This was not an issue with the old approach of comparing checksums against public CP images, but it will increasingly be if we use more AI algorithms for this.
EDIT: Probably Apples neural hashes that are currently in the news won't be vulnerable to this since they trained specifically to only detect changes in color/cropping/rotation. But we can't know for sure since the white paper is not that detailed and "naked kid on beach" photos all look really similar usually.
It's not a dream, and it's really happening, right now.
I seriously doubt governments actually care about children. They probably care a great deal more about maintaining their own power and control over their subjects. We see countries like Russia and China using the tools of surveillance and law enforcement to silence political opposition and dissent.
Goverments don't care about children. Twenty-six first graders were massacred and the US government did nothing.
Regardless of country, scanning for material critical of PRC, Lukashenko or Erdoğan is the exact same tech you might want to scan for copyright violations, union organizing, political party opposition, cryptocurrency, or any other dissent your local burgeoning authoritarian wants to pay for.
Both phone OS vendors have over and over proven eager to satisfy every authoritarian, no matter the human impact. We're screwed.
There appear to be few to no studies that give statistical evidence for the market hypothesis or that the spread of CSAM causes CSA. But even if they existed, I still think the argument would ultimately become "letting one more child abuser get away because we preserved our privacy instead." How can such an argument be challenged, given that the prevention of CSA is a legitimate problem on a global scale? Even so much as mentioning an argument that takes into consideration the nature of CSA appears to be taboo - and for good reason, as it carries a risk of being labeled many kinds of terrible things oneself. That seems to be why a lot of threads here are reducing the issue to "think of the children" or lambasting the potential slippery slope of authoritarian surveillance, instead of discussing why CSAM is outlawed to begin with, and thus the reasons why Apple came to this decision in the first place.
Another thing that nobody seems to talk about is that Apple doesn't want to be held liable for CSAM stored on their servers, either. Within that context, this change is Apple's way of addressing that issue, which also happens to erode individual privacy. Apple's values appear to dictate that the tradeoff is worth it in the end. About the only people that have pushed back on this change come from technology or privacy-conscious circles. Nobody else seems to care. That is the status quo, and I'm not sure how it's going to change with general public sentiment the way it is surrounding CSA.
NCMEC and similar groups call all pornography involving minors CSAM. And this system can't detect new CSAM.
> Another thing that nobody seems to talk about is that Apple doesn't want to be held liable for CSAM stored on their servers, either.
Many people said they would prefer server side scanning. Other people argued E2E encryption would shield Apple from liability.
Europe is not immune to this. Jose Manuel Barrosso, the ex-EU-commission-president used to be a member of a communist revolutionary student group ... that has murdered people. He was present at at least three such killings, and it is not clear if "present" is where it stops, but obviously he was never convicted of murder (he was, of other things). When he came to office, there was a witch hunt for material and articles telling this story. And obviously plenty of lower ranking officials wanted to take care of some of their own dirty laundry. This is the real source of the "right to forget" privacy legislation. Makes you all warm and fuzzy inside, doesn't it.
EVEN when it comes to child abuse, the top politicians in Europe just brazenly ignore the rules. Emmanuel Macron's wife ... has publicly confessed to being a pedophile, and having sexually abused at least one child (yes, mr. Macron: she was his French teacher. She blames him, incidentally, as if that matters). Macron has publicly confirmed this (and taken "the blame", which of course doesn't matter: he was a minor). For anyone in France, it is clear: this is a despicable crime, and she would be harshly punished ... but any action against him might bring Le Pen to power, or even tip the balance in the EU parliament to anti-EU parties if we are really unlucky. I bet he has said as much to the public prosecutor.
A child defending a pedophile happens often, by the way, especially to stay out of the hands of child services, and is of course never accepted as an excuse ... except ... when it applies to even pretty low-level government officials.
If a person can generate images on demand any system based on recognising known images is immediately bypassed.
AI image classification will be your only option but the false positive volumes have the potential to be massive, swamping any follow up investigation.
I've read news about this. Teenager sends nude photos to her boyfriend, calls the cops after the break up and they proceed to nearly ruin his life by threatening lifetime sex offender registration. The implication that the girl produced and distributed child pornography of herself is never even mentioned.
It's completely insane.
It even includes people that "appear to be under 18" even if they turn out not to be. ("[...] afbeelding – van een seksuele gedraging, waarbij iemand die kennelijk de leeftijd van achttien jaar nog niet heeft bereikt, is betrokken of schijnbaar is betrokken, [...]")
What I also found interesting is:
> Het voorontwerp Wet seksuele misdrijven stelt niet langer strafbaar degene die een visuele weergave van een seksuele gedraging of een gegevensdrager bevattende een visuele weergave van een seksuele gedraging, waarbij hijzelf of een andere persoon die de leeftijd van achttien jaren nog niet heeft bereikt is betrokken, in het kader van een gelijkwaardige situatie tussen leeftijdsgenoten uitsluitend voor privégebruik vervaardigt, in bezit heeft of met die ander deelt.
Short translation: sending or owning pictures of sexual acts involving an <18yo is not illegal if it concerns private use between persons of similar age in an 'equality situation' (I interpret this as meaning/implying 'consensual').
1) both parties are < 18, and the age difference is less than 5 years OR one party is > 18 and the age difference is less than 2 years
2) both parties are both older than 14 years (used to be 16)
3) there is no "power relationship" between them (this requirement actually drops when one, not both, turns 18)
Unfortunately ... now apply these rules to a sexual relationship between a 14 and a 17 year old.
a) 1st year: legal, any images are not CSAM
b) 2nd-5th year: illegal, any images are CSAM
c) 5th year onwards: legal, images not CSAM
Law sucks. It used to be worse, this is an actual improvement over the previous situation, but ...
What is absolutely not clear to me: does (a) mean sexual images of a 14 year old are now legal in Belgium in that case? The law does not seem to require that the owner of the pictures has to be one of the participants ... but I find it hard to believe this is the actual intent.
And to make matters even more bad, this is not the only way to punish kids. You see while this will prevent criminal prosecution, you DO NOT need a criminal conviction to lock up a minor (and they're trying to extend this). Youth services can and does, without any proof (and in practice by getting 1 social worker to say something like "it is an unhealthy relationship". They can shop around until they find one, btw, and often the one they find has never seen either kid) and in the above example lock up both partners, the younger for up to 7 years and the older up to 4. In practice they will punish the younger kid, almost always the girl.
The fun thing is when a kid is locked up for criminal reasons (bad enough so that he actually goes to prison) schooling CANNOT (and is not in practice) denied to the kid. When youth services locks kids up, they can (and are in practice) denied schooling. But of course the previous point means the police will try to use child services, not criminal prosecutions, if at all possible.
So sadly, if you want a kid's situation to improve over time and they do not want to end the relationship, your course of action is clear: you should let the abuse continue and even (help) hide it. However, if you want to hurt the kid(s) (whether or not such a relationship is actually abusive), you should report them. So here too the net result of the law is: very easy to "abuse" the law to hurt children (esp. if you are a social worker), very hard to use the law to protect children against abuse (or actually help them)
Sorry but in France, 30 years ago before american culture started to dictate where money come from, you would see genitals from all genders and ages in movies.
Nobody found it offensive, because we didn't have a catholic puritan morality to impose its sick twisted vision of the human body on us.
Meanwhile we sold car by showing cars, not hot girls. But this apparently is ok because money.
It's also perfectly alright to show kids image of people killing each others in mass. Because this is sane, unlike nipples.
And now this Apple crap.
Edit: ok 50 years ago. I'm getting old it seems.
Might want to check your terms here.
I have been in very rigid religous countries. The men in the internet shops were all whatching hardcore porn, and my female friends were harassed in the street.
So it's not men in robes, you can be deeply religious and have a and loving view of the world.
But puritanism, and sexually frustrated people ashamed of even existing, are bound to generate unhappiness.
Citation needed. The data doesn't back up that claim, contrary to the media's narrative.
A report which Christian Ministry Resources (CMR) released in 2002 stated that contrary to popular opinion, there are more allegations of child sexual abuse in Protestant congregations than there are in Catholic ones, and that sexual violence is most often committed by volunteers rather than by priests.
Catholic clergy aren't more likely to abuse children than other clergy or men in general. The 4 percent figure appears lower than school teachers during the same time frame, and certainly less than offenders in the general population of men.
But you've leapt to your own interpretation of what I wrote, maybe go back and try again.
Titanic was PG-13 and it had a titty.
You mean like in movies, those "can't see boobies before you're 18" labels? Because capturing a nude 13-year-olds is perfectly legal, just not in a pornographic manner. E.g. my Dutch biology book had nude ~6 and ~11 year old girls depicted (as well as an adult) for educating different stages of development.
I'm also fairly sure I heard that even possessing naked selfies is considered illegal, at least in some states, e.g. this article about a teenager facing 10 years in prison for having pictures of himself naked at 16 years old on his phone:
This is quite possibly the most kafkaesque "justice" story I have ever heard coming out of America and that really says something.
Illegal or not, comparing two teens that sent naked selfies to each other is not even remotely similar to involuntary child abuse from an adult.
>this article about a teenager facing 10 years in prison for having pictures of himself naked at 16 years old on his phone
That anyone would even consider spending taxpayer money to lock up a 16 year old for his own picture shows a colossal failure of government on every level Legislative, judicial, and executive. The DA stacked 5 charges and saddled them with up to a decade so the kids would be afraid to even go to court. In any sane judicial system that case would be laughed out of the courtroom and it's telling that they were presumably advised by a lawyer to take the plea bargain.
Good god. I can't imagine the influx of in my view innocent teens suddenly labeled sex offenders because they did what all teens do, only virtually.
This is going to be a weird time.
I seem to remember a case from a few years back, about a girl who got herself on the register for sending her boyfriend a picture of her naked or something.
Although it seems that the Protection of Children Act  I think (I'm not sure, it's hard to actually read with all the brackets ...) let's you do it if you are married (which you can also do at 16)
Any sane person would know that teenagers do what teenagers do ... having someone potentially going through those photos is such a strange and wrong approach
Even this is naïve with Apple's new plan. How long do you really think they'll wait before a software update makes it apply to even things that don't leave your device?
It couldn't be legislated in the US because it would be unconstitutional to do so, almost impossible in the EU, possible in the UK/AU, even Canada (with the help of some creative rights busting from the Supreme Court, as they recently demonstrated).
Privacy is being hit hard now, on multiple fronts - it's very sad, scary.
The real danger with Apple's system is that there's zero accountability in the list of "bad" hashes. So there's no way to know whether it's really all CSAM, or if it also includes rare Pepes, Bernie memes, or pictures of politicians doing embarrassing things.
Who said that?
They're the same legally. People have said NCMEC's database includes entirely legal images. And groups like NCMEC have tried to rename child pornography for years.
It's a perceptual hash. Matches don't have to be exact. And people have engineered collisions for other perceptual hash algorithms. What a computer sees and what a person sees can be very different.
People have said the human verification just involves the visual derivative of the suspect image. Apple didn't explain what that is really. And human verification doesn't reassure people who object to anyone viewing their private photos without their consent for any reason.
People have said any images collected during an investigation go in the database. Do you think people who collect explicit photos of 17 year olds don't collect explicit photos of 18 year olds?
Re hashing, Apple claims 1:1 trillion likelihood of a collision. These kinds of systems are not rolled out lightly, and even if that number is wrong, it’s feels unlikely to me that it’s too far off. If it is and it has too many false positives, this will get noticed and the system pulled until it’s fixed and at the required false positive rate.
Ultimately beyond Apple if you’re getting arrested and confront a judge, you’d expect humans at that point to look at the evidence. In fact, I’d expect the DA or whomever to similarly look at the photos at that point. You can’t be sentenced without evidence in the US legally (how all of this works in another country is another matter).
If there is legit porn that’s 18+ mixed in this database, and someone ends up being charged because of it, fights, and wins, I’d expect a number of counter lawsuits to follow. To me it seems incredibly unlikely that non-CP is not only going to be a significant part of that database (including 17 year olds versus the more likely 7 year olds), but you’ll be saving it to your iCloud photo roll. There’s so much legal porn out there, in such vast quantities, this hypothetical situation you describe I’m not sure will ever actually occur.
Even just arresting someone means separating them from their children. Preventing them from working if their job involves children. Seizing all their electronics for months. Violating the privacy of their files and belongings. Legal costs. Possibly media reports. Putting innocent people through this because a secret algorithm said a secret database matched a secret number of times is unacceptable.
Several people have claimed false positives are in the database. Including someone who verifiably worked with it.
US prosecutors have absolute immunity. Any civil suit would be dismissed swiftly.
People don't collect random subsets of all pornography ever made. Some is much more popular. People have specific tastes. Photo sets exist.
This in particular seems like such a silly outcome of over-regulation and bureaucracy. Amazing. Research suggests most child sexual abuse does not have much of a long-term effect at all:
This (of course!) does not mean it is good or should be done, but it suggests this is not an urgent issue, certainly not one that can justify abolishing privacy, especially when these measures only catch the small fish, not the large trafficking rings who will probably switch to different means of communication once theirs gets compromised.
* The left-liberal skew of Western media
* What Happened to Brussels? The Big Decline and Muslim Immigration
* Mental illness and the left
* Human Biodiversity for Beginners: A Review of Charles Murray's Human Diversity
* Race Differences: A Very Brief Review
* Racial and ethnic group differences in the heritability of intelligence: A systematic review and meta-analysis
* Global Ancestry and Cognitive Ability
* Sex Distribution, Life Expectancy and Educational Attainment of Comedians
* Immigrant crime in Germany 2012-2015
* Country of origin and use of social benefits: A large, preregistered study of stereotype accuracy in Denmark
* Inequality in the United States: Ethnicity, Racial Admixtureand Environmental Causes
* Increasing inequality in general intelligence and socioeconomic status as a result of immigration in Denmark 1980-2014
* Criminality and fertility among Danish immigrant populations
He boasts 24 publications in Mankind Quarterly and 20 in OpenPsych, both of which he seems to run himself. Mankind Quarterly according to Wikipedia 'has been described as a "cornerstone of the scientific racism establishment", a "white supremacist journal", an "infamous racist journal", and "scientific racism's keepers of the flame"'.
There are excellent cases to be made why privacy and encryption should not be compromised in the name of hot button issues like "protecting children" but citing a study by a "scientific racist" and eugenicist, who is a known advocate for legalizing child pornography, to trivialize child sexual abuse is not it.
You don't need to be a "left liberal" not to cite Emil Kirkegaard. Being a decent human being or having any appreciation of actual science would suffice.
I think we need a new Europe state with a actual parliament in charge, which means the people there are accountable and in power. Without the Commission, Council and Presidency of Council. Instead one actual parliament and one actual government. The Europeans state are integrated part of it, like elsewhere. Next the stuff can be fixed: We just need one army. And one social-security system with one economic policy. And one state department (foreign politics).
Most politicians still think of Europe as a economy council but we people expect a sovereign country/state. The former "economy council" could solve economy related issues within Europe in the 1950s. But I think we have much bigger things to do.
 I don't know how somebody can seriously use something like a rolling presidency. You can do that with a mediator position or referee.
Company: Excuse me, would you mind us profiling you through an accurate survey of most of your everyday purchases?
Customer: Heck no!
Company: What if we let you collect "points" that will maybe someday safe you a little bit of money on one of these purchases?
Customer: Sign me up!
Company: Excuse me, would you mind us recording everywhere you go all day every day and store that information for at least six months?
Company: What if you get a pocket computer with fast mobile internet connection in return, the corner stone of modern life?
What's happening here is that a state actor is forcing providers to let the state spy on me.
That's an authoritarian policy which I strongly oppose.
What about a discount on your purchases, which was funded by the government, who would then buy the data?
I would definitely trade my privacy with the government for any tax discount (and I think I'll have the longer stick, I'm no Indiana Jones) but whether I have an alternative or not is important.
A better question would be: would I move to a country where encryption is illegal if it had 0% tax?
No, I would shop for another country.
For a similar reason, I don't live in Dubai (0% tax but policies I don't approve of).
Because not everyone is a Programmer. Most people I know have never even heard about Snowden.
I have my own contradictions. I think the disappearance of payments in cash is a problem, it is not good to give the state too much control on a society. But I hardly use any cash myself.
Convenience is unfortunately a big factor.
It's also kind of harder to abuse information on my shopping list, whereas there's plenty of ways to abuse having total and complete access to all communication between private parties.
I don't quite see why our packets and devices shouldn't have the same protections.
That's different from arguing that they are mutually exclusive which I am not.
For example, I used to be on the extreme "pro privacy" end of the spectrum. But it is clear that philosophically speaking, privacy for everyone is not a completely positive ideal in all contexts. And that naturally raises the question about what other values privacy competes with, and how they should be balanced.
Intuitively, "convenience" should perhaps be considered less important than "privacy", but interestingly that's not what we observe actually happening in the real world.
To me, this isn't so surprising and is fully consistent with a greater willingness to give personal info to e.g. Amazon than e.g. the government.
Except once their data is out, they have no control over where it will end up. Profiling data is regularly sold to third parties.
And at least in my corner of EU we vote on who to send to EU parliament. You can vote on whoever you want in the national elections and then vote for the pirate party for the EU seat.
Edit: from your comment history I guess you vote far right, which is usually the part of EU pushing hardest for these measures??
You are describing a representative democracy, the parent pointed out the lack of direct democracy in the process. And I would tend to agree that there needs to be more direct democracy involved at some point in the policy making process to accommodate just such a scenario where it's clear the vast majority are not happy with the result.
Representative democracy has it's place, but the reality is that you cannot pick and choose - most people want privacy, but most people are also aware of the wider issues and concerned if the fringe parties are competent enough in making decisions in other areas. Perhaps a good compromise is to be able to shoot down their propositions, so that even though they may not further the ideals the majority want in all areas, they will at least be prevented from eroding them. But as the parent pointed out, there is no mechanism in place to do this currently, so people are limited to protests and petitions.
Nobody really understand how the EU works, except for a few bureaucrats.
There are too many proxies. You vote for a local party, then you find out they go into a coalition because the parliament is huge: over 700 seats. And those parties in one coalition have very different agenda's.
Then you look deeper, and the parliament's power is very limited, and most of the power lies with the council and commission.
Both are not chosen in an election but in negotiations by the governments, which tends to mean certain countries like Germany and France have a very big say. Of course in a very indirect way these are somewhat chosen by certain part you of the people in the EU.
They've been very careful to not let the curtain slip too far, and preserve the appearance that popular opinion can change policy. But there's no legislative connection.
This kind of legislation is an interesting case in point. Who wants this? Who benefits from this? Is it actually going to make a dent in child abuse? Generally the EU is keen on privacy, so what changed that for this? Are there any states really pushing for this so they can read their citizens' mail (Poland, maybe, I guess, but they're not having a great time in the EU at the moment so probably not)? As TFA says, this is not a popular move, and there's no popular wave of anti-pedo sentiment at the moment, so why now?
The suspicion of palm-greasing (sorry, "lobbying") remains. Reading our messages means more data for the AI, means better ad targeting.
"The most up-to-date statistics (as of July 2016) show that in 2014 Poland received €17.436 billion from the EU whilst only contributing €3.526 billion. Poland also received nearly €2 billion more in EU funding than any other member state in 2013 (France being second highest).
Can we try other established democratic ways, like voting, petitioning, demonstrating, etc. before that?
Very easy to label something right wing or left wing to distract from the issue at debate and it has become very much a political tool in much the same way the "think of the children" card is played.
Direct democracies are far worth than representative democracies in practically everyway. The Covid crisis should have made clear to all that people are not policies experts.
Given than no country in the UE significantly uses direct democracy (referendums are pretty much never used and always devolve into a ridiculous race to who can say the most outrageous thing in front of the media), I don't see how that can be leveraged against the institution.
> if they want to be xenophobic, what's the problem?
One of the problems is that even if the majority of people within a country are xenophobic and they get to decide the lays on a majority basis, there will still be people form other countries living there, or people who in general will be disadvantaged by xenophobic laws.
It's nice for laws to not be dictated only by a majority, but by a plurality. Instead of thinking "what benefits >50% of people is the right thing" we can think "what benefits the most people, including minorities", or "what avoids hurting the most people" to be the right things :)
Creating laws based on popularity makes populism rule. Hence why democracy usually has an explicit legislative branch abstracting over individual sentiments. That helps prevent policy from being devised through an overly greedy algorithm.
That is not to say it prevents all these problems. But it evidently helps.
Edit:// the EU or even the US has shown multiple times that it will act against the majority of they can.
Democracy is not majority voting.
Basically it is. You don't need representatives to be democratic.
This is an issue, because it gives opponents of European integration a fairly legitimate position to be critical.
Any political action that's said to be under the umbrella of "think of the children" that doesn't provide additional funding to existing Child Protection Services is for reasons other than child protection. Additionally, it's actively working against helping children because the funds for "this new thing", if the goal really was for actually protecting vulnerable children, would be better spent on improving the coverage that existing Child Protection Services provide.
A close friend of mine is in a position that requires "mandatory reporting" training, and they say it's relatively pointless because Child Services only has the resources to investigate cases in which the child's life is in immediate danger. This may be somewhere along the scale of hyperbole, but I doubt it's too far from reality.
Of course, removing children from danger is often removing them from their parents / legal guardians, which comes with its own set of risks.
Either way, funding boots-on-the-ground work with leads from local social workers, early childhood educators, teachers has to be the best way to actually protect at-risk children.
What number of false positives would you tolerate?
It's blurry definitions all the way down, and that's part of the reason politics doesn't like this problem and would rather argue technology and punishment after-the-fact than actual protection / prevention.
Nuance is expensive and doesn't play well to the crowd.
I don't know much about abusers, but my hunch is that they know they are abusers and will more-or-less accept being caught. But what I know about non-abusive parents is if you take their kids away, it's war.
1. I thought you were referring to false positives as a result of my favoring funding of existing Child Services working from mandatory reporting from local relevant professions.
2. My commentary about taking children from parents having its own set of risks was more along the lines of trauma to the child, in that even in if the parent/ child relationship is abusive and harmful, it's such a strong bond that severing it, or restricting it can cause psychological issues.
Totally agree with your commentary above regarding any attempt to remove kids from non-abusive parents. Absolutely scorched earth nuclear war. Also, it would actively be a form of child abuse by introducing unnecessary trauma to the child(ren) and possibly instilling a lifelong suspicion (at best) of authority.
As a result of that train of thought, my answer is: no false positives would be acceptable.
Fundamentally, I'm against personal photos being scanned at all; false positives being one reason, and the broad misapplication of bans by 'big tech' in their implementations of automated systems detecting breaches of policy, and the overall "computer says no" brick wall offered as recourse, being another.
“You can falsely be reported and investigated for allegedly disseminating child sexual exploitation material. Messaging and chat control algorithms are known to flag completely legal vacation photos of children on a beach, for example. According to Swiss federal police authorities, 86% of all machine-generated reports turn out to be without merit. 40% of all criminal investigation procedures initiated in Germany for “child pornography” target minors.
On your next trip overseas, you can expect big problems. Machine-generated reports on your communications may have been passed on to other countries, such as the USA, where there is no data privacy – with incalculable results.”
Erm, you are answering with this argument to the wrong person. I am the first person to point out this kind of things.
This does not mean you can ignore the erosion of civil liberties.
.. at unprecedented cost
Yes, the house fire is very very hot. Good job.
While it made little sense on iCloud Photos, they can add the exact same client-side scanning to iMessage and keep it (mostly) e2ee.
Certainly not judging the merits of this, such mandates would be the end of e2ee via third party companies (there seems to have been a concerted worldwide effort around that), but at the very least, I can see the impetus from Apple's point of view to release this right now.
iMessage is, in practice today, no longer e2e.
Apple knows this and intentionally preserves this backdoor for the FBI:
Even with this on-device CSAM thingy, Apple knows less about you than they did 10 years ago and random staffers at FAANG can't just go and spy on their spouses (the way they could not that long ago).
Apple has access to all of the plaintext iMessages for almost all devices/conversations and can turn them over to the USG at will.
For those unfamiliar, as I was, it appears iCloud backup is enabled by default. I think the above statement about iMessage not being e2e in practice is very fair.
And the mere fact it's a default makes it a significant problem when discussing it as a popular and widespread E2E messenger. It would be more borderline if it was a required configuration choice with no default that clearly disclaimed the ramifications.
Even then, you have the issue that you are not the only person with a copy of the conversation. Your partner - or partners - has it too. Does Apple require some kind of pre-conversation negotiation to determine how the conversation will be stored in the backups? Or at least provide some kind of warning if a person with backups disabled gets in contact with somebody with backups enabled?
I don't disagree with you about backups, but how useful they are is completely irrelevant in this context for several separate reasons.
It is relevant because this requirement necessarily conflicts with strong e2ee. And since Apple is designing devices for end users that don’t necessarily even know or care what e2ee is, it seems completely reasonable to have defaults that will optimize for the problems that are relevant for the majority of users (losing decide and forgetting your password) while making strong e2ee a few clicks away to those who need it (and understand associated tradeoffs).
But if you don't use iCloud backups your end is still, as far as we know, encrypted.
What happens on the other end is out of your control in all cases.
Regular emails (i.e. without home-brewn encryption that Protonmail provided - and I'm yet to receive such email from any of my contacts who use Protonmail), or any inbound email received from third-party servers are of course not encrypted and Protonmail has pretty easy access to their contents.
Even when it does use PGP, it is meaningless, explanation:
I just created a spare protonmail account. It asked me to pick a username and password, and my account is created.
Next, I send there a message from my other account. Yes, on the receiving end it does write "End-to-end encrypted and signed message", but encrypted and signed by what exactly? I have never created a PGP keys and loaded the public key to Protonmail on either account (and never used my private key to decrypt anything. This can mean only one thing: even if there is some kind of encryption happening, Protonmail themselves generate keys, and uses it for encryption-decryption, never asking you for anything but your password. And if they can uses these keys to decrypt the messages for you, they can decrypt it for anybody.
Protonmail also gives a user an option to export his private keys. Yeah, right. Your private keys.
> Your ProtonMail private key is generated in your browser. Before sending the private key to the server for storage, we encrypt it with your password (or mailbox password if you use two-password mode). This ensures that you and only you can use your private key.
So the only remaining question is whether ProtonMail has access to your password. If they do, they can decrypt your private key and then decrypt your emails. Often, passwords are sent in plaintext to a server for authentication. But ProtonMail uses the Secure Remote Password (SRP) protocol so they never see your password: https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco.... (source: https://protonmail.com/blog/encrypted_email_authentication/)
Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Truly secure entity just wouldn't have private keys on a server at all. Users would have to go through an an uncomfortable process of generating and uploading keys to clients, but they would be truly safe.
To sum it up, you can't really have security and convenience at once. besides skipping a proper key management process, PM also mail skips such important steps as verification of email partner identify and key verification, so you have to trust PM that you are really talking to a person you think you are talking.
They don't. They have your encrypted private key, but there's no need to keep that secret. (The decryption key is derived from your password, so the password needs to be strong and secret.)
> Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
It's not uncommon for services like this to offer a downloadable version of the web client so you can pin a version and audit the code as needed. I think maybe https://github.com/ProtonMail/WebClient is that for ProtonMail? If so, you should be able to verify that code and then use that. The fact that an encrypted copy of your private key will live on ProtonMail's servers shouldn't bother you.
Your argument boils down to “govt can force them to change how they do that”, as opposed to a flaw in their approach.
True security is when the provider can't decrypt anything under all circumstances, even under coercion.
Verification is very simple: if you log in on a new device and see all your content while using only login and password to authenticate yourself, then the content stored on a server is NOT encrypted and is readable by server owner.
What about if the encryption key is derived from your password? This is common enough for "encrypt file with a password" services, I've personally implemented it in-browser as part of a small project.
Now, having your account password be the same as the email decryption password is also probably a bad idea, but we're far from the server owner being able to read your emails.
Protonmail keeps generated public and private keys on their servers.
Protonmail do not see your password and without it cannot decrypt the pub/private key pair.
I think the more interesting question involves something like Mailvelope. It is a stand alone OpenPGP based encryption system based on the ProtonMail code that provides encryption for webmail. It can be hosted somewhere physically and politically far away from the EU and is an open source project. How will the EU approach the ancient PGP dilemma this time around?
Protonmail should already be illegal in the EU because they operate under swiss mass-surveilance laws and cooperate with US-American law enforcement. Both of which violates the GDPR if they do business in an EU state.
> Since they don't have access to their users' email content because of encryption.
They still have access to all the unencrypted mail their users send and receive and to all the metadata of the enrypted communications.
Seriously? Wow, off to research this I go... That's really disappointing as a paying user. I can't believe I wasn't across this.
That said, I wouldn't bet on it.
It's worth noting that this was legal everywhere else in the world already (Google are free to scan a US user's Gmail for CSAM with no problem, if they want to).
The motivating concern was that service providers who do already scan for this kind of abuse material (everywhere in the world) were at risk of having to disable such scanning entirely for EU citizens due to privacy laws. This is 'temporary', in that it's a quick fix to avoid service providers immediately disabling all those systems, until more concrete rules on how/when/if service providers should scan content for CSAM are put in place.
That part is not a big problem (imo). The risk is that future legislation goes much further.
The article here seems to be largely lobbying and pushing general awareness of the issue, rather than reporting on any real news (not that that's necessarily bad). So far, there's no concrete proposal AFAICT, let alone a planned vote on such legislation. The EU Commission (who propose legislation, which is then voted on by the parliament etc) have previously said they're looking into mandatory scanning, but given the pushback it's unclear whether that's still the plan.
In the end, it's probably not widely reported because the mandatory part doesn't appear to have a concrete proposal in motion yet. Articles like this are appearing anyway because it _might_ be proposed legislation soon (there's mentions of Autumn 2021) and it's important to mobilize to inform the public and make their opinions visible as early as possible, rather than waiting until the last minute.
I'm curious if this was a situation where they might have decided that scanning was more important given the implications of processing CSAM? It seems like this is a way for authorities to influence any data processor.
The Apple news last week seemed to come out of the blue and it felt a bit like a trade-off to get out from under the authorities to some degree. This is just conjecture though.
If you can't move your country representative to veto the bill, then the issue is not the EU: it's your government.
As Europeans we have to stop this very sneaky campaign of "citizens can't do anything" - it's a self fulfilling prophecy and the sharpest tool the lobbies have in the EU.
Your country's government has a say on it, and you have a say on your country's government. Make them accountable.
How would I do that? He is already in that position, I have zero influence on his decisions.
Even if this was passed by the Council of the EU  it would be passed by ministers representing over 55% of the states - and over 65% of the EU population - and could be blocked by 4 countries. Now - we can discuss if a government is a democratic institution, but I guess it's a bit of a stretch to argue otherwise.
In other words: democracy requires information and education, either at the EU or at state level. That's not the issue here.
Your country is not a passive agent in this: your country has a say and you need only four countries to stop this. If you believe that somehow you can influence your government when it's emanating laws locally, but not when - the same government - is voting in the Council, you are just doing some magical thinking.
The EU has one main problem: it's local politicians stoking the fire of "It's the EU doing this, not us" - while at the same time passing legislation in the EU.
<Tyranny of the majority arguments go here>
You can complain either way. Not participating means you are not participating, and is a kind of a vote too. If <50% people vote, then the vote is arguably illegitimate.
That's not how a democracy works. Unless you're forcibly prevented from voting - or are denied the right to - that's not the case. It is not an illegitimate vote if you decide not to vote.
In the EU Parliament elections it's just people deciding not to vote. As you yourself said: "is a kind of a vote too".
Let me make a practical example: we are having a pizza party and we have a vote for what pizza to order, you say: "I don't care - you guys decide!". When the pizzas show up you may say: "Dang, you got the anchovies pizza - I don't like anchovies!", but not "Why did you guys get anchovies? I don't like anchovies, you shouldn't have ordered that pizza!". They seem closely related, but they are not.
If more than 50% of people in the room say that, the pizza party vote is illegitimate.
Being silent - not voting - is NOT the same as voting against something. Not even close.
If the real reason for why over 50% of the people don't vote was because they don't like any of the parties then they could join up and create an alternative. But this is not what happens.
In the real world when you don't vote you're doing two things:
1 - you're saying you don't care because you find all the options not to your liking;
2 - you're also saying you can't be bothered with creating one.
As long as none is preventing you with addressing the second part: you are making a deliberate choice to not engage in the democratic process. You understand the consequences of that (in)action and you accept them. In no way that invalidates the choices made by the people who engage in it.
Saying that you CHOOSING not participate in the process makes it invalid is an offence to the people who fought to give you that choice and to the people that - to this date - are not given that option.
I'll say this one last time: this defeatist attitude towards the democratic process is exactly what the political establishment and the lobbies who enrich them are counting on, and this is why I considered it one of the main issues with democracy today.
The Official Monster Raving Loony Party  is doing more for the cause of democracy than people who decide that nothing is going to change, we are going to get anchovy pizza, so why bother with voting.
Edit: Fixed typo - twice
> Being silent - not voting - is NOT the same as voting against something.
I never said it always is. However not voting does not mean being silent. I explained this in my analogy where most of the people said not interested in the pizza.
Similarly people who are vocal about politics in their life, online, participate in political fights in workplace, whether individually or through unions, other creative activities and so on are already participating in democratic processes. They are already not silent. The fact that some of them do not participate in a given vote they don't like does not diminish that.
> then they could join up and create an alternative. But this is not what happens.
Of course it happens, in general. Maybe you mean that in your country it does not happen, or it does happen but not everybody who does not vote is involved in that. So what? There are other ways to participate in democratic processes which I mentioned above.
Individual countries are equally corrupted by big businesses and authoritarian leaning, but you can generally count on inefficient flip flopping right-left parties to not do too much damage in any direction.
The EU seems to be way more efficient in getting us straight to 1984 or Soviet Russia V2.
It is representatives of the countries in the Council of the EU voting these legislations through: hold them accountable as you would hold them accountable locally.
Don't fall for the narration of the EU as a third party where your local representatives have no say. If four countries veto the bill, the bill is dead. 4 out if 27 - all done by influencing your government representative in the Council.
I don't think a central government for a single country is a good solution and I think an entity who can force countries to legiferate is even worse.
Countries got pulled in into Europe because of the trading opportunities, not because they wanted a quasi-Federal Government.
We're witnessing a slow decline into dystopia and making the 0.1% richer and richer every day.
VATMOSS and European regulations killed small business favouring Amazon.
Covid lockdowns killed small business favouring Amazon.
I'm not sure whether the representatives are complete idiots who believe to the propaganda or who assume their voters are complete idiots (eg: I can't vote against protecting children, no matter what or people will think I'm a monster; I can't vote against massively complicating VAT laws or people will think I'm favouring Amazon) or malicious entities who just want more power in the hands of the government, but the net results has been always negative (not only in Europe).
I don't care how representation works in Europe or anywhere else, the facts speak for themselves: most governments end up behaving in ways that benefit big businesses.
Political activism is about making these "small issues" big and visible. It's not easy, it's not cheap and it doesn't always work. Yet it's something that can and should be done at the local level. And I really mean: local.
Your country's representative is of a political party that - I am guessing here - also runs in local elections. Your town, your province, your region - and that's how you start. You possibly can't talk to your ministers, but you can talk to your local politicians. Make sure they understand that their local power will see the consequences of national and EU politics, let them bubble up the issue.
Will it work for sure? Probably not, maybe yes. Is it better than taking ourselves out of the equation? Absolutely yes! Making sure that the local politicians understand that their national counterparts will affect their local success is a way of making them accountable.
Second, the issue is the presence of EU influence in my country: Whereas before joining the EU the local parliament would have a nuanced discussion and vote, often with results very different from partisan membership, now the party that won 4 years ago (that does NOT mean >50%) decides all by itself how it's going to vote in the council, and only the biggest issues of all can be helped, but breaking the government for every smaller thing is not feasible.
Not in every country. More often, the head of the government is voted for by the national parliament, meaning, only the people having installed them have a form of mandate. (Which is also true for the Commission, BTW.) The people with the actual mandate are in the European Parliament.
Could someone more knowledgeable weigh in on what the EU has to show as far as a "human rights record" ?
No, I said "when you realize", not that it is the "single piece of legislation".
There are many other reasons for that stance, such as the fact that nation's people can influence and check their government's laws with more success than it can do that to a supernational undemocratic bureaucratic organization.
> The EU is top-tier in a wide range of areas spanning from human rights
They have full mouth of it, yes. They issued some great declarations and legally binding resolutions, I agree. In case of vaccines, almost all EU governments act in direct violation and EU has no real power/wish to stop them.
This would seem to contradict your original post, no?
- an unstoppable authoritarian juggernaut to which countries have foolishly ceded their sovereignty and are now paying the price in the form of draconian regulation
- a weak and ineffectual symbolic union which issues empty proclamations that countries are free to ignore without consequence
Which is it?