My main concern is that the actual criminals will always find a way around those measures. They're more motivated than anyone to gain the technical expertise to do so. And I use the term expertise loosely here.
For example, from what I've read this proposal was about scanning images and URL's, not text (for now). But it's not hard to split up an URL in several pieces so that the regex doesn't recognise the set of strings as an URL anymore, it'll just be plaintext which won't get scanned. And it's also not hard to send pictures as base64 encoded text, which again would fall outside of the scanning scope.
In my opinion, as with many of these measures, you end up hurting the innocent, the criminals will be fine with (semi) technical workarounds, and we end up on that way too slipperty slope of mass-deployed surveillance for nothing.
Technical measures can and will be circumvented, always, by those motivated to do so. And if you're a CSAM criminal and your prospect is going to prison tagged as a child molester, I imagine your motivation is as high as it gets.
I don't think there's a technical solution to this.
For example, from what I've read this proposal was about scanning images and URL's, not text (for now). But it's not hard to split up an URL in several pieces so that the regex doesn't recognise the set of strings as an URL anymore, it'll just be plaintext which won't get scanned. And it's also not hard to send pictures as base64 encoded text, which again would fall outside of the scanning scope.
In my opinion, as with many of these measures, you end up hurting the innocent, the criminals will be fine with (semi) technical workarounds, and we end up on that way too slipperty slope of mass-deployed surveillance for nothing.
Technical measures can and will be circumvented, always, by those motivated to do so. And if you're a CSAM criminal and your prospect is going to prison tagged as a child molester, I imagine your motivation is as high as it gets.
I don't think there's a technical solution to this.