.
Because not everyone is a Programmer. Most people I know have never even heard about Snowden.
I know lots of people who are tech savvy, care about privacy, but use a gmail address nevertheless.
I have my own contradictions. I think the disappearance of payments in cash is a problem, it is not good to give the state too much control on a society. But I hardly use any cash myself.
But their neighors do not know it, and if amazon or the government knows it(pr their browser histpry, emails, ...) it has the same effect to them, that god knows it all. Can't do anything about it. Too distant to care. Thats my conclusion of privacy discussions with "normal" people.
There's a difference between me _opt-in_ to give private data in exchange for points, and that being unilaterally imposed.
It's also kind of harder to abuse information on my shopping list, whereas there's plenty of ways to abuse having total and complete access to all communication between private parties.
Think of it this way: what is more important to you, the convenience of exchanging text messages with your friends, or keeping these conversations private?
This wasn't always a choice. Before electronic communication people exchanged letters sometimes very frequently (mail service in London peaked at 12x/day). The privacy of these letters was however protected by law, with a warrant being required for police to open and read them.
I don't quite see why our packets and devices shouldn't have the same protections.
Are you saying that these things must be mutually exclusive? It is entirely possible to have completely private and convenient conversations between two parties.
No, I'm not. It is a thought experiment to determine for yourself the value of privacy in a more tangible way. Like, if you were made to choose between one or the other, which one would you take?
That's different from arguing that they are mutually exclusive which I am not.
The point is to give an example for my original tenet, that privacy often is valued as a theoretical concept but that people are apparently willing to give it up rather quickly for something else in return. Or, from a different point of view, how much convenience are you willing to give up for your privacy?
For example, I used to be on the extreme "pro privacy" end of the spectrum. But it is clear that philosophically speaking, privacy for everyone is not a completely positive ideal in all contexts. And that naturally raises the question about what other values privacy competes with, and how they should be balanced.
Intuitively, "convenience" should perhaps be considered less important than "privacy", but interestingly that's not what we observe actually happening in the real world.
I think it's counterproductive to frame the discussion in terms of privacy. The real term is spying, how much spying do you want your <company|state> to do
Yes, users are price sensitive when it comes to selling their privacy. They also have a different sensitivity upon consideration of who the other party is and their perceived/intended use of the data.
To me, this isn't so surprising and is fully consistent with a greater willingness to give personal info to e.g. Amazon than e.g. the government.
I think this isn't getting nearly enough traction, especially considering how undemocratic EU's legislative procedures can get. Considering the lack of direct democracy in the European Union, exposure and public protest is the only viable way to oppose this legislature.
There's also an ongoing petition against the legislature: https://www.openpetition.eu/petition/online/preserve-eprivac...
Hold your horses, put down the pitchforks. You realise the author is a _member of the European Parliament_??
And at least in my corner of EU we vote on who to send to EU parliament. You can vote on whoever you want in the national elections and then vote for the pirate party for the EU seat.
Edit: from your comment history I guess you vote far right, which is usually the part of EU pushing hardest for these measures??
"Hold your horses" and "put down the pitchforks" count as name-calling in the sense that the HN guidelines use that term, because they are swipes that don't reply to the actual argument. Ultimately they're just putdowns. Please omit those from your posts to HN.
You are describing a representative democracy, the parent pointed out the lack of direct democracy in the process. And I would tend to agree that there needs to be more direct democracy involved at some point in the policy making process to accommodate just such a scenario where it's clear the vast majority are not happy with the result.
Representative democracy has it's place, but the reality is that you cannot pick and choose - most people want privacy, but most people are also aware of the wider issues and concerned if the fringe parties are competent enough in making decisions in other areas. Perhaps a good compromise is to be able to shoot down their propositions, so that even though they may not further the ideals the majority want in all areas, they will at least be prevented from eroding them. But as the parent pointed out, there is no mechanism in place to do this currently, so people are limited to protests and petitions.
Even a representative democracy is a far fetched idea with the EU.
Nobody really understand how the EU works, except for a few bureaucrats.
There are too many proxies. You vote for a local party, then you find out they go into a coalition because the parliament is huge: over 700 seats. And those parties in one coalition have very different agenda's.
Then you look deeper, and the parliament's power is very limited, and most of the power lies with the council and commission.
Both are not chosen in an election but in negotiations by the governments, which tends to mean certain countries like Germany and France have a very big say. Of course in a very indirect way these are somewhat chosen by certain part you of the people in the EU.
This got really apparent in the discussions around Brexit. Lots of people saying "I vote in EU elections", assuming that the EU elections work the same as all the other elections they vote in. It really doesn't. The EU is very much an oligarchy controlled by a small number of unelected bureaucrats.
They've been very careful to not let the curtain slip too far, and preserve the appearance that popular opinion can change policy. But there's no legislative connection.
This kind of legislation is an interesting case in point. Who wants this? Who benefits from this? Is it actually going to make a dent in child abuse? Generally the EU is keen on privacy, so what changed that for this? Are there any states really pushing for this so they can read their citizens' mail (Poland, maybe, I guess, but they're not having a great time in the EU at the moment so probably not)? As TFA says, this is not a popular move, and there's no popular wave of anti-pedo sentiment at the moment, so why now?
The suspicion of palm-greasing (sorry, "lobbying") remains. Reading our messages means more data for the AI, means better ad targeting.
Poland is having an awesome time in the EU. Get all the subsidies and trade, and ignore the rules they don't like: not taking any immgrants, going against EU court of Justic, etc.
"The most up-to-date statistics (as of July 2016) show that in 2014 Poland received €17.436 billion from the EU whilst only contributing €3.526 billion. Poland also received nearly €2 billion more in EU funding than any other member state in 2013 (France being second highest).
"
https://en.wikipedia.org/wiki/Poland_in_the_European_Union
The CJEU doesn't have that much credibility after they ignored written law about ECB rules in a purely political ruling. I think it made a joke of itself and its independence should be thoroughly questioned. It also should restrict its rulings to matters were the EU has a mandate, which is luckily fairly restricted. So Poland has quite a case if they listen to their national constitutional court.
"direct democracy" is a no-true-scotsman type fallacy, as you can use it to keep moving the goalposts indefinitely. Even Switzerland, the much-touted example of "direct democracy" has a parliament of elected representatives.
Yup. Have done and will continue to do exactly this. While I don't find the Pirate party's policies comprehensive enough for my national government, I do find the EU parliament the perfect level of government for the issue they address to be handled at.
You realize a single or even multiple MPs cant block the passing of laws in parlaiment, since laws are passed by majorities, not consensus/unanimiusly. So please do get out those pitch, especially since this is the next level of surveillance.
It's not my fault that I was too young to vote at the last EU elections. That's changed since and you bet your ass that I'll vote for the right people when I'm able to. Also raising awareness and promoting a petition about an issue isn't the same as raising pitchforks.
I'm thinking there's a subtext here...
The whole polarization of political issues into right and left is and always will distract from the issues being debated and more so, ends up derailing any debate and discourse about the issues as they get drowned out by the labels.
Very easy to label something right wing or left wing to distract from the issue at debate and it has become very much a political tool in much the same way the "think of the children" card is played.
The EU parliament has far too little power to come anywhere close to the EU being a democracy. The problem being that in second reading there has to be a 2/3 majority to approve amendments.
Direct democracies are far worth than representative democracies in practically everyway. The Covid crisis should have made clear to all that people are not policies experts.
Given than no country in the UE significantly uses direct democracy (referendums are pretty much never used and always devolve into a ridiculous race to who can say the most outrageous thing in front of the media), I don't see how that can be leveraged against the institution.
You realize that Switzerland hasen't voted to wear masks and get restrictions? Having a direct democracy does not mean the gov can't make their own decisions at times.
Yes, I do realize Switzerland doesn't actually use direct democracy for things that matter and when they do they often end up with xenophobic laws. I don't even want to talk about town assemblies voting on naturalisation decisions.
I'm not sure if this comment was troll bait; i'm going to reply as if it weren't.
> if they want to be xenophobic, what's the problem?
One of the problems is that even if the majority of people within a country are xenophobic and they get to decide the lays on a majority basis, there will still be people form other countries living there, or people who in general will be disadvantaged by xenophobic laws.
It's nice for laws to not be dictated only by a majority, but by a plurality. Instead of thinking "what benefits >50% of people is the right thing" we can think "what benefits the most people, including minorities", or "what avoids hurting the most people" to be the right things :)
"So if they want to kill all the Jews, what's the problem? It's their country and they can do whatever they want with it."
Creating laws based on popularity makes populism rule. Hence why democracy usually has an explicit legislative branch abstracting over individual sentiments. That helps prevent policy from being devised through an overly greedy algorithm.
That is not to say it prevents all these problems. But it evidently helps.
Well, the difference is that you're within your rights when you vote on whom to admit to your house/town/country. You're not within your rights to round up people already there and gas them. Let's not compare the two.
The parent comments are talking about direct democracy and its tendencies in Switzerland. Not specific policies (for you see, such extremes haven't come up for voting there lately). Perfectly comparable.
Direct democracy is not a panacea. In fact, it can be quite the opposite. Fair and effective governance is a very difficult thing to achieve, tending either to be subvertible, or totalitarian.
Not saying that is not true. Yet living in one of the few direct democracies it is the very best we have in terms of democracy. On a bigger scale liquid democracy may is more interesting.
Edit:// the EU or even the US has shown multiple times that it will act against the majority of they can.
Democracy cannot work without free acces to information. However, most people wont care about it. Especially nowadays when public opinions are shaped by social networks with censorship and sensations. We can implement all kind of ideologies on masses very fast. So direct democracy could be more dangerous than you can imagine.
I think representative democracy specifically does not work to stave off totalitarianism. When the issue under consideration is about increasing the power of politicians over the citizenry, many politicians will switch from voting as representatives of citizens, to voting as politicians. A binding referendum that can only retract proposed laws, like we have/had/will have (sorry, I don't know exactly) in NL, seems like it could largely solve this issue, provided it gets sufficient traction.
Mathematically it's not more difficult to determine the majority vote among 400 million people, than among 10 million. What would prevent it from working for you?
It could work, just do referendum in every country and then implement the result. It would require that people in power in all countries wanted to give power to their people, and implemented it securely. Which is why it won't happen.
I wish people understood the origins and structure of the EU. It grew out of a trade association (ECSC) and has very little to do with direct or even representative democracy in the standard sense of the word, i.e. representative of the populace. It is an external political class with only tangential connections to individual citizens.
This is an issue, because it gives opponents of European integration a fairly legitimate position to be critical.
You sure are throwing words around. Undemocratic, lack of direct democracy. Are you confusing the two, or are these different complaints? Sounds like you're trying to say that any representative democracy isn't really a democracy.
I wonder how much people there actually are who don't yet know child porn is a classic bullshit excuse governments use every time they want more control over the Internet. It's so classic, so blatant it feels cringy already. Not even for a second I would believe they do this to actually protect children.
Whenever a politician invokes "think of the children", ask them about their funding of Child Protection Services.
Any political action that's said to be under the umbrella of "think of the children" that doesn't provide additional funding to existing Child Protection Services is for reasons other than child protection. Additionally, it's actively working against helping children because the funds for "this new thing", if the goal really was for actually protecting vulnerable children, would be better spent on improving the coverage that existing Child Protection Services provide.
A close friend of mine is in a position that requires "mandatory reporting" training, and they say it's relatively pointless because Child Services only has the resources to investigate cases in which the child's life is in immediate danger. This may be somewhere along the scale of hyperbole, but I doubt it's too far from reality.
Of course, removing children from danger is often removing them from their parents / legal guardians, which comes with its own set of risks.
Either way, funding boots-on-the-ground work with leads from local social workers, early childhood educators, teachers has to be the best way to actually protect at-risk children.
I genuinely do not know the answer. But also, what would you define as false positive?
It's blurry definitions all the way down, and that's part of the reason politics doesn't like this problem and would rather argue technology and punishment after-the-fact than actual protection / prevention.
Nuance is expensive and doesn't play well to the crowd.
If I take a picture of my adorable toddler playing naked in a sprinkler in the backyard and CPS calls that child porn and takes him away from me, that's a false positive.
I don't know much about abusers, but my hunch is that they know they are abusers and will more-or-less accept being caught. But what I know about non-abusive parents is if you take their kids away, it's war.
1. I thought you were referring to false positives as a result of my favoring funding of existing Child Services working from mandatory reporting from local relevant professions.
2. My commentary about taking children from parents having its own set of risks was more along the lines of trauma to the child, in that even in if the parent/ child relationship is abusive and harmful, it's such a strong bond that severing it, or restricting it can cause psychological issues.
Totally agree with your commentary above regarding any attempt to remove kids from non-abusive parents. Absolutely scorched earth nuclear war. Also, it would actively be a form of child abuse by introducing unnecessary trauma to the child(ren) and possibly instilling a lifelong suspicion (at best) of authority.
As a result of that train of thought, my answer is: no false positives would be acceptable.
Fundamentally, I'm against personal photos being scanned at all; false positives being one reason, and the broad misapplication of bans by 'big tech' in their implementations of automated systems detecting breaches of policy, and the overall "computer says no" brick wall offered as recourse, being another.
True, it even has a name "Four Horsemen of the Infocalypse". If it was about protecting the children there would be more prevention toward the children to make them aware and report any inappropriate act to a teacher, parent, relative that they can trust.
For a complex issue this document does a really good job of listing the various problems with this 'scan everything for CSAM' approach. These two points bear repeating:
“You can falsely be reported and investigated for allegedly disseminating child sexual exploitation material. Messaging and chat control algorithms are known to flag completely legal vacation photos of children on a beach, for example. According to Swiss federal police authorities, 86% of all machine-generated reports turn out to be without merit. 40% of all criminal investigation procedures initiated in Germany for “child pornography” target minors.
On your next trip overseas, you can expect big problems. Machine-generated reports on your communications may have been passed on to other countries, such as the USA, where there is no data privacy – with incalculable results.”
It is astonishing that most liberal democracies are looking at the Chinese system of control on society with envy. In a way, mandatory covid passes to do anything are already a form of social credit system. And with so many people obsessed with virtu signalling, an actual social credit system would likely get some traction.
The other commenter mentioned it, but I'll reinforce it: This is completely unrelated to Socialism. If anything, whatever "Socialism" exists in China is one of the few things to applaud to them. Similarly to "Socialism" practiced in Norway, Finland, Sweden and even Germany to a certain degree.
What you are thinking of is either "Communism" or, in the case of what is being discussed here more like Authoritarism and Oligarchy. Both of those two are definitely present in China, and more and more present in Western countries who push methods of mass survelliance of the population to further advance their goals.
> Communists agree on the ultimate withering away of the state but disagree on the means to this end, reflecting a distinction between a more libertarian approach of communization, revolutionary spontaneity, and workers' self-management, and a more vanguardist or communist party-driven approach through the development of a constitutional socialist state.
I think communism is the ultimate utopia and it is unlikely to be ever achieved because people are generally unhappy to have the surplus they produced to be redistributed. Without coercion of a socialist state you won't get redistribution.
At the same time, a government is not an abstract entity. It's just other people who make decision in your place and often get some extra privileges on top because of it - negating the communist goal of achieving a classless society.
That said, I understand your point of view. Socialism is an economic philosophy based around social ownership and doesn't dictate anything about privacy.
That said, the centralisation required to achieve socialism (similar to what we see in our society: you need a taxman to forcefully steal profits from all the citizens and build some roads) implies the creation of a strong state who has all the interests in surveilling citizens.
Socialism and redistribution imply authoritarianism.
All the socialist libertarian and left wing anarchists doctrines can't work unless you have perfect, not greedy, law abiding and honest citizens happy to give away exactly the surplus they produce. Which is to say, it will never work in a normal society, it may work in a small village with like minded people.
This has everything to do with socialism. Socialism is about trading individual liberty, power, and ability to consent for centrally-managed services provided with government authority. This is exactly what's happening here.
The ease and comfort with which this trade is made speaks exactly to the trend GP was referring to.
Strong disagree. Living in a civilization means you have agreed to peacefully coexist with other members, and resolve disputes via due process. From there, whether you can opt out of military service or health insurance varies quite a bit within civilizations. This is where the question of "within your civilization, how free are you?" (vs. how obligated) starts to become relevant.
Your statement is true only because in the present day socialist governments control most of the desirable space.
The Vikings in the middle age moved to Iceland exactly to avoid kings and lords (not that far from our democracy) and they built a decentralised society which lasted 300 years.
They had private courts and private law enforcement. Strategic decisions were happening at the local level with local leaders.
I believe a decentralised society is possible - but there is just no interest in doing so and dismantling the status quo.
First, you need money to get elected in a position where you can do that. Your sponsors will likely want something in return. If you throw away all the power after getting it and create a decentralised society, you won't be able to return any favour or reap any benefit.
You may just as well become the next corrupted leader and get rich from the politics scam.
"Some KPIs are positive"? I had no idea HN was this backwards. More people have moved out of poverty than ever before. Quality of life is improving in so many places, just not around /you/. Amazingly cynical point of view.
There is not much to rejoice if all that growth will go in the hands of the few friends of the government, leaving a richer 0.01%, a broken middle class and unstable societies.
Assuming this is correct (I only followed a couple of links, but it would be the EU planning to mandate content scan for CSAM on all e-mail and messaging platforms, after making it legal/optional already to do so earlier this year), I guess this answer the question of why Apple released their tech.
While it made little sense on iCloud Photos, they can add the exact same client-side scanning to iMessage and keep it (mostly) e2ee.
Certainly not judging the merits of this, such mandates would be the end of e2ee via third party companies (there seems to have been a concerted worldwide effort around that), but at the very least, I can see the impetus from Apple's point of view to release this right now.
Just like WhatsApp 'conveniently' integrated Google Drive backups by default. That is why it's funny to see the fake outrage of WhatsApp's team over this.
Meh. Compared to 10 years ago we still live in a bright future where e2ee is available to everyone who needs it. Yeah, you might need to enable some options (like in Telegram) or disable some other options (like iCloud in iMessage), but it's still there.
Even with this on-device CSAM thingy, Apple knows less about you than they did 10 years ago and random staffers at FAANG can't just go and spy on their spouses (the way they could not that long ago).
Disabling iCloud doesn't enable e2e as the other end of your conversation still has iCloud on by default and is escrowing your chat plaintext to Apple.
Apple has access to all of the plaintext iMessages for almost all devices/conversations and can turn them over to the USG at will.
For those unfamiliar, as I was, it appears iCloud backup is enabled by default. I think the above statement about iMessage not being e2e in practice is very fair.
Note that even if you disable iCloud/iCloud Backup, all of your iMessages will still be leaked unencrypted to Apple via the phone on the other end of the conversation that still has iCloud Backup enabled.
This option is transparent to the user and easy to change. Also, anyone who has done IT support will appreciate that yeah regular users actually want / need backups enabled by default, it's often a life saver for them.
And the mere fact it's a default makes it a significant problem when discussing it as a popular and widespread E2E messenger. It would be more borderline if it was a required configuration choice with no default that clearly disclaimed the ramifications.
Even then, you have the issue that you are not the only person with a copy of the conversation. Your partner - or partners - has it too. Does Apple require some kind of pre-conversation negotiation to determine how the conversation will be stored in the backups? Or at least provide some kind of warning if a person with backups disabled gets in contact with somebody with backups enabled?
I don't disagree with you about backups, but how useful they are is completely irrelevant in this context for several separate reasons.
Users need backups to protect from a device loss scenario. Apple needs to have keys for that to work. They also can’t rely on key derivation because users forget their Apple ID passwords all the time.
It is relevant because this requirement necessarily conflicts with strong e2ee. And since Apple is designing devices for end users that don’t necessarily even know or care what e2ee is, it seems completely reasonable to have defaults that will optimize for the problems that are relevant for the majority of users (losing decide and forgetting your password) while making strong e2ee a few clicks away to those who need it (and understand associated tradeoffs).
If it becomes mandatory for email providers to screen emails, will services such as Protonmail become illegal in the EU? Since they don't have access to their users' email content because of encryption.
> Since they don't have access to their users' email content because of encryption.
Regular emails (i.e. without home-brewn encryption that Protonmail provided - and I'm yet to receive such email from any of my contacts who use Protonmail), or any inbound email received from third-party servers are of course not encrypted and Protonmail has pretty easy access to their contents.
Even when it does use PGP, it is meaningless, explanation:
I just created a spare protonmail account. It asked me to pick a username and password, and my account is created.
Next, I send there a message from my other account. Yes, on the receiving end it does write "End-to-end encrypted and signed message", but encrypted and signed by what exactly? I have never created a PGP keys and loaded the public key to Protonmail on either account (and never used my private key to decrypt anything. This can mean only one thing: even if there is some kind of encryption happening, Protonmail themselves generate keys, and uses it for encryption-decryption, never asking you for anything but your password. And if they can uses these keys to decrypt the messages for you, they can decrypt it for anybody.
Protonmail also gives a user an option to export his private keys. Yeah, right. Your private keys.
That experiment shows that whatever is stored on ProtonMail's servers plus your password is sufficient to decrypt your emails. This could be explained by the private key being derived from or encrypted with your password. ProtonMail's documentation says it's the latter (https://protonmail.com/support/knowledge-base/how-is-the-pri...):
> Your ProtonMail private key is generated in your browser. Before sending the private key to the server for storage, we encrypt it with your password (or mailbox password if you use two-password mode). This ensures that you and only you can use your private key.
Of course, there are other threats to worry about, such as ProtonMail changing their client-side JavaScript to exfiltrate your password. But the system as they've documented it does not appear to have any way to decrypt your email server-side short of guessing your password.
The most likely attacker against proton mail are various law enforcement or intelligence agencies.
Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Truly secure entity just wouldn't have private keys on a server at all. Users would have to go through an an uncomfortable process of generating and uploading keys to clients, but they would be truly safe.
To sum it up, you can't really have security and convenience at once. besides skipping a proper key management process, PM also mail skips such important steps as verification of email partner identify and key verification, so you have to trust PM that you are really talking to a person you think you are talking.
> Truly secure entity just wouldn't have private keys on a server at all.
They don't. They have your encrypted private key, but there's no need to keep that secret. (The decryption key is derived from your password, so the password needs to be strong and secret.)
> Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Yes, definitely. It's hard to trust self-updating software (like JavaScript in the browser), particularly if you're concerned about targeted attacks. But creating your own private keys and then entering them in the browser wouldn't help you at all against that sort of attack. You would instead need a different type of client that could be trusted somehow not to leak your private key.
It's not uncommon for services like this to offer a downloadable version of the web client so you can pin a version and audit the code as needed. I think maybe https://github.com/ProtonMail/WebClient is that for ProtonMail? If so, you should be able to verify that code and then use that. The fact that an encrypted copy of your private key will live on ProtonMail's servers shouldn't bother you.
YOU make a poor argument. All email correspondence with external servers (I believe it to be 90+ percent of all correspondence) is not encrypted at all, and the rest is bypassable if Protonmail wants or forced to decrypt it. This is just a security theater.
True security is when the provider can't decrypt anything under all circumstances, even under coercion.
Someone once explained to me that any webmail service is inherently able to read your mail: otherwise it could not display your mail to you. True end-to-end encryption means keeping your private keys client-side and the client on a computer over which you have full physical control.
You are absolutely correct, with some caveats. Browser client can generate keys on clientside and allow to offload them as a file to be used on other devices. Our own web XMPP client does that. But Protonmail does not work like this.
Verification is very simple: if you log in on a new device and see all your content while using only login and password to authenticate yourself, then the content stored on a server is NOT encrypted and is readable by server owner.
> if you log in on a new device and see all your content while using only login and password to authenticate yourself
What about if the encryption key is derived from your password? This is common enough for "encrypt file with a password" services, I've personally implemented it in-browser as part of a small project.
Now, having your account password be the same as the email decryption password is also probably a bad idea, but we're far from the server owner being able to read your emails.
It keeps copies that your browser locally encrypted with a symmetric key derived from your password. When you log on your browser downloads them, and decrypts them with your password.
Protonmail do not see your password and without it cannot decrypt the pub/private key pair.
They could conceivably add screening to the javascript client downloaded to the user that does the end to end encryption. Don't know how practical that might be.
I think the more interesting question involves something like Mailvelope. It is a stand alone OpenPGP based encryption system based on the ProtonMail code that provides encryption for webmail. It can be hosted somewhere physically and politically far away from the EU and is an open source project. How will the EU approach the ancient PGP dilemma this time around?
> If it becomes mandatory for email providers to screen emails, will services such as Protonmail become illegal in the EU?
Protonmail should already be illegal in the EU because they operate under swiss mass-surveilance laws and cooperate with US-American law enforcement. Both of which violates the GDPR if they do business in an EU state.
> Since they don't have access to their users' email content because of encryption.
They still have access to all the unencrypted mail their users send and receive and to all the metadata of the enrypted communications.
> Protonmail should already be illegal in the EU because they operate under swiss mass-surveilance laws and cooperate with US-American law enforcement.
:O
Seriously? Wow, off to research this I go... That's really disappointing as a paying user. I can't believe I wasn't across this.
That link shows the existing legislation, approved in July. Today it doesn't mandate anybody to scan anything but effectively _allows_ service providers to scan for CSAM, if they wish, by defining "combating online child sexual abuse" as a legitimate reason to process personal data within the limitations of the EU's various privacy & data protection directives (GDPR being the obvious one, but there's others too).
It's worth noting that this was legal everywhere else in the world already (Google are free to scan a US user's Gmail for CSAM with no problem, if they want to).
The motivating concern was that service providers who do already scan for this kind of abuse material (everywhere in the world) were at risk of having to disable such scanning entirely for EU citizens due to privacy laws. This is 'temporary', in that it's a quick fix to avoid service providers immediately disabling all those systems, until more concrete rules on how/when/if service providers should scan content for CSAM are put in place.
That part is not a big problem (imo). The risk is that future legislation goes much further.
The article here seems to be largely lobbying and pushing general awareness of the issue, rather than reporting on any real news (not that that's necessarily bad). So far, there's no concrete proposal AFAICT, let alone a planned vote on such legislation. The EU Commission (who propose legislation, which is then voted on by the parliament etc) have previously said they're looking into mandatory scanning, but given the pushback it's unclear whether that's still the plan.
In the end, it's probably not widely reported because the mandatory part doesn't appear to have a concrete proposal in motion yet. Articles like this are appearing anyway because it _might_ be proposed legislation soon (there's mentions of Autumn 2021) and it's important to mobilize to inform the public and make their opinions visible as early as possible, rather than waiting until the last minute.
>> The motivating concern was that service providers who do already scan for this kind of abuse material (everywhere in the world) were at risk of having to disable such scanning entirely for EU citizens due to privacy laws.
I'm curious if this was a situation where they might have decided that scanning was more important given the implications of processing CSAM? It seems like this is a way for authorities to influence any data processor.
The Apple news last week seemed to come out of the blue and it felt a bit like a trade-off to get out from under the authorities to some degree. This is just conjecture though.
Politicians really like to use "child pornography" as a wedge issue for surveillance as it's a topic that people overwhelmingly see as "a bad thing". This screams slippery slope.
Just like the drug war is used as an excuse to empower fascists in government, strip citizens of their constitutional rights, and disrupt leftist and minority communities.
Right on. Looking into ways of stopping this from happening has given me a very real feeling of desperation. There's no real way for an EU citizen to stop laws like these from getting accepted. No option for a referendum, no option for a veto, the best bet is getting the EU court to annul it, but that takes decades.
EU citizens CAN block this! Make your representative in the Council of the EU accountable. If 4 members veto this the legislation will not pass.
If you can't move your country representative to veto the bill, then the issue is not the EU: it's your government.
As Europeans we have to stop this very sneaky campaign of "citizens can't do anything" - it's a self fulfilling prophecy and the sharpest tool the lobbies have in the EU.
Your country's government has a say on it, and you have a say on your country's government. Make them accountable.
I think that the fatal error is not going and vote for the European Parliament elections [0]. You don't get to complain when you decide not to participate in the democratic process.
Even if this was passed by the Council of the EU [1] it would be passed by ministers representing over 55% of the states - and over 65% of the EU population - and could be blocked by 4 countries. Now - we can discuss if a government is a democratic institution, but I guess it's a bit of a stretch to argue otherwise.
In other words: democracy requires information and education, either at the EU or at state level. That's not the issue here.
Your country is not a passive agent in this: your country has a say and you need only four countries to stop this. If you believe that somehow you can influence your government when it's emanating laws locally, but not when - the same government - is voting in the Council, you are just doing some magical thinking.
The EU has one main problem: it's local politicians stoking the fire of "It's the EU doing this, not us" - while at the same time passing legislation in the EU.
> You don't get to complain when you decide not to participate in the democratic process.
You can complain either way. Not participating means you are not participating, and is a kind of a vote too. If <50% people vote, then the vote is arguably illegitimate.
"If <50% people vote, then the vote is arguably illegitimate"
That's not how a democracy works. Unless you're forcibly prevented from voting - or are denied the right to - that's not the case. It is not an illegitimate vote if you decide not to vote.
In the EU Parliament elections it's just people deciding not to vote. As you yourself said: "is a kind of a vote too".
Let me make a practical example: we are having a pizza party and we have a vote for what pizza to order, you say: "I don't care - you guys decide!". When the pizzas show up you may say: "Dang, you got the anchovies pizza - I don't like anchovies!", but not "Why did you guys get anchovies? I don't like anchovies, you shouldn't have ordered that pizza!". They seem closely related, but they are not.
No that is a wrong analogy. The correct analogy to not participating in the vote would be: I would say "there shouldn't be any pizza party vote, because the options all suck, and I do not want any pizza, everybody go home".
If more than 50% of people in the room say that, the pizza party vote is illegitimate.
Nope - that's not correct: saying "there shouldn't be any pizza party" is a vote! If more than 50% of the people invited at the party say: "We should actually get salad!" - then, guess what? You would get salad.
Being silent - not voting - is NOT the same as voting against something. Not even close.
If the real reason for why over 50% of the people don't vote was because they don't like any of the parties then they could join up and create an alternative. But this is not what happens.
In the real world when you don't vote you're doing two things:
1 - you're saying you don't care because you find all the options not to your liking;
2 - you're also saying you can't be bothered with creating one.
As long as none is preventing you with addressing the second part: you are making a deliberate choice to not engage in the democratic process. You understand the consequences of that (in)action and you accept them. In no way that invalidates the choices made by the people who engage in it.
Saying that you CHOOSING not participate in the process makes it invalid is an offence to the people who fought to give you that choice and to the people that - to this date - are not given that option.
I'll say this one last time: this defeatist attitude towards the democratic process is exactly what the political establishment and the lobbies who enrich them are counting on, and this is why I considered it one of the main issues with democracy today.
The Official Monster Raving Loony Party [0] is doing more for the cause of democracy than people who decide that nothing is going to change, we are going to get anchovy pizza, so why bother with voting.
> Being silent - not voting - is NOT the same as voting against something.
I never said it always is. However not voting does not mean being silent. I explained this in my analogy where most of the people said not interested in the pizza.
Similarly people who are vocal about politics in their life, online, participate in political fights in workplace, whether individually or through unions, other creative activities and so on are already participating in democratic processes. They are already not silent. The fact that some of them do not participate in a given vote they don't like does not diminish that.
> then they could join up and create an alternative. But this is not what happens.
Of course it happens, in general. Maybe you mean that in your country it does not happen, or it does happen but not everybody who does not vote is involved in that. So what? There are other ways to participate in democratic processes which I mentioned above.
Individual countries are equally corrupted by big businesses and authoritarian leaning, but you can generally count on inefficient flip flopping right-left parties to not do too much damage in any direction.
The EU seems to be way more efficient in getting us straight to 1984 or Soviet Russia V2.
I am replying to all the posts pushing this defeatist agenda. Not only it's wrong, but it's also dangerous.
It is representatives of the countries in the Council of the EU voting these legislations through: hold them accountable as you would hold them accountable locally.
Don't fall for the narration of the EU as a third party where your local representatives have no say. If four countries veto the bill, the bill is dead. 4 out if 27 - all done by influencing your government representative in the Council.
Every layer you add between who's making laws and who's voting diminishes the power of the voter.
What ends up happening is that laws are not what votes want but what people who are skilled at the politic game want - or more likely, what the people who sponsor them want.
I don't think a central government for a single country is a good solution and I think an entity who can force countries to legiferate is even worse.
Countries got pulled in into Europe because of the trading opportunities, not because they wanted a quasi-Federal Government.
We're witnessing a slow decline into dystopia and making the 0.1% richer and richer every day.
VATMOSS and European regulations killed small business favouring Amazon.
Covid lockdowns killed small business favouring Amazon.
I'm not sure whether the representatives are complete idiots who believe to the propaganda or who assume their voters are complete idiots (eg: I can't vote against protecting children, no matter what or people will think I'm a monster; I can't vote against massively complicating VAT laws or people will think I'm favouring Amazon) or malicious entities who just want more power in the hands of the government, but the net results has been always negative (not only in Europe).
I don't care how representation works in Europe or anywhere else, the facts speak for themselves: most governments end up behaving in ways that benefit big businesses.
How am I supposed to keep the party that I did not vote for (25% did) accountable? Nobody is gonna disrupt the government because of "such small issues".
So - first of all you're admitting that the issue is not the Council of the EU, it's that your own country's representative can't be held accountable for his vote in the Council by you.
Political activism is about making these "small issues" big and visible. It's not easy, it's not cheap and it doesn't always work. Yet it's something that can and should be done at the local level. And I really mean: local.
Your country's representative is of a political party that - I am guessing here - also runs in local elections. Your town, your province, your region - and that's how you start. You possibly can't talk to your ministers, but you can talk to your local politicians. Make sure they understand that their local power will see the consequences of national and EU politics, let them bubble up the issue.
Will it work for sure? Probably not, maybe yes. Is it better than taking ourselves out of the equation? Absolutely yes! Making sure that the local politicians understand that their national counterparts will affect their local success is a way of making them accountable.
First, I did not admit anything, I asked a question.
Second, the issue is the presence of EU influence in my country: Whereas before joining the EU the local parliament would have a nuanced discussion and vote, often with results very different from partisan membership, now the party that won 4 years ago (that does NOT mean >50%) decides all by itself how it's going to vote in the council, and only the biggest issues of all can be helped, but breaking the government for every smaller thing is not feasible.
> At least the Council has people with mandate from the countries
Not in every country. More often, the head of the government is voted for by the national parliament, meaning, only the people having installed them have a form of mandate. (Which is also true for the Commission, BTW.) The people with the actual mandate are in the European Parliament.
There is the European Convention on Human Rights upheld by the European Court of Human Rights, but from my understanding these both predate the European Union, and they're not really directly associated.
Could someone more knowledgeable weigh in on what the EU has to show as far as a "human rights record" ?
Alright, let me spell it out. You contend that "submitting your country[sic] laws to legislation from Brusel[sic] was a fatal error", on the grounds of a single piece of legislation. The same argument can be used to argue against any sort of government, since it's a rare government that makes no mistakes at all. The EU is top-tier in a wide range of areas spanning from human rights to food safety. So I ask again - where do you think is better?
> on the grounds of a single piece of legislation.
No, I said "when you realize", not that it is the "single piece of legislation".
There are many other reasons for that stance, such as the fact that nation's people can influence and check their government's laws with more success than it can do that to a supernational undemocratic bureaucratic organization.
> The EU is top-tier in a wide range of areas spanning from human rights
They have full mouth of it, yes. They issued some great declarations and legally binding resolutions, I agree. In case of vaccines, almost all EU governments act in direct violation and EU has no real power/wish to stop them.
- an unstoppable authoritarian juggernaut to which countries have foolishly ceded their sovereignty and are now paying the price in the form of draconian regulation
- a weak and ineffectual symbolic union which issues empty proclamations that countries are free to ignore without consequence
As the developer of an E2EE chat system, how could this affect me? Would I be forced to do something? I fall under a non-EU jurisdiction, and my servers are also outside of the EU. Would this apply to me or my users in the least? Thanks
I'm not a lawyer, but I suppose it will apply in the same way GDPR applies to anyone who wants to access the EU market (regardless of where you/your servers are). That is, if you're fine with your system not being accessible from the EU because of non-compliance you should be fine?
Don't take my word for it though, I'm just assuming. Maybe somebody with more knowledge chan chime in.
According to https://www.enforcementtracker.com only EU companies get fined for GDPR violations. I assume a private citizen can sue a foreign company for violating their GDPR rights (??), but am I right in thinking that the EU can only prosecute its own entities? Therefore, unless an EU individual sues me for "violating" his right to be spied on, I should be fine? Or would the blame fall on the EU individual for having used a comms channel that doesn't allow the EU to spy on him? I probably am totally wrong, just trying to understand how this works
Systems don't become inaccessible from the EU because of GDPR, there's no great firewall of europe that would make that happen. But depending on circumstances, you could still get fined for violations even if you aren't situated in EU.
What's stopping someone from buying a used computer at the city street market, taking it to one public park with internet access and sending child porn to a huge list of MEPs[1] or one of the countless leaked emails lists (from Facebook and other providers)
As in send them an email that will trigger the system in a way to cause grief or induce further evasive exploration of the recipients life. Show me a guarantee that will never happen as that is the fear as we all know - any system can be gamed for good or bad.
Does anybody have an idea how big child pornography is on the internet? Are those measures commensurate with the size of the problem? I'm asking seriously.
Here's the deal: none of this is about, or for the children. It's just a bullshit excuse to label anyone who opposes it a pedo. Same goes if "think about the terrorists" is used instead, which might come around soon-ish, since we started this round with "think about the children".
OT: if somebody does have some statistics, that might actually be interesting; don't let me discourage you from responding, but I'd still call it OT, given that it's not actually about the children.
Furthermore, it does not matter in the slightest what number it turns out to be. It's going to be nonzero, it's going to continue to be nonzero no matter what legislation you introduce, and so you can always use this argument for more surveillance because people (especially parents, but mostly just everyone, and understandably) get very upset about this topic.
On a website uniquely designed for photo upload and forensic analysis, CSAM makes up .06% of uploads. But I'd bet on a generic messaging app, the percentage of messages involving CSAM is much, much lower.
When the EU wants to be like China, but not to control citizens but to protect the children's ;)
BTW: The EU wants to implement age restriction to online services into the Operating-system, every device that is not verified by ID is restricted to lets say content for 8yo's
You can't rely on big media to report on important things, and even when they report on it, often they push some one-sided narrative.
One other example recently are the anti-covidism protests - they never talk to the protestors, instead they just show the reporter in safe space with cops and let him narrate how these protesters are just a bunch of extremists and conspiracy wackos.
You need to listen also to smaller, less captured sources f news, and preferably several of them.
I wonder if all of this (Apple, Chatcontrol, etc.) will spark a backlash against computing devices. The government can't rifle through your physical photos to search for [bad thing], at least for the moment. Will we see a resurgence of Instamatic cameras and other offline-first devices?
Depressingly, I'm sure most people won't care. But hey, I can hope.
Analogies between IT and physical world are often less than helpful but before digital photos most people would be developing photos in specialized studios. If these studios noticed what they thought was CSAM they would report it to police. One could of course develop photos themselves (like one can selfhost everything today), but as soon as other parties get involved they can (and should) report problematic material to police.
Why exactly are we believing the author's claims? The link on the supposed "2.0" announcement on mandatory CSAM scanning leads to no such annoucement. Nor does any of the other 50 links on the page, as far as I can tell.
If you have been following this site for a while then you know that it is a truth universally acknowledged (well - on HN), that the EU wants to "ban encryption".
I keep having the same question as you, and will refrain from joining the pitchfork party until I see actual proof.
Looking forward to the 2050 Asshole Control Act that will mandate daily colonoscopies in case someone is hiding a pendrive with CP on it. Just in case. You wouldn’t be opposed, would you? What are you a nonce? Arrest the downvoter.
this is exactly why I created a chat service you can host on your home pc... I believe centralization by big corporations plus laws passed with various objectives made by various governments is the end of the internet as we know it. A tool meant to connect the humans from different countries, culture and religions to exchange ideas, discuss, share knowledge and empower people against corrupted governments.
I believe peer to peer is the way to go and we tech people have a duty to inform and vulgarize technologies and outcomes to our close relatives.
This is the digital legacy we will leave to future generations.
For those of us who need more security, which most of us expect from the state, mass surveillance will surely help. For those of us who insist on breaking the law this will become a problem.
I, for one, have been assaulted with my children, by a guy they took a year to hopefully catch and put in jail, where he currently stays, I even have videos of the guy on youtube if you want to see him, he really looks like a nazi except without the teeth which he lost consuming crack.
I hope this won't be your case, living in fear with your children for a year is a bad experience, not to mention the hospital and sequels. I wish "hope" was more that we could do, this new security systems are an answer.
If you don't thrust your government with this, perhaps you should apply to work on it in defense - surely, this will create quite some tech jobs - so that you be in charge. Actually, if you have experience working in defense, you might already know that there's plenty of work catching criminals, there's definitely no time for anything less critical, despite whatever grounds you build fear of dystopia on.
We are not in a George Orwell dystopia but actually have real lives to save and really dangerous criminals to stop despite what you may think. And I'm really glad that you live in a place where you feel safe and I hope this stays this way, and I'm really happy for you that you have not lost a child to criminality, or a friend to terrorism, but keep in mind it's not the case of everyone.
We can't all be like famous french leftist Mathieu Kassovitz and look at a mother in the eyes and tell her that the event of the death of her child is just "a miscellaneous event" and that there's nothing to do about it, that's it's the way it's supposed to be. I mean, go ahead and be my guest, explain to her that mass surveillance will put her into more danger than not. Her dystopia is probably very different than yours, and much more real. I'm sorry, but I'm siding with the victims here, from CP to whatever.
If we can save even just 1 child, shouldn't we because you are scared that a government employee would be reading your flirts? I don't understand how you people not only can just be against more security, but also willing to sacrifice children to protect your "privacy" (flirts, dickpics) which nobody working in defense actually gives a flying f** about.
And Patrick Breyer, if you're reading me, next time you want to make an argument about "minors sexting", I would suggest you find a way that does not make you look like a pervert who wants to keep it easy for minors to send him nudes, cause it kind of looks like that from where I'm standing.
What kind of congressman in their sane mind would vote against this? None. Does that mean it is perfect? No, but it's a start, and I believe we will improve from our mistakes, we have to start somewhere. This is the start of new era of security, which many of us pay taxes for, we deserve this, and hopefully it's not some "pirate party", or "pedo party", or "criminal party", or "human rights defender party" who is going to stop us from getting there.
I voted Remain in the EU referendum here in the UK but, in 2021, a few things have happened that have caused me to question whether that was the right choice and whether, with Brexit, we have the right outcome (albeit for very much the wrong reasons seen through 2016 eyes):
1. Ursula von der Leyen and the EU Commission bullying companies and non-EU countries about vaccine production and provision. A wider point here is that the undemocratic nature of the Commission is something that I have always viewed as a problem.
2. The generally shambolic and inconsistent handling of vaccine procurement and rollout within the EU (which does now at least appear to be running much more smoothly; the UK government did well here but, overall, has handled the pandemic with majestic ineptitude).
3. This[0]. Chatcontrol 2.0 isn't the first ill thought out piece of legislation to get approval in the EU, and it won't be the last, but it is certainly one of the more sinister, and a significant violation of privacy amongst the majority of law-abiding citizens.
Overall I would still probably prefer to be in the EU than not, but I'm simply not as certain about that as I used to be.
[0] This whole assessment is of course contingent on the UK not simply falling into line with this legislation, a la GDPR, anyway. I'm on board with the spirit of GDPR and related legislation but the way every organisation seems to comply has certainly made the web suck more.
Also, one wonders if EU states would have been better at closing their borders at the start of the pandemic (like Australia or New Zealand did) if it wasn't for the EU. Maybe not, because there are always big trade networks on a landmass on this size, but I do think that the 'free movement' ideology played a part as well. (Free movement is wonderful in general, but why in a pandemic??)
> Also, one wonders if EU states would have been better at closing their borders at the start of the pandemic (like Australia or New Zealand did) if it wasn't for the EU.
It's a fair question. OTOH, here in the UK, we were extremely slow to close our borders (in fact we've never closed our borders fully in the way that say Australia or NZ did, nor anything close), with the justification being that the UK is an international hub.
The real reason, of course, is that our government is too spineless and inept to take such decisive action, and has the collective intellect of a colony of woodlice.
I don't know enough about the EU decision making process around closing borders to know if their bureaucracy was a problem. I know Italy introduced restrictions fairly early on (back in February, or maybe early March 2020), but I do remember being surprised that people were still allowed to cross the border between Switzerland and Italy for work purposes even whilst the pandemic was raging in Italy. (Switzerland isn't in the EU, obviously.) I also remember being surprised that ski resorts such as Aprica, in Italy, were still open as late as the beginning of the second week of March in 2020.
The UK is very densely populated, particularly in south east England, compared to many countries, so risk of accelerated transmission is and always has been considerably higher. We also have an ageing population with a history (at a population level) of making poor lifestyle choices who have accrued a significant burden of pre-existing medical conditions (not unlike the USA), with the distribution across the whole of the country not entirely mirroring population density. Again, this increases the severity of COVID for those who fall into affected demographics.
With that being said, I have no doubt that more decisive measures earlier in the pandemic, more consistently applied throughout the pandemic, would have led to a significant reduction in both the human and economic costs of the pandemic in our country.
I would like to see Boris Johnson and his cadre of fawning, useless imbeciles stripped of their citizenships and banished to a frozen wasteland to endure an existence of hard labour for the rest of their natural lives. Their abject failure to step up and lead in the face of the greatest challenge we have faced since WWII - to discharge their most basic responsibilities to the people of this country - absolutely disgusts me.
m8, to me it seemed like all the news I read in the last years, about England and the road to surveillance state, put your country ahead. I'm sure Boris will soon announce they'll do the same.
Many users are not aware of this privacy issue unless they are brought up as the topic. The consumers are happy to use the platform as long as they receive the expected return.
> It’s the same people who believe in medical apartheid that are bringing this in.
Regardless of what you call your antivax rhetoric, this is utterly wrong. It's not the same people. There's no fucking correlation here beyond "politics is brought to you by politicians" so stop using an issue HN is upset about to try to prop up your pet peeves.
I too can start saying that this shit you're upset about is brought to you by car drivers and people who indent with 2 spaces.
There's a special place in hell for issue-parasites who do what you're doing here.
First of all I’m vaxed. Second of all it is in fact the same people. I live in an EU country and it’s the EU political establishment and their allies that are doing this.
The fact you had to call out my grammar shows how weak your argument is. You are a literal grammar nazi. With language like “parasite” you really are showing your facist side aren’t you.
Country-wide. It's typically in the 100k's per major city. The last Yellow Vest protest in France was organised in 80 cities & towns.
For an example of underrepresentation, "160k" was the "official" figure for the totality of France recently in the few mainstream media reports. Most "official" figures, if they report at all, are multiple factors low, or in same cases orders of magnitude too low.
Eg, just the single public square in Paris (place de la concorde) protestors have occupied in most protests, easily holds much more than 160k, on its own. That was just one square in one (albeit the biggest) city that day.
Find drone shots or timelapses to make estimates, for example: odysee.com/@alltheworldsastage:0/Aug-7th-Paris---Montpellier-France-Massive-Anti-Vaccine-Passport-Protests-Libert%C3%A9-Manifestations:2?
(Absolutely don't endorse this channel or anything - but this bit of content in this case is largely unedited or editorialised, and is sourced.)
If you find a good visual source, use one of various free crowd estimator tools to see for yourself. Draw lines on the map and drag a slider for crowd density - eg the above-mentioned square in Paris is 50k for a light crowd, up to 200k+ for a packed crowd - and the protests meet the definition of packed.
There are no easily-accessible, centralised and vetted sources of indisputable information during times of widespread censorship - you simply have to go look and do the work of vetting it yourself. Beware sometimes it's mislabelled/misinformation, eg, actually shots of a world cup celebration (likely intended to discredit). It's not hard to be discerning however - if absolutely everyone is holding the countries flag and there are no signs, it's likely a sports or other national celebration. If some are holding flags and others are holding signs saying "liberte" it's a protest. You need to learn the foreign words for freedom and vaccine passport at least.
In Italy it's easy as the word for "no" is the same as English and the word for vaccine passport is "green pass": so "no green pass", as various members of parliament ambushed the center of a parliament session and held up signs saying so recently.
You can bet if multiple members of parliament are flooding the central chamber of government of a major European country with protest signs, then protests are at least in the millions.
They exclusively follow the edge of the police line and mostly focuses on them throughout. Typically therefore, coverage shows limited numbers of people, and most of any violence that occurs.
But, it's better than nothing, and at least documents who started what. In the case of Berlin recently, it was particularly shocking.
It's reported in the main government news source, the tagesschau, in Germany all the time and (at least for Germany) its also blown waaaayy out of proportion. For example, in my home-town of 170,000 the demo was 30 people…
The "police brutality" used against the QAnon, Nazis, and the so called "Querdenker" demonstrators here in Germany is laughable, when you compare what the police does against left-leaning demonstrations here in Germany on a regular basis.
Can confirm, media likes to report on it because it gets a lot of clicks. It's a loud minority that knows how to use (online) media for their means and profit.
> The "police brutality" used against the QAnon, Nazis, and the so called "Querdenker" demonstrators here in Germany is laughable, when you compare what the police does against left-leaning demonstrations here in Germany on a regular basis.
Initiators of (not only) left demonstrations like to cry about the oh-so brutal police but there is definetely truth to this. I've never seen protesters get away with so much bullshit in germany.
Is it really, though?
Both child abuse and the pandemic are serious issues with real world victims, and both are riddled with privacy, anonymity and personal integrity issues.
If we don't act against them, people will die/get hurt, and if we act against it in a Macchiavelian manner, democracy and quality of our life suffers enormously.
My observation is that in the name of:
a) Covid
b) Counterterrorism
c) Child abuse
almost everything can be presented as justifiable, at least to the mainstream media. The burden of questioning the rulers' decisions remains on us, and the limitations of personal freedom, both digital and physical, set a dangerous precendent to anything that might happen in the future.
Yes it's absolutely hyperbole to compare the racist policy of apartheid to reasonable restrictions on people who voluntarily choose to avoid vaccines for mostly-nonsense reasons.
Do you also oppose driver's license restrictions? Or existing pre-covid vaccine requirements? I struggle to see how these new restrictions are so onerous.
The abuses rationalized by the War on Terror, such as mass surveillance and profiling haven't been walked back. Yet many somehow believe vaccine passports won't be similarly result in mission creep and abuse. More recently it has been suggested to expand the designation of terrorist to include those who have concerns about this process.
When has government willingly returned liberties taken under emergency pretenses? Once Pandora's box is opened...
> When has government willingly returned liberties taken under emergency pretenses?
How about the dozens of times already since the start of this pandemic? Every time case rates drop even slightly, they've rushed to re-open businesses, eliminate mask rules and limitations on gatherings.
There have been some outliers like Florida's Ron DeSantis, but for the most part lockdowns have been on and off. The CDC now recommends masking for vaccinated individuals. Restrict, loosen restrictions and then tighten restrictions further. Repeat as necessary. Say what you will of some of the temporary restorations of freedom of movement, but they've normalized putting people on house arrest.
The goal in my view appears to be getting people onboard with the vaccine passports. Once implemented it will be a stepping stone towards CBDC, UBI and social credit scores.
It depends. In France unoins will organize public gatherings and won't be fined or closed because they have real power to shut down a whole sector of the economy and the ability to negotiate with the government.
I think he’s talking about anti vaxers. Which I’m not. Have the J&J one and doing quite well. Just believe it’s a choice. They also quite often use it to invoke being from a working class background. Which I am actually.
This was not an issue with the old approach of comparing checksums against public CP images, but it will increasingly be if we use more AI algorithms for this.
EDIT: Probably Apples neural hashes that are currently in the news won't be vulnerable to this since they trained specifically to only detect changes in color/cropping/rotation. But we can't know for sure since the white paper is not that detailed and "naked kid on beach" photos all look really similar usually.