In an essay on the current justification for authorities in the EU and around the globe seeking to break end-to-end-encryption to fight child sexual abuse and exploitation, researcher Susan Landau discusses the issue in historical context, and explains why breaking encryption leads us in the wrong direction.

“Think differently. Think long term. Think about protecting the privacy and security of all members of society—children and adults alike. By failing to consider the big picture, the U.K. Online Safety Act has taken a dangerous, short-term approach to a complex societal problem. The EU and U.S. have the chance to avoid the U.K.’s folly; they should do so. The EU proposal and the U.S. bills are not sensible ways to approach the public policy concerns of online abetting of CSAE [Child Sexual Abuse and Exploitation]. Nor are these reasonable approaches in view of the cyber threats our society faces. The bills should be abandoned, and we should pursue other ways of protecting both children and adults.”

[Edit typo.]

  • centof@lemm.ee
    link
    fedilink
    English
    arrow-up
    50
    ·
    1 year ago

    Anytime politicans want something deeply unpopular, they always try to make it about the kids. You can see it, in the US, with the culture war BS supposedly for the ‘kids’.

    • ZILtoid1991@kbin.social
      link
      fedilink
      arrow-up
      24
      arrow-down
      1
      ·
      1 year ago

      Because otherwise they would have to admit they want to either force their religion onto others, or just the ability of spying on others.

      • centof@lemm.ee
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        Or it’s also because they’re trying to hijack people’s maternal/paternal instincts. It’s just an easy way of manipulating parents espically.

        • taladar@feddit.de
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          1 year ago

          It is really no different from e.g. religions telling you sex is sinful because they know everyone has some sexual thoughts so they can sell you the “solution” to a self-invented eternal problem or gaming loot boxes. Psychological manipulation basically.

    • Quacksalber@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Now with the Gaza conflict, you can bet that ‘terrorists’ will become a prime scapegoat for those kinds of laws again.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    7
    ·
    edit-2
    1 year ago

    I’m pro encryption, but journalism should not call somebody a scientist in the title unless the subject they’re talking about has a falsifiable hypothesis and empirical evidence.

    Scientist says chocolate is the best flavor of ice cream. And then there’s no study, just somebody’s opinion, a person who has on occasion done science before.

    The entire point of putting that title on the person in the headline is to add the air of authority. It’s an appeal to authority. Which scientists will tell you is not science.

    Scientist says it’s technically correct, but misleading.

    • Jaccident@lemm.ee
      link
      fedilink
      English
      arrow-up
      20
      ·
      edit-2
      1 year ago

      I disagree with the specifics of what you’re saying but not the point. She is a scientist, she’s speaking her opinion sure, but it’s an opinion based on hundreds of thousands of hours in a field. Identify her as a scientist and an expert.

      But, that doesn’t mean you’re wholly wrong. It would be beneficial to us all of journalists came up with a better mechanism to sort learned opinion from study outcome. Some publications are good at this, but on the whole, whether you grock the source of the data from the headline is wildly variable.

      I do however have one last point. The headline isn’t the article. You aren’t meant to get all the nuances of an article from the headline, otherwise we wouldn’t call it a headline, it would be the article itself. There comes a point where, so long as the headline writer isn’t deliberately disingenuous, it falls to the reader to follow up on their questions by reading the other 98% of the information in front of them.

      [Edit: Misgendered the scientist in question, sleepy brain + skim reading == derp]

      • 0x815@feddit.deOP
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        @jet @Jaccident

        The headline isn’t the article. You aren’t meant to get all the nuances of an article from the headline, otherwise we wouldn’t call it a headline, it would be the article itself.

        Yes, that’s the whole thing. Although I get @jet’s point, we can’t tell everything in the title, and you’ll need to name the original writer by her profession, even if she expresses her opinion. That’s why I wrote “essay” in the body’s text first sentence. (But I’m open to edit the headline, that’s not the point, just provide a proposal.)

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        1 year ago

        Cool! Can you point out the falsifiable hypothesis, and the experiment conducted in this article?

        • Natanael@slrpnk.net
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          1 year ago

          False positives—images that look nothing alike but have very similar or even the same perceptual hashes—are also possible. This leaves an opening for mischief, and worse. It is unfortunately too easy to arrange for, say, a candidate for elective office, to receive a photo that looks innocuous, store it, and only later learn that the photo triggered a law enforcement alert because its perceptual hash was the same as that of known CSAM. Damage would be high and may not go away (recall Pizzagate).

          Would such an “attack” be feasible? Yes. Shortly after a researcher published the code used in Apple’s NeuralHash, an Intel researcher produced a hash “collision”: two images that look nothing alike but have the same perceptual hashes. Such capabilities are present for researchers—and others, especially those with an incentive to cause problems. As computer scientists Carmela Troncoso and Bart Preneel observed, “In the arms race to develop such detection technologies, the bad guys will win: scientists have repeatedly shown that it is easy to evade detection and frame innocent citizens."

          Other proposed techniques to recognize CSAE, including previously unknown examples, include machine learning. But as my co-authors and I discussed in “Bugs in our Pockets,” false positives and false negatives are a problem here too.

          This is grounded in information theory. Without a perfect CONTEXT AWARE classifier (i.e. not one that will report you for sending your family doctor a photo of your child’s medical condition) with perfect integrity protection it’s impossible to solve. All other solutions means it either can be evaded or that it can be abused to spy on innocent people. No circumvention of this basic fact is possible.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            4
            ·
            1 year ago

            Pointing out opinions, and flaws of a plan according to opinions is useful. And it’s a good exercise. But it’s not science.

            Getting access to the world’s data, isn’t about protecting anybody, it’s about getting access to the data, the excuses just an excuse. But that’s just my opinion.

  • Mopswasser@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    If they cared about child sexual abuse they would have raised political hell in the wake of “Asian grooming gangs,” yet here we are.