European CSAM/Grooming Scanning Proposal

Syonyk · May 11, 2022, 5:47pm

Just in case you thought the whole debate with the CSAM stuff was over, Europe weighs in.

https://ec.europa.eu/home-affairs/proposal-regulation-laying-down-rules-prevent-and-combat-child-sexual-abuse_en

And the draft proposal:

https://ec.europa.eu/home-affairs/system/files/2022-05/Proposal%20for%20a%20Regulation%20laying%20down%20rules%20to%20prevent%20and%20combat%20child%20sexual%20abuse_en_0.pdf

Options C and D, while building on Option B, would impose legal obligations on providers to
detect certain types of online child sexual abuse on their services. Option C would require
providers to detect known child sexual abuse material (CSAM), namely copies of material
that has previously been reliably verified as constituting CSAM. Option D would require
providers to detect not only ‘known’ CSAM (material confirmed to constitute child sexual
abuse material), but also ‘new’ CSAM (material that potentially constitutes child sexual abuse
material, but not (yet) confirmed as such by an authority).

The retained Option (Option E) builds on Option D, and requires providers to also detect
grooming, in addition to known and new CSAM.

The Impact Assessment concluded that Option E is the preferred option for several reasons.
Obligations to detect online child sexual abuse are preferable to dependence on voluntary
actions by providers (Options A and B), not only because those actions to date have proven
insufficient to effectively fight against online child sexual abuse, but also because only
uniform requirements imposed at Union level are suitable to achieve the objective of avoiding
the fragmentation of the Digital Single Market for services. Hence, Options A and B were
discarded.

Now providers aren’t expected to just identify known previous material as Apple was, but to identify new material, and to identify any chats that seem to be “grooming.” I don’t think you can do that without cracking the crypto open…

Anyway, now seems a good time to continue building out alternative infrastructure. Before long, the “darknet” will be the only place you can have a private conversation.

Drizzt321 · May 11, 2022, 9:03pm

Not just a private conversation, but to not get arrested/records (even if innocent) of being suspected for this by a bad joke, or talking about research on the problem or solutions, or even just passing around a good meme image that has what looks like an underage person in it.

We just do NOT have AI good enough to check new material. Even the previously identified material is iffy enough with our existing tools.

bombcar · May 12, 2022, 12:46pm

Once Apple publicly admitted they could do it this was bound to happen, it’s too easy to push through.

Syonyk · May 12, 2022, 4:29pm

That’s about my view of it. “Oh, hey, Apple thinks they can do it, so we can now mandate this thing that clearly is technically possible, just, we want them to do more.”

More writings on it:

gpshead · May 12, 2022, 6:51pm

When legislators get involved, you’ve already lost. You don’t need a darknet. All of your input and output devices can be forced to surveil all possible content. You now need dark hardware.

Pencil and paper sound good.

Syonyk · May 12, 2022, 6:58pm

However, there’s a large amount of legacy hardware out there that can run “whatever.”

So how does one help make this sort of thing more difficult for them to actually implement?

bombcar · May 24, 2022, 1:41pm

Hacker News, in between bouts of finding your old articles on the M1, took time to discuss this: Data shows that the EU's CSAM scanning will not have the intended effect | Hacker News

And the most sad/terrifying thing is that it appears the whole deal is just because some surveillance salesteam schmoozed a politician the right way.

So it’ll likely expand to greater surveillance because the company wants more sales.

Canem · May 24, 2022, 3:09pm

Hey if it works for arms dealers!

Syonyk · May 24, 2022, 3:31pm

Seriously. That was a weird one to drag up. At least my “… uh, sooooo… this was written after a month of hacking with it, please don’t treat it as current!” update ended up towards the top.

Sure, you’ll ruin the privacy of a continent. But think of the profits!

Ugh. That’s… even worse than politicians dreaming up something they think would be useful and totally possible if people just nerd harder. Writing legislation based on a glossy brochure.