I guess this is the end of "sending customer data to the us".
Quite impressive how fast the US-politics can burn billions in $, endanger the technological lead and build a massive opportunity for Europe!
I, as a European could not be happier about this, from a economic standpoint.
Hope you guys over there are not drifting to a surveillance dystopian.
This is a long term international effort where irrelevant Western countries in the peripheries (that’s the EU) have nibbled away at encryption protections to make it easier for the US to do the same. It’s part of a two decades long effort by Western elites to correct their mistakes from the nineties - namely loosening the noose on information and privacy.
Australia, France, UK all have draconian laws that would cause outrage (or are outright unconstitutional) in the US. The only data protection the EU has is because fussy Eurocrats are annoyed that the US (and not them) get to syphon all of European’s data.
The US is really flawed, but I wouldn't move back to the EU for double my family’s income.
> Australia, France, UK all have draconian laws that would cause outrage (or are outright unconstitutional) in the US
at least in those countries you don't have to resign for what you do in your bedroom, consensually, behind closed doors...
> The only data protection the EU has is because fussy Eurocrats are annoyed that the US (and not them) get to syphon all of European’s data.
[Citation needed]
this comes up every single time, but it's false nonetheless.
The term "eurocrats" in Europe is used in a negative way only by people who don't understand how EU works, usually from far right.
Nowadays the term Eurocrat has come to encompass staff from all EU Institutions and not only staff from the European Commission.
Although the term Eurocrat might convey negative connotations for some, specialists of European Union and its institutions Didier Georgagakakis and Jay Rowell use the concept of Eurocracy as a way to describe and analyse EU actors and professionals interactions [1]
“ at least in those countries you don't have to resign for what you do in your bedroom, consensually, behind closed doors...”
No, you go to jail instead for offending someone. But you still have a job to pay off your court debts with (the US, thankfully, doesn’t have looser pays courts).
As to the rest of your comment, I love it. Any criticism of the EU or Brussels is far right extremism and must be ignored. Its working out great for Trudeau smearing protestors and ignoring them.
That's a bit of a oversimplification. What she was prosecuted (not convicted) on was definitely not a just a simple picture of the bible. Besides, that's only one of the charges. Other charges come from the times she implied homosexuality to be a genetic degeneration and later on called homosexuality a disorder.
Also, two years of jail is the maximum for that type of crime. IF she is found guilty, she will almost definitely get some relatively small fine.
It's understandable the christian folks want to paint this whole case as just "two years for tweeting a picture of a bible". But it's much more nuanced than that. Additionally the trial is still ongoing and it's very much unclear what the outcome will be. And this case is still handled in district court, I highly doubt it stays on that level. There's a lot of analysis and comments of the trials in the newspapers, but they are all in Finnish. I found this one in English that explains the case a bit better than "two years for tweeting a picture of the bible". https://yle.fi/news/3-12284380
Calling hate speech and attempts to reintroduce an ideology that sank a continent into war and killed millions a bland "offending someone" is so obviously bullshit that it's a marvel to me how you could write that without disintegrating into a puddle of shame.
Or maybe you did -- do you, at long last, have some sense of decency left?
I speak three European languages at native level (Im ESL. Or is it ETL?) and can get along well enough in a fourth. I have the luxury of choice.
And my problem isn't with Europeans, that is Englishmen, Ukrainians, Russians, or normal people in the EU. My problem is with Europes’ (note the plural, this isn't merely about the EU) institutions, the way they think, the mentality of what a person can do.
At no point in the past two years was I prohibited under the yoke of arrest of going outside. My kids never stopped going to school except for the first two months. My kids don’t have to do security theater or wear masks. No law can, or does, limit my speech. If I had the misfortune of living in a bad neighborhood the law protects my right to defend myself against an intruder.
On the whole, pick any EU country and they all failed on those accounts. Maybe Czechia or Hungary are cool on some of the above.
>> Which of the 27(8) countries did you live in, as they are rather different?
> I speak three European languages at native level
Way not to answer the question.
Also, BTW, you're probably wrong: Very high proficiency, maybe, but almost nobody speaks more than one language (or at the most, two) at a native level. But, sorry, I digress... To get back to the point:
Most don't learn three (and a half) languages by age 11 and use all three often. When I speak any of the three, locals think Im a native speaker and readily spot in what region I learned the language (if they’re good, the town). In any of the three I can also spot where the speaker is from and I can pronounce all the subtle sounds that give foreigners away. Sounds that even natives cant pronounce since they are not universally present in regional dialects.
Anyway, I didn't answer the question because what’s the point? I wouldn't live in Germany, or in Latvia, or in Spain, or in Greece for the reasons stated: restrictions on speech, blasphemy laws, anti-apologia of tyranny laws (commie or facist), laws effectively criminalizing self-defence. I also enjoy the self reliance of Americans; yes its exaggerated, but its more than Europeans anyway.
Ive flirted with Switzerland, but that’s not the EU per my original comment (I wouldn't live in CH either. Love ’em though)
Many US states have ongoing school indoor mask mandates. Also Czechia and Hungary are the two European countries most at risk of backsliding from democracy into authoritarianism.
the problem with being an immigrant, and I have seen this on myself, is that we tend to see the host country through rose colored glasses (best case). Or if we are from a poor / unprivileged background we've been put through hell by trying to survive in the new country. And in the latter case it results in (worst case) those groups becoming the most extreme defenders of whatever that country does. That gets then compounded by having to defend your old customs (from your origin society) even that origin society has meanwhile moved on.
The person who just moved to a new place is very unlikely to speak ill of their new hosts or join an activist group to fight against what is a local issue. It's generally a bad idea to poop where you eat but it's unthinkable when you consider yourself still a guest in that country. The whole thing takes generations usually.
Agreed, its very common. But this doesn’t apply to me. Allow me to explain:
I lived in four different countries across three continents seven different times by age 15. Throughout, middle class. Leaving Europe for Canada as a teen was extremely difficult. I still love Europe the place and Europe the people.
Finally, I moved to the US from Canada - hardly polar opposites - and was reared on a diet of anti-Americanism that took ten years to shed.
I didn't dream of coming to the US, the best grad program that I got accepted to was in the US. I didn’t want to stay, I got married. I came to love the US kicking and screaming.
>I, as a European could not be happier about this, from a economic standpoint.
Please, let me play you the world's smallest violin.
This trope, constantly celebrating that $CURRENT_YEAR will finally be the year of EU tech dominance over US giants, has been on repeat ever since Snowden revealed that the NSA is in bed with every major US tech company and is actively spying on EU users. And that was all the way back in 2013.
Sure, the Facebook empire is crumbling now, but since 2013, we still have no EU competitors for Google, Microsoft, Apple, AWS, etc. despite this knowledge that US tech companies have no regard for privacy and that the US government is using them to spy on us.
What if we don't want FAANGs in Europe? What if it's harder for FAANGs to develop in Europe because they can't be as aggressive and careless as american corps are?
Personally I don't want Europe to allow huge monopolistic corps to take over our economy.
Why would we want Google, the search engine that provides ads and spies on you instead of providing good results?
Why would we want Facebook/Meta, the ridicolously troubled corporation hated by pretty much everyone at this point?
Why would we want Amazon, famous for exploiting it's workforce, using old wild west methods against unions, exploiting its own sellers by copying their products and selling them for less?
Why would we want Microsoft and Apple and their cartel like attitudes, when we could have a different paradigm of software/hardware that goes to benefit everyone, instead of existing only as a competitive advantage to take over the market?
All of this companies will do anything in their power (lecit or not) to increase their market share and avoid paying taxes.
You can keep your silicon valleys and your oligocratic economy, thank you.
>They why are those US tech companies so successful in the EU with no viable local competitors, if nobody wants them?
US tech has too much money they burn it on shit. So any potential competitor is bought, you see some UK AI company pops up then Google buys it and 1 year later you read how Google made huge progress in AI. IMO EU needs to first fix the illegal US companies tax tricks, also fix the Apple software tax or apply a similar tax on closed platforms, "the closed platform tax" , this would mean less money for US SV devs to waste on shit ty stuff and more money for EU devs to try do something better.
For money, I did not say are incorruptible. I explained why you will not see a FB or Google,Intel,Apple private competitor appear , it will be bought, the competitors will appear from China for sure, they have already mastered the smartphone , they are working on CPUs , I am not into social media but I read that they have pretty good alternatives to US versions too.
We can agree to associate social media with drugs, but Microsoft, Apple, AWS and Google are providing consumers with many products for which we have no equivalent competitors locally.
But there are local competitors, they just got smothered and bought up by US based corps.
Why ? Because the US has a lot more money, which translates to more money for investors to dominate the economic landscape.
Why does the US have more money ? Well, if I want to buy an ice cream from the US for a dollar , I first need to sell something to an American for that dollar. US banks can just mint that dollar from thin air
>? Well, if I want to buy an ice cream from the US for a dollar , I first need to sell something to an American for that dollar. US banks can just mint that dollar from thin air
I don't get this argument as the reverse is also true. If the US wants to buy French cheese and wine, it needs Euros to do that and the ECB can just print Euros out of thin air.
I want to start an Apple competitor. I have a plan; it's interesting, fun and deep. But I lack skills (I'm a FED, not an OS or hardware engineer, and I've not done funding rounds and I only have cheap suits). If I exist, there's likely similar-minded folk out there.
(UK here; not quite Europe any more; not my fault or choice)
EU has an over-abundance of talent due to the great free schools. Finding people with skills is not an issue. It's finding the VC and investors willing to burn through billions in losses years on end hoping that maybe they make a profit one day, that's the problem.
I didn't express my concept, I expressed the reality that US tech companies have universally conquered Europe. If the EU would have had the ability to compete in these sectors, then we would have done it already ever since we found out in 2013 that the US is spying on us, or way before that. But nothing changed since then. Almost every EU company and government institution is using Microsoft products and all consumers use Apple, Google or Windows. Where is this EU competition here?
So what? We were talking about companies not individuals. The Linux kernel is not a company, not a product you can buy and neither is Linus Torvalds.
Plus, for the last 20+ years Linus has been working from the US while also gaining US citizenship. Case in point for US tech dominance, talent bread in Europe ends up in the US.
I'm expressing the reality/facts that US BIG-tech has conquered Europe and we haven't had any viable competitors to them that can re-conquer our local market, despite knowing the privacy and surveillance implications of using US BIG-tech for years now.
If you wish to negate the facts and call me names in return, then its your issue.
> I don't think this is going to fundamentally change anything.
me neither.
my in-laws (90+) in Japan are excited about a new DoCoMo phone and always talks about the latest features. He is not an engineer. He is also not a rare case in that country (or that continent).
My own mother back in EU and most of my family are deeply ambivalent at best, or absolutely opposing new Tech / data-driven ideas.
Europe is like the polar opposite of Asia in that sense. The US is some kind of weird middle-ground. When I returned from Asia to EU after 10 years over there I had a reverse-culture shock that lasted at least 5 years. Everything looked backward and stagnant to me. As I get older I realize I'm also becoming very critical. But age can't explain the ambivalence otherwise Japan would be the most Technology hostile society in the world.
Yeah, seems the only country that can dream about challenging the US tech industry is China. But they'll have a hard time with reputational issues.
I mean, how long until a sizeable chunk (+30%) of western tech businesses, or even other major Asian economies, start choosing Aliyun over any of the five big US cloud providers?
I think safe to say not in the next 5 years. But who knows...
The bill hasn't passed yet. It went through a committee, but it has not passed in either the House or the Senate. There's still plenty of opportunity for this bill to get voted out.
It's creeping forward. It seems Republicans are a captive audience, Corporate Democrats are on their way, and Progressives and Libertarians are about the only ones pushing against it.
> Hope you guys over there are not drifting to a surveillance dystopian.
that's not a local problem but a global one. Many EU countries are well on their way into dystopia. The dystopia is an unavoidable side-effect[1] of having technology and categorizing everything in systems (and systems of systems). This argument gets attacked by "BUT everything can be used for good or bad". But Technology is not neutral.
We just pretend it's neutral because we wouldn't know who to hold accountable when dealing with cause/effect in complex systems of systems (emergence). Consider the following[2]:
> In a society such as ours, it is almost impossible for a person to be responsible. A simple example: a dam has been built somewhere, and it bursts. Who is responsible for that? Geologists worked out. They examined the terrain. Engineers drew up the construction plans. Workmen constructed it. And the politicians decided that the dam had to be in that spot. Who is responsible? No one. There is never anyone responsible. Anywhere. In the whole of our technological society the work is so fragmented and broken up into small pieces that no one is responsible. But no one is free either. Everyone has his own, specific task. And that's all he has to do.
> Just consider, for example, that atrocious excuse… It was one of the most horrible things I have ever heard. The director of the Bergen-Belsen concentration camp was asked at the Nuremburg trials, “But didn’t you find it horrible? All those corpses?” He replied, “What could I do? I couldn’t process all those corpses. The capacity of the ovens was too small. It caused me many problems. I had no time to think about these people. I was too busy with the technical problem of my ovens.” That is the classic example of an irresponsible person. He carries out his technical task and isn’t interested in anything else.
Drifting? We have been there for a long while. The FBI implemented Carnivore in 1997. It is foolish to think surveillance has done anything but grow since then.
FWIW, I sent the email below (largely cribbed from the EFF).
Dear :
I am a constituent. I urge you to oppose the EARN IT act, S.3538. It does not strike a reasonable balance between fighting crimes and the rights of users to privacy and encryption.
The bill empowers every state or territory to create sweeping new Internet regulations, by stripping away the legal protections for websites and apps in Section 230 of the Communications Decency Act of 1996. The states will be allowed to pass whatever law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse.
The bill’s sponsors have stated that EARN IT will pressure Internet companies to do widespread scanning of user messages and photos. This scanning is incompatible with strong encryption. Consequently, the act allows states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services.
The sponsors have falsely claimed that the act would protect children. But abusive images are already highly illegal under federal law. Any Internet platforms that knows about child sexual abuse material being distributed or received are required to take action on it, and can be severely prosecuted if they do not.
EARN IT would lead to penalties for people and companies that use encryption. The harm done by this will fall on vulnerable people. Once we allow encryption to be compromised in order to scan for one thing, authoritarian regimes will demand the same capabilities to track information shared by activists and journalists. Another example is that people subject to domestic abuse, including children, won’t have secure channels of communication to report and reach out for trusted help.
>"I will vote you out if you support this bill. End of story. "
I wish this threat would work on Senators who don't represent purple states. Come hell or high water, my home state will re-elect the same Democrats until the day they die or retire.
Edit: Yes, we can try to vote for a different Democrat in the primary but that rarely ever succeeds, especially against a tenured incumbent. I wish there was a runoff system so the vote isn't split amongst ~6 competitors and the incumbent.
> The states will be allowed to pass whatever law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse.
Ah, so child abuse is kind of the new interstate commerce, only for states in stead of the feds?
What I don't see in the writeup, is which senators are voting which way. I can tell from the writeup what Blumenthal thinks of it, but not any other committee participants.
I really wish politicians would embrace a "we will make policies for things we can understand" motto.
I'm inclined to agree, though I feel they're already pretty hands-off for most things that don't have corporate interest or overreaching power driving them.
I'm disappointed that Jacky Rosen (D - Nevada) is a co-sponsor. She's a former software developer and should know better.
I just watched some of the Senate hearing on Log4J and she seemed reasonably together on security, open source etc. I was feeling optimistic that she could become the Senatorial analogue to Judge Alsup[1]! But if she's on board with EARN IT, scratch that idea.
Junior senator up for re-election in a marginal state. Chances are that support on this was traded behind the scenes because of party dynamics, or she thinks it will play well with her constituency (which is Nevada, not California or Oregon...).
The personal ideas and knowledge of any given politician are just a starting point for the political choices they make.
At my previous employer, among the 40 or so developer staff worldwide, there were only two of us who used Signal: myself (security focused backend dev) and the devops team security expert. Everyone else: just use WhatsApp so we can all communicate in the same place. Caring about privacy can be exhausting.
I believe that strong E2E encryption is critical to individual privacy, but I also believe that it doesn't really matter when most every nation state can compromise any phone at any time simply by knowing the phone number and sending a zero click SMS or MMS message to that phone.
Until laws are implemented that forbid this and/or security improves to do so, it doesn't matter how good the encryption is if it's running on a fundamentally insecure device.
It's very hard for security conscious people to attract other people to more privacy conscious platforms. People love the practicality, and don't want to trade for they can't see or understand.
I'd love to use signal, but it'd be a very silent place, and have to have WhatsApp anyway. So, instead of trying to entice others, I just try to win a one small battle at a time, reducing my cross-section step by step, where I can.
Well, Whatsapp hasn't done anything egregiously bad yet and they got a lot of goodwill/good PR from their E2E implementation vouched by Moxie et al. So what's the big issue with Whatsapp beyond that the client is not open source?
WhatsApp has already had multimillion euro fines for their privacy practices. Just because it has E2E encryption does not mean it doesn’t sell other data. A company whose business model is to sell your data is going to sell your privacy along with it.
Being open source is nice, but not required for privacy.
> I'm disappointed that Jacky Rosen (D - Nevada) is a co-sponsor. She's a former software developer and should know better.
I don't know why you feel this way - IME software devs are the least likely to care about privacy.
Maybe they've been so acclimatized to being online all the time, or maybe it's because they feel that they aren't at risk.
In any event, the first people to throw away their privacy has always been software developers. Just look at how many of them use Chrome, for example. Or how many of their personal projects are tied to some proprietary tooling that, as a first action, grabs their data.
Most people would trade their mother for some shiny - that's why we have laws to protect from predatory behaviour. And software devs are just people, in the end.
Oh come on, I said I was "disappointed", not "outraged" or something more extreme.
But yes, I think that understanding helps, and Judge Alsup, whose programming background informed a sane ruling on copyright and APIs in Oracle vs. Google, is exhibit A.
If this were polarized, it would mean that no senator could risk offending their base by opposing it. They wouldn't budge in the face of popular outrage.
Since it's bipartisan, it means neither party's base badly wants it to pass (which we would already suspect from our own personal experiences).
I'd say this is actually pretty partisan if you ignore the mostly imaginary lines between the parties and think in terms of establishment vs. non-establishment.
> [politicians embrace] "we will make policies for things we can understand"
I wish that too but to be fair: what would any of us be able to make a policy for if we had to really understand the subject first? I'm afraid we'd have to elect about 1 million politicians and let any subset of them make policies about what they are experts about. This is probably what's already going on except nearly everyone in that million is not elected and is part of organizations lobbying for something.
I have not read the details on the bill. However, a quick glance just reminds me of how counter productive and opposite of what our tax paid for research outlines as best practices for protecting data.
The NIST SP 800 series publications were paid for by our tax money and outline how encryption should be used for ALL. Not to mention sets standards for all of the intricacies that come with development, implementation and validation of strong algorithms for use in commerce, medical, federal, military and even GAH personal use.
“[Use of end to end encryption] shall not serve as an independent basis for liability of a provider […]” but the fact that you did so can now be used against you in court.
The spirit of this bill is to make WhatsApp liable from the moment they become aware of specific instances of child pornography being shared on their platform, and only then after they’ve been shown to be doing nothing to take it down. If they don’t do anything after they’ve verified those specific instances then they are liable.
What’s being implied by all the senators and the journalism around this is something like “everyone knows that in general these E2E platforms carry child porn, so in general they need to turn off E2E.”
The text of the bill doesn’t seem to be talking in generalities. It’s talking about specific criminal cases involving specific instances of abuse? Or maybe it anticipates some sort of action where the government is the plaintiff?
I think the EFF does a very bad job at providing counterarguments to the "fact checking" done by the senators. Maybe someone could provide better more nuanced criticism if anyone tries to reach out for their reps. In Europe a similar situation is coming up and I see the fundamental criticism of some NGOs sometimes not helpful, because this might be just dismissed as radical.
That section was added to the original 2020 bill as an amendment by Senator Patrick Leahy. The Center for Internet and Society (Stanford Law School) has a blog post explaining why that section is not strong enough to shield service providers that offer end-to-end encryption from legal liability:
> Leahy’s encryption amendment isn’t all it’s cracked up to be. There’s still skepticism among tech policy wonks and cryptographers alike over Leahy’s encryption amendment. It essentially gives providers a defense against liability, which is less strong than the a priori immunity from liability in the first place that Section 230 currently provides.
> CDT predicts that it will invite prolonged litigation over whether potential liability is “because of” the provider’s use of encryption (if so, the case is barred) or because of some other reason (if so, no bar).[3] CDT told CyberScoop that the “consistent threat of litigation … will be a strong disincentive against providing [end-to-end encryption] and continuing to have to defend that decision in court.” With potentially wide variation in state CSAM laws, “the worry,” as Techdirt says, “is that we won't know whether or not offering end-to-end encryption would be seen as violating state laws until long and costly cases go through their lengthy process.” The Internet Society’s Joe Hall agreed, telling CyberScoop that the amendment is “a fig leaf of protection for strong encryption” that leaves providers “to fight it out in court, which is far from cementing protection and clarity for encryption, the bedrock of our lives on the internet and in the real world.” I couldn’t have said it better.
> It’s not clear how many cases against providers would actually be precluded by Leahy’s amendment. Plaintiffs and state AGs could readily come up with other grounds besides encryption on which to premise liability for an encrypted service (at least as a pretext, even if encryption is really the ultimate reason they’re mad). CDT also points out that the Leahy amendment doesn’t stop the AG-headed commission from recommending anti-encryption best practices (as any commission with Bill Barr at the helm will likely do). That would’ve been a freebie for Leahy to throw in, especially with the commission’s fangs removed anyway.
Cosponsors: S.3538 — 117th Congress
(2021-2022)
Sponsor: Sen. Graham, Lindsey
[R-SC] | Cosponsor statistics: 19
current - includes 19 original
* = Original cosponsor
Sen. Blackburn, Marsha [R-TN]*
Sen. Blumenthal, Richard [D-CT]*
Sen. Casey, Robert P., Jr. [D-PA]*
Sen. Collins, Susan M. [R-ME]*
Sen. Cornyn, John [R-TX]*
Sen. Cortez Masto, Catherine [D-NV]*
Sen. Durbin, Richard J. [D-IL]*
Sen. Ernst, Joni [R-IA]*
Sen. Feinstein, Dianne [D-CA]*
Sen. Grassley, Chuck [R-IA]*
Sen. Hassan, Margaret Wood [D-NH]*
Sen. Hawley, Josh [R-MO]*
Sen. Hirono, Mazie K. [D-HI]*
Sen. Hyde-Smith, Cindy [R-MS]*
Sen. Kennedy, John [R-LA]*
Sen. Murkowski, Lisa [R-AK]*
Sen. Portman, Rob [R-OH]*
Sen. Warner, Mark R. [D-VA]*
Sen. Whitehouse, Sheldon [D-RI]*
Banning encryption because of some people use it to transfer abusive images is literally throwing baby out with the bathwater. Why not ban sending snail mail as well, as it can be used to send abusive images too?
I haven't tried reading the text of The Act, most of the press about it focuses on E2EE-type messaging systems. So presumably if this passes, Signal would have to move offshore or something? (for example)
But what about HTTPS certificates, would The Act have any effect on them? Would there be any legal issues with (for example) running your own Matrix server?
And what about hosting providers (instead of platforms). Would Amazon be compelled to decrypt HTTPS traffic en-mass that's routed to their machines?
And who knows what else is still secret. A good rule of thumb is that if something's in the "cloud" or hosted on someone's computer that you don't directly control, you should assume that LEOs have access to it.
When all the data is centralized, you don't care about the end-point encryption. All you care about is having access to all the databases.
None of these are the reason. The reason is that HTTPS traffic is generally between a service provider (i.e., company) and an end user, and the former can be easily subpoenaed and compelled to disclose data during an ongoing investigation into the latter.
The USG doesn't need to (and doesn't bother to) break HTTPS for domestic LEO, because existing mechanisms are easier and approved by the courts.
I don't think it is. The person I'm responding to seems to be implying that the USG doesn't worry about HTTPS because they've broken it or otherwise extralegally subverted it. I'm saying that the USG doesn't worry about HTTPS because they have effective legal mechanisms for domestic investigations, and using extralegal means domestically is more of a headache than it's worth.
No, read my comment again. Every one of the links shows a completely legal way to grab someone's data from any company. The whole point of my initial comment was to point out that legal system is so well primed against any privacy pushback that it's irrelevant what data is encrypted in transit. All the repositories and databases are just one NSL away. And NSLs are so easy to get that you don't even need to convince a judge to approve one.
>By using NSLs, the FBI can directly order companies to turn over information about their customers and then gag the companies from telling anyone that they did so. Because the process is secret, and because even the companies can’t tell if specific NSLs violate the law, the process is ripe for abuse.
>A judge does not have to approve the NSL or an accompanying gag order.
>Over 300,000 NSLs have been issued in the past 10 years alone. The most NSLs issued in a single year was 56,507 in 2004. In 2013, President Obama’s Intelligence Review Group reported; that the government continues to issue an average of nearly 60 NSLs every day. By contrast, in 2000 (the year before the passage of the USA PATRIOT Act that loosened NSL standards), 8,500 NSLs were issued.
NSLs can't get access to encrypted content, only metadata. Metadata can also reveal way too much, but we also need to be realistic about this conversation. Law enforcement will abuse every avenue they have (including NSLs), but the GP is also largely right, by and large they'll just go get a rubber stamped subpoena.
> 1. HTTPS relies heavily on DNS. It’s as secure as DNS is. Nuff said.
I don't think this is true: HTTPS (and TLS >= 1.3) provide a suite of protections that mostly address perceived weaknesses in DNS (ECH, ESNI, CT logging, HSTS, etc.).
As for DNS itself: DoH and DoT is widely available, and my understanding is that all major browsers currently support one or the other. I've been using outbound DoH for at least two years at this point via Pi-hole.
I interpreted "law enforcement doesn't seem to care [...]" as a claim that domestic LEO has meaningfully broken HTTPS on general traffic, which I don't believe is the case. But if you meant that they don't care because they have legal access mechanisms that already suit their purposes, then I agree.
It's a catch-all term for all the law enforcement people. There's now so many organizations that can get your data through warrants, and some even without warrants, so that's a convenient term to use. And especially if you're not a citizen/resident of the US since the Fourth Amendment does not apply to you. But it's not like the 4A has stopped them or slowed them down anyway.
Because, it's a massive centralized decrypted data repository, law enforcement can simply ask for the data and the company will hand it over. It's not their data so they don't care to defend it but because of the third party doctrine it's legally their data to hand off w/o your permission.
Peer to peer or end to end encryption removes this trivially easy access, which is why they don't like it.
Your comment is only confusing because E2EE is a term about encryption where no data between two devices can be read by eavesdroppers. HTTPS is indeed end-to-end encrypted between the server and the device. A better way to put it is that HTTPS does not promote E2EE between end-users, which it doesn't intend/pretend to do anyways.
>E2EE is a term about encryption where no data between two devices can be read by eavesdroppers.
That would cover any use of encryption. E2EE is a term used where there is a distinction to be made between access by users at the ends of the system and some other part of the system. Originally used to cover the encrypted email case where there is a lot of "middle" in the form of email servers and a small amount of "end".
The term is often used incorrectly these days for marketing purposes. TLS could be used in an E2EE system, but it is normally not.
> HTTPS is not end-to-end encrypted (it kinda would be if we used P2P but we don't) so you can subpoena the server.
How is https communication not end to end encrypted? And what’s the difference between subpoenaing a server vs an end user? The server is just another person/organization.
Edit: Re-reading this I guess you mean that having a centra server acting as a middle man would probably not be end to end which I agree with. I thought you meant user <—-> server wasn’t end to end.
A typical example is a chat application served over HTTPS: your communication with the server is encrypted, but the messages sent between you and your friends are passed through the server in the clear (through databases, logging, caching layers, etc.).
Law enforcement is mostly concerned about corporate servers rather than home ones. E2E encryption puts those servers out of their control, hence the pushback.
Russia already has a similar law since 2016, although it's applied selectively to whomever they please rather than to everyone by default. And the guise of the day is terrorism, not child abuse.
When you guys were surprised about Room 641A, Russia already had warrantless surveillance boxes mandatory for every ISP by law.
I've no clue about China, but I'd be very surprised if they're not even worse in this regard.
If you want to oppose the EARN IT Act, but don't want to spend the time, just use the EFF's "Take Action" page and have them send a prewritten email for you. It really does take just 1 minute. Here's a link to the page to make it even easier: https://act.eff.org/action/stop-the-earn-it-act-to-save-our-...
At a minimum, the congresspeople's aides will tally up the emails received to measure their constituents' reaction to the bill.
If you do have the time, an original email written in your own words might have a greater impact. To determine who your 2 senators and 1 representative are, use these government pages:
Prepare a single email and alter it slightly to make it personalized for each of your 3 recipients. Use the form on the senator's or representative's official senate.gov or house.gov website to reach them, and set the category to "Communications" or "Telecommunications". (The form will block your submission if you include a URL, so don't do that.)
Like our opinions matter. I learned from net neutrality that my representatives will do whatever they want to do, without regard for the peoples wishes.
In the UK at least, we see politicians talking about what their constituents are writing to them about. I suppose they could all be lying.
I've had a letter I wrote to my local MP passed all the way up to central government and received a reply from them. Later, I actually met someone who mentioned a "certain letter" they had to deal with... Which turned out to be the one I'd written!
> I've had a letter I wrote to my local MP passed all the way up to central government and received a reply from them. Later, I actually met someone who mentioned a "certain letter" they had to deal with... Which turned out to be the one I'd written!
I can see that as being useful to keep the urban legend alive. What I'd like to see is statistical evidence but I'm thinking that might not be available.
I don't know why you'd think that's easier to suppose. Seems naive. How does listening to you benefit them? Listening to lobbyists, on the other hand...
> How does listening to you benefit them? Listening to lobbyists, on the other hand...
Listening to lobbyists (and implementing the stuff they ask for) can only get a politician money to try and buy votes he can use to cling on to his position. People writing in from his constituency, OTOH, are the voters he needs, and listening to their demands and implementing those has a much higher chance of directly giving him their votes.
This same bill was shelved once before due to outcry about it. They just keep putting it back out there (very similar to Net Neutrality). The key is, to continue the pressure each time it's re-introduced (which is hard, yes). But there is some precedent that vocal outcry and campaigns to write representatives does have some impact.
It's far more effective than doing nothing. Reps keep track of constituent correspondences and tally them by sentiment. It's one of their main ways of gauging where their constituency is on issues. I guarantee boomers who type google searches into google's facebook page are calling up their reps.
Why would you need to? Only if you are saying no amount of voter contact has ever changed any politician's vote on absolutely anything. Is that what you're claiming?
If not, then even a single letter changing a single vote by a single politician is already infinitely more than not doing anything, which won't even change a single vote by a single politician on anything.
Yeah, but unless you claim that no politician has ever been the least influenced by his constituency, there's no reason not to.
Of bloody course writing your representative is better than not writing them: It stands at least a chance (however infinitesimal) of accomplishing something. Not doing it doesn't; by definition, it can't. That's a logical syllogism. Logical syllogisms don't need experimental confirmation.
So how could and why would one not believe that doing something is, must be, better than doing nothing? That's not "healthy skepticism", it's turning it into illogical nonsense.
> Of bloody course writing your representative is better than not writing them: It stands at least a chance (however infinitesimal) of accomplishing something.
There is no guarantee that, if it accomplishes “something”, the change it induces will not have negative value. You cannot assess that the action has positive expected value without summing value across all possible outcomes weighted by probability, included negative value outcomes.
The frequent naive assumption that doing something is always better than doing nothing is how proponents of lots of counterproductive policies use real problems as leverage to get them passed.
Does alcohol produce real social harms? Was Prohibition doing something instead of nothing? Was Prohibition a net win?
So if you click on the actual article, there is a "TAKE ACTION" button that will email your representatives. It takes about 15 seconds total, if that. Do it.
This could only work if there are monopolies that work with the government. I don't think we're there yet, but it is concerning that lawmakers view this as a viable piece of legislation.
I wish we had a legislature who would recognize the importance of net neutrality to fostering competition. Instead, bills like this seem focused on ensuring monopolies so they can control how they operate.
> This could only work if there are monopolies that work with the government. I don't think we're there yet, but it is concerning that lawmakers view this as a viable piece of legislation.
Google, Microsoft and Apple all work with the government extensively, and they, either alone or together, hold monopoly and oligopoly positions in many markets.
Personally I'm more concerned about the regional broadband monopolies. Google, Microsoft, and Apple won't see sufficient competition if it starts costing more to visit certain websites. That will only entrench the current players.
The current administration is the only thing that's barely holding back Comcast, Verizon etc. from expanding their plans to expand zero-rating across broadband. Eventually there will be another Ajit Pai.
Yes I was around for Snowden. That program doesn't concern me nearly as much as trying to ban encryption altogether which is what this bill appears to be trying to do.
This country is fucked. The senate does what they want, most of them are not afraid of being voted out. This or something like it will eventually pass. It will be a Brexit level disaster, and take 20 years to unwind. The small majority of people that want this passed are absolutely relentless, and seem to have enough money to influence enough senators to get this passed.
The discussion on the EARN IT act starts around 1:42:00
Any mention of concerns over encryption are with a really incredulous, dismissive tone. I have a hard time understanding whether that's actual ignorance on the part of the Senators, or if it's some kind of theatrics that plays into the broader politics of the situation.
Based on similar things I’ve seen here in Australian political circles it’s because they are so deeply misinformed that it’s become dogmatic. They like to get simplistic overview briefings and dislike getting sufficiently deep briefings that they can be informed of the fundamental flaws that simplistic briefings pass over.
They also decide who works for them so no subordinate will “make them learn” and everyone perpetuates a cycle of ignorance that leads to the establishment of a dogmatic position that people trying to make things seem more complicated are wrong because I have all my own people telling me it’s not that complicated. Unless they care to be informed and ASK for it, it will never happen.
I have no evidence for this, but I think it's highly likely they're using "ignorance" as a form of brinkmanship or plausible deniability. If these senators speak with any of their colleagues, they'll know the risk and reward tradeoffs of these decisions, but they'll choose to side with interests that benefit their own person.
I know Hanlon's razor stands against me, but I just find the dynamics of a highly connected set of professionals in DC too conducive to passive knowledge of these issues to justify a bunch of "key senators" to be fully ignorant on these subjects. I find it way more likely that ignorance is a convenient narrative to push their agenda without accountability from the opposition.
Plausible deniability yes, but even just safety. If I don't engage with a topic in a detailed manner, it's very unlikely I'll say something wrong about it, that could later come back to haunt me. Remember "the internet is a series of tubes"? The guy was hammered for trying to understand a complex topic - and he wasn't even dramatically wrong, just used a metaphor (almost certainly thought-up by someone in his staff) that was just excessively reductionist.
The media playing gotcha has made it fundamentally dangerous for a politician to be publicly wrong on any topic. The reaction is to avoid engaging with complex issues.
Not from the US, but I cannot imagine that it allows dragnet surveillance. Since that is common practice, I don't think the 4th amendment doesn't do anything to be honest.
Still yes US holds main strings. This act is about grabbing it all, so my high certainty prediction is that US would loose all it had. (read my longer post)
Don't hold your breath. We have plenty of political forces here that don't like encrypted communication. SPD in Germany would gladly see Telegram be completely banned.
Isn't this criticism of Telegram about hate speach rather than encryption? If you wanted to ban encryption, Telegram would be the least of your worries.
What a disgrace the party has become. It has nothing to do with former social democrats which we owe much to regarding liberties. Their behavior is nourishment for extremism more than any internet platform could ever be. Fear and self-fulfilling prophecies is what they will harvest.
They are like the people complaining about distrust in government while regularly extending surveillance of citizens.
You're missing the point about this evil act. I'd also pick US as is now, but to summarize after this act US becomes greatest evil against all other and itself.
it's interesting every time something about the US being the US comes up, someone brings up China or Russia.
It's a knee jerk reaction at this point, but, in all honesty, China and Russia have 3 times the internet users US has (China is also building internet infrastructures in many African countries), that can't be easily discarded.
And for many of them the "american internet" is less free, more invasive and more dangerous than their own.
It seems we are all fighting a losing war, each year Governments of world take away some of our liberty in name of protecting us. And worse part is this is happening across political lines. Pretty grim picture worldwide really.
If anyone in power in our 3 branches of government was under 80 and actually understood how all of this worked, this would be struck down immediately. Heck, this law would be a non-starter to begin with.
I'm not sure how much this answers your question, but Congress put out a "EARN IT Act Myths and Facts" documents that contains the following text:
> MYTH: The EARN IT Act is simply an attempt to ban encryption.
> FACT: The EARN IT Act does not target, limit, or create liability for encryption or privacy services. In fact, in order to ensure the EARN IT Act would not be misconstrued as limiting encryption, specific protections were included in the bill to explicitly state that a court should not consider offering encryption or privacy services as an independent basis for legal liability.
US and A: you can't ban people from owning guns because it could be against the constitution (2nd amendment) but you can ban encryption and ignore 4th amendment to the constitution :)
"Hillary Clinton, Biden, Kamala and other Deep State actors want to use the EARN IT act to read your messages and check if your kids are vaccinated. Next year, if your children haven't had 5 boosters, CPS can take them and you could face jail time! FACT!"
Anyone have MS paint and a few sockpuppet FB accounts? I'm only 20% kidding here.
What you're suggesting is exactly what those corrupt senators want.
The reason why popular E2EE messengers are such a problem for authoritarian governments/regimes is the fact that it's transparent and enabled by default. This means that millions (or sometimes billions) of people have strong privacy without having to know anything about it.
Once E2EE is removed from these messengers, those authoritarians can focus on the rest.
Edit: one thing that really confuses me about this whole war on crypto thing is why would a democratic nation want to remove privacy from people. Don't they understand that democracy is fundamentally predicated on privacy? I have a feeling that they do.
The next step is of course to vilify those who seek privacy, now that it's not the default, switching the rhetoric to suggest that anyone using encryption is surely doing so to hide illicit activities. Privacy becomes illegal at that point.
I don't know what this is, but I'm more confident in Signal's E2EE than whatever this provides (which I don't know, because the README doesn't include a technical explanation or threat model.)
Yes there will be tons of new open-source end2end encrypted apps that you can install and government shall not be able to enforce it! But the new Act will give them power to proclaim anyone using it a criminal and they can start exercising draconian fines (i.e. hundreds of thousands or millions of dollars life crippling). No matter how you slice this and when you get totality of all possibilities all scenarios end up with world destruction making this the most dangerous and most stupid Act ever!
Sorry, can't hear anything, over the sound of hand-rubbing by Non-US tech companies looking forward to the ENORMEOUS competitive advantage they will be able to offer if this is actually implemented :D
I think we will see a lot of companies founded in the next decade ready to take over such services in the EU. China already has its local companies, and the rest of the world will not be far behind.
Let me translate this into practical arguments depicting where this leads (how both dangerous and stupid it is).
If this bill passes, imagine a world where:
- all cloud files, activity, messages, regular over internet activity (provided by any legal company registered in US or wanting to operate in the US) etc shall be readable by the government
- this would apply to ALL countries in the world
- all companies will not be allowed to use nor support any application on their platform that has end2and encryption
- US government will heave sort of "master key" to not just US but the whole world
- end2end encryption use will be outlawed/criminal and forbidden (if you try to install any app that uses end2end encryption, this can be recorded and government can choose to bring you to court and serve you with draconian fines, regardless what you did over end2end encrypted communication)
- there will be nothing stopping any individual actor (good and bad) to use end2end encryption!
- it is impossible to enforce to stop use of end2end encryption (as nobody can control what runs on end points PC/Windows/OS/Mac/de-googled-Android/etc)
- No more VPN, Telegram, Signal, TOR/onion, emails, HTTPS? (all messaging like skype/whatsapp/snapchat/zoom/tiktok/etc in todays form), etc all will be forbidden/criminalized in today's form until changed to allow government to read it in clear form. This does not mean that there won't be still versions of TOR, VPN, HTTPs that use end2end encryption (without giving master key to the government) no there will be, it will just be criminalized and unenforceable unless government decides to not sue/press-charges to all using it (of which there will be hundreds of millions) but instead reserves right to sue/charge or worse bomb you
- centralization of such great power, by design per system threat model, makes one point of failure as total failure and history has proven that such design always fails (i.e. to translate: basically malicious actor will try and eventually succeed to hack the government central control place to take over this capability and such power in the hands of a really determined malicious actor is infinite!) == so technically/logically this is hugely stupid, not just dangerous for government malpractice (which is also historically more norm than exception)
- Internet division of the world will be forced by this! as imagine that you are some/any country (in Europe, especially China or Russia, but hey any) that just wants NOT TO be without clothes fully open to US spying, then you're left with only one choice to FULLY ISOLATE YOUR Internet (including everything, your infrastructure, your devices, your versions of operating systems, etc,..) so this would HUGELY IMPACT ALL BUSINESSES as they will suddenly not be able to sell anything outside of US (other than to allied or vasal countries)!!! (this is inevitable outcome in short period of time and in a divided world you can draw the prediction where that leads = to all worst outcomes)
PLEASE ALL UNDERSTAND THIS CORRECTLY and ACT asking your representatives TO VOTE AGAINS EARN IT
Feel free to use my description when writing to your representative, as it is more understandable to uneducated people and conveys grave dangers versus just your vote!
Government agencies have many different ways to FULLY protect the children and not to destroy the world, only if they use competent people!
It would destroy the US tech sector. In Europe, no company would be permitted to store any data on any servers operated by a U.S. company. They might go further and require the company to have no association with the U.S. counterpart, if this Bill is sufficiently broad, which I believe it is. In other words, Google, Microsoft, Facebook, Dropbox, Apple, Amazon, etc. etc. would lose their entire European customer base.
Of course the wheels of the EU move slowly, and there aren't a lot of strong alternatives at present, so I don't expect this to cause a sudden crash. The decline will be slow but assured. I don't understand how the legal architects of this can be this naive. Or perhaps they just don't care.
There would be many divided regions, physical and virtual with middle criminalized zones. In reality of this wild world scenario the strongest rules and there is no place to hide other than temporarily.
As stated 3rd party actor breaching/hacking government is guaranteed!
Another factor if money which is not on the individual side, but on a state actors (i.e. China will focus all to get there and per history it will get there).
In addition chance of "the beast" finding a method to break any new end2end encryption is likely/tbd/time, however individuals/open-source shall be finding another new method over night :-) as I ~40 years ago on 8bit computers I made very similar algorithm to Rijndael AES and I was a kid and that was ~20 years before AES was invented!
The only way out of this is embracing to become a criminal. You have to even the playing field with intelligence agencies breaking the law without any consequence. They have to justify their existence, citizens do not.
You have to protect yourself because the government cannot and will not do it. So focusing on illegal channels is the obvious choice.
that is "Oblivion" scenario if this passes or 2nd version is The World will face the music that would destroy it
I'd rather try to act now with ~100000x less effort to stop this immensely stupid and dangerous act
Of course that would be the priority. But there needs to be a cultural change that fears don't lead to ambitions for more control. That is only possible through sensible opposition and controlling instruments. Secrets laws and secret courts play no part here.
Yes and that needs to be "designed into the system" with assurances, checks and balances. Currently it is not which is why Washington swamp is still degenerating.
For example, by forcing Apple to remove the apps from the Appstore.
Apple would fight this all the way to the Supreme Court. This is IMHO a clear violation of the 1st amendment.
With such a conservative Supreme Court, I doubt they would look favorably at restricting speech of a company.
Besides, Apple’s App Store is available in many countries around the world; an American iPhone user could get restricted apps from its App Stores in other countries.
>Apple would fight this all the way to the Supreme Court. This is IMHO a clear violation of the 1st amendment.
I'm not so sure anymore. Apple of yore is dead. They recently announced a plan to scan local files on iPhones against a government created list of hashes. Only after immense backlash did they agree to "delay" the implementation. This had no profit motive for Apple. As a company, the move served to seriously undermine decades worth of security good will. One can only surmise that they did so in preparation for upcoming legislation like this to ensure their compliance, and continued access to said markets. Apple doesn't care about fighting moral wars. They only care about market access and continued profits. If that means removing apps and scanning phones, I think they'll do it without much fuss.
They recently announced a plan to scan local files on iPhones against a government created list of hashes.
This is incorrect. Only images uploaded to iCloud would be checked if they matched against multiple CSAM databases.
From the beginning, disabling iCloud Photos disabled this feature.
They painstakingly described the algorithms and encryption behind the plan.
I will remind you that Apple could had given in to the FBI’s request to create a back door to the San Bernardino shooter’s iPhone a few years ago and Apple very publicly told them to pound sand.
To play devil's advocate, I actually suspect the reason Apple were planning to implement this was because they were intending to start using E2E encryption on iCloud photos, but to keep various governments off their back figured they could placate them by implementing this scanning.
I couldn't care less about Apple's restrictions on apps that are allowed in the App Store, and would uphold Apple's rights to do as they please, if they would stop abusing users' rights and allow running ANY app the user pleases on the device he bought, whether it is in Apple's App Store, Steam store or sideloaded directly.
This wrongful imposing of restrictions on users' freedom to run apps must be stricken down hard.
> This is IMHO a clear violation of the 1st amendment.
The government would argue that they aren't banning speech here; the banned apps can be restored to the app store by complying with the law.
> Besides, Apple’s App Store is available in many countries around the world; an American iPhone user could get restricted apps from its App Stores in other countries.
Not if every other country passes laws along the same lines.
Because it improves security... I hate that the loudest voices in our industry so often fail to look beyond the horizon. This is a very predictable weak point.
And mobile security is so great. Not that user data is often exfiltrated by a lot of these vetted apps at all...
Imagine if the government forced app stores, anti-virus companies, and OS providers to prevent the installation of "dangerous" applications. How many people are going to jailbreak their phone or run Linux on their laptop in order to install an E2EE chat app?
Government can not stop criminals to use end-to-end encryption.
With this bill only regular internet users loose privacy!
This is not how it is represented to Senators and instead they are offered a lie while they do not understand, so we need to act.
Crooked forces are behind this!
How come everyone is so surprised and thinks the senators are incompetent? They're all following the playbook and its in not in the elites interest for the average person to have privacy.
On the one hand, encryption shouldnt be necessary.
On the other, much like the RIAA crackdown on mp3s over http brought us torrents and magnets, I would expect the US and UK cracking down on encryption to bring us actually secure clients.
It also stinks of them trying to legalise something they are already doing (see Snowden and the recent declassified cia docs)
I am Computer Security expert and urge all from point of understanding this both technically and as a value to all of US citizens!
Crooked forces are behind this trying to misrepresent this as ability to read all messages that will allow them to "save the children" which is just an excuse for the "foot through the door" or capability for the totalitarian rule (remember total power inevitably corrupts totally)! If we let our representatives, which do not understand this, vote for this, then we all will regret and have much much harder time to restore right for privacy.
There are other both better and cheaper ways that government agencies can protect the children and destroying encryption (or criminalizing it) will not help them, since the real criminals will then use encryption only for their business and we law abiding citizens will be stripped off the ability to use it to preserve our privacy!!!
"Key Senators", but none are named in a list. If the call to action is to contact them to persuade them, and the title speaks of "Key Senators".... then name them! Better yet, include contact info.
Whether or not this bill passes I think this may be the end of the "personal" internet for me. No more using accounts or cloud services, just use my old linux thinkpad to look up stuff if I am desperate.
There's so much "dem boomers and normies don't understand technology" in this thread, not to mention hyperbolic statements about the end of all privacy, and I feel fairly confident that the vast majority of commenters have, like myself, not read the bill. Not that most of us are likely to understand precisely what it means without a legal background anyway.
Is there a competent analysis of the bill I can read? I think this is the bill: https://www.congress.gov/bill/117th-congress/senate-bill/353... which to my untrained-in-law eyes seems to do nothing more than establish a commission that makes recommendations to service providers.
Like, don't get me wrong, I'm sure there's good reason to oppose this, I'd just like those arguments in a form that isn't a bunch of nerd-oriented rage-porn.
I have contacted both of my senators and local congress on this. I don't think that it will change much, but at least they know my feelings on the matter.
To test whether HN has become an echo chamber censoring any viewpoints they disagree with, I will share my actual viewpoint on end-to-end encryption. I have posted it elsewhere in the past:
First, my bona fides: I am a huge proponent of decentralization, empowering people and giving them control over their own data, relationships, and identity. I distrust large states and organizations and hold them to a very high standard of not harming people. I have put my money where my mouth is and reinvested nearly 90% of our company’s profits to build open source alternatives to Big Tech companies, and routiney give away our software on github. We have built probably the most useful and battle-tested open source alternatives for Web2 and Web3, in the world: https://intercoin.org/overview.pdf
Now, having said all that… as someone who designs distributed systems that reach millions of people across 95+ countries, I have had to seriously consider my responsibility in designing the systems. It would not be very difficult to circumvent whatever laws various jurisdictions have. But regardless of the laws, consider what your tech is enabling. (I wish FB and others did this, but the capitalist profit motive keeps them from doing it, they have to extract rents and distract you at dinner with notifications and get you addicted to arguing online, and suck you into virtual reality or they lose money).
OK, so now to the point
If you are relying on end-to-end encryption to protect you against state-level actors or police, you have already lost and have been reduced to sneaking around. The real solution is to work together fix your democracy and make it a more liberal democracy, with more sensible laws that allow greater freedom of actions and make the punishments fit the amount of harm it caused, with punitive multipliers that account for the probability of not getting caught.
End-to-end encryption, if you uncompromisingly apply critical thinking and call a spade a spade (which is what we should be doing as designers of distributed software) is just an abdication of any sort of governance about what to do about any speech. Freedom of speech is certainly a lofty goal, and personally I don’t think the CSAM in and of itself is the problem — rather it is the acts before and after the content. Terrorists plotting an attack for example, or any group organizing to harm people. Even financial collusion.
Forget states and think organizations. Consider that organizations find it desirable to know whether an employee was using their messaging system and giving away company secrets or plotting to harm the company. A dating site may want to know if a predator is luring women into a trap or duping elderly people into giving up their money. Sex trafficking and many other harms can be investigated.
Now what is the proper way to handle encryption? Due to dropping costs and minituarization we will soon have ubiquitous cameras and surveillance everywhere anyway (including college dorms etc. to solve allegations of rape). The recorded info should all be encrypted at the camera, and anything sent over the network must be encrypted. BUT…
There should be a process to decrypt specific minutes from specific cameras, following a process that involves a complete audit of those trying to access the footage. For example: only if a court case is brought and the video is subpoenaed can the keys be produced, by having the judge, lawyers and the tech companies come together, and only for specific times and specific cameras. In other words: the answer is watching the watchers to only access the info for the correct reasons and always ahve audit trail, rather than having no possibility of watchers in the first place and not knowing whether a rape occurred or not.
Based on this example with cameras, we can extrapolate to communication and groups. If there is suspicion of a group, our society should have the means to decrypt its messages, but ONLY via mesns that highlight WHY, and WHICH times. Certainly it should be possible to do after a crime is alleged to have been committed, and false claims of a crime would be punished too. The remaining question is rather about “precrime”, and whether we should “chill” speech of eg determined would-be criminals plotting something, rather than letting them discuss it and catching them before they commit their destructive acts. For that, there is still open discussion.
But for the rest — the EFF is wrong. We can have freedom of speech, and yet ways to have due process to investigate speech that was tighly related to crimes committed before and after it. What we should REALLY be doing is making sure our agencies (which don’t have to be top-down run by the State, they could be fulfilling yearly contracts paid by neighborhoods or cities) are using the Accountability software the software industry should standardize. The agencies serving us should be more transparent. Rather than citizens sneaking around, they should demand their government become more transparent. The tradeoff of secrets vs transparency which should be discussed is that of GOVERNMENT. 99% of the time, government secrecy harms society, why do we allow it?
To summarize about how our society SHOULD ideally function:
1. Have neighborhoods exercise consumer choice in agencies and courts, let those face market competition. The vouchers used by neighborhoods can be a single payer system by states, but neighborhoods choose to renew contracts or not.
2. Agencies should act transparently. In the case of a court case, responsible platforms should allow decryption by agencies following specific procedures and the public should always have access to the entire audit details
3. We still need https, ie encryption in transit. We still need decentralization and resiliency, so content cannot be taken down, and people’s identity and choices aren’t controlled by specific third parties.
4. Content can harm society (and be exacerbated with botnets retweeting stuff). Individuals do not have the right to unfiltered megaphones, responsible publishing platforms should require peer review (like in science, or wikipedia talk pages) before disseminating information.
The profit motive and capitalism prevent #4 and co-opt ideals like “freedom of speech” to allow pushing messages to groups and radicalizing them. It is not an accident people globally are increasingly divided and hateful politically due to the Internet.
The EFF's position against the EARN IT Act is in the best interests of people in the U.S. and of people who use U.S. technology services in any country. Nobody needs to undermine end-to-end encryption (E2EE) to investigate anything, including speech. Surveillance is becoming more common, but that does not justify the elimination of E2EE. If the government already has access to plenty of data through surveillance, there is no reason that the government should violate its citizens' privacy even further by preventing citizens from having legal access to E2EE. I agree that laws should protect individual rights and freedoms, and I recognize the use of E2EE as one of those freedoms. Trust in government is no substitute for E2EE, which also protects the communications of users from being intercepted by people outside of their own government.
> Now what is the proper way to handle encryption? Due to dropping costs and minituarization we will soon have ubiquitous cameras and surveillance everywhere anyway (including college dorms etc. to solve allegations of rape). The recorded info should all be encrypted at the camera, and anything sent over the network must be encrypted. BUT…
> There should be a process to decrypt specific minutes from specific cameras, following a process that involves a complete audit of those trying to access the footage.
I see your point with this, and I don't contest that it's a conceivable technical solution (all caveats aside). But I don't want to live in the world you describe. That is, it's not a societal solution to me.
Shortest path to the 1st solution is often centralized, which is where we are now.
Decentralized design is the next TBD step which will follow together with defining how societies could better work with new form of decentralized direct democracies to maximize potential in each of us in a golden rule, maturely balanced way. Decentralized money will follow in new design forms too. I have lots of ideas and number of solutions to propose, but all that takes time and preferable evolution.
Thank you for posting your vision. It's so easy to just criticize. Divining and then advocating for a better world is really hard.
Pretty sure I agree with most of your points. Especially wrt EFF.org; after all these years, I still can't figure out what they want. It'd take me a (long) while to determine if I agree with your conclusions, because this is hard hard topic.
--
I was also weened as an anarcho-libertarian. I've never forgiven the Clinton Admin for the Clipper chip. And it's been all down hill ever since.
But hot damn. There are seriously bad people in the world. How can I ignore real world evil and actual human suffering, just to maximize my own (perceived) well being?
I have friends who work on public safety policy like human trafficking. It's absolutely horrific. And I can barely acknowledge child pornography as a thing -- I mean what the actual fuck -- much less register how bad things are.
After decades of pondering this stuff, I still have no clue, no ideas on how to balance the needs of the few with the needs of the many.
However, any position which simply ignores the negative consequences of encryption technologies is not serious, and not worth further consideration.
FWIW, I've done work on both election integrity and electronic medical records. Individual privacy is precious to me, and a hill I was willing to die on.
Sen Wyden has been solid. I'd totally believe the pro EARN IT rhetoric is completely divorced from reality. In my experience, this much push behind nonsensical policies is solely about pork and enriching cronies, using some manufactured outrage to moot deliberation and reasoned criticism.
I contacted my representative, as it takes ~1min.
Please I urge all to do it!
p.s. I am Computer Security expert and urge all from point of understanding this both technically and as a value to all of US citizens!
Crooked forces are behind this trying to misrepresent this as ability to read all messages that will allow them to "save the children" which is just an excuse for the "foot through the door" or capability for the totalitarian rule (remember total power inevitably corrupts totally)! If we let our representatives, which do not understand this, vote for this, then we all will regret and have much much harder time to restore right for privacy.
There are other both better and cheaper ways that government agencies can protect the children and destroying encryption (or criminalizeing it) will not help them, since the real criminals will then use encryption only for their business and we law abiding citizens will be stripped off the ability to use it to preserve our privacy!!!
I don't think people typically contact their representatives, but I figured its a good time to start. The EFF made it really easy to lookup and send a canned message to my senators. I plan to try to call the office tomorrow. I assume I'll get stopped at their secretaries, but even that might be enough to just leave an extra bump of persuasion.
Incredible, once again the Senate is completely incapable of doing anything good but gets their shit together whenever it’s time to do something stupid and terrible. Would be better to just vote against the majority going forward, at least try to tie things up so they can do nothing instead of what they end up doing whenever they get around to doing something.
Truly amazing how Chuck Schumer gets a pass in the media for being so utterly worthless.
I don't understand why people keep voting them back in?? They've been useless for so long, yet people continue to check the box next to their name. Why?
Some but not all of the reasons: It's virtually impossible for a primary candidate to unseat an incumbent in their own party, and gerrymandering makes it so that opposing parties rarely have solid candidates.
Same for there simply not being another candidate most of the time. If you have a 70% conservative / republican county or state, running democrat doesn't make much sense, and is an especially bad investment for any donors.
One big reason is that many people will insist that their representative doesn't contribute to a problem, or has a particular reason for doing so that excuses the behavior. It's essentially always everyone else's representative that is the problem, and so they vote theirs back in and the cycle continues.
Welcome to "democracy," where college studies show that only the rich and powerful ever get what they want while the normal citizen is continuously shafted in new and exciting ways.
Mainly because of the two-party system. The pre-selection of candidates forces you to choose between two evils and it most often becomes a matter of the devil you know versus the devil you don't know.
Yeah, but because of obscure technicalities around the filibuster, the Dems need 60 votes to pass their agenda, but the Republicans pass theirs with 50.
The filibuster is just a rule that the Senate made for itself. If you have 50 Senate votes to actually get stuff done you can get it done by changing that rule.
What the Democrats had was 50 votes to wring their hands and say it's impossible. Maybe they have 48 votes to get it done, maybe fewer. But they don't have 50 votes to actually get it done, so it doesn't get done.
It suits several Democrats (famously two, but the real number is likely more) in the senate to say they can't do anything, but that isn't the case, it's a lie. You've probably told lies just like it. Oh, I can't come to the your party, so sorry, we have to er, see my wife's parents yeah. You don't want to go to their party, but you say you can't even though it isn't true.
Government can not stop criminals to use end-to-end encryption. With this bill only regular internet users loose privacy! This is not how it is represented to Senators and instead they are offered a lie while they do not understand, so we need to act. Crooked forces are behind this!
I am Computer Security expert and urge all from point of understanding this both technically and as a value to all of US citizens!
Right to use end2end Encryption is almost equal to right to bear arms (conceptually)
It is even worse (read my practical translation below in another post where this leads to)
Dianne Feinstein, senior senator from California and presumably elected with majority support from Silicon Valley, is one of the co-sponsors of the bill. Talk about being out of touch. I also have no doubt that she wouldn't be able to explain a single line of text in the bill if asked.
The only ones outn of touch are the people surprised by this. She, her party, and even the Republicans across the aisle are always perfectly sympatico with the wishes of their mostly identical donors.
Feinstein voted according to Trump’s wishes more often than many republicans. She routinely pushes legislation that’s designed to destroy the environment, and is unabashedly anti-silicon valley.
The last thing she did that she likes to take credit for was back in the 70’s.
California changed the way its elections are run to allow to democrats to run against each other in the general election, essentially just to eliminate her.
> and it will let the use of encryption be evidence in lawsuits and criminal trials
How long until the comparisons to East Germany start? America is apparently gearing up for "If you have nothing to hide you have nothing to fear", with many seemingly agreeing with this sentiment.
Perhaps more importantly, how have major journalistic networks not written about this bill in the worst possible light? When your sources want to use encryption, which is reasonable given some stories, this exact excerpt seems likely to bite someone in the ass.
While we're on the subject, I thought I'd heard that American polititians were using Signal? What happens when using encryption becomes ammunition for a lawsuit against them? Do they simply assume they have very, very good lawyers, and it'll all shake out because they don't believe they did (are going to do) anything wrong?
That's a good point. Perhaps as well as writing to representatives it could be helpful to write to EG the Washington Post and ask them to cover the issue more extensively.
Journalism is dying each day, between naive both-sideism, lazy PR reproductions and entertainment figures in entertainment channels that have "news" in the name
It should go like this: whoever is in favour of this legislation should have no problem showing their private messages in public. Interesting how nobody presents this angle in congress.
> how have major journalistic networks not written about this bill in the worst possible light?
I was originally going to ponder if it was because today's generation of journalists aren't privacy preserving, freedom of speech maximalists. While there are some that seek to limit freedoms as long as their "side" is on top, I don't think that's it.
The last five years of political discourse has worn us down. We're tired of the back and forth, constant everyday existential crises of democracy. If every day the world is falling apart, then something like this just looks like business as usual.
We're tired. Frankly we wasted energy on stupid things and lost sight of the war. And now they get to ram this horrible, freedom rotting legislation through.
I think what `echelon` is trying to say is that regardless of what "side" you're on, this opens the door to be used by both whenever an (arbitrary) precedence presents itself or is "politically expedient".
Of course it is. It's a cynical power play. That's what happens when we spurn universal ideals like freedom of speech, hence "the end justifies the means". My opponents are so harmful, such a threat, that anything must be done, and nothing, including principles, should stand in the way.
We don’t really have journalism in the US anymore. Most of the financially healthy ones are owned by foreigners that are actively trying to sabotage our democracy. The remainder are on life support, and are running with something like 10% the number of reporters they used to have.
Also, Godwin's law was repealed years ago, so you may as well compare to the third reich.
Encryption should be a right in the bill of rights. Simple. Everybody has secure mail. We're getting hacked every 11 seconds in America. Wake up! Adjust bill of rights to reflect the new tech.
I think the internet has spoiled everything. Life used to be affordable now prices are going crazy everywhere. I blame the internet. If we didn't have it then we would have less wars, less drama, and more vary in living standards so everybody can get a piece of the pie. Now there's no pie left but the crumbs and crusts which are not very tasty.
I've been reading about this same omniscience-lust of our corrupt republican representative democracy since the early '90s. I had thought that it simply sought to become more subtle, more refined over time. However, like any patzer, it is merely satisfied to give check where it appears.
Are we drawn in bitter impasse, or is there some intervening move to which we can avail ourselves?
The best I can muster (other than amassing a Bezos fortune and simply buying every shyster for sale) is to buy every elected shyster for sale (i.e. some rough approximation of five nine's worth of elected officials). My local newspaper reported on a school bus driver who was shot in the head, for which there is a go-fund-me effort. Every such mutual aid stop-gap is an indictment of our benighted society.
Maybe Hobbes[1] had it right, but then again, waiting for a messiah is tantamount to resigning.
[1] I love most the story about him in which he entered the club in which The Elements was turned to the final page. He chortled something on the order of "bullshit" or "humbug" and turned to the prior page: and so on and so forth to the first page where he could find no quarrel. The story is surely bullshit itself, but smells none-the-less so sweet.
same racket as net neutrality. dont bother, these clowns cant enforce it without having all of us take down ALL their shit to tax them harder for their greedy stupidity
May crypto advocates are going about this the wrong way.
Instead of emphasizing that crypto should be protected by freedom of speech, they should acknowledge crypto is a dangerous munition. Therefore it’s protected by the Second Amendment.
The second amendment says the right to bear “arms” will not be abridged. Not firearms.
1. There is a significantly larger body of jurisprudence dedicated to protecting freedom of expression, versus whatever you think the Second Amendment guarantees you.
2. The right to bear arms does not entitle you to specific weapons. That's why you're not allowed to own a nuclear warhead, and why strong encryption was historically on the ITAR munitions list. Arguing that cryptography is a dangerous weapon (it isn't!) is a terrible idea.
encryption is a defensive technology. It's like arguing bulletproof vests are weapons, but what do definitions really mean these days anyway.
Unfortunately, with encryption (and code as speech) - has not been tested at the supreme court as much as most think. It's still an open question to an extent.
I wish HN was better at evaluating anything around this, HN's response to anything on this topic makes it hard to know what the actual truth is. Maybe this act is as bad as people are saying it is, but the Apple policy wasn't and the response here was the same. I'll defer judgement until I can actually read it.
The apple policy was likely about coming up with a way to enable encrypted photos on iCloud while still having some privacy preserving form of CSAM detection. Since it was only enabled when iCloud photos was enabled it was better for privacy on net than the status quo (unencrypted iCloud photos that are accessible to apple and scanned anyway).
Now we may end up with a worse outcome as a result.
The Bluetooth exposure notification design early in the pandemic was similarly privacy preserving and the average HN response was similarly stupid.
There are just some topics this forum is not a reliable source of accurate information about and this is unfortunately one of them.
This isn’t because I don’t think access to real encryption is incredibly important (I do) - I just think it’s important to get the details right. Otherwise we’ll just get dismissed on these issues for ignoring the specifics and crying wolf on everything.
> The apple policy was likely about coming up with a way to enable encrypted photos on iCloud while still having some privacy preserving form of CSAM detection. Since it was only enabled when iCloud photos was enabled it was better for privacy on net than the status quo (unencrypted iCloud photos that are accessible to apple and scanned anyway).
This is an unsupported hypothetical about a future change Apple may have made. The only announcement they made was the client-side scanning which is at best equivalent to the status quo.
Sure, but it’s not a huge leap to think it through. In hindsight they obviously should have waited until the cloud encryption was ready to ship at the same time.
They probably thought the announcement would be good for PR from the general public even without that and were surprised.
If you’re right that cloud encryption was never the plan then I agree what they did doesn’t make sense and they should have just scanned images on the servers instead of bothering with all the fuss.
You were wrong then and you're wrong now. It's not really possible to be cordial about this topic.
There should never be any process acting against the user's interests on a device that they own. Ever. Full stop. The only reasonable option is to do full encryption on the device without any system that allows inspection or identification of the material being encrypted. It didn't matter that vouchers enabled the decryption of the material after a threshold was hit. There would have been logic running on everyone's device acting as a snitch. At some point that functionality would be expanded and abused.
Your optimistic point of view does not align with the reality of how this kind of technical capability becomes misused over time. The ones that create these things are not the ones that control them 20 years later.
It only ran when iCloud was enabled for photos - this makes it essentially a cloud feature. If this wasn't the case I'd agree with you.
I think it's a better outcome if it leads to iCloud encryption.
A reasonable person could think it's better to just have iCloud remain unencrypted and keep that separation strict in a more pure kind of sense (scan of unencrypted photos on server vs. hash threshold test on upload), but I think that person would have to acknowledge that the policy as described (only being enabled with iCloud photos enabled) is not worse (and if it enabled iCloud encryption is better on net for privacy) than the default in terms of what is specifically happening. It's more of an ideological argument about separation of server/device than what the specific implementation was.
Wrong. Physically, the routines run on the device. It is not a cloud feature by definition. There are no wormholes here. The work happens on the device. When this work happens the device's battery gets drained so it's happening on the device. It's not a cloud feature. Both technically and physically you are wrong here. I hate that you have this wrong and continue to say it. Stop saying it because you are actually lying.
It's not a better outcome because other companies with the follower-like mentality that most product managers and execs have would attempt to copy and one up Apple only to create a worse and more easily abusable implementation, just like the notch. Just like any socially acceptable easily marketable act that can be hashtagged and spread. That idea would have been an infection of the worst kind.
You're kind of arguing a straw man, sure it technically runs it on the phone (I don't dispute that), but only when upload to iCloud is enabled and the photo is being uploaded to iCloud. The latter bit matters (and what I meant by 'essentially'). Running the check on the phone on upload with these constraints is what would enable iCloud to be encrypted.
I don't think there's much point in discussing further, the main disagreement is already visible in the thread.
> only when upload to iCloud is enabled and the photo is being uploaded to iCloud
You have to trust Apple that this will always be the case.
Your model should be to trust no one. Don't take anyone at their word as it's subject to change at any time. Especially not a corporation which is easily manipulated governments (look how they bend to Russia and China).
It's entirely obtuse that this can be turned with product use. Product use that might be triggered at a distance by simply using the "blessed path". Most people won't even be aware this is happening. And that's beyond shameful.
This puts one foot in the door. There will be more. They'll be ramming everything through that they can to spy on you.
Companies should not be trusted with liberty and privacy. Not even Apple.
> You have to trust Apple that this will always be the case.
You're right of course, but I'd argue this is true in either case. If you're using an iPhone you're trusting Apple is doing what they say they're doing and there's not much you can do about it.
> Your model should be to trust no one. Don't take anyone at their word as it's subject to change at any time. Especially not a corporation which is easily manipulated governments (look how they bend to Russia and China).
I actually agree with this general idea (I work on urbit fwiw), I just think in this case you already have to trust anyway. If they're going to lie and do something differently that's bad - I just think that's independent of this policy and the policy specifics matter.
As it is unencrypted iCloud is a worse state imo, but as I said elsewhere reasonable people can disagree with this. The specific policy as described though isn't worse - it's people's assumption that it increases risk of an abusive policy that is. My take is that that risk is there in either case and really independent of this policy.
people are extremely up-in-arms about something that apple already does, and that every other cloud provider do, but when they made it public everyone went crazy. now we don't have CSAM scanning, totally unencrypted and accessible iCloud Photo Library, and for what? because people want privacy.
you don't own anyone else's cloud and you never will, and especially not with government intervention. while i support privacy, i also think it's like freedom of speech, in theory it sounds great but in reality you end up with nazis walking around if you don't have the ability to deter them.
data on my computer == private without a warrant and due cause.
data on someone's server == as private as could be, but i don't own it so i can't demand that it be secure from all aspects, especially uploading CSAM.
>people are extremely up-in-arms about something that apple already does, and that every other cloud provider do
>data on my computer == private without a warrant and due cause.
Apple technology was/will track on your phone directly via AI scanning text messages for nudity. The engine lived on your phone, not in their farm. Therefore your second statement I quoted would now be false. That's why everyone (or the ones in the know) was pissed.
I don't really buy this, I don't think this feature makes abuse any more likely and it's important to be loud against features that are actually abuse vs. ones that are just adjacent to something that is abuse. The difference matters, particularly when the pragmatic approach could allow encryption of images on iCloud without any actual downside given the constraints. If people act like all actions are equivalent then we'll just end up ignored by legislators. These differences matter.
We've seen many technological features that were supposed to be only used in a very narrow use-cases be abused by governments. Contact tracing technologies (for covid-19) being the most recent victim where they are now being used by governments to track political protesters, criminals, and seemingly anyone else that catches their fancy.
I've seen this cycle play out enough time to know better. Governments never relinquish power. If client-side scanning that can report users to authorities ever becomes wide spread, governments _will_ abuse it. Democracies _will_ suffer and humanity _will_ be worse off for it.
Early in the pandemic the tech companies came together to create a privacy preserving bluetooth exposure notification system that relied on phones and a clever design to prevent this kind of tracking panopticon you describe. See: https://covid19-static.cdn-apple.com/applications/covid19/cu...
>Instead, we ended up with governments just doing it via data brokers and other types of way more invasive tracking.
It sounds like you are blaming people's concern for the first technology for the implementation of the second technology. I believe the implementation of the second technology is evidence that the first technology would have been abused eventually anyway.
How about: government, stop tracking/spying on us without a warrant. Apple, don't use my equipment to spy on me without allowing me to turn it off, and the off switch actually works.
> i also think it's like freedom of speech, in theory it sounds great but in reality you end up with nazis walking around if you don't have the ability to deter them.
I mean this in the most gentle and sincere way: This is just fascism of a different color.
When you support the curtailing of freedom of speech, then you enter into a slippery slope where it's possible that new regimes can use that power against you.
In all but the rarest cases where people are harassed and driven to commit suicide [1], hurtful words are just words. Sticks and stones can break your bones, but words can never hurt you.
If you eliminated all of racism, sexism, and anti-LGBT feelings from the world tomorrow, you would still run into people that dislike you. That's just how people are. We're evolved apes, and a lot of us make in-group/out-group decisions on the most trivial lines. Class, style, designer clothing, attractiveness, rivalry, sports teams, school, etc., etc., etc.
No matter how many layers of protection you put on, you will always run into hate and unpleasantness.
You can't remove one of the most liberating and important features of our democracy - one that anticipates all types of futures and stands against any of their possible tyrannies - just to not have hurt feelings. That would be the mother of all bad trades.
When things get physical, there are laws to protect you. Even hate crime laws that escalate punishments. These are adequate protections.
Your brain is going to have to learn how to dust off the hurt. That's what makes us rugged, fierce, and independent.
I've been called a "f*ggot", bastard (it's true), short, ugly, and many worse, entirely hurtful things throughout my life. I'd like to think I'm doing alright despite it.
[1] Restraining orders and other legal protections for people being abused and bullied, especially online, need to be further developed. That said, there isn't a fine line between what politicians such as Ted Cruz face on a daily basis from Twitter and what pushes individuals such as Near to commit suicide.
For what's it's worse (since we disagree elsewhere in this thread) - I'm with you 100% here.
Free speech is an important principle. The way I argue it to people arguing for various forms of suppressing it is that you can't know that you'll be the one with the power to suppress speech. In a liberal (as in classical liberalism) western society it's a core value. That's why we defend the speech of others even when they say terrible things.
> you end up with nazis walking around if you don't have the ability to deter them.
In general this is required if you want freedom of speech at all, because while nazis are seen as bad by $majority_general_population today, that same $majority_general_population in 1940's Germany had their own ideals for what people with certain interests were bad. In theory, even if Nazis took over the entire US Federal apparatus today, they couldn't infringe on the rights of the citizens ands states as they did back then (at least not without hostile takeover and civil war).
The entire deal with CSAM being seen as bad today is that it comes from a belief that reducing and limiting the proliferation of digital imagery containing depictions of minors being sexually abused, it will hopefully hurt the profit margins of organizations that run the abduction, human trafficking, and abuse + abuse imagery production process, via reducing exposure and liming the potential customer base (while also hopefully helping victims heal knowing that fewer and fewer people are viewing said imagery). I'm no expert in whether or not this works, perhaps there's some studies that do qualitative research on this; but either way there's no doubt that E2EE directly harms the work of the likes of PhotoDNA which aim at actually solving the issue of file sharing / image hosting services being used for the proliferation of CSAM, whether that be for advertising to new buyers or simply the means that these groups end up sharing content.
So there really is a tradeoff people have to realize when they consider either side's stance; My point is that HN seems to be almost entirely one-sided on the side of privacy even if many safeguards are put in place to make it private while still enabling detection of abuse imagery, when I don't see anyone proposing more practical privacy-respecting solutions than Apple has proposed. Perhaps people thing CSAM is a fringe thing, but [0]
> (Interpol) Child Sexual Exploitation Image Database (ICSEDB) network of 53 countries holds over a half a million CEM images, which have helped
identify around 11,988 victims and nearly 5, 617 offenders over the eight years to December 2017
> So there really is a tradeoff people have to realize when they consider either side's stance
There is no tradeoff to be made. The US government is explicitly prohibited from interfering with the liberty of its citizens. Every elected official swears an oath upholding this principle.
The government interferes with the liberty of a person when they incarcerate them. The constitution doesn’t give you a right to liberty at the expense of anyone else’s liberties.
I, as a European could not be happier about this, from a economic standpoint.
Hope you guys over there are not drifting to a surveillance dystopian.