Hacker News new | past | comments | ask | show | jobs | submit login
EU Commission is planning automatic CSAM scanning of private communications (tutanota.com)
646 points by starsep 8 days ago | hide | past | favorite | 418 comments





It's scary, because CSAM (child sexual abuse material) is very, very broad, and quite vague in its definition¹. My three year old son stayed with my parents for a week, and he was being taught to swim in their swimming pool. Of course, I get sent pictures and clips of his progress by a proud grandma, and of course, him being a toddler, he felt swimming trunks to be completely optional (and of course, they are at his age in a private pool).

That's not CSAM right? But who knows how the AI will mark those happy pics? Some quirk in its programming and training leading to them being pushed way up whatever ranking is used? It's a nude child after all, and that is most likely one of the few things such an algorithm can detect quite reliably.

The automated filter won't care about the context though, and if any of the recent failures of algorithms ruining peoples lives are anything to go by (the Dutch Toeslagenaffaire comes to mind), being flagged by the CSAM filter is a high risk event — even if you can clear your name later by human intervention — because now you are on a list.

1: People tend to conjure up horrific images of underage children getting raped by adults when they hear 'CSAM' or 'child pornography', but when you read up on the legal definitions used it becomes very vague, quite fast. A seventeen year old boy sending a dick pic to his 18 year old lover is producing child pornography and can in many jurisdictions be sentenced as such, and nudism of any minor can be seen as CSAM if the pose they strike can be construed as 'erotic' — yet there is no clear definition of what this means, falling squarely into “I'll know it when I see it” territory.


Don't worry, as this is not about child sex abuse anyway.

The legislators know, from experience, that it's hard to argue against measures to protect children from predators, and so they are free to launch controversial and unacceptable measures. Once in place, it will be extended to other purposes.

The same as always.


Quoting Adam Curtis from The Power of Nighmares:

> In the past, politicians promised to create a better world. They had different ways of achieving this, but their power and authority came from the optimistic visions they offered their people. Those dreams failed and today people have lost faith in ideologies. Increasingly, politicians are seen simply as managers of public life, but now they have discovered a new role that restores their power and authority. Instead of delivering dreams, politicians now promise to protect us: from nightmares. They say that they will rescue us from dreadful dangers that we cannot see and do not understand.

They had a great 20 year run on the terrorism narrative, but they need a new nightmare, and they’ve apparently settled on child predators.


Absolutely brilliant series, and highly recommended. Available on the Internet Archive.

https://archive.org/details/ThePowerOfNightmares-AdamCurtis


I review "Century of the Self" every few years .. also by Adam Curtis iir

I have watched 'All Watched Over by Machines of Loving Grace' by the same guy. If that stuff is anything to go by, Adam Curtis long on insinuation and clever cuts, and short on actual insight.

Beware of Gell-Mann Amnesia.

Btw, I suspect politicians always used the protection-from-nightmares just as much as promising utopia.


I agree. Curtis complains about narrative building and hypernormalisation, when he is arguably doing both of those things every time he speaks.

The tune of the poem is more important than the words to him.


Urm clarify plz how one documentarian can hypernormalize? It's a collaborative work by many parties w overlapping interests. Over time. Using vast resources.

Because he likes making up cute narratives with usually 0 citations, it's all about the tune, not the words.

Lots of people listen to him, he isn't just some guy.


>Lots

Same could be said for David Attenborough or Errol Morris, but that's not enough influence to be called "hypernormalization." Shining a light on how power functions is a gnatbite to, say, lawmakers banning abortion and homelessness, enforcing building codes, drafting a generation of males to war, engaging in armed combat against miners, etc. Even a documentarian with a mirrored ideology, say, Steve Bannon couldn't be said to be hypernormalizing- only communicating.

> citations

I re-watched some of "Century of Self" [0] to evaluate this statement. Much of it is primary sources: interviews.

[0] https://youtu.be/DnPmg0R1M04


David Attenborough does not make the same style of programming that Curtis does.

Curtis has a very specific world view, or world vibe, let's say whereas Attenborough does have views about the world but not much else beyond visual grandeur.

His earlier stuff is definitely better than his more recent work, but I refer specifically to the hypernormalization documentary because it's absolutely full of "Syria this", "Assad this", "[large country or company] decided to do [remarkably simple thing]". Maybe it's right, but the point is that it's structured and edited in a way where he wants to make you feel his argument that the world is being forced into a state of inaction, not convince you that his argument is correct.

In this specific documentary, he is undeniably flying extremely close to the sun in how he presents his argument versus what he is arguing against. He argument is all about the "theys" and the men in palaces, and obviously some decisions are, but some inference one makes in this mindset are simply the result of being fooled by randomness.

Don't get me wrong, I like listening to Adam Curtis docs while I'm working, I just think that he goes too far. When he is covering identifiable flaws he is absolutely brilliant, e.g. his piece on Nick Leeson is really nicely done, when he is kind of mumbling about some kind of incompetent conspiracy to do [something] he is often charismatic but shallow.

Also (a point about documentary filmmaking in general) the use of interviews is actually something I sort of disagree to an extent with unless it's a documentary like the fog of war where it's about a person in particular. It is extremely easy to manipulate interview.

This (https://youtu.be/BBwepkVurCI?t=90) is an extreme example demonstrated by Charlie Brooker, but you can be really subtle. And what if they're lying? What if you end up lying by accident? Trust but verify.

https://youtu.be/itqMwuB8gOk This is an interesting documentary about secret maps and information in Britain. I find it interesting, use my above writing as a barometer for whether that entices you or not.


> They had a great 20 year run on the terrorism narrative, but they need a new nightmare, and they’ve apparently settled on child predators.

just a second, we've got the new Russia - Ukraine nightmare.


Wars come and go, if a politician wants an enemy that will always be there, the threat of child abuse is it.

>just a second, we've got the new Russia - Ukraine nightmare.

Find a Ukrainian living through the war and ask them if it's a manufactured nightmare or a real one...


> Find

(Just to be sure, here is a reminder that some HN members are in that. No need to find - it's part of this public.

The author of Leaflet is the first that comes to (my) mind, and many others then.)


'next pandemic'...

I didn't put much emphasis on the first line of your comment and skipped to the paragraph right away, yet still read that paragraph with Adam Curtis' voice in my head.

Granted I watched all his documentaries...


> Don't worry...

Unless you are going through a nasty divorce and you future ex starts throwing accusations of you keeping and constantly watching those videos.


Easy, then we'll just add additional tracking to everyone's personal devices that tells the government what is on your screen and for how long. For the children, of course! /s

We already have TVs that are content aware, and Macs that report CSAM, it won't be long until the two are merged together.

Anyone who wants a dumb TV or an offline computer must be a pedophile. /s


I don’t think Macs have any built in ability to report CSAM.

Not yet no, because Apple postponed their plans. But it was planned along with the plans for iOS. The Mac was not going to be excluded.

they are just waiting a little bit, the software's been written and it's not like you have a choice lol

as far as I know the delays are more about giving apple's friends in hollywood some time to cleanup than caving to libertarian outrage


> as far as I know the delays are more about giving apple's friends in hollywood some time to cleanup than caving to libertarian outrage

Do you have a source on this?


> The same as always.

Do you have a guess about who is behind that lasting global push against private communications?


Not gp, but I would recommend reading about the crypto wars[0] and related conflicts. While the arguments are slightly different the overall idea of needing every message to be scannable stayed the same.

[0]: https://en.m.wikipedia.org/wiki/Crypto_Wars


the Cypherpunks FAQ (1994):

  8.3.4. "How will privacy and anonymity be attacked?"

  ...

         - like so many other "computer hacker" items, as a tool for
         the "Four Horsemen": drug-dealers, money-launderers,
         terrorists, and pedophiles.

  ...
[1] https://groups.csail.mit.edu/mac/classes/6.805/articles/cryp...

[2] https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...


Your government who wants to control you. Or do you still think that data is collected just so that Google can give you more ads ?

> Your government who wants to control you

How exactly?

In Italy we had 67 different governments since 1946.

What can they do with CSAM data?

Government can't blackmail citizen, they can't use CSAM scans for other purposes, they can't even authorize a scan, because that's the justice system prerogative.

Do you really believe that in Europe governments are in control of everything like it happens in Russia or in North Korea?

They are as weak as they can be.


> What can they do with CSAM data?

> Government can't blackmail citizen, they can't use CSAM scans for other purposes, they can't even authorize a scan, because that's the justice system prerogative.

In the United States, legal blackmail is called a "plea bargain". You agree to admit you're guilty of a crime, even if you aren't, in return for the government not pursuing harsher charges against you. This occurs without trial, because of course the whole point of the plea bargain is to avoid going to trial.

Why would an innocent defendant want to avoid trial? Well, good lawyers are extremely expensive, and public defenders are extremely overworked. Also, police will often say whatever they need to say on the stand to get a conviction and justify their arrest. How many cops are ever jailed themselves for perjury?


Compare 'Torture and Plea Bargaining' https://chicagounbound.uchicago.edu/cgi/viewcontent.cgi?arti...

> In this essay I shall address the modem American system of plea bargaining from a perspective that must appear bizarre, al though I hope to persuade you that it is illuminating. I am going to contrast plea bargaining with the medieval European law of torture.

> My thesis is that there are remarkable parallels in origin, in function, and even in specific points of doctrine, between the law of torture and the law of plea bargaining. I shall suggest that these parallels expose some important truths about how criminal justice systems respond when their trial procedures fall into deep disorder.


One way to prevent getting yourself into too much trouble might be to never talk to cops (without a lawyer): https://m.youtube.com/watch?v=d-7o9xYp7eE

> In Italy we had 67 different governments since 1946.

Colloquially when Americans say “government” they are referring to the entire state, including not just elected officials but professional civil servants, police, courts, intelligence agencies, etc.

You have definitely not had 67 different governments since 1946 in the sense that I think was meant.


(Interestingly, you may often hear Americans speak of the Executive (what many call, a "Government") as 'Administration' - there where others call an Administration the collection of the actors and systems you just called a Government... And this confusion is in fact odd, if one notes that some call Ministers the heads of the Executive, and 'minister' and 'administration' are clearly twins.

This becomes beyond confusing, impressive, when you realize that 'Minister' is an expression for "servant" (cpr. "civil servant" etc.) as a derivation from 'minus' - 'Minister' is the opposite of 'Master' ('Ma[gi]ster')!)


> You have definitely not had 67 different governments

I've studied English, not American.

So government to me means means "the group of people who officially control a country", like in this BBC headline "Netanyahu out as new Israeli government approved".

We definitely had 67 governments.

Or 67 cabinets, if you prefer.

https://en.wikipedia.org/wiki/List_of_prime_ministers_of_Ita...


Its definitely a complicated and messy idea. Many Americans would essentially only consider a complete change of constitution as a "new government", meanwhile in certain language in parliamentary structures there is a common phrase of "creating a new government" when an election takes place. Neither idea is really wrong, they're just coming from different perspectives.

If you're using the same kind of terminology, the federal US has had probably 117 governments, as this is the 117th Congress. However, we as Americans don't necessarily consider this a "new government", in that many of the institutions aren't radically different. We still have the Centers of Medicare and Medicaid Services, we still have the FBI, we still have the CIA, we still have the Social Security Administration, we still have the NTSB, we still have the FAA, etc. For Americans, the institutions are a massive part of the identity of "the Federal government", and unless all the institutions change its pretty much seen as a continuous government.

Its definitely a messy turn of phrase which means different things in different contexts. Either way, while Italy has had 67 cabinets/governments, I imagine a lot of institutions have stayed the same. The ability for abuse is based in the institutions, the will to abuse is often with the politicians. So its not like a "new government" woudl somehow wipe clean all the record collections and ability for the State to act on it, you just have different people telling people to pull the levers a little different every few years.


I know it can sound complicated, but I usually refer to what's written in our Constitution The Constitution establishes the Government of Italy as composed of the President of the Council (Prime Minister) and Ministers. The President of Italy appoints the Prime Minister and, on his proposal, the Ministers that form its cabinet.

So it's the combination of PM (Mario Draghi right now) and Ministers, appointed by the head of State (that is now Sergio Mattarella)

We had 67 of them in 75 years.


> I've studied English, not American.

Regardless, if debating in good faith you should respond to what people clearly mean, not to what you feel the words they’re using should mean in “correct” English.

> Or 67 cabinets, if you prefer.

Absolutely nobody is disputing this. The Wikipedia link is unnecessary.


> Regardless, if debating in good faith you should respond to what people clearly mean, not to what you feel the words they’re using should mean in “correct” English.

you're wrong: I never said I was using the correct English, I said that in the English that I have studied it is called a government.

It's called government here too

https://en.wikipedia.org/wiki/Government_of_Italy#Executive_...

I'm not making up words. If in America it means something different it's irrelevant, we're not talking about America.

> Absolutely nobody is disputing this. The Wikipedia link is unnecessary.

Reptetita iuvant.

Anyway, somebody was disputing this

https://news.ycombinator.com/item?id=31353588

You have definitely not had 67 different governments since 1946


Here's the full quote:

> You have definitely not had 67 different governments since 1946 in the sense that I think was meant.


You (probably intentionally) cut off the exact part of the quote that entirely changes its meaning.

You are engaging in bad-faith pedantry, and this discussion is now a waste of time.


> You are engaging in bad-faith pedantry, and this discussion is now a waste of time.

I cut the irrelevant part, I always assume people say things that represent "what they understood or meant".

In that case the original post saying " you haven't had 67 governments in the way I mean" is completely useless, irrelevant, pedantic and in the end brought us to this conversation

Nobody cares what "government" means to an american when the context is not America.

Believe it or not, USA is only a tiny fraction of the World population and that tony fraction is in a good part not American too.

What Americans think, believe or mean is irrelevant to 95.75% of the Planet.


The term '«government»' was used by the parent poster, not by you, Sandy: you are the one with the onus of reading his language as was intended.

Remember the Servers: "Strict in formulating the output, loose in interpreting the input".


Every country I'm aware of people also use government as a loose reference to the whole monster of state, branches (judiciary, executive, etc), constitution, laws, etc etc.

Didn't know it wasn't used like that in Italy.


That’s untrue in many European countries.

Certainly many European countries I'm not aware of how people refer to governments.

Please read the comment more carefully. I'm saying about what I am personally aware, not a universal truth.


I never said your comment was incorrect. I’m just providing further context.

> Colloquially when Americans say “government” they are referring to the entire state

Very consistently, when anyone (including Americans) talks about parliamentary systems, the number of governments or changes of government refer to the same thing as the number of administrations or change of administration when referring to the US system of government.

There are other contexts where there might be ambiguity, but this is one of them.


First of all, I really disagree — what you say is at most true for the minority of Americans who follow foreign news or have lived abroad. I honestly think if you told my dad “Italy’s government has collapsed” he would think there had been some kind of major catastrophe like a civil war.

Anyway, even if you’re right, it doesn’t matter. Nobody was talking about parliamentary systems or Italy specifically when the person who kicked off this thread warned about “the government” having too much power. It’s absolutely obvious to me that they meant “the state” and were misinterpreted by people who thought the word was being used in its parliamentary sense.


In English and particularly American English, “the government” is understood to encompass the justice system as well as Congress/parliament. People are taking about justice system abuses, not just some MP abusing his power. Law enforcement and courts control the country just as much as the parliament.

This isn’t some feature of American government either: in the US local law enforcement is often completely divorced from the state and federal political process and is run independently at a local level, with sheriffs and district attorneys even being elected positions in many jurisdictions. There is no national police - the closest thing is the FBI (though there are a few other national law enforcement agencies), but it can go after only crimes involving multi-states or interstate commerce, and at a high level it is run essentially like state law enforcement organizations in other countries, largely independent of the political process, although at the very top it is politically appointed, usually with a career official placed in charge.


> In English and particularly American English, “the government” is understood to encompass the justice system as well as Congress/parliament

That's only because in USA the justice system depend on the elected president and elected representatives of the State.

But that's not true in Europe.

Law enforcement forces and justice system employees only have to obey to the laws, not to the politicians in power.

They can't be fired at will.


> That's only because in USA the justice system depend on the elected president and elected representatives of the State.

That’s absolutely not true in the US. Almost all law enforcement has no connection to the President whatsoever. The FBI does have a connection, the director is appointed with legislative assent, but FBI employees cannot be fired at will by politician or even the director.

Further, the FBI didn’t even exist for most of American history, so that’s not why the term evolved the way it did.

Also, your country almost certainly operates similarly to US federal law enforcement. Or are you claiming there’s no democratic oversight of or input into the justice system at all?

Further, if you don’t consider the justice system part of the government, what is it?


>Law enforcement forces and justice system employees only have to obey to the laws, not to the politicians in power.

Frontex want's to have a word with you.....

And the Italian coastguard let people drown because it's law?....or maybe because it's a political thing? You cant separate the government and justice system completely.


> Frontex want's to have a word with you.....

Let's hear your thesis here...

> And your Italian coastguard let people drown because it's law?....

They actually don't.

Some politician (a Trump and Putin supporter, BTW!) tried to make them drawn for political gains and was beaten by a German young Captain Woman. [1]

many people in Europe protested against what Salvini was doing. [2] [3] [4]

France officially condemned what was happening.

Because you know, it's not a dictatorship here or a place where the police kills you if you're of the wrong color, the people still oppose to what Politicians and governments try to do.

Please, don't try to teach me how my country works...

[1] https://en.wikipedia.org/wiki/Carola_Rackete

[2] Paris: https://ichef.bbci.co.uk/news/976/cpsprodpb/127BA/production...

[3] Vienna https://taz.de/picture/3536744/624/23312167_Carola_Rackete_S...

[4] Germany https://media.tio.ch/files/domains/tio.ch/images/4bsj/huh5.j...


>They actually don't.

Since your talking about Rackete....

>>The EU is no longer rescuing drowning migrants and the number of refugees continues to fall.

https://www.spiegel.de/international/europe/carola-rackete-a...

You know that's why she got into troubles?...bringing drowning refugees to europa's coast.

>many people in Europe protested against what Salvini was doing.

So here you gave already proof that politicians can tell the coast guard what todo right?...because the sea-law is pretty clear..you have to help, no matter what.

Thank you for the proof.


> The EU is no longer rescuing drowning migrants and the number of refugees continues to fall.

In May 2022 already most than 10 thousand people reached the coasts of Italy via Mediterranean sea. [1]

Between 2013 and 2016, over 600 thousand people have landed here.

I think Italy is doing its share on that side.

How many of those immigrants went to Hungary, for example?

That's where EU is failing IMO, it should not be permitted to Orban to refuse redistribution of migrants.

Not on CSAM regulations. If governments wnat to know what people are up to, they have to simply open social networks and wait for the people to write it publicly.

No need to spy their conversations.

The reactions here are completely paranoia fueled.

[1] https://data2.unhcr.org/en/situations/mediterranean

On another note: if USA can please stop bombing African countries, maybe people shouldn't escape from the puppet regimes they install there...

> So here you gave already proof that politicians can tell the coast guard what todo right

They can try forcing the law.

What Salvini did was and still is unlawful.

His popularity dropped in a couple of years to a quarter of what it was.

you can also convince people to march armed against Capital Hill, doesn't mean that that's a President's prerogative, it only means that crazy people are everywhere.

At least we haven't built cages for immigrants' children.

https://www.hrw.org/news/2019/07/11/written-testimony-kids-c...

> You know that's we she got into troubles...bringing drowning refugees to europa's coast.

No, it was because Salvini was (temporarily thank God) Interior Minister of Italy.

> Thank you for the proof.

I proved it to you that if the system is resilient, no assault on democracy will last forever.

You're welcome.

Next time we'll talk about what constitute a rightful political action and what doesn't.

In a dozen lessons you might learn how democracy works.


You completely miss the point which is:

Politicians can tell the Coastguard what todo, and they don't "only" do what law says....that was the whole point.

>What Salvini did was and still is unlawful.

Yes and? ...i mean who cares, who gives him a slap on the wrist? And why is the coastguard following a unlawful order?...if they just follow law?


"Do you really believe that in Europe governments are in control of everything like it happens in Russia or in North Korea?"

No, but I really believe European leaders are jealous of the authoritarian powers they lack, and are working to resolve that.


> No, but I really believe European leaders are jealous of the authoritarian powers they lack, and are working to resolve that.

You can believe anything you want.

That wouldn't make you right.

national parliaments have to pass these legislation, EU is formed by 26 countries, all with very different ideas, traditions, political stances and objectives.

So, Orban?

Yeah he would love to be the sole leader of his country.

In my country?

those that tried have been destroyed by their same allies, out of fear of having to live in someone else's shadow.

If everyone wants to be the one and only leader, nobody will ever be.

Opposing forces always balance themselves.

Funny that all USA businesses lament that there is too much democracy in EU (like too much democracy is bad!), but now HN says that there is an imminent risk of totalitarianism...


I’m Canadian, they seized bank accounts and used emergency laws to crush protesters.

Democracy is already crumbling.

And American has the NSA!


>Government can't blackmail citizen

Why not?

>Do you really believe that in Europe governments are in control of everything like it happens in Russia or in North Korea?

Wait you think Russia is in control of it's citizen? Oh man, western propaganda seams to work even better then the russian counterpart.


> Why not?

Because they can't, the moment they do, they'll be roasted for doing it.

Those who tried, failed miserably.

Justice system here is not run by governments, it's a completely separated power.

> Wait you think Russia is in control of it's citizen? Oh man, western propaganda seams to work even better then the russian counterpart.

They control everything in the control rooms, which is not even the case oin EU democracies.

Do you really believe EU governments will control every communication over the wire if this law is approved in the 26 EU countries?


they can't, the moment they do, they'll be roasted for doing it.

Really?

https://www.theguardian.com/world/2021/jan/14/dutch-governme...

The Dutch IRS ran a shadow profile system for over ten years, resulting in countless families in financial trouble, numerous divorces, suicides, and kids being removed from their parents and placed in foster care. Compensation/restitution for the affected families is finally coming, but its tragically slow progress is adding insult to injury.

And the government that stepped down over it, is still (again) in power. The very same prime minister that has presided over the country during the entire time this program ran was re-elected after his previous cabinet dissolved.

None of the people working at the IRS have even seen the inside of a courtroom, at least not as defendant. Such a roasting they got.


>Those who tried, failed miserably.

Ah you think the government sends an official person and start to blackmailing you?

>Justice system here is not run by governments, it's a completely separated power.

Oh c'mon, it's pretty naive to think like that.

>They control everything in the control rooms, which is not even the case oin EU democracies.

Ah yes the russian control room's who had not heard of that.

>which is not even the case oin EU democracies.

https://european-pirateparty.eu/chatcontrol-the-sequel-nobod...

https://tutanota.com/blog/posts/why-a-backdoor-is-a-security...

I really cant believe that you think the EU is so much better. But i see, the propaganda to implement that we are the good one's worked pretty well for you.


> Ah you think the government sends an official person and start to blackmailing you?

You mean governments are run by criminals that break the law?

If being blackmailed over alleged pedo pornography in that case is what concerns you the most, I think you have a pretty simplistic view of what's happening in the real World right now...

> I really cant believe that you think the EU is so much better.

I really can't believe you don't see it!

> But i see, the propaganda to implement that we are the good one's worked pretty well for you.

I don't really think you are making any sense.

You just posted propaganda links of a commercial email service and of European pirate party which is the most biased source of information about digital rights in Europe, they are so small (only 4 seats in the parliament, 3 from Czech Republic, one from Germany, zero from any other EU country) and and in need of funds that are constantly screaming "WE'RE ALL GONNA DIE" and have been for more than a decade now, for no reason.

I consider myself much more on the left side of things than the pirate party and have been participating on discussions about digital freedoms as a tech consultant for the EU commission, the pirate brought virtually nothing to the table.

But it's working for them, their MP salaries are still flowing in their pockets anyway.

Ask them why their HQ is in Luxembourg City (one of the richest cities in the World) and not in some more piratesque place...


>You just posted propaganda links of a commercial

Ah yeah...the old propaganda because you have to implement backdoors in your encrypted email-service...i don't know what you try to proof here, but it's kind of disgusting.

>You mean governments are run by criminals that break the law?

Ever heard of Berlusconi? Or maybe Nixon....or your King Juan Carlos ;)


I think the EU wants to go through easy to rummage through stuff like email, texts, instant messenger (all easy to go through if unencrypted). I think that's what their warning shot is. Eventually they would like to put spyware in every app/phone and keep tabs on what you're doing. It's the same in America as well. Politician and the police state have no shame when it comes to wanting to take away your privacy "to think of the children" and "what about terrorists?". There is a reason we have search warrants. It's a compromise that has worked for centuries, and I don't see why that has to go out the door with new technologies.

Seriously, if you start with "I think EU is turning into Sauron",you then can imply everything, you'll be mostly wrong though.

> I think that's what their warning shot is

These arguments have been in discussion for at least a decade.

Why do you think they want to read your email?

What purpose could it serve?

Do you really think France will accept to put the email of their citizens out in the clear if Germany refuses? (nations can still delay the implementation of regulations, technically forever)

> There is a reason we have search warrants

They are still required.

CSAM is only what Apple already does (and that's another reason why I don't buy Apple products).


I think kowtowing to ANY group wanting to rifle through texts/email/anything is a bad idea without some legal principle like a very specific warrant has been issued to do it. What these guys want means that all encryption has to have a backdoor so they can look through you private "papers" at will. Yeah, I don't like that, and no I'm not exaggerating. Otherwise, we wouldn't have agreements between countries like Five Eyes. I just don't understand why everyday people just roll over for government abuse of their privacy.

> Do you really believe that in Europe governments are in control of everything like it happens in Russia or in North Korea?

It certainly feels, as if they are trying to do that.


> It certainly feels, as if they are trying to do that.

Putin's been there for 22 years, Kim is there by rights of birth, in my country the PM has been there for 18 months and it looks like he's not going to last till the natural end of the legislature, in 2023.

His career as dictator 4 life looks pretty bleak from my POV.


Well I guess that’s where the idea of the “deep state” or “shadow Government” comes from. Obviously I don’t think it’s true to anywhere near the extent that many conspiratorially minded people do, but I think there could be some truth to it, in that there are bureaucrats (especially in intelligence) in many countries who probably do have too much power and too little scrutiny and accountability over what they do, who manage to keep their positions for long periods of time and abuse their positions for various ends and reasons.

Does anyone know whether one can get more naive than that?

I think they would like to be in control of everything and know/document everything they can about every person's life. I understand that makes their job easier, and maybe even they have the best of intentions. But just a couple of weeks a go a racist was running in France (Le Penn) and not too long ago the leader of the free world a known POS, likely criminal, and racist DJT was in office. I don't want any of those people to have free access to any and whatever information that they want. I am thinking of the children and of future generations of them. If we don't stand up for our freedom and privacy we are also not standing for theirs.

Why does it have to be a somebody?

It's almost every politician since the invention of privacy. It's not a cabal, they just have common goals.

Edit: can't reply. The endgame is control over the population - taxing them, imprisoning them, etc. Why? I don't know, some people just like to be in (absolute) power.


It's the government version of instrumental convergence.

https://en.wikipedia.org/wiki/Instrumental_convergence


And what are these common goals then? I really don't see the endgame here.

>Do you have a guess about who is behind that lasting global push against private communications?

Every single government ever?


This is the correct answer. People are lazy; politicians, police, your mail person, YOU. It's much easier to put on some coffee and start going through CSAM alerts from the emails and texts you AI sent you overnight and see what looks promising. Sure glad we got past those silly 4th amendment weirdos (or whatever the equivalent in your country is) who think privacy is less important than making my job easier. A decade down the line, a popular right/left wing nationalist with authoritarian tendencies wins. Now he sends down a request to comb through his opponent's messages to see what he can send him (or his relatives) to prison for daring to run against Him. A cop caught you flirting with his gf, let's just see what we can dig up on him on the CriminalSearch app...

I’d love to know, specifically

The thing is, with current 'privacy-protecting scanner' designs, the scanner is running on every end users device, and it would be fairly simple for an expert to dump out the list of things being looked for.

That in turn makes such a system far less useful to intelligence services and authoritarian regimes. You don't want to tell your target that you're looking for them and which keywords not to use!

I wonder if this is part one, and then a later revision will require centralised scanning rather than on-device scanning.


>>and it would be fairly simple for an expert to dump out the list of things being looked for.

If you embed a neural net trained to detect "some" kind of images, I would love to know how one could "dump" the list of things the net is looking for. Basically it's not how it works - the neural net is more or less a black box, you can't tell what kind of things it's looking for by just looking at its contents. You give it an image, it says it is a match or not, based on some internal algorithm - but looking at that algorithm tells you nothing about what kind of images would produce positive matches.


The hashes are something like a 64x64 pixel representation that can apparently be recovered to a small, very blurry but still recognisable image (when the Apple thing blew up there was a researcher who’d done it with a reimplementation of PhotoDNA from the paper).

Sure, but if you read the article the proposed law by EU specifically mentions detecting brand new and not yet classified CSAM by using machine learning. So it's not just hashes we're talking about here.

More like this is part 50,000 of an ∞-part plan to give the government more and more power and oversight.

The EU is constantly pushing to backdoor encryption and allow them unfettered access to communication in flight. Local CSAM is just a stepping stone.

I find it ironic that people often look at the EU as "privacy-focused", with things like the GDPR, while at the same time the EU wants encryption backdoors and photo scanning.

IMO, the politicians just want more authority and power. The GDPR gives them power to sue and fine large companies, ie, free money. I don't think it's about privacy any more than encryption backdoors are about fighting crime or photo scanning is about protecting children.


> and it would be fairly simple for an expert to dump out the list of things being looked for.

I think the Apple design used some fancy tricks to run the comparisons without ever decrypting the reference data and even if that wasn't possible almost every new device comes with some kind of "trusted" platform module that only "trusted" actors can access.


It's funny because in this regard, The Netherlands is actually trying to do better and change the laws to allow mutually consenting teens to do this stuff (still tentative) and punish blackmail, prostitution (edit: of minors), minor-adult sexual interaction etc.

Our general mentality also seems to be a lot more lax and supportive of kids being victims of their own mistakes rather than going "yeah, that's illegal, let's throw a fine on top". Almost as if we acknowledge teens are going to experiment.


It probably helps that we were complaining about and even making fun of[0] our government for using child pornography as an excuse for pushing through draconian populist laws a decade ago already. We may just happen to have a little head-start here basically.

Edit: for the non-Dutch, the link goes to an article by the Dutch equivalent of The Onion and the headline says "Opstelten [our minister of Security and Justice at the time] says new regulations are needed or else child pornography".

[0] https://speld.nl/2012/10/24/opstelten-%E2%80%98nieuwe-maatre...


The Netherlands seems great as an outsider. I've been to Amsterdam, which was too touristy for me, but still beautiful. And we took a train to Utrecht and the surrounding areas which was great. Even struck up a conversation with a group of (local) software developers on the train.

Even with the lockdown protest issues it seems like it should be on the shortlist if you want to move to the EU as an American.


The Netherlands government has quite deep ties with the WEF, so expect The Netherlands to be at the forefront of pushing the WEF agenda. You can decide for yourself if that’s a good thing, but I’ve made my choice and am happy not living there anymore.

But I should add I left a couple of years before I even heard of the WEF. Me leaving The Netherlands was for other reasons.


Keep in mind that comp for Dutch software developers is probably an order of magnitude lower than what you can get in the US.

That and it’s a fairly racist place in my experience so don’t bother if you think that would affect you.

> it's fairly racist place in my experience

Out of curiosity, did you live in other countries as well? I have the impression that in NL there certainly is a certain level of racism, but it's less systemic/endemic/widespread than in other countries (including parts of the US).

It's an opinion based on very limited data and personal observation, so take it with a grain of salt.


I think your racism meter is mis-calibrated. Sure, the Dutch are a bit funny about all the Turks in the country, but I find their racism against the Turks to be way lower than say a lot of Americans' racism against Hispanics.

I don't think we should tell someone who implies they have experienced racism first-hand that they haven't experienced racism. Especially if the counter-argument is "other ethnicity I belong to doesn't seem to be treated that badly compared to racism against yet another ethnicity I don't belong to in a different country."

You're right, but the poster above seemed to be talking for a whole population, which I then did too by talking about Americans as a counter-example. It's just that my experience of the Netherlands isn't that they are particularly racist, but if you haven't experienced other cultures then it is easy to lose calibration. Like how a lot of Americans tend to think of the country as number one in a lot of things (e.g. education), but when you visit other countries or explore other cultures you find out your views are miscalibrated.

Not nearly as racist as the US where people of color are regularly murdered.

Just ask yourself, when was the last time something like this happened in the Netherlands? https://www.wivb.com/news/buffalo-supermarket-mass-shooting-...

You need awareness that things most people don’t understand fully are absurd. Humour can be a tool for that.

This seems to imply normalizing scanning of private information between kids. All I see is getting them used to governmental privacy infringement early, so they won't complain about it later as adults. Very sneaky of them. Again it's "to save the children"

To clarify, the sexting part of the proposal[0] is only there to modernize. Loosely translated:

>For example, sexting is no longer punishable if this happens with consent. This is seen as sexual experimentation behavior among youth.

It has nothing to do with scanning private information. It only legalizes what would realistically never appear in court except for twisted revenge cases most of the Dutch shake their heads at (girl sends boyfriend nudes under mutual consent, they break up, now ex-boyfriend tries to accuse her of breaking the law which is technically true, but absurd).

[0]: https://www.rijksoverheid.nl/onderwerpen/seksuele-misdrijven... (Dutch)


To be clear upfront: mandatory scanning of private communication is a no go. And even child protection advocates, mostly do not demand this. So here really other interests might be leading the EC, which is bad

However, particular servers in the Netherlands have been hosting a lot of CSAM and revenge porn type of material. The EU is increasingly becoming a major host for illegal and dangerous material. This is a reality and a problem.

The problem IMHO is that it is really hard to have a reasonable discussion on how to tackle this. Reasonable voices are often the quietest.

In Germany we woke up to really bad experience with pedophiles actually loudly undermining political parties in the past (particularly the Greens). Just as a reminder: This is not all black and white.


I agree it is a problem, even more so in light of fake material looking more and more realistic, and the negative effects of social media on teens.

One of those other solutions is simply teaching teens the potential consequences of these actions. One sibling linked to an article 10 years ago. This was about the time schools in The Netherlands were filled with lectures regarding lover boys, sexual and emotional blackmail, and more. Despite that, many would still put themselves in a position a malicious person could take advantage of them, but at least you're arming teens with information on which to act autonomously.

I simply doubt the EU's proposed solution would really help prevent that many cases. It might even drive the more rebellious teens into sections of the internet where the consequences are far higher. Which makes giving up all that privacy a pretty hefty price, for both minors and adults.


My understanding of this technology was it was usually a hash or fingerprint of some form of the material, to be compared against a database of hashes of known-bad material. I doubt EU countries have the infrastructure or budget to run models across everything, no?

An article about this was posted yesterday, and the EU wants to take it further that detecting known CSAM content, using AI to detect new content too.

Of course, it's all a pretence for getting access to read all of your data. It might be a language thing, but the wording of the report was such that they were almost stating this explicitly.

Honestly, what.the.hell are these clowns thinking?!


The article says they already have technology that detects "grooming", whatever that means. That's seriously frightening, who knows what else they can detect? Maybe a few years from now we'll be reading articles about people getting arrested for expressing prohibited thoughts, subversive ideas, political opposition in what they thought was a private communications channel.

The problem with hashes is, that you cannot prove what the original image was without actually getting caught with csam.

So basically, a whistleblower takes photos of some very incriminating documents, someone gets accused of eg. money laundering, hashes of those images get added to the "csam" database, and you find the first person (via metadata) who had that image on their phone.

Also, in some more repressive countries, an image of a famous cartoon bear photoshopped to look like some president can be added, and all the people who look/have/download images (memes) like that, can get put on a "list".


But would the system not insist images are hashed by it? I mean; I would think it’s not a weird demand that if this is to protect children (which it is not, at least not only) that the image hashes are solely for that purpose or otherwise not valid and thrown out by at least an AI. I know it’s naive but it seems you want the image with the hash and if someone gets flagged and it’s some money laundering doc, then it should be dismissed before you get out on a list.

The hashes are likely provided by some outside agency who is fine with transferring the hashes, but would have qualms about transferring multi-petabytes of the matching CSAM images.

They are effectively low resolution hashes - obviously they would be completely useless if they fail to detect a re-encoded or slightly transformed or cropped image. In this sense it's a hash with a very high collision rate... probably even higher if you limit it to innocent but otherwise visually similar image of parents and grandparents sending pictures of their own toddlers as GP describes.

This is when it gets scary, demonising people based on a hash collision with no evidence or context.


Even with a database of hashes the risk remains. If someone gets off on nude children, then there is nothing stopping them from collecting innocent photographs from social media¹, reposting these on seedy or oniony websites, and have the hash ending up in the huge black box of CSAM hashes by an automated scraper. I am not under the impression that such a database is curated too closely.

1: This is not something I'm personally at risk of, because my parents are tech savvy enough not to post nude pics of a toddler anywhere but in a private chat with his parents (i.e., me and my wife).


That’s the implementation used by Apple for client-side scanning of iCloud uploads. NeuralHash or something. The EU may (and likely will) build an unrelated system, although it may share ideas with prior work.

Unless the exact algorithm and data used is described in the law you don't know what the implementation will look like (or what it will look like in ten years).

I mean, at some point the amount of data & CPU needed to run a CV neural network is less than downloading all existing hashes and comparing them...

I think you are underestimating the power of modern servers and GPUs for scanning this stuff. It's mind boggling.

I almost think these efforts will need to succeed in become applied in a way too authoritarian way before there's a sufficient backlash. Unfortunately that means there's likely to be a lot of collateral damage.

Seems that's the only way people end up caring to fix things these days.

At this point I would never send nor have nude photos with my kids (whom I don't have, but hypothetically speaking) on my phone or on any other electronic device, doing otherwise is just asking for trouble. Maybe it's not the perfect situation for parents who want to share said photos with the kid's grandparents thousands of kilometres away but it is what it is.

Oh but OP is talking about his parents (the granparents) sending the photos.

And you already have received them!


I personally know someone who spent 13 years in prison because at 18 his 16 year old girlfriend sent him a nude selfie. Her Mom was in her phone and saw that she had sent the photos, so she called the police on her daughter's boyfriend. They arrested him, seized his phone and found the photo.

You're probably not the first person to ask the question of "but what about parents taking pictures of their naked kids in a pool", I'm sure they plan on having some way of dealing with it if anything to lighten their workload. That doesn't mean it will be perfect but no matter how jaded we all are, nobody wants to start falsely accusing innocent people.

I don't see how it will be different this time. The past decade has seen a bunch of failed projects that used algorithms to do the heavy lifting, and justice and redress for those involved has not even been served in all cases.

The Dutch Toeslagenaffaire¹ was a massive failure of using discriminating algorithms to judge if tax payers were defrauding the state (most of those marked as fraudsters were innocent and many lost jobs, housing, and hundreds even had their children placed into foster care (!) due to the cascading effects caused by being on this list).

The British Post Office scandal² is another famous case that will be familiar to those from the UK.

1: https://news.ycombinator.com/item?id=31013994

2: https://en.wikipedia.org/wiki/British_Post_Office_scandal


To call Dutch Toeslagenaffaire a failure of discriminating algorithms, when the main criteria was: Manually identify innocents based if they were born outside the Netherlands or married to somebody born outside the Netherlands, or if they were born in the Netherlands, had Dutch nationality but grand parents born outside the Netherlands....Is a very strange characterization.

I think you may have misread my comment. The algorithms didn't fail; they did exactly what they were programmed to do. The failure lay in the use of these algorithms; i.e., such algorithms should never have been developed and subsequently used to put people on a blacklist.

Anything automated that has the potential to ruin people’s lives should first be checked by humans when flagged. That’s why this csam thing, if used, will cause crazy amounts of human work, and/or, after first ‘convicting’ a bunch of people and a lot of bad press, will then be toned down to only go after already suspected individuals but now their data can be scanned without a warrant.

> nobody wants to start falsely accusing innocent people

I mean this is just blatantly false. History has shown us this is false. Even if you think the current government is fully comprised of kind-hearted, magnanimous, good people, what makes you think that will be the case for the next 10, 50, 100 years?

A story - I have a google alert set up for my name. Someone in a different state with the same name was recently arrested. I've gotten 5-6 alerts every day for the last week from various local (to him) newspaper and television station websites announcing his arrest. Name, address, age, alleged offenses, etc. How many will I get if he's found innocent two years from now? My guess is, at most, 1 or 2. Why would we want AI, even with human verification (which is just them checking the hashes match, anyway, so not real "verification"), to trigger the cascade of events that would occur from someone getting arrested for CSAM based on this technology? It would ruin someone's life. Now if I'm being honest, if someone actually has CSAM, I couldn't care less if they end up homeless and their life is actually ruined. But taking a step back, and acknowledging that someone innocent will get caught by this, as it's just a matter of time at that point, it's not worth it. If we had a society where you could just say in a job interview "oh yeah that was a false positive, I can prove it" and that's that, then there's a bit more of an argument to be made. But that's not our society. Once your name pops up with this kind of thing, that's who you are for the rest of your life, guilty or not.


>>omeone in a different state with the same name was recently arrested. I've gotten 5-6 alerts every day for the last week from various local (to him) newspaper and television station websites announcing his arrest. Name, address, age, alleged offenses, etc. How many will I get if he's found innocent two years from now?

That sounds like a problem that's very unique to the weird justice system in US(and UK to an extent, unfortunately), where the law allows publishing the name and other details of an arrested person. In most(if not all?) EU countries that is strictly forbidden - until the trial is done, any arestee can only be reported on by their first name and with the face hidden. Avoids runining innocent lives like American media do.


For starters, you seem to giving anecdotes from the US. Privacy laws in the EU differ from country to country but in some places at least, names & faces of people arrested suspects aren't published. And afaik these gross miscarriages of justice that seem to be ubiquitous in the US are nowhere near as common the EU.

> But taking a step back, and acknowledging that someone innocent will get caught by this, as it's just a matter of time at that point, it's not worth it

Couldn't you extrapolate that to law enforcement in general?

It's not clear to me if you're saying that AI specifically will falsely flag people and / or if you're worried about being identified as someone else with the same name getting arrested for something. Either way both scenarios exist without any AI being involved.

Personally I was falsely flagged because someone driving a car with a number plate that belonged to me was caught over a dozen times driving ridiculous speeds and it took me the better part of a year to convince the justice system it wasn't me. All because they didn't know how to update some database records with the other guy's name and despite the fact that no human ever claimed I was driving that car (the other guy said it was him not me, the car leasing company said it wasn't me, plenty of paperwork was provided). Massive pain in the ass (and nowhere near as serious as CSAM) and it required lawyers and court appearances but I'm not advocating to abolish speed checks.


> And afaik these gross miscarriages of justice that seem to be ubiquitous in the US are nowhere near as common the EU.

Not sure. There's a lot of selection bias here: all of the US speaks English, which you can presumably understand.

Local scandals in some obscure EU country might only be reported in languages you don't understand.


It always amazes me how anyone can be technologically literate and still think world governments should be given the benefit of the doubt when it comes to things like this. I agree OP, most people in government are probably not inherently evil or malicious but why should anyone trust that these initiatives won’t be poorly implemented and cause massive collateral damage to innocent lives?

It is not just the people in government today that you need to worry about. It is anyone in the potential future also that may abuse these initiatives.

This is the biggest danger. These technologies are a boon to the potential future populist dictators of Europe. It starts with Orban. Who knows where it might end?

> It always amazes me how anyone can be technologically literate and still think world governments should be given the benefit of the doubt when it comes to things like this

Yes I do think that. I'm very familiar with how the EU institutions work and I don't like it, so I'm no fan boy and certainly not trying to defend these kind of proposals.

I realize I'm preaching to a very cynical crowd here but I just don't see EU countries locking up innocent people accused of being pedophiles en masse by some garbage AI (different story entirely in the US or China).

Justice here massively leans toward giving people the benefit of the doubt, imposing light sentences etc. much to everyone's frustration.


> I realize I'm preaching to a very cynical crowd here but I just don't see EU countries locking up innocent people accused of being pedophiles en masse by some garbage AI

555 wrongful fraud convictions because of Second Sight, between 1996 and 2014, with a 2015 claim of no wrong doing and no system problems [0], in the UK.

Rubina Nami, jailed for a year. Seema Misra jailed for longer, whilst innocent and pregnant.

Noel Thomas jailed for twelve weeks at the age of 60 - the judge refusing to consider a flaw in the computer system to be possible, because of a report that concluded:

> If the Horizon system was flawed, I would expect to see issues raised by all 14,000 branches in the UK and not only a handful.

They locked up people over a garbage AI system over something much less sensitive than protecting children. Recently.

[0] https://en.wikipedia.org/wiki/British_Post_Office_scandal


Fair enough, thanks for pointing this out.

Have you seen how well assange was treated? And yes GB whas then still in the EU.

Hell even nice sweden accused him of rape, even if they knew that it's bogus.

Spain jails you just because you want to be independent, just image that Washington jails a Texan governor for trying to be independent.

Europe is in parts not far away from the Turkish legal system.


>nobody wants to start falsely accusing innocent people.

If anything, the 21st century has proven quite a few people are more than willing to do so when they deem the lack of true positives to be the greater evil. Or even just doing it for their own benefit.


Seeing as how things are going in China/Russia/N. Korea we should all learn to fight for our rights to freedom and privacy and not turn them over to the government. Western democracy is currently losing the cultural war and people aren't taking notice. US democracy was almost subverted by a phony bologna real estate scheister. I'm not sure why people think governments and rights can't change overnight unless we're diligent to push back against surveillance and other gross governmental overreach.

Can you give some EU specific examples that can be considered representative and not huge outliers?

Shit happens everywhere but where am I in Europe if anything there's a lack of law enforcement in the sense that prison terms always seem to be considered too low, people with sentences under X months don't actually go to jail because of overcrowding, police is constantly frustrated that people they pick off the street are immediately released again by judges etc.


The starting comment gave you an example to start off with. The Netherlands, Toeslagenaffaire.

You can't go telling "yeah we really care about innocent people" when you let an algorithm wreak havoc producing false positives and then take ages to fix it while the families are still dealing with the aftermath. That's the opposite, caring for true positives despite the potential false positives produced.

I'd also ask you to take a few trips down some ideologies. If you believe "EU is so nice it can do no wrong", you'll probably be cured of it soon when you realize extremists are spread all around the world, and have no qualms exercising their sense of justice even if it hurts innocent people.


> Toeslagenaffaire

it was about fraud.

And it happened in the Netherlands, which aren't exactly the cleanest of the countries (just check their ties with drug cartels money [1]), so it's Netherlanders that should be worried, not EU citizens.

It happens all the time, I don't know anymore how many wrongful tax bills I have received over the past 30 years, you just show the documents that prove you're in the right (if you are) and that's about it.

We pay accountants for a reason.

Lawyers are still free in my country if you can't afford one, event though it's very hard go to prison for tax evasion, at least not in all the European countries I know, even less likely for undue child benefits.

[1] Money laundering is a growing problem in the Netherlands, with estimates suggesting that around €16 billion in illegal funds is laundered there every year — money derived from a range of criminal activities, including drug trafficking, sexual exploitation and extortion


You're being pedantic and apologist for very little reason. There are still dozens of families who have yet to be reimbursed for this mistake, let alone the damage which was caused in the aftermath. Instead, we have a bunch of people still arguing what to do about the situation, all which are paid in tax money that could've been used to solve the issue already.

It's not about them being evil. It's about them feeling justified to use the algorithm in the way it was used, which then lead to pretty dire consequences for many families, followed by a lack of action and a general lazy attitude towards the entire situation. Along with a general lack of foresight when they implemented it.

This is a very clear example of what happens when you optimize for true positives at the cost of false positives. You can argue the costs and benefits, but you can't argue "people don't want to harm innocents" when they select to do so in a scenario where it very clear does harm innocents.

"Caring about not harming innocents" gets dropped the moment it feels inconvenient. That's something people need to be aware of instead of living in their idealist dream world.


> There are still dozens of families who have yet to be reimbursed for this mistake

that has nothing to do with the matter at hand, it's completely OT and, frankly, who cares?

It is not EU fault, it's Netherlands's fault.

EU doesn't control Netherlands.


Again, you're being pedantic in an attempt to dismiss people.

People could interpret the comment in question as "name examples in Europe", as if commenter was trying to imply "European countries aren't as crazy and totalitarian as the US / the remainder of the world". Several commenters gave examples close to home.

But somehow the EU, as in European Union, will be the exception, and we can't be skeptical of that. Get real.


> Again, you're being pedantic in an attempt to dismiss people.

No, I'm being correct.

Netherland problems that are not caused by EU regulations, are not EU problems.

Deal with that.

> But somehow the EU, as in European Union, will be the exception, and we can't be skeptical of that.

Fale premise.

I never said that EU is gonna be an exception, just that this particular problem happens everywhere, tax fraud are probably the most common case of fraud World wide.

So implying that's proof of some potential problem inside a new EU regulation that has nothing to do with tax fraud is naive at best, but let's get real, you're being not naive, you're simply being biased.


Julian Assange?

Cooperated corruption of multiple European countries, governments, prosecutors & supernational bodies (e.g. Interpol).


Both examples are (were) recent and in the EU.

Edit: sorry, I thought this was in reply to my sibling comment. See the two examples mentioned there.



> I'm sure they plan on having some way of dealing with it

Hilariously naive approach to government overreach.


Indeed hilariously naive.

"Naked Baby Photos Lead to Parents' Arrest"

https://www.findlaw.com/legalblogs/law-and-life/naked-baby-p...


> The case of a Utah couple charged with a crime for photos they took of a father kissing his naked baby

These cases are absurd but we're talking about the EU here, not the US.


"Family goes through seven months of hell falsely accused of child porn charges after Spanish police misread US-style date in tip-off from American group"

https://www.dailymail.co.uk/news/article-8731961/Family-goes...


And if this passes, we will have plenty of examples from the EU too. Here it was not as easy to crack down on people because we take privacy very seriously, but it will happen as soon as the state gets the power to do it.

See for example how we treat people who have few grams of weed on them. We protect innocent people, you say? Bullshit, we crack down on gardening shops if they're even just slightly connected to the weed culture!


I don't understand why you're not willing to entertain the potential dangers unless it's already happening. By then it's too late.

>nobody wants to start falsely accusing innocent people.

Do you have a source for that? First, by triggering the filter, there's an assumption of guilt. The filter wouldn't trigger if there wasn't something bad there, right? Second, someone, somewhere is being incentivized in their job to increase the number of "detections" so they can increase their arrest numbers. Why would they want to "lighten their workload"? They're the cops. They just ask for more resources and get them.


> Do you have a source for that?

It's a waste of time for everyone. Prisons are overcrowded, court cases take years to get going, criminals being caught red handed are released before cops even get the paperwork done, there's plenty of rock star defense lawyers.

> They're the cops. They just ask for more resources and get them.

Not in my part of Europe, on the contrary.


Actually, states are more than happy to falsely accuse innocent people, especially if it makes companies hand over their chat logs etc.

And yet you regularly hear of child porn cases in the US because a 17 year old girl sent pictures of her nude body to her 18 year old boyfriend.

Yes, in the US.

Meanwhile France last year just dropped the age of consent to 15 and if you check Wikipedia you'll most EU countries have it set around the same age.

It's doubtful you could even find a single case someone being prosecuted because their actual underage boy / girlfriend sent them an explicit picture.


> Meanwhile France last year just dropped the age of consent to 15 and if you check Wikipedia you'll most EU countries have it set around the same age.

France's age of consent has been 15, since 1945 (1982, if you weren't straight). What they did last year was add a Romeo & Juliet clause that allows for below that age if you're within five years of your partner and not committing something that would otherwise be considered assault. So a 15 yro and a 12yro won't end up in a rape case for being partners.

They tightened overly loose definitions, basically. Not dropped - raised. (A lot to do with this [0] particular case that demonstrated just how damn loose the laws were.)

[0] https://www.theatlantic.com/international/archive/2018/03/fr...


15 vs 12 is huge gap in relative age, development, and maturity. But it sounds worse from your description, like a 15yo can have sex with a 10yo and it's considered consensual??

It is _now_ that a 15yro and a 10yro _may_ be considered consensual if no other factors come into play, like authority. However, the court would have to examine it on a case-by-case basis.

Previously, it was _assumed_ that consent occurred. Such as in the case I pointed out - the court struggled to say there was not willing engagement between a 28 yro and an 11 yro.

Historically speaking, France has some of the loosest laws around consent in the world.


I know two different convictions over preteen porn received from Whatsapp contacts. Does this count?

You mean like we've figured out how to avoid social media destroying elections and public discourse? Or ad-tech from tracking everyone?

> and nudism of any minor can be seen as CSAM if the pose they strike can be construed as 'erotic'

So we're now expected to teach our kids what erotic poses are so they know not to accidentally do that during family pics, lest daddy or mommy wind up in jail? The future is fucked up.


If you look at the history of litigation of nudism magazines in the 80s and 90s it is exactly that. Some magazines were allowed in, some were banned and the owners imprisoned because a judge said that some of the photos weren't candid or casual enough.

It would actually be great if iPhone/Android detected and offered to blur genitals with a click. As creepy as that may seem those of us with young children may only incidentally capture material that could be mistaken for CSAM and would be fine blurring out those details.

The biggest problem is that these images are CSAM. Or at least a bit-for-bit identical image is in a different context. If it is family members are sharing an image of their child having fun or even sending an image to your doctor then there is no problem here. But those exact images in a different context could be a problem.

Of course this is why they have human moderation before conviction. But I absolutely don't want my private images being reviewed because they may be CSAM. This is basically assuming that I have likely done something wrong and intruding my privacy because of that.


> I get sent pictures and clips of his progress

Those pictures will be seen by you and grandma, but also maybe by employees of whoever you use to backup the pictures, whatever security services have a need to view the images, whichever police forensics department may need to look through your or grandmas phone if it were to be confiscated, etc.

Those employees need a good work environment, and can't be expected to look at your naked three year old.


I'm sorry. The chance of someone needing to look at these pictures should be near 0. The backup company doesn't need to look at them. They should actually be end-to-end encrypted so that only me and grandma can see.

In exceptional cases the police may need to see them. But even in that case there is nothing wrong with these pictures. Pictures of gore and literal shits are legal and while I agree that it can make this job very taxing. But a child swimming naked is not the problem here.


Having an actual person see those pics is totally fine. No one in their right mind would see anything but normal child raising there, and the judicial process has checks to prevent abuse by any one actor. It's algorithms I'm concerned about.

We seem to have very different priorities. You are concerned about the welfare of employees of privacy-violating organisations. I'm concerned about citizens' privacy and say those organisations shouldn't exist.

> The automated filter won't care about the context though

That's why we have a justice system.

Specifically not a common law based one, which is kinds scary per se.

People are innocent until proven guilty and the burden of proof's on the prosecution.

We are talking about EU here, not Sudan.


1. What makes you think Sudan (or NK, or Russia, or China) won't get their hands on this technology?

2. What makes you think every government in the entire EU will always have the people's best interests at heart?

3. What makes you think #2 is true even today?

It seems like this technology could be very easy to abuse, to great public detriment. Is the juice worth the squeeze?


> 1. What makes you think Sudan (or NK, or Russia, or China) won't get their hands on this technology?

their problem!

they have more pressing issues already!

and some of them have already implemented worse ways of surveilling their citizens.

In this regards, even USA is far worse than EU!

> 2. What makes you think every government in the entire EU will always have the people's best interests at heart?

I don't, that's why we constantly check on them and change them if we don't like them

> 3. What makes you think #2 is true even today?

Because I live in EU and everywhere else I look the situation is far worse.

> It seems like this technology could be very easy to abuse, to great public detriment. Is the juice worth the squeeze?

Like any technology!

Funny that guns are abused daily in US but the biggest preoccupation of HN is potential abuse of CSAM filters in EU...

Which would also be illegal!

If the filter has to be used for CSAM content, it can't be used for anything else.


> > 3. What makes you think #2 is true even today?

> Because I live in EU and everywhere else I look the situation is far worse.

"It's worse other places" doesn't answer the question. The EU's government isn't perfect and I don't see any safeguards in this proposal. It's ripe for abuse.

> Funny that guns are abused daily in US

Whataboutism nonsense, nobody is talking about guns except you.

> If the filter has to be used for CSAM content, it can't be used for anything else.

Utterly fanciful. Once this exists and is in place, it can and will be expanded to other things. Eventually a government you don't like will be elected in your country, and they'll be able to expand this.

This tool in the hands of an authoritarian government is as dangerous as any firearm because it would allow them to track dissent.


> The EU's government isn't perfect

Do you know someone or something that is?

I don't.

> I don't see any safeguards in this proposal.

then write one and propose it!

or look better.

>It's ripe for abuse.

BY WHOM EXACTLY?

AND WHY?

> Utterly fanciful. Once this exists and is in place, it can and will be expanded to other things.

Are you from the future or simply doubling down on your opinions, trying to pose them as unequivocal facts?

> This tool in the hands of an authoritarian government

There's no such thing in Europe, the closets thing to it it's Viktor Orban in Hungary.

Who is still more democratic than Trump.


You mean like German police using the data from COVID tracing apps, although legally they should not be used for anything except virus tracing?

Or it doesn't count since Germany is not a democracy?


> Or it doesn't count since Germany is not a democracy?

you say that as a joke, but it's not completely false.

Half of Germany was still a dystopian 1984esque state 30 years ago. Those people are still alive, those kids are adults now. It doesn't surprise me at all that it can happen.

Anyway, it was one case in a small city where they tracked a witness of a crime, they didn't "destroy the privacy of all European citizenzs to create a surveillance state in EU"

Besides, WhatsApp and IG have the same (if not much more) metadata, given by the users while simply using the app, that are already being abused in any possible way. including selling them.

At least a tracing app is explicitly for tracing.

I never used a tracing app for COVID, problem solved.

But people (even my mom!) use WhatsApp, I can't escape that and can't escape Facebook knowing who I cal. when, for how long, even if the messages are encrypted, metadata is not.

I would very much prefer a call from the police to help them solve a crime than FB sending me unsolicited ads or worse.


Being arrested and dragged into court to defend yourself will seriously negatively impact your life all on its own.

You can't be arrested over alleged crimes here.

The police can't drag you in jail and then in court, we are civilized people,they send a letter to you notifying you that they are investigating you and you have a right to the defense.

That's all.


> Specifically not a common law based one, which is kinds scary per se.

"scary"?


being able to interpret law freely but at the same time being bound by precedent, is scary.

Law should be as unequivocal as possible.

Common law is the equivalent of the imperial units or driving on the left of the road.

They have been replaced by better units or superseded by more uniformly accepted standards.


I mean that's cute and all, but why are your parents taking pictures of naked children and publishing them online? That's making assumptions about the channel used to send them and the phone itself being secure. Better to not risk it - not because of this legislation, but because of anyone else that might be listening in.

The message here is a private message. The title of this post contains the words "private communication" same for the title in the actual post.

Have you not actually read anything about the post ?


This is how free speech ends. If the parent doesn’t think the image is inappropriate or would damage the child, they should be free to share what they want. Full stop.

Sending pictures to me via WhatsApp is not 'publishing things online'. It is meant as a private communication channel. The current proposal wants to listen in on those channels.

And obviously, I personally, can instruct anyone handling my child to not do that when such laws come into effect, but that doesn't change the fact that for many people such actions are completely normal (as it should be).


yeah OP why ain't you letting fear and unjust laws control your whole life? \s

I don't think this proposal is quite enough, we can do better to protect the children.

The homes of the people who champion this proposal should be thoroughly searched for child abuse materials every week. Naturally, their personal electronic devices should be taken for analysis. I understand this may cause them some inconvenience, but think of the children!


Let's not forget banning curtains. Only clean, transparent windows should be allowed.

Are you sure that's enough? Maybe homes should be built out of fully transparent materials. Don't want any internal rooms to hide in.

... which is exactly the setting of We by Yevgeny Zamyatin, the novel that inspired 1984.

If you want to read it (ePub or online) I did a production for SE: https://standardebooks.org/ebooks/yevgeny-zamyatin/we/gregor...

Not sure about that. You can't keep toddlers and children clothed all the time.

The basement seems like an adequate place for a wardrobe/diaper change, even though that makes the whole situation even weirder.


Sorry, privacy from government surveillance applies only to our elected officials, not to you and me. /s

No need for the /s tag, that’s exactly how it works in a lot of places.

Here in the UK, the so-called “Snooper’s Charter” that was passed in 2016 allows bulk data collection and warrantless access to that data…unless you’re a member of parliament.


When we get spied it's for our own good and when they get spied it's an issue of national security. Because they make the nation and we're just resources they monitor.

Good thing that most of the EU government is unelected.

It was interesting to see how many high ranking politicians seemed close friends to a mr. Epstein.

Given the cost of child birth in the developed world it would be quite economical to send each child home from the hospital with a government video monitor which must be kept in the room with them, to enable random (and ML) surveillance, just to make sure they're not getting molested, you know.

This is a good idea. To be safe against AI misfires, a government agent could be assigned to watch each child 24x7 wherever they are, whatever they are doing: sleeping, eating, bathing, using the restroom, etc. That way there is no chance of missing any possibility they are abused.

Hi res cams in any room that record on super safe gov cloud day and night I would say.

Had me going at the first half.

The worst thing is that, while the EU proposes dubious stuff like this, the police doesn't actually try to remove such content from the internet or are at least really ineffective at doing so. There was a documentary[1] from the german public tv station NDR in which reporters / journalists managed to delete the majority of content from one such CSAM forum, by sending deletion requests to the hosters. The police just... did nothing about it? :/

It's mind boggling. It would be nice if only 50% of the energy put into laws with questionable results like this, would be used to give victims of sexual child abuse more help and support (or, in many cases, some at all) to continue living as much as possible despite the monsters in their own heads that such sexual abuse creates, wouldn't it? :/

[1] https://www.youtube.com/watch?v=iItLpwkQMUQ Sadly without official english subtitles, but you can run this article about it through deepl.com: https://www.tagesschau.de/investigativ/panorama/kinderpornog...


This proves that none of these institutions and politicians pushing for more surveillance actually care about the problem (while the urgency of the problem is dubious to begin with).

It's all about power and funding. If the problem was eradicated, then they would lose their purpose and funding.


A lot of cybercrime is like that, the police are very incompetent at handling it. I've seen a criminal literally logged in with their personal account (with 2FA, home address etc.) and the case was dropped because they wouldn't/couldn't identify the person. I don't think they even attempted.

Botnets are annoying to dismantle even within the EU, it's not even illegal in some countries to not remove reported malware.

I view such legislation as an excuse to their general incompetence.


If they were too competent these bureaucracies would abolish themselves, or at least decimate their own funding.

They're probably busy with their local pedophile-rings in Brussels.

Yeah not like this. I will turn myself into a black hole as much as possible.

If they somehow ever come to suspect me of these things I will gladly do anything I can to support their investigations. They can come by with a warrant, look through my message history specifically and only for evidence related to their investigation, it will happen in my presence, and no copies of my data will be made and/or fed into the basilisk. You know, how it would normally go.

What in the world are they thinking over there.


Unfortunately, here's what will really happen:

5:30am, loud knock at the door. You open the door a crack to see who it is. Cops bust in. You're immediately handcuffed and sat outside. Cops take anything with a screen, usb plug, etc. All your media. All your computers. All your external hard drives.

Every one of these devices will be imaged, and archived prior to being searched. The data will be kept for years, to protect against inevitable appeals, etc.

But you know, good luck with your plan.


That won’t happen here but sure, US type of police overreach makes a better soundbite with horribly vague proposals like this. And people should be scared so I guess it’s good; maybe they will protest (probably not though because the children the children).

Stuff quite similar to that happens in Germany[1]. Where is "here"?

[1] https://www.ccc.de/de/updates/2018/hausdurchsuchungen-bei-ve...


Netherlands. I wonder if it is similar: I saw a few here and they were friendly, no cuffs, they had a list of IPs, made an appointment to collect the drives etc (and that was with enough proof to know for sure they would find what they were looking for). But sure I can see how it escalates but why would they if there are no guns (usually only with drugs at which points they will come with more force)? Shame about Germany but why don’t we hear these things more; they should be on the front page of HN I guess (and not in German or in any language outside english if it awareness needs to be built)? At least the outline. So which dutch articles did I miss I wonder then; I cannot find any of these kind of overreaches.

Also German lawyers seem to be far more trigger happy in a lot of cases than dutch like with copyright and not having your company info on your site etc; seems there is more litigation there like an industry looking for people to ‘sue’. Why aren’t people protesting or are they?


I accidentally (e.g. I didn't know) bought a stolen laptop some time ago. The police came at 05:00am, raided my home with guns drawn and took the laptop. So yes, it does happen in Europe as well.

yikes! Hope you and your family are ok!

All good, after the initial surprise and when they found out that I am neither armed nor a criminal they were quite friendly actually. Still wouldn't want to experience something like this ever again.

Here where? This is standard procedure in e.g. Germany based on press reports and articles written by lawyers.

I don’t think it’s better in other European countries.


> That won't happen here

Ah, those famous words.


Don't forget the part where returning the original devices takes months or years, and of course you can't download a copy of the data if you lack a backup or the backup was also seized.

At this point, everything encrypted at rest will be a must.

Then encryption becomes evidence of guilt, unless you give up the key so they can search it to make sure you're not guilty.

Yeah also not, they will need to have proof of at least connections with some criminal networks to compel you to do that.

Parallel construction though.

This is not how it works at least in Canada and the US. Until they can read the password out of our minds (or at least prove that we have it) we don't need to give up the key.

Technically correct however courts can hold you in contempt. There was one case where a suspect was arrested and refused to give up passwords to hard drives. The prosecution had reasonable evidence (allegedly) that those hard drives contained child pornography, however since the defendant failed to provide access the prosecution could never prove it.

Other good points were brought up - why not dismiss the hard drive as evidence and use other “proof” such as network logs, computer thumbnails caches from the defendants personal computer, etc?

Personally I’m not sure if those ideas were ever explored.

https://arstechnica.com/tech-policy/2020/02/man-who-refused-...


I can't speak for Canada, but in the US if a court issues a search warrant for data stored on one of your devices you are obligated to take whatever steps are necessary to turn over the data, including decrypting the data if applicable. This power is provided to the government by the 4th Amendment. What you are likely referring to is the 5th Amendment right that protects a person from being compelled to testify against themselves, which protects a person from being compelled to turn over a password if doing so would incriminate them, but this is only applicable in circumstances where turning over the password would incriminate you, not where the decryption of the data would incriminate you. This is applicable only in circumstances where it is uncertain whether you have access to the device in question, since compelling you to produce the password amounts to compelling you to admit that it is your device. Once a court is satisfied that it is beyond doubt that the device is yours and you know the password, a judge is free to compel you to provide the password.

There's a further consideration of whether you can refuse if the literal string of the password itself would incriminate you, but I don't believe that has been conclusively litigated.


That is not true; there is conflicting precedent on the matter.

Are you so sure?

Also, why don't they just beat the shit out of you to get the key?


I don't think that works in countries with a jury system. I don't have anything illegal on my computers, but I would never give up my passwords to anyone working for the government. I think the odds that at least one person who is like me (or can at least understand that mindset) will be on any given jury is pretty good.

And even then, weaknesses are built into encryption, long-term it may be broken with advances in computing (I mean who knows what the NSA and co are working on at the moment), etc.

It's better to not do or have anything illegal. Make it so you can say "I have nothing to hide", but don't give them access voluntarily because of that.


If NSA has a backdoor or has broken the encryption you are using, they will want to keep that secret for as long as possible to get the greatest possible use out of it. They will use it covertly (using parallel construction to keep it out of court cases) on important cases like (actual) national security, mafia or people running dark net marketplaces, spying on friendly and hostile governments etc.

But they won't risk it for someone with a CSAM match or anything similarly uninteresting, and local authorities won't even be aware that it's something their government can do.

Still, don't do anything illegal, but I think for most people it's legitimate to have a threat profile that assumes that encryption is effective.


As if full disk encryption doesn't exist.

Encrypted data will be illegal for plebs. Failure to hand over passwords will be punished as if you are guilty of the worst thing imaginable.

I doubt it because at that point they cant pretend anymore to have rule of law, or being a democracy.

Sure, it could be a gradual decent into such a reality, but it will take a long time.


France : "Loi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne, article 30 (Law #2001-1062 of 15 November 2001 on Community Safety) allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply incurs three years of jail time and a fine of €45,000; if the compliance would have prevented or mitigated a crime, the penalty increases to five years of jail time and €75,000.[21]"

https://en.wikipedia.org/wiki/Key_disclosure_law


If they can justify to legislators being able to spy on all network traffic, they can probably also convince those same legislators that encryption is a tool only bad guys use to prevent justice being served.

There's a constant push, at least in the US, for regulation on encryption. It's gotten consistently shot down thus far, thankfully. But it's a never-ending battle. And one day people will most likely become complacent enough to let go and feel the liberty melt away.

Just like the last couple generations have gotten increasingly soft on our right to bear arms. They've been conditioned to believe that it's dangerous, and boomer-like, and no longer important.


It's already illegal to not disclose passwords when ordered to do so in the UK.

Sure, the US freedom of speech amendment protects more powerfully than in most countries. But I wouldn't be so confident once the rest of the world has given up


No, that's not how you should be thinking. You say nothing, you give no access, and you demand a lawyer and a search warrant. You do not need to cooperate. You cannot trust any police or investigators. This isn't about whether you are guilty of anything or not, this is about basic human rights, the right to privacy, and due process of law.

  > due process of law
That is exactly what I want. Not having committed any such crimes, and having been incredibly lucky to be born into the sort of life where I feel like I can trust the process being fair and just, I am not particularly worried about an investigation.

This is the precise inverse of how I feel about the general permanent monitor and analysis that is now being proposed. These systems are inaccurate, opaque, and uncontrollable. It makes me feel like cattle being driven towards the man with the rod.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: