By making a minor concession EU governments hope to find a majority next week to approve the controversial „chat control“ bill. According to the proposed child sexual abuse regulation (CSAR), providers of messengers, e-mail and chat services would be forced to automatically search all private messag
What is the problem if it’s client side though? Traffic is still not intercepted, communication is still private. Going from here to a full blown backdoor seems a bit far fetched…
“What’s the problem if the government had one random inspection of your house per year. Nobody entering or leaving your house is getting searched, just the house itself and whatever you store in it. Your house is still private. Nobody else is getting let in, just the government.” They’ll only use this new search power to look for pedophiles. Promise.
The problem is you have a right to privacy. The government should have to prove a reasonable basis to suspect you of a crime to violate it, and at least in theory that authority is overseen by an independent judiciary. Owning a phone isn’t a reasonable basis to suspect you of a crime and read all your text messages. Privacy and free speech are basic human rights, they are necessary for democracies to function properly and for us to advance as a civilization and share information and ideas and grow.
No ok that’s fine but if the check is client side, it happens offline and no data is sent to the servers unless a match is found, your privacy is still yours unless you’re sending CP no?
If the cops are allowed in your house whenever they want just to look for evidence of a crime, but they are bound to secrecy unless they find evidence of a crime, is your privacy violated? Yes. Of course it is. We have rights like privacy to prevent government abuse of power. It’s is an important check and balance. You have a rights including the right to take a photo or send a message and not have it immediately read by the government. Period. The conversation should end there, just like you shouldn’t have to justify why you should be allowed to hold and espouse your own political views. Because you’re a human and you have rights, that’s why.
This is not to mention that client-side scanning always will have false positives. There is no way to eliminate them. So now whatsapp has sent some random photo of yours to the cops. Maybe it’s sensitive. Maybe it isn’t. The issue is, it’s your photo and for some reason the government has been allowed to seize it without cause. Maybe some cop and all the buddies at their precinct are jerking it to your nudes now because whatsapp mistakenly thought it was csam. Maybe that photo makes its way out of the police department and onto the internet. Much simpler solution: require the government to get a warrant before they seize your possessions or invade your privacy.
Power corrupts. It will not end with CSAM detection, CSAM detection will just be the start. And importantly, CSAM detection get them past the biggest hurdle which is forcing all the app developers to put backdoors in their apps and getting people to accept the concept that they have no right to privacy. After CSAM, then it will be “terrorism” then it will be “terrorism and dissent” etc you can see where it leads. Every democracy that slides back into totalitarianism slides down the same set of reducing civilian rights. Ask a Russian journalist how that process goes. Ask a Chinese dissident what not having any privacy feels like.
When these “broadening of scope” actions happen, we may not even know. Whatsapp may not even know. The way client-side scanning works is that whatsapp sends a version of your photo (not the photo itself, but something functionally akin to its fingerprint) to the government and the government tells it if the photo is CSAM. The government can change its filtering criteria with no input whatsoever from whatsapp. Now the criteria is “CSAM and also if the photo says anything critical about a political party”.
Think of how polarized and politically tumultuous of a time we live in and some of the crazy things politicians are saying or doing. Think of the politician, party, or segment of the population you trust the least. Think about what happens when they get into power. Do you really want them to be able to snoop inside your phone whenever they want in the name of “stopping CSAM”?
The way I intend client-side is that ideally the client would have the CP hashes built in and would only trigger on a hash match, that is, when it’s 100% sure that your picture is ID’d.
The problem I have is that if it’s server side it’s indeed a horrible privacy violation, if it’s client side it’s trivial to bypass through some decompiled version of the app - so there is no good way to sell this.
We’re splitting hairs here, I agree with you generally speaking.
Yes. But the government can provide an “updated” hash database. Such updates would be frequent. There is no way for whatsapp to know what files were used to make those updated hashes. Unless the government distributes copies of the underlying CSAM to the messenger app providers which kinda goes against supposedly trying to stop the proliferation of CSAM in the first place.