UK Cybersecurity Chiefs Back Plan To Scan Phones for Child Abuse Images (theguardian.com) 73
Tech companies should move ahead with controversial technology that scans for child abuse imagery on users' phones, the technical heads of GCHQ and the UK's National Cybersecurity Centre have said. From a report: So-called "client-side scanning" would involve service providers such as Facebook or Apple building software that monitors communications for suspicious activity without needing to share the contents of messages with a centralised server. Ian Levy, the NCSC's technical director, and Crispin Robinson, the technical director of cryptanalysis -- codebreaking -- at GCHQ, said the technology could protect children and privacy at the same time.
"We've found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter," they wrote in a discussion paper published on Thursday, which the pair said was "not government policy." They argued that opposition to proposals for client-side scanning -- most famously a plan from Apple, now paused indefinitely, to scan photos before they are uploaded to the company's image-sharing service -- rested on specific flaws, which were fixable in practice. They suggested, for instance, requiring the involvement of multiple child protection NGOs, to guard against any individual government using the scanning apparatus to spy on civilians; and using encryption to ensure that the platform never sees any images that are passed to humans for moderation, instead involving only those same NGOs.
"We've found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter," they wrote in a discussion paper published on Thursday, which the pair said was "not government policy." They argued that opposition to proposals for client-side scanning -- most famously a plan from Apple, now paused indefinitely, to scan photos before they are uploaded to the company's image-sharing service -- rested on specific flaws, which were fixable in practice. They suggested, for instance, requiring the involvement of multiple child protection NGOs, to guard against any individual government using the scanning apparatus to spy on civilians; and using encryption to ensure that the platform never sees any images that are passed to humans for moderation, instead involving only those same NGOs.
"Think of the children" (Score:5, Insightful)
Is there a viable solution approach? (Score:2)
[Of course an AC dribble offers nothing, but at least I can try to prevent propagation of the Subject...]
So the problem is that child porn is bad. I think (or hope?) we can all agree that it's a bad thing. Today's citation is about the long-term psychological harms from childhood trauma, a frequent topic in The Body Keeps the Score by Bessel Van der Kolk.
But that's where I kind of lose the thread. I just cannot imagine what is going on inside the minds of people who see children and think "sex". Yeah, I'v
Re:Is there a viable solution approach? (Score:5, Insightful)
Re: (Score:3)
There is very solid evidence that child abuse leads to adult trauma and victims go through flashbacks for pretty much all their life.
The real problem is that this shit doesn't cover or prevent any child abuse. It won't detect that uncle goes up to your bedroom to rape you. It won't detect that father beats you whenever he drinks. It detects a) the total arseholes who produce kiddie porn, b) the disturbed individuals who consume it, c) anyone who takes a naked picture of a child, including their own parents
Re: (Score:2)
That's not how these filters work. They have a list of hashes for known abuse material collected in raids. It calculates hashes for im
Re: (Score:2)
Just the ACK on the substantive branch, but nothing to add here.
Re: (Score:1)
Re: (Score:1)
My problem with this is the potential for abuse, not of kids but anyone with a phone who someone has a grudge against.
All such a swatter needs to do is send their target however much kiddy porn it takes for the scanner to flag the phone owner. I don't think it is possible to stop your phone from getting images along with messages.
I don't know if Apple considered this problem or not, but I have not seen Apple promoting phone scanning recently after they made a big deal out of it some months ago.
Re:Is there a viable solution approach? (Score:5, Insightful)
There is just a tiny problem with their argument: They are all about cp, but preventing children from getting abused seems to be taken a back-seat or is not even mentioned. As it is quite reasonable that most child abuse does not get documented, they seem to be either not actually wanting to do anything about that (would be a shame if the cp supply they use to justify their policies dried up!) or at the very least going for the easy target when the other one is actually the real problem.
There are also statements from at least some victim organizations that they do not want to be used for pushing policies like that. Kind of getting raped again, but this time by the government.
the road to hell is paved with the best intensions (Score:2)
I'm just spit balling hear, but maybe we should focus our investigation efforts on people accused of committing a crime. You know, follow evidence and build a case against criminals the old-fashioned way. I know it might be tempting to search for potential crime at random in a wide sweep of mass surveillance. Seems like an efficient way to go after criminals just to let Facebook, Google, and Apple search our photo albums for us. But it assumes innocent people are never wrongly convicted in the UK (or US). A
Re: (Score:2)
Yeah, but there are so many people with bad intentions who still have children... Here's a tragic recent example. Granny wanted to go to an amusement park with her boyfriend and left the young grandchild confined at home--where the child died. That happened in Japan, where it gets a lot of coverage because such tragedies are so rare. But not the only such sad example.
Yeah, most of the grandparents aren't like that. Not at all. I'm reading a book called Chinese Senior Migrants and the Globalization of Retir
Re: (Score:2)
The improved outcomes for children thanks to modern medicine greatly outweigh the number of children that die through carelessness like leaving a baby in a hot car, children drowning in swimming pools, etc. There are thousands of tragic cases but most people manage to grow up to be adults. Instead of half of them dying which was likely in prehistory. I don't think we're finding it more difficult to raise children, statistically it's easier now than it used to be.
Re:the road to hell is paved with the best inten[t (Score:2)
You're making the argument of the rising long-term average, and I mostly agree, but... It's the oscillations that worry me. If the short-term oscillations become too extreme, the rising long-term average may not matter. My favorite simplistic example is population size. Yes, the number of humans has been increasing over time, but there have been fluctuations when the number goes down for a while. If one of those fluctuations gets big enough to hit zero, then it's game over.
However as regards children, I'm t
Re: (Score:2)
I wonder how many politicians would end up getting caught by this exact system they are proposing. I suspect quite a few of them.
Stale collection (Score:4, Funny)
false positives (Score:5, Insightful)
I see false positives with antivirus software all the time, where the software detects a signature that matches some known bad signature. How many innocent people will be swept up in false allegations of child porn? I'd guess that even being suspected of having or being involved in child porn has permanent negative impacts on one's life.
Re:false positives (Score:5, Informative)
That was the exact problem that the Apple system had.. Fairly easy to make images that matched a known hash.
Being falsely accused often leads to suicide. At best you need to give the police full access to your phone (or go to jail for refusing to give up the password), you will probably lose your job (especially if you work with children), and your family might disown you. If you have young kids they aren't going to let you be around them.
Re: (Score:2)
That was the exact problem that the Apple system had.. Fairly easy to make images that matched a known hash.
Being falsely accused often leads to suicide. At best you need to give the police full access to your phone (or go to jail for refusing to give up the password), you will probably lose your job (especially if you work with children), and your family might disown you. If you have young kids they aren't going to let you be around them.
This is just a brainfart from someone in GCHQ trying to justify their budget.
There's a whole host of technical challenges to client side scanning, the first of which is "how do we get the scanning client on the phone"... They could ask Apple and Google to sneak it on there, but they'll be told to naff off by both. They could enforce it on phones sold in the UK, but this will be limited to phones sold by carriers as it's easy to buy an overseas model from Amazon. Basically it's something unenforceable but
Re: (Score:2)
Apple already has the client ready to go, they just delayed their implementation. Google would do it in a heartbeat if it meant they could sell more ads to child molesters.
Re: (Score:3)
How many innocent people will be swept up in false allegations of child porn?
Probably lots, but the impact is completely different than what you think.
I'd guess that even being suspected of having or being involved in child porn has permanent negative impacts on one's life.
That's an American thing where you get put on a list for trial by public opinion. In much of the rest of the world people wouldn't have a clue if you get arrested for being a pedo until after you're convicted. Heck in some places your name isn't allowed to be published even if you are convicted.
But back in reality you will not be accused publicly of child pornography simply because a computer hits a hash match. There will be an indepe
Re:false positives (Score:5, Insightful)
I'm not talking about public opinion. I'm talking about job loss and alienation by family and friends. Is an investigation really so subtle that no one notices? Not at the point they want to seize devices.
Re: (Score:2)
Yes, an investigation is subtle in sane countries. If police tell anyone who isn't directly involved in the case what they suspect me of there are huge grounds to take *them* to court where I live, regardless if they were right or not. That includes family (except in cases where a guardian needs to be informed).
Job loss? WTF do your police do? Call your boss and say "we think awwshit is a pedo"?
But then I happen to live in a country where even if I was a convicted pedo and put in prison for it potential emp
Re: (Score:2)
Where I live they kick your door in at 5am, arrest you, and take all of your electronics. You will not be going to work that day, your family will be traumatized. They'll probably shoot your dog too. Everyone close to you will know about it, including your employer when you don't show up or family calls to them you can't be there.
Re: false positives (Score:2)
Doesn't work at the same (Score:2)
I wouldn't expect anyone to know this unless they were actually involved in developing or maintaining some kind of content filter, but the two systems you're equating work in completely different ways. You may as well be equating motorcycles and watermelons.
The anti-malware systems are basically looking for "keywords" (where "words" may not be human readable). If you see "list files" and "encrypt", that might be ransomware. Of course it might also be a zip or rar program.
The systems under discussion first h
Re: (Score:2)
The hash process you describe is one of the many tools in the antivirus/antimalware/endpoint protection toolbox and is what I'm talking about.
How do you think this works?
https://www.virustotal.com/gui... [virustotal.com]
(notice that you can search for a file hash)
And yes, I see false positive hits on virus hashes.
Re: (Score:2)
Show me a SHA2 that matches a virus and I'll show you a million dollars.
Here's I'll save you some Googling. If you spend $200,000 and you know what you're doing, you can create two different files that share some random hash you don't get to pick. But you STILL can't match a known virus.
Re: (Score:2)
This. AV false positives are not due to matching hashes. They are due to other characteristics. Hashing is one of the foundations of cryptography and one of the key characteristics of a secure hashing algorithm is that no two files should ever create the same hash. Google was able to prove that SHA1 was insecure a couple of years ago by showing that two files could be created with the same hash, which is why it's not widely used anymore. But even then, I don't think this has ever happened in the wild so it'
Re: (Score:2)
> Google was able to prove that SHA1 was insecure a couple of years ago by showing that two files could be created
Yes, that's with you choosing both files. (And at considerable cost).
Note the difference between the these two challenges:
A. Write the same number twice, in different ways.
B. Write the number I'm thinking of.
What Google did is analogous to (A). It's a lot harder to do (B).
Creating a new file that has the hash of a pre-existing file is 128 bits harder than creating your own two files.
Re: (Score:2)
Re:false positives (Score:5, Insightful)
How many innocent people will be swept up in false allegations of child porn?
Have you ever stopped to think that maybe that's the whole point ?
Being able to arrest anyone for anything at any time is the wet dream of every authoritarian.
Re: (Score:2)
How many innocent people will be swept up in false allegations of child porn?
Have you ever stopped to think that maybe that's the whole point ?
Being able to arrest anyone for anything at any time is the wet dream of every authoritarian.
Whilst I'm a huge believer in what Cardinal Richelieu once said:
"Give me six lines written by the most honest of men and I will find something with which to have him hanged"
However a real authoritarian doesn't need to go through the motions of a show trial and gathering actual evidence (faked or otherwise). I.E. if the Chinese government want you gone, you're just disappeared. No trial, no articles in the press, you're just gone. Erased from public record. The best defence against this isn't legislat
Re: (Score:3)
However a real authoritarian doesn't need to go through the motions of a show trial and gathering actual evidence (faked or otherwise).
He does, in the beginning. It's not like you wake up one morning and - zing - your government has turned from slightly corrupt and incompetent (i.e. western standard) to perfectly authoritarian. It happens in steps, over some time.
Thats just today.. (Score:5, Insightful)
Kiddy porn today.. political opposition or other verboten materials tomorrow.
"Ooh,. Pictures of weed. Arrest the owner!"
"Ooh. Pictures of rifles! Arrest the owner!"
"Ooh, memes about how the PM is a total twat! Arrest the owner!"
This is such a slippery slope that it's more of a cliff, really.
Re:Thats just today.. (Score:5, Insightful)
Worse than that. "He has cached images in his browser's temp directory that triggered out automated filters! The government is now authorized to backup the entire contents of his phone and look for any illegal material or discussions of illegal activities." Keeping in mind every person is guilty of about six felonies a day.
Re:Thats just today.. (Score:5, Insightful)
Even worse than that. Those medical pictures or war pictures or disaster pictures that have partially or fully nude maybe children may also trigger a red flag. What is a family memory for one may be p0rn for another.
.
All government officials should have all of their, and their family's, and their relative's phone and computers scanned before anybody else. This includes all Royals and extended relatives too!
Re: (Score:2)
Keeping in mind every person is guilty of about six felonies a day.
It's getting exaggerated. The original number was three felonies a day, and even that was entirely convincing. Now you've increased it to three.
Re: (Score:3)
Woman living in the 'wrong state' looking up information on abortion on the internet for medically justified reasons because the pregnancy would kill her? "Arrest her!"
Watch your back.
That is indeed how the slippery slope can start. The road there is paved by seemingly good intentions. But usually lacks the evidence to back up how the measures curtailing liberty wou
Re: (Score:2)
"Ooh, memes about how the PM is a total twat! Arrest the owner!"
Didn't Ghandi prove you can't arrest everyone? Honestly at this point I think it should be mandatory to have memes about how the PM is a total twat on your phone. Not having one would be a sign of a dangerous deranged mind given the total twat of a PM the UK has.
Re: (Score:2)
"He's got a picture of Bonnie Prince Charlie all tarted up for a Regimental Dress ball! ARREST HIM!"
"Which one? The tourist or the tart?"
Are they going to pay to use my phone? (Score:5, Interesting)
I paid for a certain amount of CPU, memory, and battery life- are these governments going to pay me to use those resources to run their scans?
Re: (Score:2)
Fuck me, all the problems with this law and *THAT* is what you're concerned about? You need some serious perspective in life.
Re: (Score:2)
I suspect the parent is aiming for "which of the problems do I think the legal system would back me on?" rather than "what's the biggest problem here?"
In this case, I think the Sale of Goods act makes it illegal to sell something like this without disclosing the behaviour interrupting your "quiet possession" of the purchased goods. But this clause is routinely ignored when things are sold with e.g. unstoppable auto-updaters.
Re: (Score:2)
The other issues had already been brought up dipshit- or do you just like reading the same comments over and over in an echo chamber?
And government theft of property is also unconstitutional in the US so I'd argue it is a pretty big deal.
If they say so (Score:2)
"We've found no reason why client-side scanning techniques cannot be implemented safely..."
Well, that certainly reassures me.
Uh (Score:2)
Test it on gov officials first. (Score:5, Insightful)
Re: (Score:2)
Did you even look? (Score:2)
"We've found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter,"
When you can't even discuss the problem honestly how can you be expected to be taken seriously? Only an idiot can't see what is evident right in front of their nose.
Re: (Score:2)
I have to conclude that
Crispin Robinson, the technical director of cryptanalysis -- codebreaking -- at GCHQ
is lying.
Either that, or GCHQ has experienced a major brain drain since WWII.
GCHQ is, after all, the organization that independently discovered public-key cryptography, and kept the discovery secret until well after RSA commercialized it.
They must know how easily an on-device scanner could be misused.
Re: Did you even look? (Score:4, Interesting)
No, he is not lying. He is being misunderstood.
He wrote a statement that includes qualifiers like "most" and "many". He wrote that a thing can be done, but did not specify costs nor burdens. Read it slowly and carefully and you can see what he wrote is correct.
The problem here is that people are using an enormous brush to paint a nuanced scene. There is a lot of detail that critically, absolutely, vitally must survive for it to work. Even experts sometimes miss critical details. He pointed out that the nuanced response and also the responsibility are both a bad fit for government generally, and should be the responsibility of someone who is outside the system and must be absolutely trustworthy.
Unfortunately, that third party is both extremely rare and also absolutely essential to the system.
massive overkill? (Score:3)
Is it just me or does this seem like such a massive overkill?
Also, what does it have to do with " UK's National Cybersecurity Centre", unless of course it just a poor excuse to scan phones for everything.
If people accept this, they'll accept everything.
Thank you Apple, for your fake "caring about privacy" and showing the way,
Re: (Score:3)
Is it just me or does this seem like such a massive overkill?
Nothing is too good for our children. Why aren't you thinking of the children?
Thank you Apple, for your fake "caring about privacy" and showing the way,
I like to shit on Apple as much as anyone else, but they didn't start this. They were only going to implement it on their cloud service, much like several others cloud services already do...
Re:So those... (Score:5, Insightful)
What if you have a photo of your naked 3 yeal old (Score:2)
My mother use to delight in showing those photos of me to friends and family when I was a teenager. Does that make her a pedophile now? Is she a child porn distributor?
Re: (Score:1)
That depends on whether she's showing them printed photographs or electronic photos on her phone. It's possible to have a legitimate excuse to 'show' indecent photographs of children. But there is no legitimate excuse allowed for 'making' indecent photographs of children, which causing some data to be displayed on a screen is regarded as including.
This is because decades ago, the police wanted to prosecute someone for 'possession', which at the time had to happen within six months, but too long. So they cla
Re: (Score:2)
At least possession.
Stop using Apple and stock Android? (Score:2)
It's not your phone if they have the final decision on what's installed on the phone.
So, how many steps left to full fascism? (Score:2)
Seems to me there are probably not that many. Although they should probably get a leader that is not a complete joke first. Or maybe that was just tactics to obscure what is really going on.
Next up: Phone cameras and microphones can be set to record at any time and will transfer anything seen or heard to the GCHQ for "evaluation". They will have found "nothing wrong" with that and can do it "safely". That is unless you do anything they do not like. Next step after that, hmm, some plastic explosive in the ph
twats (Score:4, Insightful)
"We've found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter,"
Because you didn't look, I presume. I'm in the security industry and had the pleasure to work with some of the best in the field. Trust me, they will find a way to abuse it as an entry path into the system, as a side-channel to leak data, as a recon tool to spy out what's going on or in some other creative way that you didn't (yet) think about.
The twats are making the same mistake everyone in the software industry makes all the time. They look at their software and think "can I imagine a way to break into?" and then they go "nah, I can't, so it's safe". Well, moron, that's why you aren't a hacker or pentester. They can. You need to reverse your thinking: "Can I guarantee (with my head on the line) that there isn't a way?"
Re: (Score:2)
The good ole "appeal to ignorance" fallacy.
"Since we can't think of a reason (really?) that this can't be implemented safely, then that must mean there are no reasons that this can't be implemented safely."
Not gonna happen. (Score:2)
Don't worry, there are some very important people who are opposed to this. I'm sure Levy and Robinson will soon be Epsteined.